A Verizon 2016 report on security found that two-thirds of breaches now involve stolen credentials. Another recent report from the analysts at Forrester Research Inc. found that 80 percent of breaches involved privileged or root accounts for infrastructure and so forth.
The takeaway, says Tom Kemp, chief executive officer at Centrify Corp., is that a simple username and password are not cutting it in today’s information technology landscape.
“If two-thirds to 80 percent of breaches involve identity, we fundamentally believe you need to focus more on that,” he told John Furrier, host of theCUBE, SiliconANGLE Media’s mobile live streaming studio, at SiliconANGLE’s Palo Alto, California studio to discuss news from the Google Cloud Next 2017 event.
The move to cloud compounds this problem, according to Kemp. Users on mobile devices like iPads on public networks provide rich hunting ground for hackers. In those situations, “I don’t have any antivirus; I’m not using a next gen firewall or VPN, etc., so the focus needs to shift to securing the user,” he said.
That is too bad for those already annoyed by one or two security questions a site might ask. Kemp says he’d prefer they ask four or five if something — such as location — looks suspicious.
“In a cloud world, identity should be redefined in terms of your applications, your device, your location and your activities,” he said, adding that machine learning can alert a system to unusual behavior. He said mentioned that bio-metrics on devices can also be extremely useful.
Google Cloud lagging in security
So just how do cloud providers stack up in the new cybersecurity? In this area, Google Cloud has work to do to bring itself up to par, Kemp suggested. “I think that other vendors like Microsoft are really more heavily investing in areas that we’re in, such as identity,” he said.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Google Cloud Next 2017.