Solve the Breach, Save the Day: Behind Our Appearance at IDM June 2019

Posted on 1 July 2019

This year’s IDM June may be over, but we’re still being asked why we brought a game to an identity conference. Here’s your answer.

Held twice a year to packed crowds, Whitehall Media’s IDM London conference is a stalwart of our event calendar; we can’t imagine a year without a double helping of IDM. This year was no different, with eager delegates clamouring to learn, and powerhouses of the identity world ready to share their knowledge in kind.

It’s no surprise that IDM is growing in popularity every year – identity and access management itself is becoming more prominent in a world where personal data and sensitive information have become treasured.

Naturally, we’re experts at that (it’s in the name), but we were keen to bring something different to IDM again this year to illustrate how organisations can secure their data through identity. In 2018 we brought a beach; in 2019 we brought ‘BREACH!’.

About the Game

The story behind our interactive activity, BREACH!, will sound all-too-familiar to some: an organisation’s data has been leaked, and six suspects have been identified. Although they’re not necessarily criminal in their behaviour, each of them has engaged in risky behaviour of some kind.

As players click through to learn about each of the suspects and how they might have caused the breach, they have the opportunity to learn about preventative measures their own organisation might consider – and that’s the key to this year’s theme.

Spoiler alert: all of our suspects were to blame in their own way, and many of the attendees who joined us in the BREACH! tent confessed to finding the characters and situations startlingly familiar. In truth, their backstories all draw on real world events – including our experts’ own experiences.

Identity Underpins Security

At the heart of BREACH! lies a very simple lesson: organisations must provide their employees with the support and tools necessary to remain safe – it can’t simply be left to the individual.

So what are the tools organisations need to adopt to prevent something like this happening in real life? Well, it starts with identity and access management (IAM).

When it comes to securing internal threats, identity underpins security – as we saw with our characters.

Here are a few examples:

 

Harry is a former freelancer who uses his own, unprotected device. By implementing device management (which can secure devices, wipe them remotely, and push updates automatically), Harry can carry on using his device without leaving himself and the company open to risk.

 

John has access to multiple applications, and as such has more than a few passwords to remember. To make it easier, he’s duplicated some simple passwords and written others down – instead, the organisation could introduce single sign-on to grant secure access to all applications once.

 

Yara is new, and is having to share credentials with her colleague – even though he has access to sensitive documents outside of Yara’s remit. By automating and optimising the joiner/mover/leaver (JML) process, Yara could’ve had the correct permissions from day one, allowing her access only to what she needs.

 

Lessons to be Learned

Some of the situations in BREACH! will ring true in many organisations, but perhaps they go unnoticed. That’s why we opted for an interactive stand at this year’s IDM – to help delegates re-frame day-to-day occurrences in the context of security, and illustrate where the gaps are in their current measures.

Of course, our six suspects aren’t necessarily the only examples available; human error and organisational weakness can birth so many more scenarios. But as long as the core lesson is learned – that identity underpins security and keeps everybody safe – then leaders can adapt the scenario to their own organisations.

Hopefully, our time at IDM June 2019 helped us to achieve our goal. But with data breaches and hacks continuing to flood headlines, this is a topic we’ll keep being vocal about.

Were you at IDM but didn’t get a chance to say hello? Or got a question about anything mentioned in this blog? Get in touch with our team!

A few people we've already done it for
X