Why IAM’s identity-first security is core to zero trust

Check out all the on-demand sessions from the Intelligent Security Summit here.

The faster attackers can gain control over human or machine identities during a breach attempt, the easier it becomes to infiltrate core enterprise systems and take control. Attackers, cybercriminal gangs and advanced persistent threat (APT) groups share the goal of quickly seizing control of identity access management (IAM) systems.

Impersonating identities is how attackers move laterally across networks, undetected for months. IAM systems — in particular, older perimeter-based ones not protected with zero-trust security — are often the first or primary target.

Eighty-four percent of enterprises have experienced an identity-related breach this year, with 78% citing a direct business impact. Ninety-six percent believe they could have avoided the breach and its impact with better identity-based zero-trust safeguards. 

Two core areas of the zero trust framework — enforcing least privileged access and implementing segmentation — are challenging, as enterprises are seeing huge growth in machine identities. These machine identities (such as bots, robots, and Internet of Things (IoT) devices) on organizational networks are increasing at twice the rate of human identities.


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

Increased use — and attacks on — machine identities

The typical enterprise had 250,000 machine identities last year, a number that’s projected to grow to 300,000 this year. That total will be 45 times greater than the number of human identities. A quarter of security leaders say that the number of identities they manage has increased by at least 10 times in the past year, while 84% said the number they manage has doubled over the same period.

The number of attacks involving the forging or misusing of machine identities has increased by over 1,600% in the past five years. Gartner predicts that 75% of cloud security failures will result from issues related to managing identities, access and privileges this year. According to a survey by Keyfactor, 40% of enterprises are still using spreadsheets to track their digital certificates manually, and 57% do not have an accurate inventory of their SSH keys.  

Sixty-one percent of enterprises are ill-equipped to manage their machine identities thanks to a lack of knowledge about their certificates and keys. Of these businesses, 55% reported experiencing a cyber breach. As a result, most enterprises have experienced at least one data breach or security incident in the last year due to compromised machine identities, including TLS, SSH keys, code signing keys, and certificate-based attacks.

Why identity access management is core to zero trust 

George Kurtz, co-founder and CEO of CrowdStrike, gave a keynote at Fal.Con 2022 on the importance of identity-first security.

“Identity-first security is critical for zero trust because it enables organizations to implement strong and effective access controls based on their users’ specific needs,” he said. “By continuously verifying the identity of users and devices, organizations can reduce the risk of unauthorized access and protect against potential threats. Eighty percent of the attacks, or the compromises that we see, use some form of identity/credential theft.”

Leading IAM providers include AWS Identity and Access Management, CrowdStrike, Delinea, Ericom, ForgeRock, Google Cloud Identity, IBM Cloud Identity, Ivanti, Microsoft Azure Active Directory, and others.  

Implementing IAM as a core part of a zero-trust framework delivers benefits not attainable with any other security strategy or structure. It’s become table stakes to start with multi-factor authentication (MFA) as that area has become a quick win. Many CISOs rely on it to show progress on zero-trust initiatives and defend their budgets.

IAM’s additional benefits include preventing unauthorized access to systems and resources by requiring identity verification before granting access and reducing the risk of data breaches by controlling access to all identities, systems and resources. IAM helps prevent insider threats, including unauthorized access by employees, contractors or other insiders, and shields organizations from external threats by requiring identity verification before granting access.

CISOs tell VentureBeat that IAM also helps streamline compliance reporting requirements related to data protection and privacy regulations, providing an audit trail of how effective segmentation, microsegmentation and least-privileged access are achieved across a network.

Fortifying zero-trust

Combining IAM and microsegmentation further strengthens zero-trust frameworks by isolating endpoint and machine identities into segments, regardless of their origin. Treating every identity’s endpoint as a separate micro-segment — as AirGap’s Zero Trust Everywhere solution does — achieves granular context-based policy enforcement for every attack surface, killing any chance of lateral movement throughout the network.  

“Zero trust is an approach to security that ensures that people have access to the right resources in the right contexts and that access is re-assessed continuously — all without adding friction for users,” said Markus Grüneberg, head of industry solutions — EMEA Central at Okta. “To build a security architecture that achieves this aim, organizations must mature their approach to identity and access management, since identity is the cornerstone of zero trust.”

Enforcing least privileged access, microsegmentation and MFA, and treating implicit trust as a weakness that needs to be removed from tech stacks, ensure that machine and human identities are more secure in a zero-trust framework. The goal is to eradicate all implicit trust in managing these identities. Source: Louis Columbus

Machine identities are the most difficult to protect and most vulnerable to attack when they are part of multicloud and hybrid cloud infrastructures, as two sessions at Black Hat 2022 illustrated. The researchers’ presentations showed that protecting machine identities through native IAM support from public cloud platforms isn’t effective, as gaps in multicloud and hybrid cloud configurations leave machines unprotected and more vulnerable. 

Why IAM adoption will accelerate in 2023

Cyberattackers are becoming prolific at abusing privileged access credentials and their associated identities to move laterally across networks. CrowdStrike’s Global Threat Hunting Report, for instance, found that identities are under siege.

“A key finding from the report was that upwards of 60% of interactive intrusions observed by OverWatch involved the use of valid credentials, which continue to be abused by adversaries to facilitate initial access and lateral movement,” said Param Singh, vice president of Falcon OverWatch at CrowdStrike. 

Threats continue escalating in severity, driving demand for IAM and broader zero-trust security frameworks and strategies. Enterprises now rely on IAM to help them deal with the exponentially increasing number of human and machine identities noted above. IAM is also now core to zero-trust frameworks designed to protect hybrid, virtual workforces against ever-evolving threats. 

A number of regulatory moves signal IAM’s integral role and growing adoption in 2023 and beyond. IAM is considered integral to the National Institute of Standards and Technology’s (NIST) SP 800-207 Zero Trust framework. Identity security and management are central to President Biden’s Executive Order 14028.

And, among the requirements specified in Memorandum M-22-09 from the Office of Management and Budget (OMB) issued on January 26, 2022: “Agencies must employ centralized identity management systems for agency users that can be integrated into applications and shared platforms.”

Originally appeared on: TheSpuzz