{"id":615297,"date":"2023-03-07T08:49:31","date_gmt":"2023-03-07T14:49:31","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/03\/07\/modernizing-identity-access-management-with-zero-trust\/"},"modified":"2023-03-07T08:49:31","modified_gmt":"2023-03-07T14:49:31","slug":"modernizing-identity-access-management-with-zero-trust","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/03\/07\/modernizing-identity-access-management-with-zero-trust\/","title":{"rendered":"Modernizing identity access management with zero trust"},"content":{"rendered":"
\n
\n

\n

<\/p>\n<\/p><\/div>\n<\/p><\/div>\n

\n
\n
\n

CISOs tell VentureBeat they\u2019re taking an increasingly pragmatic approach to modernizing identity access management (IAM)<\/a> \u2014 and this starts with reducing legacy app and endpoint sprawl. The goal is a more efficient, economical, lean tech stack that\u2019s solid enough to scale and support their enterprise-wide zero-trust<\/a> frameworks.\u00a0<\/p>\n

Identities are under siege<\/a> because attackers, criminal gangs and advanced persistent <\/a>threat<\/a> (APT)<\/a> organizations know identities are the ultimate control surface. Seventy<\/a>-eight percent of enterprises<\/a> say identity-based breaches have directly impacted their business operations this year. Of those companies breached, 96% now believe they could have avoided a breach if they had adopted identity-based zero-trust safeguards earlier. Forrester found that 80% of all <\/a>security<\/a> breaches<\/a> start with privileged credential abuse.<\/p>\n

Delinea\u2019s survey on securing <\/a>identities<\/a> found that 84% of organizations experienced an identity-related breach in the last 18 months. And Gartner found that 75%<\/a> <\/a>of security failures are attributable<\/a> to human error in managing access privileges and identities, up from 50% two years ago. \u00a0<\/p>\n

Protecting identities is core to zero trust<\/h2>\n

Consolidating existing IAM systems into a unified cloud-based platform takes expertise in how merged legacy systems define and organize data, roles and privileged access credentials. Leading IAM providers\u2019 professional services teams work with CISOs to preserve legacy IAM data and identify the areas of their taxonomies that make the most sense for a consolidated, enterprise-wide IAM platform. Noteworthy providers assisting organizations to modernize their IAM systems and platforms include CrowdStrike<\/a>, Delinea<\/a>, Ericom<\/a>,<\/a> ForgeRock<\/a>,<\/a>\u00a0IBM <\/a>Cloud<\/a> Identity<\/a> and Ivanti<\/a>.<\/p>\n

CISOs tell VentureBeat that the costs of maintaining legacy IAM systems are going up \u2014 without a corresponding rise in the value these legacy systems provide. That\u2019s forcing IT and security teams to justify spending more on systems that deliver less real-time data on threat detection and response.<\/p>\n

Cloud-based IAM platforms are also easier to integrate with, streamlining tech stacks further. Not surpriingly, the need for more adaptive, integrated IAMs is accelerating enterprise spending. The worldwide IAM market is forecast to increase from $15.87 billion in 2021 to $20.75 <\/a>billion<\/a> this year.\u00a0\u00a0<\/p>\n

The goal: Streamlining IAM to strengthen zero trust\u00a0<\/h2>\n

More IT and security teams are fighting endpoint sprawl, as legacy IAM systems require more and more patch updates on every endpoint. Add to that the siloed nature of legacy IAM systems with limited integration options and, in some cases, no APIs, and it\u2019s easy to see why CISOs want a zero trust-based approach to IAM that can scale fast. The time and risk savings promised by legacy IAM systems aren\u2019t keeping up with the scale, severity and speed of today\u2019s cyberattacks<\/a>.<\/p>\n

The need to show results from consolidating tech stacks has never been greater. Under pressure to deliver more robust cyber-resilient operations at a lower cost, CISOs tell VentureBeat they are challenging their primary vendors to help them meet those dual challenges.<\/p>\n

The pressure to deliver on both fronts \u2014 resilience and cost savings \u2014 is pushing consolidation to the top of nearly every major vendor\u2019s sales calls with leading CISOs, VentureBeat learned. CrowdStrike, continuing to listen to enterprise customers, fast-tracked extended detection and response<\/a>\u00a0(XDR) to the market last year as the foundation of its consolidation strategy<\/a>. Nearly all CISOs had consolidation<\/a> on their roadmaps<\/a> in 2022, up from 61% in 2021.\u00a0<\/p>\n

