By Wade Ellery, Field Chief Technology Officer at Radiant Logic
Cyber threats such as ransomware, zero-day exploits, phishing and supply chain attacks are increasing globally, regardless of industry or size. At the heart of this growing risk is identity, with over 60% of all breaches today involving identity exploitation.
As organizations continue to expand their digital footprints, driven by a move towards cloud resources and remote systems, their identity data, both at a device and user level, also grows. Consequently, the attack surface also expands, giving threat actors more scope to leverage identity vulnerabilities and gain access to critical systems. So, amidst this expanding threat vector, the conventional ‘fortress mentality’ falls short, requiring businesses to urgently re-think their security strategies.
This urgency is also emphasized by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), as the organization has recently recalibrated its strategy, aligning with Biden’s National Cybersecurity Strategy to create a unified front against cyber threats.
This collaboration marks a paradigm shift, recognizing that traditional defense mechanisms must evolve. As CISA observes, the success of cyberattacks is often “enabled by an environment of insecurity,” a flaw exacerbated by our collective blind spots concerning identity and its related data. Reducing these blind spots requires a greater focus on effective identity data management.
How Identity Data Management Addresses CISA’s Three Pillars
CISA’s updated strategic plan focuses on enabling businesses to achieve three core objectives: addressing immediate threats, hardening the terrain and driving security at scale. The agency wants these pillars to be the foundation of every business’s security strategy. So, how can effective identity data management help organizations achieve this?
When we talk about immediate threats, ransomware and phishing instantly come into the conversation. The ransomware attack rate is breaking records yearly, while 74% of breaches still include phishing or social engineering elements. Identity data management provides a proactive approach to addressing these threats.
Expanding our understanding beyond just human identities to include the identities of servers, applications and systems can help to identify which systems or users are more vulnerable to such attacks. It allows a better scope for enabling targeted training and applying layered authentication and access control on specific devices and user repositories to mitigate immediate risks.
Hardening the terrain requires management across the entire IT ecosystem and across every network element. Every component in our IT infrastructure—people, servers, applications—has an identity. To create an impenetrable defensive posture and a rock-solid network terrain, we must manage, monitor and administrate these identities. When each identity is meticulously managed, the likelihood of external spoofing and unauthorized access diminishes. Essentially, the terrain becomes more resilient to an array of attacks, making it harder for adversaries to exploit vulnerabilities.
Also, when it comes to driving security at scale, monitoring these identities across the IT infrastructure allows for automation and real-time responses, thus scaling security measures effectively. For instance, managing the identities of every connected device in an organizational network can streamline permissions, ensuring only authorized devices and users interact in real-time.
Gaining visibility into how identities can be used to access sensitive data and systems is critical for getting ahead of threats. A recent report from Gartner highlights that quality identity data is critical for successful security projects and scaling access controls across complex IT environments.
Identity management is imperative for a robust zero-trust architecture
CISA’s updated strategy is primarily intended to align with Biden’s National Cybersecurity Strategy, which mandated the implementation of Zero Trust for all government organizations by 2024. Zero Trust has emerged as an industry standard for combatting modern security challenges as it enforces two-factor authentication as a baseline, thereby reducing the chances of unauthorized access. And yet, even two-factor authentication can be manipulated, which brings us back to the importance of robust identity management.
Identity data informs Zero Trust protocols at every stage. It allows for dynamic authorization, where rights and privileges are not granted en masse but are provided on a need-to-access basis. Think of it as moving from a cash-based system to a card-based system in your security strategy. You no longer carry “bags of money” (or unfettered access); instead, you operate with a “credit card” (or rights just-in-time), constrained by spending limits or operational permissions.
Therefore, understanding the true nature of identity data—including the identity of users, services, applications and devices—is paramount for setting up a Zero Trust architecture.
How to achieve greater visibility over all identity data points
Firstly, organizations need to develop a clear understanding of what identity data is. One major issue that tends to be overlooked in cybersecurity discussions, even by esteemed organizations like CISA, is the nuanced role of identity that extends beyond human users. When we say “identity,” it’s not just about ‘John Doe’ accessing his workstation. It’s also about a specific microservice querying a database or an IoT device reporting metrics. Essentially, every subject moving through the digital environment to access resources must be managed, authenticated and authorized.
To implement a genuinely robust security posture, the quality of the identity data is also paramount. It’s no longer enough to base access control on static, rarely updated information. A dynamic and real-time approach is required, utilizing the most current data to inform every access decision.
The repercussions of poor-quality identity data can be devastating for a business’s security infrastructure. A telling example is the role of privileged accounts in security breaches; a 2021 survey revealed that 74% of organizations that fell victim to cyberattacks claimed that their privileged accounts were involved. These accounts often provide access to the most sensitive and confidential resources, making their protection imperative.
Imagine that due to a vulnerability in your system, an employee’s title is changed to CFO. This change could give them access to highly sensitive payroll and financial information, thereby posing a significant security risk. The same logic applies to applications, devices and services. Therefore, the integrity of identity data becomes the bedrock upon which all your network security policies should be built.
Furthermore, policy-based access control, whether for network entry or intra-network activities, should be tied to accurate, up-to-date data. Implementing robust procedures to ensure data accuracy and continuously auditing and monitoring identity data can thwart attempts to corrupt the system. It’s not just about building effective access policies anymore; it’s about ensuring the underlying data used to enforce those policies is rock-solid.
Overall, in today’s era of advanced persistent threats, security isn’t solely about constructing barriers; it’s about understanding and verifying identities at a granular level across the organization. This approach demands meticulous attention to the quality, visibility and continuous monitoring of identity data. Any compromise in this aspect does not just signify a loophole—it threatens to unravel the entire fabric of an organization’s security infrastructure.
About the Author
Wade Ellery is the Field Chief Technology Officer with Radiant Logic. Wade has over 20 years of increasing responsibility and experience in Enterprise IT direct and channel software and services sales and management. He holds in-depth knowledge and experience in enterprise IAM, IAG, Risk and Compliance, and IT Security products.