The traditional perimeter is eroding due to the mass adoption of cloud computing, the proliferation of SaaS applications, and a major rise in the number of identities — both human and non-human — that businesses are now required to secure. To learn more about the implications of this important shift in how organizations protect themselves, we commissioned a survey with Dimensional Research. More than 1,000 IT security professionals responded, revealing some important insights.
The Identity Sprawl Challenge
Today, identity is the new perimeter, but according to our research, many security professionals aren’t equipped to handle the significant increase in digital identities. This has been driven by the shift in technology and the way we work, and over the years many security professionals have overlooked the surge in user identities that’s occurred. In fact, 8 out of 10 security professionals reported that the identities they manage have more than doubled, and 25 percent reported a 10X increase in digital identities during the same period.
This phenomenon - known as identity sprawl - is a critical obstacle that businesses are challenged to overcome, and it’s making them extremely vulnerable to attackers. With 95% of security professionals reporting challenges in managing identities, it’s clear that many aren’t equipped to address this dramatic increase.
The Implications of a Siloed Approach to Identity Security
Though identity security has been around for decades, it’s an area that many security executives still aren’t approaching in the correct way. Today, half of all companies report that they’re using more than 25 different systems to manage access rights. Worse, more than one in five respondents said they use more than 100 systems.
This fragmented manner for addressing identity security, where businesses operate in silos, is creating an entirely new threat vector that’s putting businesses in harm’s way. Today, 85 percent of organizations have employees with more privileged access than necessary, making it easier for attackers to exploit unknowing internal stakeholders to gain access to a given organization. What’s even more concerning is that only 12 percent of professionals are fully confident they can prevent a credential-based attack.
With identities and credentials being organizations’ 'crown jewels ', the siloed nature of identity security has been the common thread behind the cyberattacks that have shaken the industry over the last year. Just take a look at SolarWinds, Colonial Pipeline and the Twitter hack. All of those companies were victims of identity-based cyberattacks – where bad actors gained unauthorized access to their networks to steal sensitive data and account information. Unfortunately, these types of breaches aren’t few and far between, and if companies don’t beef up their identity security practices we’re going to continue to see these attacks occur.
Taking a Critical Step Toward Cyber Resilience
To mitigate potential identity exploitation, organizations need to start looking at identity security in a holistic way. Luckily, many security professionals are aware that an end-to-end approach is a viable option, with 50 percent of professionals stating that the unification of identities and accounts is needed to better respond to evolving market conditions. Further, two-thirds of professionals said that a unified platform would streamline their approach and help them take the next step in enhancing their overall cybersecurity posture.
For many, however, the challenge is that most organizations don’t have access to that type of solution. That's where One Identity comes in. With our Unified Identity Security Platform, we bring together best-in-class Identity Governance and Administration (IGA), Identity and Access Management (IAM), Privileged Access Management (PAM), and Active Directory Management and Security (ADMS) offerings into a single, integrated offering. This converged platform enables customers to tame identity sprawl and shift from a fragmented to a holistic approach to identity security.
To learn about how One Identity can help your organization tame identity sprawl, visit here. You can also learn more about the results of our Identity and Security global survey here.