How organizations can keep themselves secure whilst cutting IT spending
It is the immediate natural reaction of most organizations to cut costs during an economic downturn. But the economy will return and cutting back too far can be damaging in the long term.
Complex situations such as a global recession often make criminals more motivated. Adversaries are banking on the fact that organizations are busy trying to ride this curve and might lose sight of their security protocols.
Most organizations find it impossible to balance the threats as well as the economic changes, and threat actors are counting on organizations to reduce costs that might impact their security posture, as well as having a complex environment that is in desperate need of a clean-up.
We are in a unique time of change in IT as organizations navigate the ongoing digital transformation, a continued migration to the cloud and the movement towards zero trust.
Attackers are after identity data
Organizations’ expansion into multiple cloud environments and applications means employees have many different user accounts and digital identities. Most firms lose track of these identities, resulting in large numbers of redundant, overprovisioned accounts. This widens the attack surface as ghost accounts are a lucrative target for online criminals, and not necessarily monitored by security teams. Accounts with needlessly high access privileges or those that have accumulated unnecessary access over the years can then be exploited.
Threat actors play in the shadows and will focus on decommissioned, poorly managed accounts or gaps in security models to break into the system. Any system that has access and credentials can be compromised. Hence, it is essential to understand that with digitalization and the increasing use of the cloud, threat actors have a greater scope of breaching an enterprise’s security perimeter. By simply following the link between systems, threat actors can now access sensitive data and areas of an organization’s network.
The application of zero trust
The zero trust network access model has been a major talking point for CIOs, CISOs and IT professionals for some time. While most organizations do not fully understand what zero trust is, they recognize the importance of the initiative.
Enforcing principles of least privilege minimizes the impact of an attack. In a zero trust model, an organization can authorize access in real-time based on information about the account they have collected over time.
To make such informed decisions, security teams need accurate and up-to-date user profiles. Without it, security teams can’t be 100% confident that the user gaining access to a critical resource isn’t a threat. However, with the sprawl of identity data – stored in the cloud and legacy systems – of which are unable to communicate with each other, such decisions cannot be made accurately.
Ultimately, the issue of identity management isn’t only getting more challenging with the digitalization of IT and migration to the cloud – it’s now also halting essential security projects such as zero trust implementation.
The benefits of streamlining identity data
During a recession, it is essential to prioritize and make strategic decisions. By managing identity data, organizations can help standardize their environments. This will ensure that the processes are more efficient, which can help enterprises to protect themselves against cyber threats, as well as support recession-recovery and future resilience.
Streamlining and managing identity data means that security teams can understand who is accessing what and how they are accessing it. With this information they have visibility into the gaps created by IT debt. Furthermore, good identity management also helps automate processes, and ensures a consistent and secure approach across the organization. It tracks everything the accounts do during their time, and when an employee leaves user accounts can be disabled and deleted correctly and securely.
A highly automated approach is also necessary for organizations to discover and collect identities across on-premises legacy systems and in the cloud. Similar identities can be mapped and then unified to generate a single profile, ensuring that each digital identity is linked to an individual employee or machine.
By doing this important clean-up work, organizations can cut down redundant accounts and licenses to not only secure their networks but save on costs. Identity data management can now be used to justify investment, ROI and business transformation. This is not just a short-term benefit crucial during a recession, it is a springboard for long-term resilience as well.