Man hiding his face by holding up a polaroid picture in front of it

What Is Identity Management (and Should Companies Care)?

September 12, 2022 Information Management
Kaya Ismail
By Kaya Ismail

Cybercrime is a significant — and growing — problem for business. The numbers are astounding: More than 50% of small and mid-sized businesses (SMBs) experienced a cyber attack in 2020 alone, much of it due to identity theft, according to IBM data. 

Worse, the study shows, is that 60% of those companies go out of business within six months of getting hacked.

But it's not just SMBs being targeted. Mattel, for instance, was hit by a costly phishing attack in 2015, when an executive transferred $3 million to a company in China after receiving instructions from who she believed was the CEO to make the transfer. The problem was that the email was not from the CEO.

This incident happening at such a large company, one that has cybersecurity protocols in place to boot — which the executive had followed — shows how criminals can fool even the most alert of us. The Mattel email had seemed legitimate; criminals had stolen the CEO's identity. Luckily, Mattel was able to reclaim the money, but many other businesses are not so lucky.

Identity management tools can potentially help companies avoid falling victim to such attacks.

What Is Identity Management?

Identity management is a process that ensures that the person sending the message is who they say they are and that the business authorizes the device being used. For example, in the Mattel case, the attacker had impersonated the CEO by using the name and email address, but the device was not connected to the CEO's user account. An identity management tool would have flagged that as a risk.

A good identity management system will:

  • Determine how users are identified using a network.
  • Add, remove and update users and their privileges within a role.
  • Assign access levels for users/groups.
  • Protect data and access to the system.

All of these features help minimize the risk of cybercrime for organizations.

Related Article: Cybersecurity Isn't an IT Risk, It's a Business Risk

The Benefits of Identity Management

The benefits of identity management tools may seem obvious. They seek to protect companies from financial fraud and intellectual property (IP) losses.

Without proper controls for identity management, businesses are at greater risk of falling victim to criminals who can access and steal critical data. Stolen data is often sold on the open net, which can be costly for an organization's reputation.

There have been increasing rules and regulations on this matter in recent years, and companies must now disclose breaches within certain guidelines and demonstrate that they are taking sufficient steps to safeguard the data they collect and store. After all, 95% of cybercrime is caused by human error, so business leaders must ensure that they train employees appropriately on this issue.

Identity management software saves teams time by automatically processing all authentication and identity management tasks. It also ensures higher accuracy.

This is particularly critical in today's remote work environment, considering the range of devices that might connect to an IT network. And as a result of the more complex nature of our cyber reality, identity management tools now go beyond verifying the legitimacy of devices to include the biometrics and behaviors of the user.

Related Article: Why Regulating AI Is Going to Be a Challenge

Finding Unexpected Vulnerabilities

Early successes of identity management have shown excellent results. In 2013, an investigation into a potential data breach discovered that an employee at a US company was outsourcing his job to China. The discovery resulted from software identifying an unauthorized device accessing the employee's computer.

Interestingly, it wasn't someone working remotely. The employee was well-known in the office and was at his desk when it happened.

Yet, this could easily be replicated in today's remote and dispersed environment. Without identity management software, however, such unauthorized activity could be missed or ignored.

"[Identity management] can also make tracking employee activity and monitoring compliance with company policies easier," said Catherine vanVonno, president and CEO of Berlin, Md.-based 20four7VA. 

Related Article: It's Time to Re-evaluate Your Cybersecurity Strategy

Security Challenges and Requirements

Identity management is becoming vital to organizations, but it's not a set-it-and-forget-it strategy. There are ongoing requirements that if missed can give company leaders a false sense of security.

The first is configuration oversights, including poor process automation, incomplete provisioning and insufficient system reviews. Businesses might also suffer from problems with biometrics. These pose a particular security challenge with data theft and that data being used to impersonate employees. Only collecting and storing essential data can lessen the risk, but it can also be unrealistic in today's digital workplace.

Another potential issue comes with the process of activating and deactivating accounts. Companies that don't deactivate old accounts run a higher risk of leaving doors open to hackers.

The use of IDaaS (identity-as-a-service) via cloud-based systems should also be approached with caution. There is a chance of malicious actors gaining access to user identities and passwords when their device is not secure.

"Despite being easily avoidable, a big disadvantage of IDaaS is the possibility of critical outsourcing functions," said Christian Velitchkov, co-founder of Los Angeles-based Twiz. "Once your identity management solutions are sent to the cloud, they are outside your firewall and exposed to the internet. An IDaaS system must keep your data and systems secure."

Related Article: A Zero Trust Security Primer

Latest Technology Resolves Issues

Technology is developing at a rapid pace, and it can be difficult for some companies to keep up. Yet, there are important gains to be made with new technologies.

Having an updated tech stack can help organizations of all sizes ensure that employee communications and the devices they use to access company data and systems are legitimate and sanctioned. This is becoming increasingly crucial in a remote work environment, where nearly everything resides in the cloud.

So, though the threat of cyber attacks increases, solutions are out there to help minimize associated risks.


Featured Research

Related Stories

Gold padlock on worn-out blue lock

Information Management

Mitigating the Risk to Personally Identifiable Information in Unstructured Data

Top of building sticking out of the clouds into clear blue sky

Information Management

How Hybrid Cloud Is Enabling the Digital Workplace

graffiti on the wall reading: "trust your struggle"

Information Management

Why Organizations Still Struggle With Deploying AI

Digital Workplace Experience Q4: October 12-13, 2022

DWX22 - Q4