Identity sprawl: WFH sees digital identities skyrocket

A new survey has revealed a significant increase in digital identities on a global scale. This phenomenon — known as identity sprawl — has been driven by surges in user identities (internal, third parties and customers), machine identities and new accounts generated in response to an uptick in remote work.

The global study surveyed over 1000 IT executives (including a 15% cohort from ANZ) and found that more than eight in 10 respondents now manage double the number of identities, with 25% reporting a 10X increase during the period.

According to the report, identity sprawl is one critical obstacle to overcome as businesses seek to optimise their overall cybersecurity posture, with half of all companies reporting they use more than 25 different systems to manage access rights. More than one in five respondents use more than 100.

A second challenge is the fragmented way most organisations address identity security. 51% of respondents said the presence of multiple silos yields a lack of visibility regarding who has access to which system.

Managing identity security in silos creates significant levels of complexity and risk. 85% of organisations have employees with more privileged access than necessary, making it easier for bad actors to exploit unknowing internal stakeholders to gain access to a given organisation.

Only 12% of professionals are fully confident they can prevent a credential-based attack, which occurs when attackers steal insider credentials to gain initial access, bypassing an organisation’s security measures.

“Virtually every day we see a new cyber incident make headlines, in large part because organisations are managing more identities than ever before and because they are unable to attain a 360-degree view of all their identities — which creates gaps, inconsistencies and expands windows of exposure,” said Bhagwat Swaroop, president and general manager, One Identity.

“We’ve seen firsthand that a holistic identity management strategy is a proven way for organisations to optimise visibility, control and
protection.”

A trend towards an end-to-end approach for identity security was underscored by the survey, with half of the respondents stating that an end-to-end unification of identities and accounts is needed to better respond to evolving market conditions. Almost two-thirds of respondents stated that a unified identity and access management platform would streamline their businesses approach.

Industry practices recognise that as ransomware (66%), phishing (52%) and RPA adoption concerns remain top of mind (94% of organisations who have deployed bots or RPA report challenges securing them), companies must plan to bolster business resiliency where they can. This includes investing in enhanced identity and governance administration (IGA) and privileged access management (PAM) solutions that can secure and govern growing identity ecosystems.

Image credit: ©stock.adobe.com/au/zefart