What Is Identity Management (and Should Companies Care)?
Cybercrime is a significant — and growing — problem for business. The numbers are astounding: More than 50% of small and mid-sized businesses (SMBs) experienced a cyber attack in 2020 alone, much of it due to identity theft, according to IBM data.
Worse, the study shows, is that 60% of those companies go out of business within six months of getting hacked.
But it's not just SMBs being targeted. Mattel, for instance, was hit by a costly phishing attack in 2015, when an executive transferred $3 million to a company in China after receiving instructions from who she believed was the CEO to make the transfer. The problem was that the email was not from the CEO.
This incident happening at such a large company, one that has cybersecurity protocols in place to boot — which the executive had followed — shows how criminals can fool even the most alert of us. The Mattel email had seemed legitimate; criminals had stolen the CEO's identity. Luckily, Mattel was able to reclaim the money, but many other businesses are not so lucky.
Identity management tools can potentially help companies avoid falling victim to such attacks.
What Is Identity Management?
Identity management is a process that ensures that the person sending the message is who they say they are and that the business authorizes the device being used. For example, in the Mattel case, the attacker had impersonated the CEO by using the name and email address, but the device was not connected to the CEO's user account. An identity management tool would have flagged that as a risk.
A good identity management system will:
- Determine how users are identified using a network.
- Add, remove and update users and their privileges within a role.
- Assign access levels for users/groups.
- Protect data and access to the system.
All of these features help minimize the risk of cybercrime for organizations.
Related Article: Cybersecurity Isn't an IT Risk, It's a Business Risk
The Benefits of Identity Management
The benefits of identity management tools may seem obvious. They seek to protect companies from financial fraud and intellectual property (IP) losses.
Without proper controls for identity management, businesses are at greater risk of falling victim to criminals who can access and steal critical data. Stolen data is often sold on the open net, which can be costly for an organization's reputation.
There have been increasing rules and regulations on this matter in recent years, and companies must now disclose breaches within certain guidelines and demonstrate that they are taking sufficient steps to safeguard the data they collect and store. After all, 95% of cybercrime is caused by human error, so business leaders must ensure that they train employees appropriately on this issue.
Identity management software saves teams time by automatically processing all authentication and identity management tasks. It also ensures higher accuracy.
This is particularly critical in today's remote work environment, considering the range of devices that might connect to an IT network. And as a result of the more complex nature of our cyber reality, identity management tools now go beyond verifying the legitimacy of devices to include the biometrics and behaviors of the user.
Related Article: Why Regulating AI Is Going to Be a Challenge
Finding Unexpected Vulnerabilities
Early successes of identity management have shown excellent results. In 2013, an investigation into a potential data breach discovered that an employee at a US company was outsourcing his job to China. The discovery resulted from software identifying an unauthorized device accessing the employee's computer.
Interestingly, it wasn't someone working remotely. The employee was well-known in the office and was at his desk when it happened.
Learning Opportunities
Yet, this could easily be replicated in today's remote and dispersed environment. Without identity management software, however, such unauthorized activity could be missed or ignored.
"[Identity management] can also make tracking employee activity and monitoring compliance with company policies easier," said Catherine vanVonno, president and CEO of Berlin, Md.-based 20four7VA.
Related Article: It's Time to Re-evaluate Your Cybersecurity Strategy
Security Challenges and Requirements
Identity management is becoming vital to organizations, but it's not a set-it-and-forget-it strategy. There are ongoing requirements that if missed can give company leaders a false sense of security.
The first is configuration oversights, including poor process automation, incomplete provisioning and insufficient system reviews. Businesses might also suffer from problems with biometrics. These pose a particular security challenge with data theft and that data being used to impersonate employees. Only collecting and storing essential data can lessen the risk, but it can also be unrealistic in today's digital workplace.
Another potential issue comes with the process of activating and deactivating accounts. Companies that don't deactivate old accounts run a higher risk of leaving doors open to hackers.
The use of IDaaS (identity-as-a-service) via cloud-based systems should also be approached with caution. There is a chance of malicious actors gaining access to user identities and passwords when their device is not secure.
"Despite being easily avoidable, a big disadvantage of IDaaS is the possibility of critical outsourcing functions," said Christian Velitchkov, co-founder of Los Angeles-based Twiz. "Once your identity management solutions are sent to the cloud, they are outside your firewall and exposed to the internet. An IDaaS system must keep your data and systems secure."
Related Article: A Zero Trust Security Primer
Latest Technology Resolves Issues
Technology is developing at a rapid pace, and it can be difficult for some companies to keep up. Yet, there are important gains to be made with new technologies.
Having an updated tech stack can help organizations of all sizes ensure that employee communications and the devices they use to access company data and systems are legitimate and sanctioned. This is becoming increasingly crucial in a remote work environment, where nearly everything resides in the cloud.
So, though the threat of cyber attacks increases, solutions are out there to help minimize associated risks.
About the Author
Kaya Ismail is a business software journalist and commentator with years of experience in the CMS industry.
Connect with Kaya Ismail:
Featured Research
On-Demand Webinar
Read Now
Buyer's Guide
Read Now
Research Report
Read Now
Research Report
Read Now
Related Stories
Reworked CONNECT 2024 - Pre-Registration is Now Open!
