The identity data your organization has collected across a diverse array of stores and protocols contains rich context that could drive new insights and new initiatives. But the way these disparate stores have been managed to date is not optimal, and it’s holding your company back from leveraging all this rich data to full effect. Even worse, disconnected identity sources cost companies money in unnecessary overhead and introduce cybersecurity risks.
Companies store identity data in multiple forms and locations for many reasons. There’s the data stored in operations spread across multiple geographies. There’s the identity data stored in legacy applications and the mix of on-prem and cloud architectures many companies have today. Further complicating things are all the corporate acquisitions and mergers that happen.
Welcome to identity sprawl. This modern affliction makes it hard for companies to manage all the identities of their customers, employees, and other key stakeholders. It increases the time, effort, and financial cost of identity management for any modern company. Many companies just give up trying to tame identity sprawl and resign themselves to it being a costly, time-consuming mess.
Let’s look at how identity sprawl happens, what it costs companies today, and look at a solution that could help.
What Is Identity Sprawl?
Identity sprawl happens when multiple isolated systems and directories manage a user’s identity. Each siloed system stores the identity information it needs to determine access—along with tons of other key data—synchronizing for each user across every system they have an account in.
It usually happens through a combination of factors, including:
- Applications or systems that are not or cannot be integrated with a company’s central directory service.
- A workforce spread out across geographies, whether that’s across town or around the world.
- Companies using a mix of on-prem and cloud enterprise architecture to power their tech stack.
Identity sprawl is spreading fast in today’s companies, as 76% of them use more than one identity directory in their cloud environments alone. As identity sprawl continues, companies will be hard-pressed to mitigate the risks and challenges going forward.
How Does Identity Sprawl Affect Companies?
The main challenge with identity sprawl is that it prevents or complicates a company’s control of and visibility into its own identity data. As these companies added cloud services and other SaaS apps to their workflows, employees started authenticating themselves against datastores hosted by external parties. For example, employees might use their social media accounts to log in to the new SaaS app, which is not visible to or controlled by their employer.
The carefully designed cybersecurity strategies and postures put in place by companies are circumvented by these non-corporate identity systems. It’s much more challenging to monitor, manage, and secure this identity information—or even be aware it exists! Companies can no longer rely on their firewalls, network and endpoint security, and intrusion prevention systems to secure this identity data because it lives beyond their boundaries. They must rely on third parties and cloud providers to safely authenticate and secure identity data without controlling how these third-party companies do that.
These external technologies spread identity data across a much broader area and make securing and protecting access to company data increasingly more difficult.
The Costs of Identity Sprawl
But what are the costs to identity sprawl for today’s companies? Is it really that bad to have this data spread across many different systems, some of which are outside the official corporate network?
In a word, yes. Identity sprawl puts your company at reputational and financial risk if unknown or unverified users and devices access your data.
It risks your intellectual property
Criminals could use stolen credentials from a third-party authenticator (such as a social media platform) and access your intellectual property. They could also use that access as an entry point to your company network and wreak untold havoc once inside.
It increases cybersecurity risks
With so many identity stores and diverse services using them, it increases the likelihood that users will reuse their passwords across services. This practice leaves your company vulnerable to credential spying and theft while undermining your IT security efforts trying to focus on best practices.
One security best practice that’s often compromised by identity sprawl is the use of privileged user accounts. These user accounts give higher-level access to applications, systems, and data, and if they’re not monitored and regulated by IT teams, they can be easily abused. Privileged user accounts are of particular interest to criminals as they’re used as gateways into systems and resources. The SolarWinds attack is a good example of the cost of identity sprawl and the particular dangers of privileged accounts. Criminals harvested system and web browser credentials from privileged users to infiltrate the SolarWinds network and then attack from there.
It’s expensive to maintain
Managing multiple identity directories is expensive for companies as they’ve got to deal with the infrastructure, services, and resources needed to monitor and maintain them. Depending on the number of identity stores that exist, that could be a large line item on an IT budget.
How can companies reduce their exposure to identity sprawl with so many vulnerabilities? Is there a solution or security posture that can help today’s companies deal with their existing infrastructure, whether it’s on-prem, in the cloud, or a hybrid of the two?
Solutions to Identity Sprawl
Proactive IT professionals and business leaders who want to take control of their identity sprawl without making wholesale changes have a few options they can try. They won’t completely solve the issue but can mitigate it to reduce risk and make it more manageable for your IT teams.
Replacing legacy applications and services: This offers you the ability to replace outdated technology and increase protections to identity data.
Revoking third-party authentication options: Requiring employees to create unique company-based identities for their SaaS and cloud-based services removes some of the risks of these data stores since they must remain outside your company network.
Deploying an identity management (IdM) tool: These tools can help with the identity provisioning process and make identity management more efficient. These options can partially solve the identity sprawl problem for companies today, but they don’t go far enough.
Take a different approach to solving identity sprawl
A better approach companies can try is a unification platform built on an Identity Data Fabric framework, like the RadiantOne Intelligent Identity Data platform. The platform unifies identity across all the different places (and diverse ways!) identity data is stored and gives your company a logical way to use, manage, and secure it. The fabric framework allows you to contextualize identity data no matter where it’s located and then makes it available to whatever application or system that needs it. You can leave the data where it is and retain its value to the organization while gaining all the control, security, and visibility into the data that you’ve been missing.
5 ways an Identity Data Fabric overcomes identity sprawl
- This powerful unification layer helps companies identify all known services and applications while mapping them to identity stores. You could use this to plan future data consolidation projects, assess application needs, and identify IT process gaps.
- It provides context-rich information about the identities, offering visibility into your identity data that you didn’t have before.
- It can be used to establish more granular controls of identity data and usage, ensuring precise access rights for users and reducing the threat risk of identity data being stolen.
- It can be implemented in weeks instead of months or years so that companies can enjoy stronger security and faster ROI.
- It connects to all types of underlying data stores and systems, so you can continue to use your existing infrastructure. Plus, it scales efficiently as your company grows, so you won’t need to replace it with something new in the future.
Growing companies will inevitably end up with a jumble of diverse identity data stores. Each new acquisition or cloud service you add to your tech stack adds another node to your identity map. What started as a single identity directory that powered your internal applications has turned into a spider web of interconnected systems and disparate data stores. Employees are frustrated because they have too many accounts and passwords to manage. IT pros are scared of the multiplying risk each data store brings. Company leaders are frustrated with the mounting costs of storing and managing all that identity data.
Instead of blowing up your identity infrastructure and starting from scratch, consider moving to an identity unification approach that allows you to manage even the most complex infrastructures logically and flexibly, while adding speed and increasing agility. Radiant Logic’s powerful platform is based on a unified Identity Data Fabric framework that modernizes identity management for today’s companies. It uses what you already have to give you all the control, security, and visibility you’ve been missing. Learn more and get started on your Radiant journey.
Subscribe to receive blog updates
Don’t miss the latest conversations and innovations from Radiant Logic, delivered straight to your in-box every week.