Why the economic downturn is the perfect time to simplify your identity data
As we begin a new year, things look bleak for the global economy. In January, the World Bank predicted global GDP to hit just 1.7 percent growth, the worst since 1993 outside of recessionary periods.
Organizations around the world are tightening their belts in preparation for lean times. Hiring freezes and reduced spending on facilities and IT are usually the natural reaction to economic uncertainty.
But while growth plans may be put on hold, the challenging times ahead may be the perfect opportunity to re-examine IT and infrastructure and processes with an eye to reduction and consolidation.
Actions such as retiring legacy infrastructure and streamlining processes are valuable cost-savers and can help boost security standing, even if broader security investments are frozen or reduced.
Identity data plays a critical role in daily operations and is a primary target for threat actors. As such, there’s no better place to start.
Why disorganized identity data is such a security threat
It’s a unique time of change for the IT industry with businesses trying to tackle three major axes -- ongoing digital transformation, continued migration to the cloud, and the movement towards Zero Trust.
IT environments tend to evolve organically over time. As organizations grow and develop their technical strategies, new layers of hardware and software are added to the IT estate, often with no real long-term plan. The focus on digitization and rapid cloud migration of the last few years accelerated this process, particularly for firms that had to quickly adapt their operations for remote working due to the pandemic.
As a result, many organizations now have IT environments comprised of a mix of overlapping, disconnected systems. Older legacy infrastructure and unused software assets are likely to still be connected to the wider network, and unable to connect to modern security protocols or cloud applications.
While most firms can no doubt make significant savings by removing old assets, the real issue is identity data. Identity is the beating heart of a modern organization, governing how human users and automated systems can access hardware and software assets. Rapid IT growth inevitably leads to identity sprawl, with each employee having dozens of identities for each asset. It can be nearly impossible to manage them all, particularly with staff coming, going, and changing roles.
Each identity presents an opportunity for a threat actor to infiltrate the IT environment and launch an attack, so the worse the identity sprawl situation becomes, the greater the risk.
Identity sprawl is more than just a security issue, however. Sorting out the mess can deliver other advantages, helping to drive efficiency and reduce costs -- more critical than ever in these lean times.
The business benefits of getting to grips with identity data
Another impact of the piecemeal nature of most IT environments is an increasing level of IT debt. As environments become more complex, managing them takes more time and resources. This creates a constant drain, as important tasks such as onboarding new joiners and provisioning access for new software becomes highly manual and inefficient.
But the impact is even more telling for large projects such as cloud migration, digitization, process automation, and implementing a Zero Trust security model. Many disparate, disconnected identities mean these types of projects will take longer to complete and deliver weaker ROI. Indeed, the cost and resources involved can often prohibit enterprises from launching these initiatives.
How to declutter identity data without breaking the bank
Radically simplifying the identity system will help to standardize environments, controlling the natural chaos within IT environments and making it far easier to apply company-spanning projects such as Zero Trust. Effective identity management also helps automate processes and drive efficiency.
Processes for joiners and leavers can be highly automated, for example. New starters are automatically provisioned with all the system access their role requires. At the same time, leavers will be disabled and deleted. Ensuring there are no unused accounts lingering in the system will boost security by closing gaps that can be exploited by threat actors.
The benefits of cost saving and security mean getting identity data control should be a high priority. So how can firms start cutting through the clutter, cleaning out years of accumulated identity data, and developing a more unified approach?
Sorting out identity sprawl is no small task, particularly for larger organizations with decades of growth behind them. Enterprises can easily deal with tens or hundreds of thousands of separate identities, often with no clear link between them and the actual employees today.
Firms need to streamline and unify their identity data into one, accessible resource. Getting to this point means discovering and cataloguing all of their identities, regardless of how they are scattered across different cloud environments and on-premises legacy systems. From here, each identity must be linked to a specific employee, creating a clear picture of the network access provisioned to each individual.
Attempting to work through this clutter manually would likely take years of manual work and be prohibitively expensive -- far from ideal in any timeframe and especially unfeasible with a looming recession.
This means a highly automated approach is the way forward. The right tools can rapidly sort through and catalogue the vast array of digital identities without putting a drain on IT resources that organizations can ill-afford right now.
Sorting out their identity sprawl will enable firms to ensure every penny counts during difficult economic times. They can confidently delete unnecessary accounts and reign in over-provisioned users with more access than they need. Clearing these old accounts will have a marked impact on security standing, drastically reducing the firm’s threat surface.
Organizations will also be able to find effective short-term savings by reducing the seat count on many of their applications and software licenses. Long-term, more strategic IT projects such as cloud migration will deliver much greater ROI without a mess of identities gumming up the works. Not only will this boost the enterprise’s security today, it will act as a springboard for future resilience.
Image credit: sqback/depositphotos.com
Wade Ellery is Field Chief Technology Officer at Radiant Logic.