In another survey, 96% of CISOs said they plan to consolidate their security platforms, with 63% saying\u00a0extended detection and response (XDR)<\/a> is their top solution choice. As they confront overlapping and often conflicting identity, role and persona definitions for the same person, as well as zombie credentials<\/a> and unprotected gaps across cloud-based PAM systems, CISOs tell VentureBeat they see modernization as an opportunity to clean up IAM company-wide.<\/p>\n

One of the many factors CISOs cite to VentureBeat for wanting to accelerate the consolidation of their IAM systems is how high-maintenance legacy systems are when it comes to endpoint management and maintenance.<\/p>\n

Absolute <\/a>Software\u2019s<\/a> 2021 Endpoint Risk Report<\/a> found 11.7 security <\/a>agents<\/a> installed on average<\/a> on a typical endpoint. It\u2019s been proven that the more security controls per endpoint, the more frequently collisions and decay occur, leaving them more vulnerable.\u00a0Six in 10 endpoints (59%) have at least one IAM installed, and 11% have two or more. Enterprises now have an average of 96 <\/a>unique<\/a> applications per device<\/a>, including 13 mission-critical applications.<\/p>\n

\"Percent
Too many endpoint security controls create software conflicts that can leave endpoint and IAM data at risk of breach. Source: Absolute <\/a>Software<\/a> 2021 Endpoint Risk Report<\/a><\/figcaption><\/figure>\n

Where and how CISOs are modernizing IAM with zero trust\u00a0<\/h2>\n

Getting IAM right is the first step to ensuring that a zero-trust security framework has the contextual intelligence it needs to protect every identity and endpoint. To be effective, a zero trust network access (ZTNA) framework must have real-time contextual intelligence on every identity. CISOs tell VentureBeat that it\u2019s ideal if they can get all Access Management (AM) tools integrated into their ZTNA framework early in their roadmaps. Doing so provides the authentication and contextual identity insights needed to protect every web app, SaaS<\/a> application and endpoint.\u00a0<\/p>\n

In prioritizing which steps to take in modernizing IAM for zero trust, CISOs tell VentureBeat these are the most effective:\u00a0<\/p>\n

First, do an immediate audit of every identity and its privileged access credentials.\u00a0<\/h3>\n

Before importing any identities, audit them to see which are no longer needed. Ivanti\u2019s<\/a> chief product officer Srinivas Mukkamala says that \u201clarge organizations often fail to account for the huge ecosystem of apps, platforms and third-party services that grant access well past an employee\u2019s termination. We call these zombie credentials, and a shockingly large number of security professionals \u2014 and even leadership-level executives \u2014 still have access to former employers\u2019 systems and data.\u201d<\/p>\n

Modernizing IAM needs to start by verifying that every identity is who it says it is before providing access to any service. Attackers target legacy IAM systems because identities are the most valuable control surface any business has \u2014 and once they have it under control, they run the infrastructure.<\/p>\n

Next, thoroughly review how new accounts are created, and audit accounts with admin privileges.<\/h3>\n

Attackers look to get control of new account creation first, especially for admin privileges, because that gives them the control surface they need to take over the entire infrastructure. Many of the longest-dwelling breaches happened because attackers were able to use admin privileges to disable entire systems\u2019 accounts and detection workflows, so they could repel attempts to discover a breach.<\/p>\n

\u201cAdversaries will leverage local accounts and create new domain accounts to achieve persistence. By providing new accounts with elevated privileges, the adversary gains further capabilities and another means of operating covertly,\u201d said Param Singh, vice president of Falcon OverWatch at CrowdStrike.<\/p>\n

\u201cService account activity should be audited, restricted to only permit access to necessary resources, and should have regular password resets to limit the attack surface for adversaries looking for a means to operate beneath,\u201d he said.<\/p>\n

Enable multifactor authentication (MFA) early to minimize disrupting user experience.<\/h3>\n

