Skip to content

Archive for

How To Improve Privileged User’s Security Experiences With Machine Learning

Bottom Line: One of the primary factors motivating employees to sacrifice security for speed are the many frustrations they face, attempting to re-authenticate who they are so they can get more work done and achieve greater productivity.

How Bad Security Experiences Lead to a Breach

Every business is facing the paradox of hardening security without sacrificing users’ login and system access experiences. Zero Trust Privilege is emerging as a proven framework for thwarting privileged credential abuse by verifying who is requesting access, the context of the request, and the risk of the access environment across every threat surface an organization has.

Centrify’s recent survey Privileged Access Management In The Modern Threatscape found that 74% of data breaches start with privileged credential abuse. Forrester estimates that 80% of data breaches have a connection to compromised privileged credentials, such as passwords, tokens, keys, and certificates. On the Dark Web, privileged access credentials are a best-seller because they provide the intruder with “the keys to the kingdom.” By leveraging a “trusted” identity, a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags.

Frustrated with wasting time responding to the many account lock-outs, re-authentication procedures, and login errors outmoded Privileged Access Management (PAM) systems require, IT Help Desk teams, IT administrators, and admin users freely share privileged credentials, often resulting in them eventually being offered for sale on the Dark Web.

The Keys to the Kingdom Are In High Demand

18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey. State-sponsored and organized crime organizations offer to pay bounties in bitcoin for privileged credentials for many of the world’s largest financial institutions on the Dark Web. And with the typical U.S.-based enterprise losing on average $7.91M from a breach, more than double the global average of $3.86M according to IBM’s 2018 Data Breach Study, it’s clear that improving admin user experiences to reduce the incidence of privileged credential sharing needs to happen now.

How Machine Learning Improves Admin User Experiences and Thwarts Breaches

Machine learning is making every aspect of security experiences more adaptive, taking into account the risk context of every privileged access attempt across any threat surface, anytime. Machine learning algorithms can continuously learn and generate contextual intelligence that is used to streamline verified privileged user’s access while thwarting many potential threats ― the most common of which is compromised credentials.

The following are a few of the many ways machine learning is improving privileged users’ experiences when they need to log in to secure critical infrastructure resources:

  • Machine learning is making it possible to provide adaptive, personalized login experiences at scale using risk-scoring of every access attempt in real-time, all contributing to improved user experiences. Machine learning is making it possible to implement security strategies that flex or adapt to risk contexts in real-time, assessing every access attempt across every threat surface, and generating a risk score in milliseconds. Being able to respond in milliseconds, or real-time is essential for delivering excellent admin user experiences. The “never trust, always verify, enforce least privilege” approach to security is how many enterprises from a broad base of industries including leading financial services and insurance companies are protecting every threat surface from privileged access abuse. CIOs at these companies say taking a Zero Trust approach with a strong focus on Zero Trust Privilege corporate-wide is redefining the legacy approach to Privileged Access Management by delivering cloud-architected Zero Trust Privilege to secure access to infrastructure, DevOps, cloud, containers, Big Data, and other modern enterprise use cases. Taking a Zero Trust approach to security enables their departments to roll out new services across every threat surface their customers prefer to use without having to customize security strategies for each.
  • Quantify, track and analyze every potential security threat and attempted breach and apply threat analytics to the aggregated data sets in real-time, thwarting data exfiltration attempts before they begin. One of the tenets or cornerstones of Zero Trust Privilege is adaptive control. Machine learning algorithms continually “learn” by continuously analyzing and looking for anomalies in users’ behavior across every threat surface, device, and login attempt. When any users’ behavior appears to be outside the threshold of constraints defined for threat analytics and risk scoring, additional authentication is immediately requested, and access denied to requested resources until an identity can be verified. Machine learning makes adaptive preventative controls possible.
  • When every identity is a new security perimeter, machine learnings’ ability to provide personalization at scale for every access attempt on every threat surface is essential for enabling a company to keep growing. Businesses that are growing the fastest often face the greatest challenges when it comes to improving their privileged users’ experiences. Getting new employees productive quickly needs to be based on four foundational elements. These include verifying the identity of every admin user, knowing the context of their access request, ensuring it’s coming from a clean source, and limiting access as well as privilege. Taken together, these pillars form the foundation of a Zero Trust Privilege.

Conclusion

Organizations don’t have to sacrifice security for speed when they’re relying on machine learning-based approaches for improving the privileged user experience. Today, a majority of IT Help Desk teams, IT administrators, and admin users are freely sharing privileged credentials to be more productive, which often leads to breaches based on privileged access abuse. By taking a machine learning-based approach to validate every access request, the context of the request, and the risk of the access environment, roadblocks in the way of greater privileged user productivity disappear. Privileged credential abuse is greatly minimized.

Industry 4.0’s Potential Needs To Be Proven On The Shop Floor

  • 99% of mid-market manufacturing executives are familiar with Industry 4.0, yet only 5% are currently implementing or have implemented an Industry 4.0 strategy.
  • Investing in upgrading existing machinery, replacing fully depreciated machines with next-generation smart, connected production equipment, and adopting real-time monitoring including Manufacturing Execution Systems (MES) are manufacturers’ top three priorities based on interviews with them.
  • Mid-market manufacturers getting the most value out of Industry 4.0 excel at orchestrating a variety of technologies to find new ways to excel at product quality, improve shop floor productivity, meet delivery dates, and control costs.
  • Real-time monitoring is gaining momentum to improve order cycle times, troubleshoot quality problems, improve schedule accuracy, and support track-and-trace.

