Devastating cyber-attacks are on the rise in Asia, with regular incidents becoming as predictable as death and taxes. Take for example Bitfinex, a bitcoin exchange in Hong Kong, and Bangladesh Bank, just two of the latest victims with their losses estimated at USD$60m and USD$81m respectively.
This trend is largely due to the increasingly complex IT environment organisations have created for themselves by adopting technologies such as the hybrid cloud, IT outsourcing and the internet of things. Whilst each of these technologies promise to lower costs and increase collaboration, the downside is that they create a security nightmare for the system administrators behind the scenes.
Technicians and third-party engineers require privileged account access to perform their roles, but this gives them extensive access to sensitive information within an organisation’s IT assets, making them prime targets for hackers. According to research by Verizon, 99.8% of cyber-attacks target these privileged accounts because once successful, hackers can cause havoc by stealing data, encrypting files and worse.
To counter this threat, privileged access management solutions already exist, but implementing them has never been simple. Often they require a lot of time to integrate the solutions with an organisation’s existing software followed by regular human intervention to manage the multitude of different permissions for various users—a process that’s both frustrating for system administrators and liable to human error.
Fortunately, change is on the horizon thanks to new market entrant, Osirium, which offers a solution that promises to simplify and strengthen cybersecurity. “Ours is a modern vendor agnostic solution, designed to work in the hybrid cloud world where all the implications of multiple perimeters stack up into this huge security problem”, says David Guyatt, CEO of Osirium.
“The answer is to delegate the task not the privilege,” explains David. “For example, if you are going to use the economic benefits of the outsourcing, don’t give those people privileged access, just give them a task to do.” What this means is that by providing just enough privileges for users to perform their tasks, as well as by separating people from their passwords, user credentials cannot be stolen and hackers are prevented from running amok.
Yet to focus on the security aspect of this solution is only part of the story. “Companies which deploy our solution also have the ability to automate the daily, manual error strewn technical job of access management,” says David. “With automation, our customers can turn a 10 minute process into one that may take 8–10 seconds, whilst also reducing errors. This means staff are no longer doing these daily chores and are instead doing more important strategic jobs. This allows IT decision makers to build an ROI and efficiency story alongside the cybersecurity aspect.”
Another unique feature is the ability to record user sessions and shadow them in real-time. “Following a cyber-attack it can take a long time to find out what happened, who did it and how they did it,” says David. “In the case of the Sony incident, they had the passwords for 6 months before the attack was discovered and even then, it took a long time to find out what had happened.” With this capability, disaster recovery and vulnerability solutions can be implemented more rapidly and easily.
Due to these features and more, Osirium presents itself as next-gen privilege access management solution. With its existing range clients including Vodafone, Lockheed Martin, Xerox and others, the company now aims to simplify and strengthen cybersecurity for companies in Asia.