Anubha Sinha, Director, and Founder
Enterprises invest a lot into protecting data and confidentiality of information. However, the loopholes always center around a company’s staff, who unknowingly contribute to the existing issues around cybersecurity. “It is about understanding and breaking down the fundamentals of cybersecurity, educating our executives, clients, and customers while uplifting them to make an informed decision,” states Anubha Sinha, director and founder of SocialID. The company acts as a trusted advisory providing consulting services for enterprise and customer identity and access management within cybersecurity domain. SocialID focuses on the fundamentals and takes a holistic approach towards fixing the vulnerabilities. Since its inception, SocialID has gained a loyal customer base by fixing the root causes of its clients’ struggles around cybersecurity.
After collaborating with a client, the firm assesses the organization’s landscape to understand the business through rigorous interviews based on a five-tier pyramid model of policies, processes, people, assets, and data. This allows SocialID to gain a clear understanding of the internal and external users at each endpoint starting from home to office, or office to office network and how they are interacting with business-critical assets through various channels. The company then builds a Maturity Model depicting a concise environment within which the entire information system is running. Usually, the results serve as an eye-opener for the clients as they realize how people interact and access critical data, sometimes even without authentication. SocialID draws those points around control inefficiencies and provides a holistic view of the client’s security network and infrastructure loopholes through in-house built data-driven control assessments framework.
For instance, the ongoing pandemic proved to be a major burden on the health sector, which never worked remotely. A client approached SocialID, who wanted to invest in a cybersecurity program to uplift and mature their security posture, particularly within identity and access management. The aim being to ensure credentials were not compromised for their internal and external users.
They had put all their access behind a VPN to provide uninterrupted services to their patients as a quick fix.However, half of their organization was password non-compliant, with some users logging in via just a username on open URLs. As with many organizations, the client did not have the time and budget to immediately fix the issue in its entirety.Therefore, SocialID built an interim approach to tackle the immediate challenge and provide value for money.
SocialID conducted an overall assessment and built long term strategy for the organization underpinned by a control framework to reduce the identified risks associated with poor authentication and authorization services. The project required 12 months to be fully deployed. Meanwhile, SocialID secured the right identity and access management product through a third-party vendor to address the client’s identified risks and helped with its implementation. The sustainable model built by SocialID provided tactical measures and compensating controls, while the project was being delivered. It helped to fix the underlying processes while developing automation with the technology. These tactical measures also included the introduction and execution of privileged account re-validation and the implementation of SIM capabilities for the client's security intelligence team. Within three months, the client has been able to address the key risks associated with the credential compromise of around 11,000 users.
It’s about understanding and breaking down the fundamentals of cybersecurity, educating our executives, clients, and people while uplifting them to make an informed decision
Forging ahead, SocialID aims to expand its geographical footprint within Australia and APAC region whilst bringing the right talent on board who are passionate value creators, to solve identity governance problems and embark on cyber journey with their valuable customers. The company is willing to join forces with the right vendors who can provide the toolsets to solve cyber and identity-related issues. SocialID is also entertaining ideas of collaborating with the government and education sector to conduct identity and access management training programs at scale and fill the talent gap in the industry. “We can only grow if the customers, and the people around us grow together, with us”.