Digital identities continue proliferating throughout modern organizations and are a significant target for bad actors. Stolen identities and privileged access credentials account for most data breaches. In fact, identities and the systems that manage them are often among the first areas where breach attempts are made.
Managing the growing number of identities is increasingly complex, partly due to the many different Identity Access Management (IAM) solutions most organizations have today. Traditional solutions that comprise identity management include everything from Identity Governance & Administration (IGA) to privileged access management (PAM), Active Directory as a Service (ADaaS) and Single Sign-On (SSO). These tend to be siloed and don’t enable organizations to prioritize identity management based on risk.
Applying analytics to the activity of all these solutions to bridge the gap between disparate solutions will reduce risk and improve controls for all solutions. Doing so will enhance identity security posture, but it requires an innovative approach to identity management with a risk mindset and rich overlay analytics to inform it.
Challenges with the legacy approach to identity management
According to the Verizon Data Breach Investigations Report, 68% of breaches involve a non-malicious human element, such as a person falling victim to a social engineering attack or making an error. Methods like account compromise, social engineering, phishing and stolen credentials are typically the first steps in any attack chain.
Identity security is essential; reducing the risk of these events decreases your chances of a breach (with prevention, prediction, detection, and response) and the cost repercussions of a breach, which are rising. The IBM Cost of a Data Breach report found that the global cost of a data breach soared to $4.88 million in 2024, a 10% increase from the year prior.
It’s challenging to manage this function without an effective way of integrating the separate aspects and telemetry of identity and access management.
How an identity analytics overlay can help
A risk-based identity management approach aims to protect user identities and systems from cybersecurity threats, combining best practices, tools and processes to find and mitigate identity-based threats. Using identity analytics provides a new cutting-edge ability to bring this all together. It’s a risk-based and value-driven approach that leverages the latest technologies to add or connect the dots with identity accounts and access entitlements down to a granular level.
A holistic approach like this helps with cost optimization. Combining all these elements lets you gain an overall 360-degree view that shows who has access to what. This creates a return on investment (ROI) in multiple ways. First, this approach enables you to see what’s not being used but for which you’re paying the software licensing costs. This helps reduce unnecessary identity costs.
Second, this approach makes the process of meeting compliance requirements more efficient. For example, many large companies undergo the Sarbanes-Oxley (SOX) 404 certification process. They receive a quarterly report listing all the access people have and must certify it. These entitlements can be very cryptic, and there’s a lot of rubber-stamping without understanding what’s behind the access on that list. That’s wasteful spending on resources that could be focused on more strategic initiatives.
Identity analytics can give organizations risk-based and AI/ML-powered certification, which tells a business owner when someone in a peer group has unusual access. You can revoke this access or have a rock-solid paper trail of an approved exception. Massive ROI is possible here, as you can reduce the time it takes for compliance, improve compliance and possibly even reduce fines.
Another potential area for cost and time savings is provisioning. With an identity analytics approach, the access certification process is streamlined and expedited using machine learning and automation even before the provisioning process begins. In many companies, when a new person comes on board, their manager requests the same access their predecessor had. That can seem sensible, but the new employee may not need all the same permissions and access, which means your team will spend valuable time and resources granting extraneous access. Many companies aren’t using automation for this process, so it can take up to a month or more to fully provision someone. That works out to a lot of wasted time.
A better approach is to initially limit and reduce overprivileged access to match the peer group and then only assign additional privileges for specific, documented reasons. An identity analytics solution can help with this; not only does this reduce the identity attack surface, but it also prevents unnecessary licensing costs.
Identity analytics makes business sense
In today’s digital landscape, identities are proliferating like never before. All of these identities must be appropriately managed, or they become major security risks. Proper identity management can help reduce security risks and save money. Identity analytics represents a new approach to risk-based identity management that reduces the complexity, attack surface and expense while improving security and protection of sensitive data.
About the Author
Chris Scheels is Vice President of Product Marketing at Gurucul. Chris has been aligning people, processes and technology to drive companies forward for over 20 years. He has a decade of cybersecurity experience in product marketing and product management. His passion is helping businesses succeed through the strategic use of technology. Most recently he was helping customers accelerate their Zero Trust journey at Appgate, Inc. His background also includes experience in operations, sales, and new business development.
Chris can be reached at https://www.linkedin.com/in/scheeler/
