The Value of an Identity Management Platform
As companies migrate to the cloud, compromised credentials are a growing concern. An identity management platform can help protect against identity-based attacks.
Key Points
- The growth in cloud computing and remote work has made firewalls less effective, so defenders are shifting to protecting user identities instead.
- A zero-trust approach that authenticates users as they travel the network is the basis of a stronger defense, but it requires managing identities and access across multiple systems.
- A unified identity management platform can offer a streamlined approach, greater visibility to network activity, and integration with a secure email gateway.
Cybersecurity is experiencing an identity crisis. As more organizations migrate to the cloud and adopt remote workflows and tools, they are increasingly vulnerable to credential theft by hackers, who are using compromised identities to break into networks.
Credentials are at the root of half of the attacks observed by Verizon’s 2022 Data Breach Investigation Report (DBIR) and are the main source of web-based attacks. And the trend has been accelerating; the use of stolen credentials has grown about 30% in the last five years, as more companies have migrated resources from on-premises data centers to the cloud.[1] Once malicious users are inside a network, they have free rein, so credential theft is often the tip of the spear for cybercriminals.
The increasingly blurred edges between corporate networks and the outside world have rendered traditional perimeter protections such as firewalls less effective against hackers. Preventing credential theft is one defense against these identity-based attacks. Advanced email security tools can block phishing attacks and other tactics bad actors employ to steal credentials and block them from using them to do damage inside a network. But fighting identity-based attacks is a battle on many fronts.
Many security professionals are adopting a zero-trust approach that checks users at access points across the network. However, a bad actor armed with a valid credential may breeze through a basic password check. This is why identity and access management (IAM) — making sure the users on your network are who they claim to be and accessing only what they have permissions for — is emerging as a fundamental security function. IAM is one of the top concerns for security and IT professionals, according to 2023 survey by the CyberRisk Alliance — ahead of anti-ransomware efforts and software vulnerability management.[2]
A unified identity management platform can offer a streamlined solution across technology and organizational silos. When integrated with other tools like a secure email gateway, it becomes part of a more holistic solution to identity-based attacks.
The Tangled Web of Identity Management
There’s little doubt that most companies need to fortify their identify defenses. Many security organizations are embracing passwordless authentication, which relies on multifactor authentication (MFA) via one-time access codes or tokens, push notifications sent to users’ devices, or biometric markers such as voice or facial identification.
But these solutions face their own challenges. “MFA fatigue” has entered the language as users grow weary of the constant prompts to confirm their identities. Cybercriminals are taking advantage of this phenomenon for their own ill gains, as happened recently to a ride-sharing company.[3]
IAM is about much more than authentication or securing logins, said Gurinder Bhatti, principal global security strategist at Mimecast partner Okta. Effective identity access management “lives in many of your systems,” Bhatti explained during a recent Mimecast webinar. “It’s the glue that binds your whole transaction flow.”
Defenders need better visibility and alerts to stay on top of a whole chain of identity-related events around the network. They have to establish context-based baselines of user behavior in order to detect anomalies. They need to orchestrate — and, ideally, automate — a whole range of activities to mitigate risk and respond to evolving identity-based threats.
How Identity Management Platforms Help
A unified identity management platform is a single solution for addressing access management (those prized credentials), identity governance (policies deciding what level of access each user gets), and privileged access and lifecycle management (when and how an identity gets created, upgraded, or deleted). An identity management platform can also integrate with a secure email gateway to guard against the prime tactics for stealing credentials, such as phishing attacks and social engineering.
Together, they form the backbone of a layered defense against identity-driven attacks. “Defense in depth is what we recommend,” Bhatti said, “It’s what we’ve seen and what works.”
An identity and access management system can operationalize and automate the best practices to prevent identity-based attacks and enable zero trust across the network, regardless of whether a company takes a password-protected or passwordless approach to authentication. An effective identity management platform can:
- Prioritize Identity: Most users think identity management is limited to checking passwords to grant network access, but it can be used for every app, workflow, and asset in the network. Defenders need to treat identity as the key in their security strategy to establish zero trust, said Bhatti. “Identity is that anchor. It can be pinned against anything in your tech stack.”
- Consolidate Identity: In remote and hybrid environments, users may access systems and data using on-premises data centers and cloud servers, on company devices, or personal ones, but security needs to recognize all the resources connected with an identity. An identity management platform can connect all these points of access into a single, consolidated identity, no matter where that user may be.
- Manage Identity Lifecycles: Developers, for example, are known to escalate their privileges beyond what’s necessary to keep their efforts moving efficiently. A unified identity and access management platform can ensure those privileges are rightsized and manage permissions over time, removing them when someone changes projects or leaves the company.
- Increase Visibility: Identity — and identity-based risk — only begins with a login; subsequent actions are just as important. Companies need visibility and monitoring across all user activities in the organization to add to the context that underpins effective identity management. Having a single pane of glass, whether it is at the level of a security operations center (SOC) or a system administrator overseeing the network, is critical, said Bhatti, “not only for incident response, but also [for] proactively getting in front of suspicious behavior and possible issues that can arise.” An identify management platform offers that visibility.
The Bottom Line
Protecting systems from bad actors is a continuing cat-and-mouse game. There will never be absolute security, Bhatti warned. Even if organizations get rid of password-based credentials, threat actors and tactics keep maturing and defenders will need to keep pace, erecting obstacles so attacks become too costly to be worth carrying out. An identity management platform can be a valuable component of a defense-in-depth approach to identity-based threats, protecting users and workloads across systems, locations, and devices. For more on identity-based attacks and how unified identity management systems can help, watch this Mimecast webinar. You can also read more about how Mimecast integrates with Okta’s Identity Cloud.
[1] “2022 Data Breach Investigation Report,” Verizon
[2] “Survey: Top 2023 security priorities are endpoint, cloud, incident response and identity management,” CyberRisk Alliance, Feb. 21, 2023
[3] “Security Update” Uber, Sept. 19, 2022
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!