Survey: Enterprise IT Teams Spend 11 Hours Investigating Identity Incidents
A survey of 370 IT and cybersecurity decision makers in organizations with at least 100 employees published today finds, on average, enterprise IT organizations are spending 11 person-hours investigating and remediating each critical identity-related security alert.
Conducted by Enterprise Strategy Group (ESG) on behalf of Teleport, a provider of a platform for securing access to IT infrastructure, the report also finds workforce identity teams use an average of 11 tools to trace identity-related security issues.
Teleport CEO Ev Kontsevoy said the survey makes it clear that when the sheer volume of critical identity-related security alerts is considered, the amount of time being spent investigating them is staggering.
That issue is only going to become more challenging in the age of artificial intelligence (AI) as more non-human entities, such as AI agents, are assigned identities. In fact, the survey found 44% of respondents work for organizations that have already deployed AI. Well over half (52%) ranked data privacy issues as the biggest risk related to AI.
The single biggest challenge when it comes to securing identities is how fragmented they’ve become, especially within large organizations, said Kontsevoy. Each end user accessing a particular platform, application or service is given a unique credential. On top of that, there are even more credentials being used by non-human identities, such as applications running on a wide range of types of infrastructure to invoke various interfaces. Within most organizations it’s all but impossible to cohesively manage security, much less consistently enforce zero-trust policies, noted Kontsevoy.
Unfortunately, cybercriminals can compromise credentials with relative ease. More cybersecurity incidents today are being caused by cybercriminals who are simply logging into applications and systems using stolen credentials rather than by malware that has been carefully crafted to exploit a vulnerability.
Organizations are not going to be able to resolve this crisis unless they first establish visibility into the credentials that have been assigned. In fact, there should be more focus in managing and securing credentials versus trying to track individual identities that could be associated with any number of applications and platforms, said Kontsevoy. In the physical world, keys that grant access to buildings are tracked individually and the digital world needs a similar approach to ensure security, he added.
Ultimately, the management of credentials should be assigned to an engineering team that has the skills and programmatic tools required to enforce cybersecurity policies at scale, said Kontsevoy. That approach provides the added benefit of also substantially reducing the amount of time required to investigate incidents, he noted.
It’s not clear what might motivate an organization to revisit how credentials are managed. Usually, it requires some type of significant breach or some type of reengineering of existing legacy systems. Regardless of how that change comes about, it’s apparent given the number of breaches that the current way credentials are being assigned and secured in most organizations is, at best, suboptimal.
