A new study commissioned by One Identity has revealed that 95% of organizations face challenges in digital identity management.
According to the report, published Tuesday, companies worldwide are suffering from an identity sprawl, where the number of digital identities managed by them (internal, third parties, and customers) continues to surge. Of the 1,009 IT security professionals One Identity surveyed, 84% said that the identities they manage have doubled, while 25% reported the number of identities to manage has increased by roughly ten times or more.
“As a secular trend, the number of identities will continue to grow, especially with the proliferation of machine (e.g., IoT) and application identities (e.g., RPA),” Bhagwat Swaroop, president, and general manager of One Identity told VentureBeat via email.
The findings, combined with the evolving threat landscape, highlight the growing need for security professionals to gear up and adopt an appropriate identity and access management strategy to optimize their overall cybersecurity posture.
Fragmentation is the problem
The current approach of identity and access management is largely fragmented. About 51% of the surveyed IT professionals reported that they use more than 25 different systems for identity management, while 21% said they had more than 100 different systems in use.
This in turn causes significant complexities.
More than half of the survey respondents stated that multiple silos yield a lack of visibility regarding who has access to what system, and the wide range of applications and identity technologies complicate the process of provisioning and de-provisioning.
Eighty-five percent of respondents said their organization has employees with more privileged security access than what is required for their work. This creates a major security risk, given that attackers can target these unsuspecting individuals and use their credentials to gain entry into the organization.
Additionally, only 12% of IT professionals surveyed were confident that they had the arrangements in place to prevent a credential-based attack at their organizations.
A possible solution to identity management
While the identity sprawl cannot be stopped, the fragmented approach of dealing with it could be addressed with a more holistic identity management strategy that could ensure end-to-end visibility, control, and protection, the report said.
Nearly half of the survey respondents stated that end-to-end unification of identities and accounts is needed to better respond to the evolving market conditions. Sixty-two percent also said they see value in a unified identity and access management platform and that it would streamline their business approach.
“By correlating all identities with an end-to-end solution, security professionals can attain 360-degree visibility across all identities, verify everything before granting access to their most valuable assets, and apply adaptive security controls,” Swaroop explained. “For example, if suspicious login or behavior activity is detected, organizations can modify or step-up authorization to enhance and accelerate their protection and take another critical step in achieving a just-in-time, zero trust model,” he added.
One Identity offers a unified platform for identity security, covering privileged access management (PAM), identity governance and administration (IGA), active directory management and security (ADMS), and identity and access management (IAM). The company originally began marketing its platform as a holistic offering after strengthening its identity smarts with the recent acquisition of its former rival IAM platform OneLogin. The terms of that deal were not disclosed.