Modernizing Identity Security Amid an Evolving Threat Landscape

By Ben Cody, Senior Vice President, Product Management, SailPoint [ Join Cybersecurity Insiders ]
813

While it’s true that most businesses understand the importance of identity security, the sector has evolved considerably in recent years. Five years ago, remote work was relatively rare—now it’s practically the norm. What’s more, a growing number of businesses are turning to third-party providers for critical services like workforce management, cybersecurity, and dozens of other services. This is all powered by Software-as-a-Service (SaaS) and Secure Access Service Edge (SASE) adoption. As cloud (and multicloud) environments become increasingly common and businesses open their application infrastructure up to a growing number of third parties, the number of identities in use has also grown exponentially.

A rising percentage of these identities that are taking on more prominent roles can be classified as machine identities. As more and more processes become automated, they need to be able to talk to one another using viable credentials. Cloud applications, robotic process automation (RPA) solutions, service accounts that are used to access servers and databases, and countless other nonhuman entities need identities of their own in order to communicate effectively and function correctly. Applications need to share and access data. Cloud workloads need to start up and shut down. The modern digital landscape is extremely dynamic—a big change from older, more monolithic servers. There are often thousands of containerized workloads present within a system, rather than a single program. This has dramatically increased the number of identities in use. The volume of identities in use today and the scope of the security threats that businesses face mean automation isn’t just helpful: it’s mandatory.

The other half of this equation is the fact that data generated by (and accessed by) these identities has also exploded. Even ordinary user identities now have more complex data access needs, with the line between “sensitive” and “non-sensitive” data becoming increasingly muddied. The ability to manage access across both structured and unstructured data has become essential. Traditionally, many organizations simply ignored the problem of data access, instead focusing exclusively on application access. But ultimately, it’s data that needs to be secured—and turning a blind eye is no longer an option.

Understanding the Threat to Identity 

What makes identities particularly vulnerable right now? For starters, while businesses increasingly recognize that attackers are targeting identities, there are still relatively few protections in place. Malware detection solutions have become extremely adept, which has made it harder for attackers to use traditional attack vectors. That’s a good thing—but it has forced attackers to look for other ways to break into their victims’ environments. Many do this by exploiting identities, and it’s easy to understand why: any security or IT professional will tell you that human beings are the weakest point in any system. It’s a lot easier to trick someone into handing over their username and password than it is to evade modern malware detection solutions. Think of it like stealing a key instead of breaking a window. An attacker who gains access using a legitimate identity will be a lot harder to detect than one who breaks in.

This isn’t just idle speculation. The most recent Verizon Data Breach Investigations Report (DBIR) highlights the fact that 68% of breaches involve a non-malicious human element, such as an employee falling victim to a social engineering attack. The report also notes that stolen credentials have played a role in 31% of all breaches over the past 10 years—and last year alone, they were present in 38% of breaches. These findings underscore the fact that attackers have zeroed in on identities as a vulnerability they can easily exploit. Phishing attacks are becoming increasingly effective (especially as attackers leverage generative AI tools to craft more convincing emails), and as security tools become better at recognizing and blocking malicious attachments, attackers are instead tricking users into giving away their own information. According to the DBIR, it takes the average phishing victim just 28 seconds to enter the requested data after falling for a scam, and just 20% of users successfully identify and report phishing emails. Those are worrying numbers.

It’s worth noting that there are relatively simple solutions like multifactor authentication (MFA) that make it significantly more difficult for attackers to use compromised credentials. Yet while organizations understand the value of MFA, relatively few of them are using it. In fact, an alarming number of big businesses—including those in highly regulated industries—operate without MFA. Unfortunately, organizations can often be distracted by innovative new security solutions when they would be better served by shoring up their fundamentals. Failing to prioritize straightforward solutions like MFA makes attackers’ lives easier and gives them an unnecessary advantage.

Ransomware and Supply Chain Attacks Still Reign Supreme

Of course, social engineering is far from the only identity-related attack vector today’s adversaries use. Ransomware continues to dominate the attack landscape, and threat actors regularly leverage compromised identities to elevate their own privileges and gain access to more important systems (such as those associated with data backups). Far too many organizations today prioritize easy internal access over security, overprovisioning identities with more entitlements than they actually need. This makes an attacker’s job painless, allowing them to move laterally throughout the network, often undetected, accessing (and encrypting or stealing) a broad range of data. The more lax an organization’s entitlement policies, the more information an attacker will have access to—and the more damaging a breach is likely to be.

