Things are rapidly growing more challenging on the security front in 2023. Many CISOs didn’t expect this much pressure to consolidate tech stacks, make budgets go further and do better at stopping identity-driven breach attempts. CISOs tell VentureBeat that access management (AM), identity and access management (IAM) and privileged access management (PAM) are under attack by threat actors who can quickly monetize stolen identities by becoming access brokers or working with access brokerages.
These access brokerages sell stolen credentials and identities in bulk at high prices on the dark web. This helps explain the skyrocketing rate of attacks aimed at exploiting gaps created by cloud infrastructure misconfigurations and weak endpoint security.
CrowdStrike’s latest Global Threat Report found that cloud attacks aimed at stealing and taking control of credentials and identities grew 95% in 2022. And a recent Unit 42 Cloud Threat Report found that 99% of analyzed identities across 18,000 cloud accounts from more than 200 organizations had at least one misconfiguration, indicating gaps in IAM protection.
Identity-driven attacks are the digital epidemic that no CISO or CIO wants to discuss. Yet they are ravaging mid-tier manufacturers who are months or years behind on security patches and have open ports on their corporate networks. Seventy-eight percent of enterprise security and risk management leaders say that cloud-based identity-based breaches have directly impacted their business operations this year, and 84% have experienced an identity-related breach.
Pressure to accelerate consolidation of tech stacks drives the market
CISOs want their cybersecurity platform providers to speed up efforts to converge PAM and IAM while improving identity proofing. They also point out that effective fraud detection needs to be at the platform level. And they tell VentureBeat that, along with identity governance and administration (IGA), IAM and PAM are the highest priorities, because 80% or more of breach attempts aim first at identities and the systems that manage them.
Identity detection and response (ITDR) addresses gaps in identity protection that are left when hyperscaler-specific IAM, PAM and IGA systems aren’t integrated into a unified tech stack and infrastructure.
Gartner predicts that by 2026, 90% of organizations will use some embedded identity threat detection and response function from access management tools as their primary way to mitigate identity attacks, up from less than 20% today. Access management spending is approximately 6.8% of the worldwide spending on security and risk management software, making it a $4.17 billion market in 2021. But the worldwide IAM market is forecast to increase from $15.87 billion in 2021 to $20.75 billion this year.
Strengthening zero trust with access management
It’s becoming more urgent to consolidate tech stacks while also showing progress on zero-trust initiatives, especially if those initiatives are tied to protecting and growing revenue. CISOs are relying more than ever on their endpoint, IAM, ITDR and unified endpoint management (UEM) vendors to help them more quickly consolidate their tech stacks. Meanwhile, they’re relying on internal teams to orchestrate and implement or modify zero trust frameworks to support new business initiatives.
That’s why 2023 is becoming a much more challenging year than CISOs expected.
Noteworthy providers assisting CISOs and their organizations to modernize IAM systems include CrowdStrike, Delinea, Ericom, ForgeRock, IBM Cloud Identity and Ivanti.
Closing multicloud gaps by replacing on-premise IAM system with cloud platforms
Organizations must consolidate legacy IAM systems that are continuing to increase application and endpoint agent sprawl. Standardizing on a unified cloud-based platform requires in-depth expertise in merging legacy systems and their taxonomies, data, roles and privileged access credentials. IT and cybersecurity teams focused on zero trust are trying to be as pragmatic as possible about moving IAM to the cloud. That’s why they rely on IAM cloud providers to help them transition from on-premise to the cloud.
One CISO told VentureBeat (on condition of anonymity) that the cost of legacy IAM systems is continuing to go up, even as these systems deliver less and less value because they’re not as advanced in API integration as the state-of-the-cloud IAM market. Most importantly, cloud-based IAM apps and platforms can monitor and log every identity, role and privileged access credential — a core tenet of zero trust.
CISOs also want cloud-based IAM platforms to better close the gaps in multicloud configurations that happen when every hyperscaler has its own IAM module or approach to identity management.
