In today’s digital society, technological developments are evolving rapidly. Robust networks, increasing interconnectedness, and highly automated concepts — such as e-health, smart cities, and the Fourth Industrial Revolution — are playing increasingly prominent roles, driving the adoption of technology across sectors to drive business growth and operational efficiency.
Businesses have thrived in the era of more — more tools, more access, and more connections. However, when considering the digital landscape, having more also introduces more significant risks.
As businesses continue to grow and scale, cyber threats have done the same, evolving and adapting with more sophisticated and complex techniques to target businesses. For instance, identity-based attacks continue to rise with no signs of slowing down. To prevent unauthorised access to data and resources in an organisation, identity security has to be a top priority and must evolve to keep up with current and future security risks.
The need to secure non-human identities
Machine identities are growing exponentially and are projected to grow faster over the next three to five years. Internet of Things (IoT) devices worldwide are expected to almost triple from 9.7 billion in 2020 to more than 29 billion IoT devices in 2030. The future workforce is being augmented by non-human entities — including robotic process automation for software bots, physical robots, and IoT systems — requiring identities, access rights, certificates, usernames, and passwords to complete their assigned tasks.
Non-human identities that are not secured effectively will lead to new threat surfaces. Attackers can exploit weak security controls to steal sensitive data, disrupt device operations, and cause additional harm to businesses and individuals. These identities will require more robust security and management due to rapid adoption, increasing connections to sensitive data, and integration complexities. Identity and access management (IAM) practices will need to evolve to apply the same rigour to security and identity management for these non-human entities, just as they do for their human counterparts.
See also: How to tread the fine line between personalisation and privacy
The scope and scale of IAM must grow, undergoing evolution for holistic management and access controls to combat the risks of poorly secured non-human identities. As the volume of non-human identities is growing quickly in hybrid and multi-cloud environments, enterprises must reimagine their IAM programmes and strategies to offer security, speed, and reliability and seamlessly and securely onboard an increasingly diverse set of devices.
The growth of identity sprawl
Identity sprawl is the rapid growth of identity silos and the accompanying explosion of user information, attributes, and credentials. As businesses become more distributed, employees now have access to an ever-increasing number of tools, setting up user accounts across platforms such as file-sharing apps, video conferencing tools, and more. Since exploited credentials were the greatest organisational security weakness in 2022, identity sprawl is a challenge organisations must manage.
See also: A local spin on voice AI
While it is not a new issue that businesses grapple with, the rise of cloud, software-as-a-service platforms, and the growth in remote working brought on by the pandemic exacerbates this challenge, with a lack of visibility opening businesses to a myriad of security and compliance risks.
The proliferation of identities across businesses can see threat actors gain access to systems or applications with unsecured credentials. If users have multiple different accounts within a network, it becomes more difficult for IT teams to monitor and manage every attack.
Taking back control with IAM strategies
To begin the process of taking back control and pushing for cyber resilience, businesses need to employ an IAM strategy that covers areas such as the services that employees can freely use, services that should be blocked or managed, and includes controls to ensure that the most critical systems and access to sensitive data are protected.
Identity sprawl is a critical obstacle that businesses are challenged to overcome, and a unified approach towards the problem can help businesses reduce risks.
An identity security strategy is crucial to help close the security gap caused by identity sprawl. Businesses must undertake mitigation measures, such as automated software updates and upgrades and the provision of required work applications, tools, and services, to minimise the window of opportunity for threat actors to create exploits.
Identity security solutions will also need to be implemented for insights into access privileges, permissions and potential risks, allowing security teams to track and control user access while ensuring employees have access to tools they need to work efficiently.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
While various methods exist to seize control and overcome threats caused by identity sprawl, identity security components must work together as a unified solution. IAM teams must ensure strategies include a unified platform approach where identity data such as risk profiles, access, entitlements, and usage are managed to tame identity sprawl while securing long-term security.
As digital identities — human or non-human — continue to grow, organisations must implement a comprehensive identity security strategy to prevent exploits by cyber attackers aiming to use unsecured credentials to gain a foothold within the network. Enterprises must ensure their strategies are adequate and their security teams are well equipped to spot risks and potential threats, to stay ahead of the security curve.
Chern-Yue Boey is the senior vice president for Asia Pacific at SailPoint