IAM in the Infrastructure Sector

Identity Access Management for Water, Energy & Transportation Services

Utility companies, public transport, sanitation, water treatment: These are the lifelines of modern society. Any disruption of the services provided by critical infrastructures like these has massive social and economic consequences. Take the Colonial Pipeline hack, for example, which led to gas shortages and consumer panic across the East Coast of the United States.

The shutdown was caused by a ransomware attack against the pipeline’s operator, who was forced to suspend operations for five days before service could be restored (after making a ransom payment of nearly $5 million). The use of networked components in industrial control systems and similar equipment has made the operational technology (OT) of infrastructure companies increasingly vulnerable to hackers and malware. As a result, securing these critical systems against digital threats has become all the more important.

Critical Infrastructure Cybersecurity

Given the growing threat posed by hackers and cybercriminals, the cybersecurity of critical infrastructure has become a major focus for countries around the globe. In the US, the responsibility of safeguarding key services falls primarily on the Cybersecurity & Infrastructure Security Agency (CISA), though individual sectors are subject to specific regulations, such as the standards set forth by the North American Electric Reliability Corporation (NERC).

Until now, CISA has focused on voluntary frameworks for cybersecurity that organizations can choose to implement. However, this approach may shift if the pressure of cyberattacks continues to rise. To prevent outages, the US may have to follow the example of countries like the UK, where the NIS regulations lay out strict compliance goals for the operators of essential services (OES) in areas such as anomaly detection, system security or identity and access control.

White Paper: IAM Best Practices

Download our free white paper to learn how to best handle access rights in Microsoft® environments.

Download Now

[WEBINAR] The Top 5 Reasons You Need Access Management

Do you know WHO in your organization has access to WHAT? If the answer is “no”, chances are you are not using an Identity and Access Management solution – and that means your company is at high risk for data theft!

In this webinar, we cover the Top 5 Reasons you need an IAM software solution and illustrate how IAM can help you meet your compliance goals and protect you from ransomware, insider threats and more!

Sign up now

Manage Digital Risks and Compliance Challenges with tenfold IAM

To achieve compliance with current and forthcoming cybersecurity regulations, organizations are required to implement the Principle of Least Privilege, a cybersecurity best practice based around limiting access rights in order to prevent misuse and identity-based attacks. By providing a central platform for managing user accounts and permissions, tenfold makes it fast and easy to limit access in accordance with this principle.

The first step towards removing unnecessary access rights is an approach known as role-based access control: Instead of assigning permissions directly to users, tenfold manages access to IT resources using roles, which bundle the default permissions needed in different departments or positions. By analyzing the permissions held by existing users (role-mining), tenfold will help you find the optimal configuration for your business.

Once roles have been defined, all you have to do is assign new users to the right role(s) and tenfold will automatically provide them with all corresponding permissions. Thanks to numerous built-in plugins, tenfold can make the required changes across all key systems: your local Active Directory, Azure AD and Microsoft 365, as well as various third-party applications.

Full Reporting & Documentation

The default permissions assigned via roles are a great starting point, but individual users often require additional permissions to carry out specific tasks or take on more responsibilities. In tenfold, users can request any permission they need through a self-service interface. Their request is forwarded to the relevant data owner, who will be asked to approve access and regularly check all permissions they have granted (user access review).

All changes made to access rights, including approved requests and the results of access reviews, are automatically documented for later audits. That’s not all: Our powerful reporting tools make tracking permissions a breeze. With just a few clicks, you can list all users with access to a specific folder or generate a detailed breakdown of the effective permissions held by a specific user.

See tenfold In Action!

Experience tenfold live with our video overview
and see how easy access management can be!

View Demo

See tenfold In Action!

Experience tenfold live with our video overview
and see how easy access management can be!

View Demo