Cybersecurity – Identity and Access Management: Protecting the digital identities of a diverse workforce

ADVERTISING FEATURE

On day one of @AuManufacturing’s new Cybersecurity – Identity and Access Management series, Rana Gupta discusses how a zero trust mindset can help protect your trade secrets and critical data.

While the pandemic has had dramatic consequences, it has also created significant economic opportunities for Australian manufacturers. 

Just last December, the Government announced it would fast track its $1.5 billion Modern Manufacturing Scheme to strengthen Australia’s capabilities and create more jobs.  

But combined with an increased digitisation of the sector, this also means heightened exposure to rampant cybercrime. 

As Deloitte’s MAPI Smart Factory Study pointed out, almost half (48 per cent) of manufacturers identify operational risks, which include cybersecurity, as the greatest danger. 

Successful attacks are leading to significant loss of production, critical data and trade secrets, which are risks the sector cannot afford as it starts to regenerate after two years of pandemic disruption. 

The issue isn’t about whether manufacturers invest enough in cybersecurity protections, but rather where those investments are, and are not, being made. 

Digital identities: cyber frontier for the next decade of manufacturing

Whether they run smart factories or are still navigating their digitisation journey, manufacturers face the same issue: security perimeters have been pushed beyond physical walls and they now operate in a completely ‘perimeter-less’ environment. 

This means workers both within the factory and in the corporate office, whether in-person or online, need to gain access to applications and systems using their digital identity. 

Every time a staff member attempts to connect to a machine or any corporate system, their digital identity needs to be verified and approved as safe and legitimate through appropriate levels of authorisation.

Manufacturers’ weakest link: humans

Machines and digital systems can be protected with plenty of cybersecurity layers, but it only takes one human mistake to compromise an entire organisation. Human error remains a major source of breaches. 

The extra challenge for manufacturers lies in the hybrid, online/offline nature of their environment, as well as having to protect digital processes, physical machines, and a very disparate workforce. 

While white collar workers tend to have more awareness around cybersecurity and keeping digital systems secure, blue-collar employees often require more education and support. 

This disparity makes security and access control (i.e. who should / shouldn’t have access) increasingly challenging and costly. It also often results in more complexity with many different identification and authentication systems is use. 

This ultimately creates more security gaps than it bridges.  

Stronger Identity and Access Management wrapped in a Zero Trust approach

Manufacturers need to shift their Identity and Access Management (IAM) policies, and opt for solutions that are intuitive and easy-to-use, as well as remove layers, not add complexity. 

The key to effectively protect digital identities is to adopt a ‘trust no one, verify everywhere’ mentality. This ‘zero trust’ approach ensures only authorised and authenticated individuals can gain access to online systems, corporate assets and data.

Here are five priority areas to consider: 

• Ubiquitous policy – a policy that just focuses on identity protection needs to be adopted, so all users can be covered and no application remains unassessed 
  • Smart Single Sign On policies have proven the most useful as they provide frictionless authentication and passwordless identities, for example using FIDO passwordless solutions, One Time Password and more, while allowing access to multiple applications.
  • These allow for any unusual activities around digital identity, such as a suspicious time of day, device, geography, network or other unusual activities to be questioned and that identity requiring revalidation.
• Ease of use – to overcome the limitations imposed by a workforce that has very different levels of awareness and education around technology and cybersecurity. Adopting a single and very intuitive IAM platform, rather than combining solutions from various providers, will make things simpler, provide seamless access for everyone and reduce potential security gaps.
• Breadth of identification strategies options – to navigate the wide range of online and offline users transiting through a manufacturer’s system, all requiring different levels of authentication and access. Choose a platform that offers many passwordless options including Two-Factor Authentication (2FA), Multiple Factor Authentication (MFA), Single Sign On (SSO) and more. 
• Ability to deploy multiple authenticators – to validate various user profiles within the same organisation. For example, a user with more trade secrets or patent information will need higher grade of security. Guides such as the NIST framework can be helpful to set-up these security grade levels. 
• Managing shared devices – so floor personal can more easily and securely use shared kiosk devices, without being password dependent.

With the right IAM platform and the adoption of a Zero Trust mindset, manufacturers can better protect their trade secrets and critical data, as well as empower staff so they can keep on their growth path and start 2022 with a bang rather than a breach!

For more information about how you can kick-start or improve your digital identities protection journey, please visit Thales Cloud Protection & Licensing (CPL)’s website or get in touch with one of Thales’ experts today.

Rana Gupta is APAC Regional VP, Authentication & Encryption, Thales

@AuManufacturing’s Cybersecurity – Identity and Access Management series is brought to you through the support of Thales Cloud Protection & Licensing (CPL).

Subscribe to our free @AuManufacturing newsletter here.