CISOs tell VentureBeat that their goal is to get a baseline of protection on identities immediately. That starts with integrating MFA into workflows to reduce its impact on users\u2019 productivity. The goal is to get a quick win for a zero-trust strategy and show results.<\/p>\n

While getting adoption to ramp up fast can be challenging, CIOs driving identity-based security awareness<\/a> see MFA as part of a broader authentication roadmap \u2014 one that includes passwordless<\/a> authentication technologies and techniques. Leading passwordless authentication providers include Ivanti\u2019s Zero Sign-On (<\/a>ZSO<\/a>)<\/a>, a solution that combines passwordless authentication, zero trust and a streamlined user experience on its unified endpoint management (UEM) platform. Other vendors include Microsoft Azure Active <\/a>Directory<\/a> (Azure AD)<\/a>, OneLogin<\/a> Workforce Identity<\/a>, Thales<\/a> SafeNet Trusted Access<\/a> and Windows<\/a> Hello for Business<\/a>.<\/p>\n

Early on, replace legacy IAM systems that can\u2019t monitor identities, roles and privileged access credential activity.<\/h3>\n

VentureBeat has learned from CISOs that now is the breaking point for legacy IAM systems. It\u2019s too risky to rely on an IAM that can only track some identity activity across roles, privileged access credential use and endpoint use in real time.<\/p>\n

Attackers are exploiting the gaps in legacy IAM systems \u2014 offering bounties on the dark web for privileged access credentials to financial services\u2019 central accounting and finance systems, for example. Intrusions and breaches have grown more multifaceted and nuanced, making constant monitoring \u2014 a core tenet of zero trust \u2014 a must. For those reasons alone, legacy IAM systems are turning into a liability.<\/p>\n

Get IAM right in a multicloud: Select a platform that can provide IAM and PAM across multiple hyperscalers \u2014 without requiring a new identity infrastructure.<\/h3>\n

Every hyperscaler has its own IAM and PAM system optimized for its specific platform. Don\u2019t rely on IAM or PAM systems that haven\u2019t proven effective in closing the gaps between multiple hyperscalers and public cloud platforms.<\/p>\n

Instead, take advantage of the current market consolidation to find a unified cloud platform that can deliver IAM, PAM and other core elements of an effective identity management strategy. The cloud has won the PAM market<\/a> and is the fastest-growing platform for IAM. The majority, 70%, of new access management, governance, administration and privileged access deployments will be on converged<\/a> IAM and PAM platforms by 2025<\/a>.\u00a0<\/p>\n

Making IAM a strength in zero-trust strategies\u00a0<\/h2>\n

CISOs tell VentureBeat it\u2019s time to start looking at IAM and ZTNA as cores of any zero-trust framework. In the past, IAM and core infrastructure security may have been managed by different groups with different leaders. Under zero trust, IAM and ZTNA must share the same roadmap, goals and leadership team.\u00a0<\/p>\n

Legacy IAM systems are a liability to many organizations. They\u2019re being attacked for access credentials by attackers who want to take over the creation of admin rights. Implementing IAM as a core part of zero trust can avert a costly breach that compromises every identity in a business. For ZTNA frameworks to deliver their full potential, identity data and real-time monitoring of all activities are needed.<\/p>\n

It\u2019s time for organizations to focus on identities as a core part of zero trust, and modernize this critical area of their infrastructure.<\/p>\n

VentureBeat’s mission<\/strong> is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.<\/a><\/p>\n<\/p><\/div>\n<\/p><\/div>\n

Read More<\/a>
\n Louis Columbus<\/p>\n","protected":false},"excerpt":{"rendered":"

March 6, 2023 12:07 PM CISOs tell VentureBeat they\u2019re taking an increasingly pragmatic approach to modernizing identity access management (IAM) \u2014 and this starts with reducing legacy app and endpoint sprawl. The goal is a more efficient, economical, lean tech stack that\u2019s solid enough to scale and support their enterprise-wide zero-trust frameworks.\u00a0 Identities are under<\/p>\n","protected":false},"author":1,"featured_media":615298,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22668,33730,46],"tags":[],"class_list":["post-615297","post","type-post","status-publish","format-standard","has-post-thumbnail","category-identity","category-modernizing","category-technology"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/615297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=615297"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/615297\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/615298"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=615297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=615297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=615297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}