Looking at the issue of identity management and control measures is Jasen Meece, CEO of Cloudentity. Meece regularly shares identity management best practices that both enterprises and consumers can follow, as well as how API Protection can help secure digital identities and prevent data leakage.
The reason why the issue is deemed to be important by Meece is due to the regularity of data breach and identity relates issues.
Here Meece explains: “Identity-related data breaches are increasingly common. They are also preventable providing the right precautions are taken at both the individual and enterprise level.”
Harking back to the recent Identity Management Day, Meece notes the importance of this U.S.-centric event, yet he sees identity management as being something that needs to be accounted for “each day.”
From this Meece explains that: “It’s critical that business leaders, IT decision-makers and the general public are aware of the importance of responsibly managing and securing digital identities. Digital identity protects sensitive data and greatly impacts how we work, interact with each other, access technology and complete transactions”
This means new measures are required to provide a degree of protection. Meece explains: “Identity Access and Management and cybersecurity need to be treated as a whole. Organizations must implement security best practices to keep employee and customer identities safe.”
As to what is exactly meant, Meece offers an explanation: “API Protection is key for managing identities (be they human or machine), dictating how an application can consume sensitive data.”
This is not just theoretical, but practical too, says Meece: “There are dozens of breaches from poorly-written APIs, where object or function level authorization issues cause programmatic data leakage that attackers can utilize.”
Drawing on a real-life case, Meece supplies: “An example of this is the Walgreens app error of 2020 when a vulnerability the Walgreen app’s API led to a data breach where customers could view the private medical messages of other customers.”
As to lessons to be learned, Meece concludes by saying: “If organizations do not take control of identity management there will be further large-scale data breaches.”
