SGN uses privileged access to secure digital transformation
SGN's CISO Mo Ahddoud is blazing a trail for every critical infrastructure company to follow.
Today, the traditional formula for IT security is not working – monitoring, for example, detects less than 1% of data breaches and when discovered, it is after data is on the black market. The future of IT security will depend on CISO’s who are brave enough to build a new security model that is both innovative and unconventional. At SGN, CISO Mo Ahddoud is blazing a trail for every critical infrastructure company to follow.
With IT security, the challenge is figuring out what to protect. CISOs would be wise to heed the words of Fredrick The Great – “he who defends everything defends nothing”. To break the mold of traditional security, SGN employed a technique called “attack path mapping.” By examining the likely ways an- attacker would steal information, CISOs can separate possible targets from less likely targets.
By using this approach, SGN realized the common link across the paths of the attack was privileged credentials. In fact, the results of the “cloud hopper report” created by BAE systems and PWC cited the use of credential mining and privileged credentials in the propagation of advanced cloud attacks. Specifically, privileged credentials allow attackers to land and expand. By protecting the right resources, organizations can prevent attacks.
The expectations of the SGN workplace has changed – instead of working at a desktop computer, employees need access to applications and data on the go and across the organization perimeter.
Employees need access to collaboration SaaS applications, mobile apps all delivered across multiple touch points. Making employees more agile and collaborative not only makes them more productive, but it also enables employees to serve customers better.
Today, organizations have more privileged users than ever before; the challenge is how to provide the right access to the right resources at the right time and, when necessary, monitor access to prevent privilege abuse. There are three best practices every organization can learn from SGN.