Improved Cybersecurity Posture Through Identity Security Architecture, Says Info-Tech Research Group
Info-Tech Research Group has developed an effective approach for security managers to build an identity security architecture. This new research blueprint includes tools to establish governance for identity security, create an identity inventory, model identity-based threats, and create an identity security architecture.
In 2020, the world has seen massive digital migration. However, the migration was not accompanied by a secure transition. The shift to remote working has significantly contributed to the increase in stolen data. For the third year in a row, identity security has been one of the weakest links in any security program. Weak identity controls, which are a problem for many organizations, have continually given bad actors an easy way to gain access to corporate data.
“To ensure meaningful improvement in identity security, organizations must be willing to step back and understand where the vulnerabilities lie and identify the threats that could take advantage of them,” says the research director. Ian Mulholland. “Each organization is likely juggling many different identity types. This results in a complex system of identity storage, ownership, and security requirements.”
Security leaders see modernizing identity security as too big of a challenge. Instead, they prefer to focus on narrower challenges that seem more easily solved using tools like single sign-on, multi-factor authentication, or privileged access management. However, this limited focus is reactive rather than proactive, and it can end up costing more in the long run.
“The first step to improving anything related to identity security will be to fully understand all the different identities that exist, where they exist, who owns the associated processes, and what threats exist that could take advantage of a managed identity,” says Mulholland. . “Only when an organization has successfully cataloged the information necessary to secure all of its identities can it build an identity security architecture that describes an approach to identity security suitable for the modern age.”
For most organizations, identity and access management has been allowed to grow organically, and it has become rigid and difficult to control. In most cases, the number of identities and the items they access increases year on year, requiring more scalable processes and technology. Info-Tech suggests the following security and identity governance framework and strategy for security managers:
- Adopt a common language or standard taxonomy for talking about identities.
- Establish governance, including accountabilities, over identity security.
- Understand and establish governance objectives.
- Inventory all identity types, stores, components, and processes, including ownership.
- Use threat modeling to identify identity threats.
- Determine control requirements to achieve governance objectives.
- Establish an identity security architecture that enforces the desired governance goals for managing security identities.
- Develop or improve existing identity security processes.
Over time, organizations will gain added value by knowing the vectors through which they can be attacked. With continuous updates, security protocols will evolve with less effort, time, and associated cost.
Info-Tech argues that strong identity security and governance are keys to the zero-trust future.
Media professionals are encouraged to enroll in Info-Tech’s Media Insiders program for further research and information. This program provides unlimited, on-demand access to IT, HR, and software industry content and experts from a pool of more than 200 research analysts. To request access, contact [email protected].
About the Info-Tech Research Group
Info-Tech Research Group is the world’s fastest growing information technology research and consulting company, proudly serving more than 30,000 IT professionals. The company produces unbiased and highly relevant research to help CIOs and IT managers make strategic, timely and well-informed decisions. Info-Tech partners closely with IT teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
SOURCE Info-Tech Research Group