Identity needs a seat at the cybersecurity table
The shift to the cloud and remote work, combined with the rise of phishing and other identity-related attacks, puts identity security at the forefront of cybersecurity concerns.
Identity is rooted in IT operations. In fact, when most people think of identity, they think of access management -- as in identity and access management, or IAM.
Traditional IAM products and services focus on helping organizations manage identities for the workforce. For most companies, this means helping the IT team with what used to be the daunting task of managing credentials for thousands of employees. Or, on the customer side with customer IAM options, managing hundreds of thousands to millions of customer credentials.
The major IAM and CIAM vendors are no longer startups. CyberArk is 24 years old. Ping Identity is 21. Okta is 14. ForgeRock is 13. Among them -- and a large cohort of other vendors -- IAM and CIAM products have pretty much conquered the access management problem, and organizations can now effectively and efficiently manage millions of identities.
IT environments reach new turning points
Over the past few years, however, we've seen the following major inflection points in terms of IT architectures and environments:
- Organizations are now accepting and standardizing a remote workforce. With a plethora of communication channels and the ubiquity of Wi-Fi and internet connections, companies can and do support a full-time remote workforce. For those who work from the office, we still expect them to be fully connected, available and working at all hours. This means we have to authenticate and authorize our workforce -- and our customers -- at any time, using any device and any network, from anywhere in the world.
- Enterprises are accelerating the shift of workloads to the cloud. Whether using SaaS, IaaS or PaaS, when workloads move to the cloud identity silos result, meaning each cloud workload has its own identity database and its own definition of permissions. Also, with workloads in the cloud, the cybersecurity perimeter shifts from being static and well defined to being dynamic and amorphous.
- Organizations are moving from castle-and-moat to zero-trust strategies. We have long known the traditional perimeter security strategy is faulty. Zero trust removes any implicit trust from security and requires every user and workload to be authenticated to establish trust before work begins. This makes identity an atomic component of any cybersecurity strategy.
- The first interaction with applications, whether on premises or in the cloud, is the login process, where users present their credentials to the system for authentication and authorization. From a cybersecurity perspective, this not only makes identities a new perimeter but also makes them the perimeter that matters.
Identity security becomes a cybersecurity effort
Identity is moving from an IT operations-focused activity to a cybersecurity-focused activity.
These aren't the only changes pushing identity into the cybersecurity realm. For most external attackers, the goal is to obtain a company's sensitive data -- core intellectual property, financial information, customer information, personally identifiable information and so on. The easiest way for attackers to get this data is by obtaining legitimate access with valid credentials. This makes identities a primary target. Two of the three primary ways attackers access an organization are through stolen credentials and phishing, according to the 2023 "Data Breach Investigations Report" from Verizon. In 76% of phishing attacks, credentials were compromised; 86% of data breaches involved the use of stolen credentials.
Identity experts are well aware of these issues. And with the rise in frequency of publicly acknowledged credential breaches, CISOs and cybersecurity experts increasingly are coming to learn how important identities are to effectively securing their IT environments.
The established IAM and CIAM vendors aren't ignoring the security aspects of identities. In fact, many identity vendors, both established and startup, are focusing on identity security.
Identity security encompasses much more than viewing identities through the lens of cybersecurity. Other security-focused capabilities include traditional privileged identity management and privileged access management, identity governance, and new capabilities such as cloud identity and entitlement management, identity threat detection and response (ITDR) and identity security posture management (ISPM).
Indeed, CyberArk has published a model identity security platform architecture that encompasses seamless and secure access for all identities, intelligent privilege controls, and flexible identity automation and orchestration across access, privileged access, endpoint privilege security, secrets management, cloud security and identity management.
New identity capabilities spark investment
The need for new identity capabilities has sparked an investment in new startups and new capabilities from established vendors.
Identity and security practitioners need to especially explore these new identity security capabilities. ITDR focuses on analyzing identity-specific telemetry for threats and is being developed by startups including Oort (which is being acquired by Cisco), Gurucul, Inside-Out Defense, Permiso, QOMPLX, Semperis and others. All the established vendors are also investing in ITDR capabilities.
ISPM looks to secure the identity infrastructure itself and is a prime concern for those with Microsoft Entra ID (formerly Azure Active Directory). Both startups and established vendors are in the mix, including CrowdStrike, Grip Security, SpecterOps, Spera, Tenable and more.
All of this is why identity now needs to be part of the cybersecurity conversation. Or, to put it more bluntly, identity needs a seat at the security table -- a seat on par with network, infrastructure, cloud, endpoint and the security operations center.