With data breaches now inevitable, the network perimeter disappearing and the ever-present risk from users, organisations must adapt and secure their best asset, which is also their greatest threat: their users, or ‘digital identities’.
The biggest challenge to securing all digital identities today is that the enterprise IT landscape has undergone significant changes, thanks to the sweeping digital transformation underfoot. Organisations globally are investing in technologies such as cloud computing and mobility to improve employee productivity, business agility and competitiveness.
As a result, enterprise environments are more open and interconnected than ever before, with their business partners, contractors, vendors and customers who now have access to an incredibly high number of applications and data to do their jobs.
This naturally makes them a prime target for a hacker who sees today’s business user as their ‘ticket’ into the organisation. Because of this, organisations must consider their identity program as central to their overall security strategy, as today’s users have a proverbial target on their backs.
This is incredibly important to consider as companies of all sizes embrace digital transformation. In fact, identity can and should be thought of as the “immune system” of digital transformation. Think about it: when an organisation migrates to the cloud or rolls out an application, it needs to determine who has access to these applications, who should have access and how that access is being used.
With identity so intrinsically tied to today’s digital transformation, it makes sense, then, that the risks to an organisation’s digital identities have evolved, matching the speed of business today.
Governing humans and non-humans
For example, the word ‘identity’ has taken on a new meaning. Software bots and robotic process automation (RPA) are becoming much more common as organisations look for new ways to drive business efficiencies. As a result, business leaders have found themselves grappling with a whole new wave of identities to govern and manage.
Given that the definition of what a user is has been redefined to now include both human and non-human users, this has left an indelible mark on how companies approach identity governance. For those who are using software bots in place of humans to automate business processes, they must consider these bots and their access to sensitive data and applications. The answer is pretty simple: manage them like you do you other (human) identities. Bots act on data, manage processes and so on, just like an employee would, so you should govern them the same way.
Keeping up with applications
Several of our customers now manage thousands of applications, from video conferencing and instant messaging tools, to collaboration applications like Dropbox and SharePoint. Business managers are requesting apps – especially cloud apps – at an increasing rate, with little patience towards the standard onboarding processes used by IT.
Without proactively expanding identity governance processes to all applications, organisations can unintentionally create security and compliance gaps that can be costly and time-consuming to fix in the future. With identity governance, organisations can better keep pace with this influx in applications, rapidly onboarding new applications and providing convenient, secure access while keeping unapproved applications out of the enterprise. This keeps users happy while freeing up IT teams to tackle big picture issues.
Corporate data, specifically the unstructured data users store in files, such as documents, PDFs, Excel spreadsheets and PowerPoint presentations, is also a big challenge. Conservative estimates show that over 80% of a corporation’s data is now unstructured and stored outside a traditional database or application environment.
In most organisations, access to this data is ungoverned, and outside the purview of IT. A comprehensive identity governance solution must extend to data in file storage systems and control access to 100% of corporate data regardless of where it resides.
Businesses are becoming more complex every day and, unfortunately, hackers are taking advantage of that by targeting digital identities, so data breaches are naturally growing. According to the Risk Based Security 2017 Report, 7.8 billion records were exposed last year – spanning virtually every industry.
To protect themselves, companies today need to take a comprehensive approach to identity governance, providing much-needed visibility into and control over all digital identities across the enterprise. Identity touches each of the three core tactics – prevention, detection and response – in avoiding a data breach. By giving users the right access to the right data at the right time, organisations can prevent the data from being a free-for-all in the first place.
Through the ability to see user behaviour and know when something isn’t right, detection is that much quicker. And by being able to lock down compromised accounts in a critical situation such as a breach, organisations can respond swiftly.
Digital transformation is introducing more exposure points for organisations. Only an identity-centric approach to security can help global enterprises address these challenges and provide enterprises with full visibility and control over all users, applications and data.