Rising identity-related risks will drive the need for measures beyond traditional security practices to deliver zero trust architectures with an identity-first approach.
Identity-related incidents were on the rise in 2023, and it’s estimated that as many as eight out of ten cyber security attacks are enabled by stolen and compromised credentials. There are many ways for hackers to compromise accounts and gain unauthorized access, from poor physical security practices from remote users to orchestrated social engineering attacks. IT professionals understand this more than most employees, so they will remain very concerned about these risks going into 2024. Good security hygiene is fundamental, but it’s not enough.
Therefore, most organizations are pivoting to an identity-first security mindset. Security frameworks like zero trust all begin with a strong identity foundation. Moving into 2024 organizations will need to heavily focus on identity in addition to all the other traditional items like password security, user education, protecting privileged users, pen-testing, VPNs, and many other security measures.
Organizations will need to take a closer look at their identity governance strategy to ensure ongoing identity security and compliance enforcement without creating bottlenecks in the business process.
Michael Garrett, CEO
A recent survey that Omada conducted revealed that more than seven in ten IT and security leaders believe that people in their organizations have unnecessary access to assets or are over-permissioned. Legitimate credentials continue to be one of the primary factors used in successful cyber attacks. Getting a handle on this is going to become an even bigger priority in 2024, especially as many organizations face new and strengthened requirements and regulations around cyber security and breach reporting.
Organizations that have implemented an IGA (identity governance and administration) program to manage joiner, mover, and leaver scenarios, as well as provisioning and access certification, face a unique challenge: despite regular certifications, users may still have excessive access privileges. This necessitates a collaborative effort between IT and business units to evaluate resources based on their sensitivity and conduct thorough assessments to determine whether users actually utilize the access they have been granted.
However, even with improved ways to manage identity lifecycles including access requests, deprovisioning, changing roles and policies, responding to identity compromise in real time will become vital to prevent breaches. Being able to respond to critical incidents and shut down all access by an identity is non-trivial with many organizations well into their digital transformation to the cloud and moving to SaaS applications. Excessive permissions only make these identities more risky. Organizations will need to not just leverage identity governance with well-defined identity lifecycle management but also do so with a workflow that can operate close to or near real-time.
Rod Simmons, vice president of product strategy
When it comes to choosing an identity governance strategy, adaptability and connectivity, and generative AI will be top requirements
According to the above-mentioned survey, more than six in ten organizations favor adaptability in their IGA solution. This marks a wholesale change in tactics by identity governance teams where many legacy solutions focused more development efforts on building connectivity and workflows that adapt their company tools and applications to their IGA solution. More recent solutions work the other way and adapt their IGA solution to the business at hand, drastically reducing the amount of development required.
Adaptability will be especially relevant to individual IAM (identity and access management) solutions that offer best-in-breed functionality and be configurable to other systems and applications to meet an organization’s specific requirements. When evaluating a new IGA, companies will also look for a connectivity framework that enables an organization to apply IGA to their assets without costly customization.
The most preferred identity governance solutions will be those that provide the configurability, connectivity, and adaptability to work seamlessly with an organization’s existing applications and infrastructures and other IAM solutions. It will also enable interoperability with support capabilities like generative AI that help automate real-time identity and access management. A SaaS-based identity governance solution with faster data ingestion and the capacity to synch quickly to onboard applications will enable users to constantly optimize business processes.
Regardless of the vendor you choose, you will encounter applications that require integration but lack out-of-the-box connectors. This necessitates an extensible framework that enables you to swiftly configure new connectors that enhance your security and governance posture with a standards-based, no-code model.
Benoit Grangé, chief technology and product officer