These and many other fascinating insights are from Industry 4.0: Defining How Mid-Market Manufacturers Derive and Deliver ValueBDO is a leading provider of assurance, tax, and financial advisory services and is providing the report available for download here (PDF, 36 pp., no opt-in). The survey was conducted by Market Measurement, Inc., an independent market research consulting firm. The survey included 230 executives at U.S. manufacturing companies with annual revenues between $200M and $3B and was conducted in November and December of 2018. Please see page 2 of the study for additional details regarding the methodology. One of the most valuable findings of the study is that mid-market manufacturers need more evidence of Industry 4.0, delivering improved supply chain performance, quality, and shop floor productivity.

Insights from the Shop Floor: Machine Upgrades, Smart Machines, Real-Time Monitoring & MES Lead Investment Plans

In the many conversations I’ve had with mid-tier manufacturers located in North America this year, I’ve learned the following:

  • Their top investment priorities are upgrading existing machinery, replacing fully depreciated machines with next-generation smart, connected production equipment, and adopting real-time monitoring including Manufacturing Execution Systems (MES).
  • Manufacturers growing 10% or more this year over 2018 excel at integrating technologies that improve scheduling to enable more short-notice production runs, reduce order cycle times, and improve supplier quality.

Key Takeaways from BDO’s Industry 4.0 Study

  • Manufacturers are most motivated to evaluate Industry 4.0 technologies based on the potential for growth and business model diversification they offer. Building a business case for any new system or technology that delivers revenue, even during a pilot, is getting the highest priority by manufacturers today. Based on my interviews with manufacturers, I found they were 1.7 times more likely to invest in machine upgrades and smart machines versus spending more on marketing. Manufacturers are very interested in any new technology that enables them to accept short-notice production runs from customers, excel at higher quality standards, improve time-to-market, all the while having better cost visibility and control. All those factors are inherent in the top three goals of business model diversification, improved operational efficiencies, and increased market penetration.

  • For Industry 4.0 technologies to gain more adoption, more use cases are needed to explain how traditional product sales, aftermarket sales, and product-as-a-service benefit from these new technologies. Manufacturers know the ROI of investing in a machinery upgrade, buying a smart, connected machine, or integrating real-time monitoring across their shop floors. What they’re struggling with is how Industry 4.0 makes traditional product sales improve. 84% of upper mid-market manufacturers are generating revenue using Information-as-a-Service today compared to 67% of middle market manufacturers overall.

  • Manufacturers who get the most value out of their Industry 4.0 investments begin with a customer-centric blueprint first, integrating diverse technologies to deliver excellent customer experiences. Manufacturers growing 10% a year or more are relying on roadmaps to guide their technology buying decisions. These roadmaps are focused on how to reduce scrap, improve order cycle times, streamline supplier integration while improving inbound quality levels, and provide real-time order updates to customers. BDOs’ survey results reflect what I’m hearing from manufacturers. They’re more focused than ever before on having an integrated engagement strategy combined with greater flexibility in responding to unique and often urgent production runs.

  • Industry 4.0’s potential to improve supply chains needs greater focus if mid-tier manufacturers are going to adopt the framework fully. Manufacturing executives most often equate Industry 4.0 with shop floor productivity improvements while the greatest gains are waiting in their supply chains. The BDO study found that manufacturers are divided on the metrics they rely on to evaluate their supply chains. Upper middle market manufacturers are aiming to speed up customer order cycle times and are less focused on getting their total delivered costs down. Lower mid-market manufacturers say reducing inventory turnover is their biggest priority. Overall, strengthening customer service increases in importance with the size of the organization.

  • By enabling integration between engineering, supply chain management, Manufacturing Execution Systems (MES) and CRM systems, more manufacturers are achieving product configuration strategies at scale. A key growth strategy for many manufacturers is to scale beyond the limitations of their longstanding Make-to-Stock production strategies. By integrating engineering, supply chains, MES, and CRM, manufacturers can offer more flexibility to their customers while expanding their product strategies to include Configure-to-Order, Make-to-Order, and for highly customized products, Engineer-to-Order. The more Industry 4.0 can be shown to enable design-to-manufacturing at scale, the more it will resonate with senior executives in mid-tier manufacturing.

  • Manufacturers are more likely than ever before to accept cloud-based platforms and systems that help them achieve their business strategies faster and more completely, with analytics being in the early stages of adoption. Manufacturing CEOs and their teams are most concerned about how quickly new applications and platforms can position their businesses for more growth. Whether a given application or platform is cloud-based often becomes secondary to the speed and time-to-market constraints every manufacturing business faces. The fastest-growing mid-tier manufacturers are putting greater effort and intensity into mastering analytics across every area of their business too. BDO found that Artificial Intelligence (AI) leads all other technologies in planned use.

%d bloggers like this: