Risk Management Show Identity GRC and Why Authentication Alone Isn't Enough: Frank Vukovits Explains
Aug 20, 2024
Frank Vukovits, Chief Security Scientist at Delinea and a veteran in audit and compliance, discusses the shortcomings of relying solely on authentication for cybersecurity. He emphasizes the critical need for authorization and least privilege access to fortify defenses against both internal and external threats. The conversation dives into the evolution of identity governance and its impact on risk management, highlighting the essential collaboration between business owners and cybersecurity teams to enhance security and mitigate fraud.
AI Snips
Chapters
Transcript
Episode notes
Over-Provisioning in SAP
- Frank Vukovits uses the example of setting up a new AP clerk in SAP to illustrate over-provisioning.
- He highlights that standard roles often grant excessive access, creating potential risks.
Authorization's Importance
- Authentication alone is insufficient for robust security.
- Authorization is crucial because it dictates what authenticated users can do, limiting the damage from compromised accounts.
Manual Audits
- Frank Vukovits recalls the cumbersome process of obtaining security reports in the past.
- It involved manual retrieval from mainframes and cross-referencing with HR systems, highlighting the progress in access management.