SPHERE’s Vice President of Engineering, Rosario Mastrogiacomo, was featured in TAG Cybers Quarterly Security Annual in the October, 2022 issue with a contributed interview, “Establishing Identity Hygiene To Secure Enterprise Assets with SPHERE” download the full annual here:
A major goal for any enterprise is to ensure that only desired individuals and groups are authorized to access information in applications and systems. This requires that proper identity hygiene be ensured throughout the access lifecycle, since securing assets can only be done with accurate and complete identity information. SPHERE offers a platform that enables identity hygiene through the use of actionable intelligence from the infrastructure. We spent some time recently with the SPHERE team to learn more about identity hygiene, as well as how data sources are identified and remediation is achieved at scale.
TAG Cyber: What is identity hygiene and why is it important for enterprise?
Rosario Mastrogiacomo: Identity hygiene is a combination of activities that organizations perform to maintain the security of their data, infrastructure, and applications. It’s a practice that people and enterprises just know they need to do—very similar to personal hygiene. We know we need to brush our teeth and shower on a regular basis because if we don’t, our hygiene gets worse and ultimately, our whole body is at risk. Identity hygiene follows the same concept and that’s what SPHERE delivers. It’s a practice that companies have been trying to do for many, many years, but with different levels of success. If you don’t address your identity hygiene, security issues and breaches are almost certain to happen. What SPHERE does is look at the human involved. We look past the account and focus on the identity to determine the risk. Take Bob Smith for example. It’s not about Bob Smith’s account, it’s about the human, Bob Smith, and what he actually has access to versus what he should have access to. Databases, applications, SharePoint sites—we look at all these things to get a fundamental understanding of who Bob Smith is, who that identity is, and all the accounts Bob controls. This is truly the cornerstone of enterprise security in today’s age. It’s focusing on the human, whereas in the past, it was always just about the account. Fundamentally, you must go past the account and look at who is controlling it and the role that person has in the organization to understand and establish identity hygiene.
TAG Cyber: What are the major components of the SPHERE platform?
Rosario Mastrogiacomo: The platform is made up of four major components: connectors, receivers, the business intelligence layer, and the user interface. The connectors go out and collect data from target systems, while receivers listen for activity data. Our BI engine is where all the magic happens. The engine takes the collected data, correlates it, and finds ownership and security issues. What we do with this raw data is the value-add we provide, the reason for the product, and why customers really, really love our products and services. Once we have processed all this raw data, we introduce the final component, the user interface. Through our ARM workflow tool, users can interact with data owners to move on to the next step: remediation. This is where users can remediate, solve issues, and achieve a state of clean, clear identity hygiene.
TAG Cyber: How does your solution integrate with identity and access management (IAM) and other related enterprise protection systems?
Rosario Mastrogiacomo: We integrate in two different ways. We pull data from a lot of IAM solutions, because it enhances our algorithms. We do this by leveraging a connector that pulls data to do additional analysis, which enhances our workflows. But we can also send data to systems, where we essentially clean the data, apply hygiene, then feed or send it to the IAM database. We call these IAM feeds or SPHEREfeeds.
TAG Cyber: Tell us more about how data is collected, analyzed and used to remediate issues.
Rosario Mastrogiacomo: Our agentless connectors and receivers are how we collect raw data. We don’t do reporting for the sake of reporting. Our reporting is purposeful and provides paths for remediation. To that end, our connectors are also purposeful, they collect the bare minimum of raw data we need in order to accomplish this goal.
TAG Cyber: Can you share some insights into the future of cyberthreats in the upcoming years?
Rosario Mastrogiacomo: I think the biggest issues that people must grapple with involve two different trends: control over technology and how control over access is moving away from the technology department and instead going directly to the end user. Think SharePoint sites, Dropbox, OneDrive…all these technology platforms are going straight to the end user and allowing them to share data. In the past, people would have to go to their IT person to ask permission to share and collaborate with a colleague on a secure platform or be forced to email their colleague with an attachment. Now, we’re moving in the direction where IT isn’t involved, and an end user presses a share button to collaborate without the IT team even knowing. This is great for an end user—no more roadblocks, no more extra steps in collaboration—but a nightmare for IT. Oversharing is a huge issue companies have to grapple with. We must get sophisticated enough to understand the difference between good sharing and bad sharing. Sharing and collaborating are necessary and, in some instances, critical to the success of a business, but “bad sharing” is a real security threat.
So why do we overshare? The more data, the better, right? There is the idea that advanced analytics and machine learning can add value to a worker. That extra data can be fuel for new, sophisticated algorithms and offerings for the organization that ultimately provide data for new sales or marketing opportunities that help the business grow. Sounds great. But that counters the idea of limiting data for security threats and giving employees the bare minimum of what they need to do their job. It’s a battle, which means we need to find a balance. An appropriate amount of sharing, yet not enough to hinder or limit the data an individual can use and access, but also not threaten or risk the business. At the end of the day, employees are processing information to better the business based on the data they’re able to access. This is how we mitigate future threats. The idea is to provide the data needed to find new opportunities, while avoiding insider threats and security issues that compromise security.