The importance of stopping identity sprawl for cybersecurity

74

Article by Technical Director of One Identity APJ Serkan Cetin.

Most cyber attacks are caused by a common vulnerability – compromised credentials.

In fact, the 2021 Data Breach Investigations Report (DBIR) shows that 61% of all breaches involve malicious actors gaining unauthorized, privileged access to data by using a compromised credential. Unfortunately, it is often too late when credential abuse is detected.

Is Jane Doe in your payment system the same user as JaneD in your CRM software, and is it the same JDoe in that SaaS application? Should this person have access to all these resources and applications? If Jane has multiple accounts and is among dozens, hundreds, or thousands of other employees, how can we tell if they were hacked by a cybercriminal who would now have access to key company information?

What is identity expansion and why is it important?

Identity expansion occurs due to a combination of 3 basic reasons:

1) Increasing the number of users, including internal, external and customers.

2) Increasing the number of machine identities, such as IoT and digital workers (RPA), to automate various tasks.

3) An increasing number of accounts that exist in a multigenerational hybrid IT environment, with growing cloud and SaaS platforms.

According to the Identities and Security in 2021 report, the typical employee has about 25 accounts. Furthermore, 36% of surveyed companies in the ANZ region said that the number of identities in their organization had increased significantly (five to ten times more).

95% of security professionals reported identity management challenges, while 8 in 10 said the identities they manage more than doubled, and 25% reported a 10-fold increase in digital identities over the same period.

The attack surface also increases with identity proliferation as identities are granted accounts, access and privileges across the network and applications, spread across the hybrid IT environment, making it easier for an attacker to move laterally.

When we look at the risk of a compromised credential attack on the risk heatmap, while the consequence (X-axis) of an attack has always been considered critical, over the past 10 years, we have seen the probability (Y-axis) of an attack increase to probable and almost certain levels. Identity proliferation is one factor that increases the likelihood of this risk, and an identity strategy can be used to mitigate the risk and reduce the likelihood of risk reduction.

What causes the spread of identity?

In part, the expansion of identity can be attributed to the fact that traditional business perimeters no longer apply in today’s world.

Employees can work remotely and are not confined to a central office location, team restructuring is common in the Great Resignation era, and outsourcing, suppliers and partners are increasingly common.

Each person entering and exiting the business is assigned keys to its applications and data.

When we look at Australia’s largest employers, some of which have more than 200,000 employees, we can see that each business could manage millions of accounts, making it nearly impossible to keep track of who can access what.

Additional factors, such as digital transformation, expansion to cloud and SaaS platforms, and increased use of machine identities and bots, further complicate the situation with tracking all different types of identities across platforms.

The more people who have given away the keys to a business’s data, the more entry points are available to cyber attackers looking to gain access to its most valuable resources. To strengthen security and prevent perimeter breaches, organizations need to address identity proliferation.

What can be done?

An identity strategy is key to helping close the security gap caused by identity proliferation. This includes a three-step approach to understanding and solving problems and future-proofing your business for continued staff and identity growth.

1. To unite

Intelligent platforms can aggregate and centrally connect identity data into a secure structure that ensures administrators have visibility over all identities, accounts, and rights across the organization. This immediately gives organizations visibility.

2. Confirm

Once identities are unified, businesses should continuously authenticate, authorize and validate accounts before granting access to platforms to ensure that users access only what they need, when they need it, and for a period that is logical and does not pose a risk to security. This is a key step that also helps implement Zero Trust principles, including least-privilege access models and Just-In-Time access.

3. Adapt

The cybersecurity landscape is constantly changing and new vulnerabilities are always being discovered. Business leaders and IT and security professionals need to be aware of the risks posed by identity theft, sharing or inappropriate use for malicious attacks. This starts with an inside-out approach to security practices.

Identity proliferation is a critical hurdle that businesses must overcome and leaves them extremely vulnerable to attackers. With a dedicated effort to control identity proliferation, as well as using a unified approach to the problem, companies can reduce cybersecurity risks and instead position identity management as a security force.

There are various methods, technologies and processes to implement these three steps. However, it is critical that all components of identity security collaborate and work together as a single solution. A unified platform approach where identity data, such as risk profiles, access, rights and usage, is shared across authentication (IAM), identity management (IGA) and privileged access (PAM) will be key not only to taming identity proliferation, but and for enabling you to maximize impact over time.

Comments are closed.