Businesses Look to AI, ML to Boost Identity Security
Less than half of businesses are adequately addressing the issue of identity security, despite the growing threat of identity-based attacks, according to a SailPoint survey of more than 300 global cybersecurity executives.
The survey also indicated that as enterprises increase their identity security maturity, they become better at using their security tools more efficiently.
Of the companies in the beginning stages of maturity, over a quarter said they allocated more than 15% of their cybersecurity budget to identity while 71% of more mature companies said they spend a smaller share of their budget but get more value.
Survey respondents are looking to tap into technologies like artificial intelligence (AI) and machine learning to boost their identity security capabilities, or plan to do so within the next two years. This investment is occurring as the total number of identities is projected to grow by 14% over the next three to five years, according to the survey.
Joseph Carson, chief security scientist and advisory CISO at Delinea, a provider of privileged access management (PAM) solutions, said one of the main challenges for organizations with regard to securing identities is that mobility and cloud environment identities are everywhere.
“The growth in mobility and the cloud greatly increases the complexity of securing identities,” he explained. “Therefore, organizations still attempt to try and secure them with the existing security technologies they already have. This results in many security gaps and limitations.”
He added that some organizations fall short by trying to ‘checkbox’ security identities with simple password managers.
“However, this still means relying on business users to make good security decisions,” Carson says.
The Importance of Protecting Identities
To secure identities, organizations must first have a good strategy and plan in place, which means understanding the types of privileged identities that exist in the business and using security technology that is designed to discover and protect them.
Carson said the good news is that many organizations understand the importance of protecting identities.
“However, they must follow through this with action and accelerate the journey to protecting identity-based cyberattacks,” he noted. “Organizations must start with an IAM plan on how to federate their existing identities and what risks they expose to the business.”
John Bambenek, principal threat hunter at Netenrich, a security and operations analytics SaaS company, said what he found most surprising about the survey was the fact that survey respondents thought 96% of identity-related breaches could be prevented.
“It speaks to the fact that executives know we have solutions for some of these problems, but that the implementation of those simply isn’t achieving the desired effectiveness,” he explained.
He said the biggest problem he encounters, especially in incident response, is that data is being inefficiently collected about identity behaviors or authentication events.
“Many organizations are using cloud SaaS providers but not ingesting that data into their SIEM or analytics platforms. That means no alerts can be generated when obvious misuse occurs,” he added.
Bambenek said while security and IT are obvious stakeholders in identity security, ultimately it is business leaders that also must buy-in.
“There are plenty of identity security solutions; some are so unwieldy that business users won’t adopt them or evade them,” he said. “Ultimately, any security tool needs to serve the needs of the business and be part of the overall risk management program of the organization.”
The Challenge of the Cloud
From his perspective, the biggest factor is that most organizations are no longer running all their business applications on-premises.
“In a cloud world, you are dependent on third-party providers who are still struggling to make available enough data from organizations to protect themselves,” he said. “For many of these services, basic audit logs can be hard to acquire.”
Darren Guccione, CEO and co-founder at Keeper Security, a provider of zero-trust and zero-knowledge cybersecurity software, pointed out that the mass migration to distributed remote work environments has radically increased the number of endpoints and the number of remote locations, such as home offices.
“This correlates to the increased sheer number of websites, applications and systems that require identity verification, access and full end-to-end encryption,” he said. “IT leaders are finding it increasingly difficult to gain comprehensive visibility, security, compliance and control to protect every employee, on every device from every location.”
Guccione echoed Bambenek’s sentiment that leadership—starting with the board of directors and then, C-level leaders—must make cybersecurity a part of the entire organization’s culture.
“In the modern era, cybercriminals are attacking every department seeking entry into corporate systems,” Guccione said. “Thus, identity and cybersecurity strategies should permeate every department of an organization. Cybersecurity needs to be a pillar of every good business, but understanding, accountability, education and progress must start at the top.”
