This week is Data Privacy Week, and the reality is, most people have no idea how their personal information is being used, collected, or shared in today’s digital economy. Without a doubt, part of this can be contributed to modern enterprise identity management practices.
For years now, organizations have suffered from scattered identity data across countless sources, all of which use different protocols or are in modern cloud repositories that can’t connect back to legacy, on-prem technology. This inevitably results in an identity sprawl, with organizations having many different sources of data–often in a hybrid environment–making it impossible to build complete and accurate user profiles.
In addition–no surprise to anyone–the number of identities linked to businesses has dramatically increased over the past two years. 83% report that remote work due to COVID-19 increased the number of identities. This not only causes frustration for employees, who have to remember multiple logins credentials for all of the different applications and profiles that they need as part of their day-to-day job, but also poses significant security and privacy risks. As organizations continue digital transformation, they need to be able to keep their identity data under control and properly managed.
November’s Active Directory Privilege Elevation vulnerabilities (CVE-2021-42287, CVE-2021-4228) offer an example of the value of identity to attackers. In the case of these chained exploits, the attacker can not only gain access to an identity store but escalate privileges of a compromised account to that of Domain Administrator. The attacker effectively captures the crown jewels of the Windows Domain. Introduction of malware, data exfiltration and general mischief all become possible quite easily at this level of access. In the case of Windows, this level of access could actually allow the attacker to reduce or remove security controls enforced by Microsoft’s mobile device management platform, InTune. This alone presents a means to exponentially increase the attack surface to include all managed devices.
The risk associated with a successful exploitation of an identity store warrants perhaps the most rigorous of security controls. Organizations should not overlook the value that identity stores have for attackers. From simply acquiring personal information to compromising a privileged identity, identity stores present a highly valued target to attackers.
Without accurate user profiles, and a unified view of identity, systems are unable to determine what individuals can and can’t access. Siloed systems increase the attack surface of an organization and malware is more likely to remain undetected, increasing the likelihood of a data breach.
While this sounds like a complicated problem to solve, an Identity Data Fabric approach can tackle identity complexity in a matter of weeks, making it much easier to harden the environment and enable a Zero Trust Architecture.
The concept of an Identity Data Fabric is to unify and connect distributed identity data from all sources in an organization, and deliver identity data on-demand wherever and whenever needed. Applications are able to access identity data from this one highly-available source, using different formats and protocols, irrespective if it’s on-premise or in the cloud. Thanks to a global view of each user and their attributes, progressive disclosure is now possible, enabling a Zero Trust approach.
Not only does this mean that organizations have visibility and access to all their identity data when needed, but it also ensures that users’ profiles can stay updated in real-time. Businesses can be confident that employees have access to the right information, yet aren’t able to access areas they don’t need for their job. With identity data managed in one containerized layer, there is less chance of that data being accidentally leaked by employees or stolen by cyber criminals.
Subscribe to receive blog updates
Don’t miss the latest conversations and innovations from Radiant Logic, delivered straight to your in-box every week.