Third-party attacks also continue to make headlines across nearly every industry. The SolarWinds breach was a wake-up call for many organizations, driving home the far-reaching impact that supply chain attacks can have. In the years since that incident, attacks on companies like Okta and MOVEit have only further highlighted the danger. Today’s businesses don’t just need to worry about their own identities—they need to worry about their partners, vendors, SaaS providers, and others, too. A single compromised identity with just a little too much access can cause serious problems—not just for you, but for your entire partner ecosystem. At a time when the average cost of a data breach is nearly $10 million in the US, the need for strong identity security has never been felt more keenly.

Automation Is an Essential Part of Modern Identity Security 

Manual identity management might have been possible at one point—but those days are long gone. Doing so would require spreadsheets with hundreds of thousands of records, correlated across entitlements from every system. Microsoft Excel maxes out at one million rows—and you’d need at least that many to manage all the identities and entitlements at even a modest-sized company. And that doesn’t even factor in the personnel resources that would be required to keep track of identities and permissions across the organization. It might take a dozen people weeks or months just to catalog all of the identities in use—and by the time they were done, the information would be outdated anyway. The modern digital landscape moves quickly, and that means identities need to be managed in real time if organizations want to adequately protect themselves.

Fortunately, cybersecurity automation has come a long way in a relatively short span of time. Today’s organizations don’t need to rely on diligent employees manually managing their identities—modern solutions can seamlessly identify and correlate identities and entitlements in a fraction of the time (and without the pesky challenge of human error). What’s more, they can do it instantly, monitoring how identities behave and what data they typically access, allowing them to eliminate unused permissions or recommend adding additional permissions where appropriate. This helps ensure that organizations adhere to the “principle of least privilege,” granting identities only the minimum access they need to perform their essential functions. That means that if an identity is compromised by an attacker, that attacker will only be able to access the systems essential to that identity’s function. This makes it significantly more difficult for attackers to move throughout a network, limiting the potential damage they can inflict in an attack.

The ability to learn what “normal” behavior looks like for identities also helps organizations identify anomalies or potential attack activity. Modern identity solutions can notify security personnel if an identity repeatedly attempts to access unauthorized systems or data, or if an identity is provisioned outside the standard process. This makes it difficult for attackers to operate unnoticed, even when they gain access using legitimate user credentials. In today’s threat landscape, perimeter protections aren’t enough, and a robust identity solution cannot stop monitoring identities at the moment of access. Instead, they need to monitor how those identities behave over time—what systems and data they access, when they access it, and from what location. The result is a real-time identity management system that can grant access privileges in a responsive and dynamic manner while also identifying potential attack activity as it occurs.

The First Steps Toward Strong Identity Management

One of the great things about improving identity security is that you don’t need to do everything at once. Every small step in the right direction can make the organization more secure and resilient against today’s attackers. One of the first (and most crucial) steps an organization can take is to implement multifactor authentication (MFA). No, MFA isn’t perfect, and yes, determined attackers can find ways to circumvent it. But it’s important to remember that what attackers usually want is an easy score—and adding additional friction can often prompt them to seek out a different target. It may sound simple, but it’s critical—and effective. Security awareness training also goes a long way. It’s not enough on its own (people still make mistakes, after all), but educating users on basic digital hygiene can help them not only understand how to protect themselves better, but also understand why it’s important.

Finally, implementing a truly modern identity solution is critical. Not so long ago, identity management solutions had a reputation for being difficult and time-consuming to implement, leading many organizations to drag their feet. That is no longer the case—and it hasn’t been for a while. Thanks to modern automation capabilities powered by AI and machine learning, the process of inventorying systems and users and correlating their access needs across the organization can be completely extremely quickly. Modern solutions can quickly identify birthright roles and demonstrate where there are opportunities to safely add or remove privileges. This can significantly reduce the time to value for organizations, especially at a time where the cyber labor shortage is causing headaches across many industries. Automation can also address the tedious process of integrating applications into the identity solution—referred to as onboarding—significantly reducing time to value.

It’s increasingly important to make sure identities can securely access the systems and data they need, and today’s identity solutions streamline the implementation process to deliver new efficiencies quickly. It’s not just about security anymore—modern identity management offers clear productivity gains as well.

Identity Security Means Safer Data, Greater Productivity 

Attackers are smart. They understand that identities are vulnerable, and that poor identity management can allow them to leverage a single compromised identity into a significant breach. But today’s organizations don’t need to do it alone. Identity management and security solutions have come a long way over the past several years, automating the process of discovery and allowing organizations to keep up with evolving access and entitlement needs effectively in real time. What’s more, these solutions can monitor for suspicious activity from existing identities, enabling organizations to more reliably and accurately detect and remediate attacks in progress. By modernizing their approach to identity management and security, organizations are able to not only keep their data safer than ever, but enable exciting new productivity gains as well.

Ad

No posts to display