Identity sprawl is such a common challenge for companies that you may be tempted to dismiss effective identity management as a possibility.
But there are two key reasons you should prioritize identity management:
- It is achievable and necessary.
- Your employees having different usernames and passwords across different applications presents a major cyber security vulnerability for your company.
With an ever-expanding set of devices, file-sharing and collaboration apps, and communications tools, your employees may even have a hard time remembering all of their usernames and passwords.
In Verizon’s “2022 Data Breach Investigations Report,” they found that 61% of breaches included exploited identity information.
While identity sprawl has been a problem for a long time, it grew exponentially as companies shifted first to remote work environments during the pandemic and then to a permanent hybrid model. A survey completed in 2021 by Dimensional Research illustrates this expansion, finding that 84% of respondents reported more than double the number of user identities compared to a decade ago. 51% of respondents said they had more than 25 unique identity management systems.
Before cloud-based solutions were widely used, a traditional network perimeter allowed for the use of an active directory (AD) to keep passwords and usernames organized in a simple identity management solution.
As the network perimeter ceased to exist, thanks to the combination of cloud adoption and the pandemic, organizations suddenly found employees with dozens of usernames and passwords. Administrators struggled to find management systems for them, with challenges around integrations with existing solutions and a lack of comprehensive tools.
With the adoption of cloud-based applications and services, the problems were only complicated. They not only require users to have a separate identity, but they tend to have unique provisioning processes for managing identities.
Managing Identity Sprawl: The ideal approach is one that is unified, used to cut down on sprawl and eliminate cyber security risks. But it can be challenging to handle the specific requirements from different areas of the company and limitations in identity management solutions, which rarely handle all four areas required: AD management and security, privileged access management (PAM), identity governance, and identity and access management (IAM).
No single solution can solve all of these areas, so companies still deploy multiple tools. Here are some potential options and considerations:
Identify Consolidation: Some companies attempt to discard and replace an existing management system, but they must follow a cautious approach to reviewing the reasons behind the system’s initial deployment. Maybe it offered multi-factor authentication or directory services with special features. If the new tool needs to be replaced by another solution or requires costly reworking, this could be a step backward.
PAM: You may find it beneficial to utilize a PAM platform that offers multi-directory brokering, which allows you to authenticate users according to any identity directory.
Identity Orchestration: This option adds an abstraction to identity management, allowing applications to integrate with a variety of identity systems without any additional coding work. It establishes a consistent identity fabric, and while it requires time and resources, it may simplify enforcement of access and privilege policies across the environment.
IAM Centralization: This is the best long-term solution because it identifies a single source of truth, centralizing all identities, applications, and devices and utilizing cross-checking and correlation to ensure privileges are appropriate for the role. It comes with some challenges, especially when data has a variety of formats and when trying to synchronize across different systems.
Identity management is growing in importance as companies retain the hybrid work environment introduced by the pandemic. If your company’s identity sprawl is creating new cyber security vulnerabilities, contact us at ITBroker.com.