Breach by Breach: Why Traditional IAM Is Now Obsolete

The adoption of cloud services and the shift to remote work have rapidly expanded the attack surface. In many ways, identities are arguably now at the frontier of cybersecurity – which means traditional identity and access management (IAM) approaches are increasingly inadequate.

Cyberattacks are also growing in sophistication, in part through exploiting vulnerabilities in the traditional, fragmented IAM systems that many companies are still using.

In this article, we explore why traditional IAM is no longer sufficient. We also explain how consolidating IAM functions can help companies establish a more cohesive security posture.

Isolated identity platforms bring security risks 

It’s common to approach IAM by using separate tools for each distinct priority: privileged access management (PAM) and identity governance and administration (IGA), for example. 

It may appear to be a logical approach – why not use the best tool for the job? – but it creates a fragmented security solution, leaving organizations vulnerable to attacks. Threat actors, ever opportunistic, have learned to exploit the seams and gaps between these disparate tools.

Attackers' focus on vulnerabilities is due to ease of exploitation, rapid attack success and potential for substantial financial gain. This trend is encapsulated in the acronym EFL, representing attacks that are Easy, Fast and Lucrative.

EFL highlights a growing emphasis on efficiency and profitability in cybercrime, with attackers seeking to maximize their returns while minimizing their risk of detection.

The result is an alarming rise in breaches that target user credentials. Cybercriminals desire easy, fast and lucrative gains – so threat actors focus on obtaining these credentials, knowing they provide a direct path to valuable data and systems.

The vulnerability of isolated identity platforms highlights the urgent need for a more unified and robust approach to IAM.

An expanding attack surface

Vulnerable identity platforms are one part of the problem – the ever-expanding attack surface is the other. Potential entry points for cyberthreats are multiplying rapidly, and several factors contribute to this phenomenon. 

1. Rapid adoption of cloud services 

First, the widespread adoption of cloud services has expanded the digital footprint of most organizations. Not that long ago, companies relied on a few core systems to fulfill IT requirements – CRM, ERP, etc. – alongside perhaps an office suite and something for telephony. 

Today, companies can commonly rely on hundreds of SaaS apps distributed across vendors, each with their own IAM system and each vulnerable to compromise, and none of which are within the confines of the organization’s network.

Yes, cloud and the SaaS apps that companies use offer scalability and agility, but it also means that sensitive data and applications reside outside the traditional network perimeter, making them more accessible to potential attackers.

2. Shift to remote work 

Remote work has further blurred the lines between work and personal life, creating new challenges in securing identities, as remote work also shifts activities and data outside the confines of the office network. It’s a much bigger cybersecurity job and poses problems within the context of a cybersecurity skills gap. AI and hyper-automation can only help so much. 

3. Mixing use of devices 

Adding further complexity is the mix of employee and corporate data, as employees often either check company email on their own devices or add their personal accounts to devices. It’s yet another way employees can inadvertently expose their employer to phishing attacks and other social engineering schemes. 

Identity user credentials as breach points 

Together, these factors paint a picture of the complex and evolving threats that demand a more comprehensive and adaptive approach to identity security. 

It’s not surprising then that we’re increasingly seeing how user credentials are the most breached access point. In the bulk of these types of attacks, the perpetrators are after money. They want to get in quickly and steal as much as they can

Lucrative attacks form the foundation of ransomware. 42% of attackers go after the credentials, and there's a reason for that. Before you know it, millions of identities and put up on the dark web for sale. For attackers, these identities can turn into huge profits.

Examples of breaches 

There are many examples of serious breaches where the door was opened through an unsecured identity.  

  • Colonial Pipeline: Take the 2021 Colonial Pipeline ransomware attack. By compromising a single password for a VPN account, attackers managed to shut down a major U.S. fuel pipeline, causing widespread gas shortages.  
  • Twitter: Twitter’s 2022 data breach was also identity related, as it relied on a combination of phishing attacks and social engineering to obtain employee credentials. It resulted in the personal information (email addresses, phone numbers) of over 5 million users being exposed.
  • Marriott: The breach of Marriott in 2018 followed a similar path, as hackers gained access to a Starwood reservation database through compromised employee credentials. The breach exposed personal information (names, passport numbers, credit card information) of nearly 500 million guests.
  • Target: One of the largest breaches to date was the Target data breach in 2013, where attackers gained access to Target's network by using a phishing email to gain compromised credentials of a third-party vendor. These third-party credentials led to the exposure of payment card information and personal data of around 40 million customers.

