The Importance of Stopping Identity Sprawl for Cybersecurity

Article by Serkan Cetin, Technical Director, One Identity APJ.

Most cyber-attacks are caused by a common vulnerability: credential compromise.

In fact, according to the 2021 Data Breach Investigations Report (DBIR), 61% of all breaches involved malicious actors gaining unauthorized and privileged access to data using compromised credentials. doing. Unfortunately, once misuse of credentials is detected, it is often too late.

Is Jane Doe in the payroll system the same user as JaneD in the CRM software and JDoe in the SaaS application? Should this person have access to all these resources and applications? If you have multiple accounts and are among dozens, hundreds, or even thousands of other employees, whether they were hacked by cybercriminals who gained access to sensitive company information How can I detect

What is identity sprawl and why is it important?

Identity sprawl is caused by a combination of three main reasons:

1) Increased number of users, including internal, external, and customers.

2) An increasing number of machine identities such as IoT and Digital Workers (RPA) to automate various tasks.

3) As cloud and SaaS platforms expand, the number of accounts across multigenerational hybrid IT environments continues to grow.

A typical employee has about 25 accounts, according to the 2021 Identity and Security Report. Additionally, 36% of surveyed companies in the ANZ region said the number of identities in their organization had increased significantly (5-10x).

95% of security professionals report having trouble managing identities, 8 in 10 report more than doubling the identities they manage, and 25% see a 10x increase in digital identities over the same period I reported.

With identity sprawl, the attack surface also increases, facilitating lateral movement for attackers, as identities are granted accounts, access, and privileges across networks and applications, and spread across hybrid IT environments.

Looking at the risk of attacks from compromised credentials in the risk heatmap, the outcome of an attack (X-axis) has always been considered severe, but over the past decade, the likelihood of an attack (Y-axis) increased to a nearly constant level. Identity sprawl is one of the factors that increase the likelihood of this risk, and identity strategies can be used to reduce the risk and the likelihood of mitigating it.

What Causes Identity Sprawl?

In part, identity sprawl can be attributed to the fact that traditional boundaries of business no longer apply in today’s world.

Employees can work remotely and are not limited to the headquarters location. Team restructuring is common in times of great resignation, and the use of outside contractors, suppliers, and partners is becoming increasingly common.

Each person entering or exiting a business is given a key to its applications and data.

Looking at Australia’s largest employers (some with over 200,000 employees), each manages millions of accounts, making it nearly impossible to track who has access to what It can be seen that

Additional factors such as digital transformation, expansion to cloud and SaaS platforms, and increased use of machine and bot identities further complicate the situation of tracking all different identity types across all platforms.

The more people you give keys to your business data, the more entry points available to cyber attackers looking to gain access to your most valuable resources. To increase security and prevent perimeter breaches, the organization needs to address her identity sprawl.

What can you do?

An identity strategy is essential to closing the security gaps caused by identity sprawl. This includes his three-step approach to understanding and addressing problems, future-proofing businesses for continued talent and identity growth.

1. Unify

An intelligent platform can consolidate and centrally correlate identity data into a secure fabric structure. This ensures administrators have visibility into all identities, accounts, and entitlements across the organization. This gives your organization immediate visibility.

2. Confirm

Once identities are unified, businesses can continuously authenticate, authorize, and validate accounts before granting access to the platform to ensure users only do what they need, when they need it, and in a logical and risk-free way. should be accessible only during periods that do not result in safety. This is an important step that also helps implement Zero Trust principles such as the least privilege access model and just-in-time access.

3. Adapt

The cybersecurity landscape is constantly changing and new vulnerabilities are being discovered all the time. A business leader and her IT and security professionals should always be aware of the risks posed by identities being stolen, shared, or inappropriately used for malicious attacks. It starts with an inside-out approach to security practices.

Identity sprawl is a significant obstacle that businesses must overcome, making them highly vulnerable to attackers. By working to control identity sprawl and using a unified approach to the problem, businesses can reduce cybersecurity risks and instead position identity management as a security strength.

There are various methods, technologies, and processes to implement these three steps. However, it is important that all identity security components work together and work together as an integrated solution. A unified platform approach where identity data such as risk profile, access, entitlement, and usage is shared across authentication (IAM), identity governance (IGA), and privileged access (PAM) not only reduces identity sprawl, but also saves time. Maximize impact over time.