Why IAM alone is no longer sufficient to defend against today's evolving threat landscape

It’s a fact -- today’s businesses are using multiple, fragmented identity management tools to control access; and most are even paying for identity tools that they’re not even using. A recent survey found that 52 percent of organizations manage over 10,000 digital identities and 96 percent of those organizations have multiple identity management tools in place. More doesn’t always mean better protection, as 89 percent of organizations surveyed were still hit by an identity-based cyberattack in the last year.

Identity sprawl is a real thing and it’s an obstacle that is making many organizations more susceptible and more vulnerable to attacks.

Misguided enterprise investments in identity access management (IAM) solutions are directly impacting companies’ overall security posture -- and proving to be insufficient in defending against today’s constantly evolving threat landscape. When companies invest in multiple tools they potentially increase risk by creating gaps in coverage, costing organizations time and money and decreasing productivity as IT teams have to duplicate their efforts across multiple systems.

But, it’s not just the tools’ fault.

Since the inception of IAM tools, companies have been forced to use multiple solutions to manage individual pillars of access control. And each pillar has its own needs and rules, further complicating the situation. Not to mention that many of these systems are also operating in silos, with very little (if any) interoperability between them. This fragmented approach coupled with digital transformation initiatives has only upped the ante and the rise in credential and identity-based attacks and solidifies the need for something different. Today’s companies need to take a closer look at their defenses and change their overall approach if they want to truly improve their security posture.

Identity management solutions must evolve alongside the threat landscape

The traditional brick and mortar workplace is almost obsolete, meaning the security perimeter built on infrastructure devices is no longer sufficient to protect an organization’s dispersed assets -- employees, contractors, partners, suppliers, etc. The new dispersed business norm has increased the blast radius of a potential breach and the increase in identities has further exacerbated the issue. Therefore, minimizing that blast radius is key to protecting your people, applications and data.

Identity security is vital in the process and effectively managing identity security ultimately minimizes an organization's overall risk. But, traditional, fragmented IAM security is no longer effective. Instead, there needs to be a convergence of identity management -- a unified identity platform approach, to improve identity security.

A unified approach to identity security

Security and IT professionals leverage more than just IAM to manage access rights. They also use identity governance and administration (IGA), privileged access management (PAM) and active directory management and security (ADMS) in the workplace. And each area is oftentimes addressed separately, leading to inconsistencies that could be easily exploited and targeted by a cyber threat actor.

Piecing together tools and processes and hoping they work together as they should is no longer a viable option paired up against today’s threat landscape. A fragmented approach does not work. Organizations must shore up their security from the inside out and they should do so via a unified approach -- one that recognizes identity as the new perimeter.

A unified identity platform for access and identity management that encompasses IGA, IAM, PAM and ADMS would greatly benefit an organization’s identity management strategy and close the exposure gap.

Closing the exposure gap

Unifying your organization’s approach to identity security and protecting your organization amidst the identity sprawl phenomenon is doable and allows security professionals to:

• Take a holistic approach. Taking steps to unify all of your identities will optimize visibility.
• Apply automated orchestration to the process. Optimize and plan for frictionless governance among identity and privileges. This can help streamline the overall process.
• Seek out deep insights and analytics. Robust analytics can help organizations anticipate, detect and take action on emerging threats.
• Adapt the process. Being able to quickly adapt and pivot to changes is vital. This may include user roles and responsibilities, changes to infrastructure and new/developing threats.
• Continue to validate and verify identities. Always validate and verify users before granting access, acknowledging who the user is, what they should have access to and for how long.

Benefits of unified identity platforms

Organizations must change their stance on identity management to better protect themselves from potential cyberattacks. A unified approach can secure organizations and help security professionals better manage their security controls. By centralizing security processes, this approach can help boost operational efficiencies and improve auditing and compliance processes. A unified approach to identity management can also mitigate identity sprawl and drive an organization’s digital transformation efforts.

Credential-based attacks have hit every industry and there’s no sign of these attacks stopping any time soon. While identity management tools can help thwart such attacks, they can’t do it alone.

Deploying multiple identity management tools dependent upon access isn’t the answer either -- as tools often don’t work together, making it impossible to effectively protect an organization from the barrage of cyberattacks coming their way. Today’s businesses must take a closer look at their defenses and ultimately change their approaches to identity management if they want to truly improve their security and stay ahead of the curve. This involves changing their IAM mindset from a disparate, tool-based approach to a more unified identity approach to be more effective.

Image credit: IgorVetushko/depositphotos.com

Larry Chinski is Global Vice President of IAM Strategy One Identity. He is responsible for the overall field execution (both inbound and outbound) for One Identity as it relates to Identity Management, Privileged Account Management, User Account Management, and SaaS. Chinski is also responsible for the integration of One Identity solutions and technical alliances in such areas as hyper automation and web access management. Chinski has been in the IT industry for over 25 years, with a specific focus on IAM the last 15 years. He has worked with the largest customers in the world, and has helped to design and implement multiple solutions across a wide variety of industry verticals.