Justifying a unified approach to identities

Something needs to be done in the face of an expanding attack surface and the inherent vulnerabilities in traditional IAM approaches. After all, “identity is the new perimeter."  

The classic network perimeter has essentially dissolved. In a decentralized computing environment where users and data reside both within and outside the traditional network boundaries, the user identity itself is the focal point for security.

Robust security frameworks now revolve around individual identities. This method protects users not just from external threats, but also from their own potentially risky actions, such as inadvertently clicking on a phishing link or using weak passwords.

Discrete identity platforms can struggle to achieve that, but a unified identity platform is a compelling solution that mitigates these challenges.

A unified identity solution consolidates and integrates various IAM functions into a single platform so security teams can establish a more cohesive and effective security posture that safeguards identities and data – even in an era of remote work, cloud computing and SaaS sprawl.

Building a unified platform 

There are a few routes to building a unified identity platform: 

Combine PAM and IGA 

One avenue is to establish privileged access governance by integrating privileged access management (PAM) and identity governance and administration (IGA).  

It’s a combination that enables enhanced control and visibility over privileged accounts, ensuring that only authorized users have access to critical systems and data. Suspicious activity is promptly flagged.

Grant privileges “just in time” 

Another approach involves implementing Just-in-Time (JIT) privilege for privileged access, aligning with the principles of Zero Trust. Here, organizations grant privileged access only when needed – and just for as long as needed.  

Restricting access on an as-needed basis and removing privileges as soon as possible means organizations can significantly reduce the risk of unauthorized access and lateral movement within their networks.

Combine access management and IGA 

Finally, combining access management and IGA to establish behavior governance empowers organizations to monitor user behavior and proactively manage access. By analyzing patterns and deviations from normal activity, potential threats can be identified and mitigated before they cause harm.  

These three routes, whether pursued individually or in combination, provide a clear path towards a more integrated and effective IAM framework, enabling organizations to better protect their identities and data in the face of an ever-evolving threat landscape.

The stages of unifying identity management 

Organizations find themselves at different stages of IAM maturity, ranging from a fragmented state with no dedicated tools to a unified state characterized by complete identity orchestration. Progress commonly looks like this: 

  1. Lack of formal IAM regime
  2. Individual, discrete IAM tools in place
  3. Some integrated use of IAM tools
  4. Unified use of IAM tools

The initial stage often involves a lack of formal IAM practices, with identities scattered across various systems and no centralized control. As organizations progress, they may acquire individual IAM tools to address specific needs, but these remain largely isolated and create gaps in security.

The next stage sees some level of integration between these tools, offering improved visibility and control. However, true identity orchestration is achieved in the final, unified state, where all IAM functionalities seamlessly work together to provide a holistic and adaptive approach to security.

Progressing towards this unified state is crucial to strengthen identity security and effectively combat the ever-evolving threat landscape. By embracing a platform approach to IAM, organizations can consolidate their tools, eliminate vulnerabilities and establish a more robust security posture.

From the functional to the effective 

Identity systems can appear functional – after all, there’s a login screen requesting a password, isn’t there? – but the functional protection against malicious actors can be limited.  

There’s an urgent need for organizations to rethink their approach to identity and access management. Traditional, fragmented IAM solutions are no longer sufficient in the face of an expanding attack surface and increasingly sophisticated cyber threats. Cloud and SaaS adoption, remote work and cybersecurity skills shortages all demand a more unified and adaptive security strategy.

Organizations are encouraged to critically evaluate their current IAM strategies and explore solutions that offer a holistic approach to identity security, enabling them to stay ahead of the curve in the ongoing battle against cyber threats.

Anonymous
Related Content