In a recent report from Aberdeen, Derek E. Brink, CISSP, leverages data from more than 17,000 manufacturers in the U.S. and Canada to explore the identity challenges that manufacturing organizations face today.
As manufacturers continue to embrace digital transformation, they face two major challenges:
Challenge 1: Managing the roles and permissions of an increasingly diverse portfolio of applications and users.
Challenge 2: Addressing the relentless, ever-evolving security and compliance risks that come with that expanding user access.
These two challenges are top of mind for every CIO, CISO, Compliance Officer, and IT Manager looking to embrace digital transformation. Here are four critical points your security and IT teams need to consider when developing an identity and access management strategy.
1. Third-party access continues to expand
It’s becoming increasingly common for users throughout the extended enterprise to receive access to company networks, apps, and data. Supply chain partners and vendors are working from various locations , which make for very structurally complex systems.
“For the respondents in Aberdeen’s study on third-party risk, about one third of all enterprises provide authorized access to more than 25 third-party organizations,” says Brink. “And about 10% are working with more than 200 external partners.”
As the number of external users continues to grow, it’s critical for manufacturers to maintain a system for distributing app access and permissions, as well as understand the likelihood and costs of potential security threats.
2. The key to digital transformation: Balancing security and usability
Securely and cost-effectively connecting growing numbers of users and applications is mission-critical for manufacturers. Expanded user access means increased business agility, but can be a double-edged sword if not properly executed.
For the unprepared enterprise, expanded access increases the likelihood of security-related risks such as data breaches, disruption of critical systems, and lost user productivity.
Weak, stolen, or compromised user credentials are especially alarming and top of mind. In fact, based on the Verizon 2016 and 2017 Data Breach Investigations Reports, Brink estimates the amount of data breaches involving weak, stolen, or compromised user credentials ranges between 80% and 90%.
3. Cyber attacks are both common and costly for manufacturers
Manufacturers handle a wealth of sensitive data such as blueprints, schematics, business plans, financials, partner agreements, NPI documentation, and M&A data, making them prime targets for cyber attackers. In fact, the 2017 DBIR states that manufacturers face a higher volume of phishing attacks than any other industry.
Brink estimates the fiscal impact of a single identity-related data breach in the manufacturing sector at roughly $450K, with an 80% confidence interval of $190K to $750K.
“Said another way, there’s a 90% likelihood that a single data breach will cost more than $190K, and a 10% likelihood that it will cost more than $750K.”
4. Beware the operational costs of traditional identity management
Manufacturers are often bogged down by the high operational costs of traditional identity management.
End users often forget their app passwords, which not only causes delays in user productivity, but slows down IT with a consistent flow of password-reset support tickets. The high number of external users often results in several disparate directories, complicated app rollouts, and an overly complex identity management system as a whole.
Brink estimates the operational impact of “status quo” identity and access management to be about $3.5M for manufacturers.
He asserts there is a 90% likelihood of the cost exceeding $50K and a 10% likelihood of it exceeding tens of millions of dollars. Managing user identities with a single Identity and Access Management (IAM) platform can be a much more cost-effective option.
What to look for in a solution
Manufacturers need an identity solution that supports the complexity, diversity, and scale of your applications and user populations - whether they are managed on-premises or in the cloud.
OneLogin offers single sign-on, multi-factor authentication, real-time Active Directory integration, and comes pre-integrated with more than 5,000 apps, including SAP, Oracle, G Suite, and Office 365.
“The login process has been very streamlined with OneLogin. I sign-in once in the morning and then I don’t have to enter my login credentials again, regardless of whether I am accessing Office 365 or ServiceNow.” - Randy Moon, senior manager of IT security at Steelcase.
OneLogin supports access for all organizations - regardless of where they are in their cloud-adoption journey. Whether your company data lives in the cloud, on-premises, or some combination of both, OneLogin provides secure access to all of your apps, in addition to the full set of Cloud IAM features.
Get a free demo here, and see if OneLogin is a fit for your organization. Or click here to get the full Aberdeen report, as well as unlimited access to our entire resource library.