First, strengthen cloud platforms with MFA and SSO — because identities are core to AM and zero trust
Identities are the fastest-growing and least-protected threat surface organizations have. Overcoming the challenges of improving multi-factor authentication (MFA) and secure sign-on (SSO) adoption starts by designing process workflows for minimal disruption to workers’ productivity. The most effective MFA and SSO implementations combine what-you-know (password or PIN code) authentication routines with what-you-are (biometric), what-you-do (behavioral biometric) or what-you-have (token) factors. It’s a quick win that CISOs rely on to keep their boards’ interest levels up, further supporting zero-trust and cybersecurity budgets.
Cloud-based PAM vendors are deploying CIEM to harden cloud access management and enforce least privileged access
One of the many reasons cloud infrastructure entitlements management (CIEM) is seeing greater interest is its ability to identify incorrectly configured access rights and permissions on cloud platforms while enforcing least privileged access.
Through 2025, 99% of cloud security failures will be the customer’s fault due to cloud configuration errors. CIEM’s rapid growth is attributable to the increasing complexity of configuring multicloud, hybrid cloud and private cloud configurations. CIEM systems flag and alert risks or inappropriate behavior and use automation to change policies and entitlements.
CIEM also pays off in cloud configurations by providing visibility across all permissions assigned to all identities, actions and resources across cloud infrastructures.
Scott Fanning, senior director of product management and cloud security at CrowdStrike, told VentureBeat in an interview that the most critical design goals are to enforce least privileged access to clouds and to provide continuous detection and remediation of identity threats.
“We’re having more discussions about identity governance and identity deployment in boardrooms,” said Scott.
Top CIEM providers
Leading CIEM vendors include Authomize, Britive, CrowdStrike, CyberArk, Ermetic, Microsoft, SailPoint, Saviynt, SentinelOne (Attivo Networks), Sonrai Security and Zscaler.
CrowdStrike’s Cloud Security product includes new CIEM features and integration of CrowdStrike Asset Graph. The latter offers a way to get an overview of cloud-based assets and better understand and protect cloud identities and permissions using both CIEM and CNAPP.
With these two tools, enterprises can gain visibility and control over which and how users are accessing their cloud-based resources.
Other vendors with CNAPP on their roadmaps include Aqua Security, Lacework, Orca Security, Palo Alto Networks, Rapid7 and Trend Micro.
CISO must-haves for 2023 and beyond
This year, more AM vendors will fast-track their offerings to help their largest enterprise customers consolidate tech stacks while hardening identities. Across the insurance, financial services, manufacturing, supply chain, logistics, pharmaceutical and consumer packaged goods (CPG) industries, CISOs now have a standard set of requirements for AM.
The core aspects of the IAM roadmaps, the “must-haves” for securing identities against record numbers of intrusion attempts, include:
- Achieving and scaling continuous authentication of every identity as quickly as possible.
- Making credential hygiene and rotation policies more frequent; this drives adoption of the latest generation of cloud-based IAM, PAM and IGA platforms.
- Regardless of industry, tightening which apps users can load independently, opting only for an verified, tested list of apps and publishers.
- Relying increasingly on AM systems and platforms to monitor all activity on every identity, access credential and endpoint.
- Improving user self-service, bring-your-own-identity (BYOI) and nonstandard application enablement with more external use cases.
More IT and security teams are evaluating advanced user authentication methods corporate-wide, and are more thoroughly handling standard and nonstandard application enablement. And, passwordless authentication is seeing growing interest.
“Despite the advent of passwordless authentication, passwords persist in many use cases and remain a significant source of risk and user frustration,” Ant Allan, VP analyst, and James Hoover, principal analyst, write in the Gartner IAM Leaders’ Guide to User Authentication.
CISOs need passwordless authentication systems that are intuitively designed not to frustrate users but to ensure adaptive authentication on any device. Leading vendors providing passwordless authentication solutions include Microsoft, Okta, Duo Security, Auth0, Yubico and Ivanti with its zero sign-on product.
Of these, Microsoft’s Authenticator has the most extensive installed base. However, Ivanti’s approach is the most innovative in combining passwordless authentication and zero trust. Ivanti includes ZSO within its unified endpoint management platform. It relies on Apple’s Face ID and biometrics as the secondary authentication factor for accessing personal and shared corporate accounts, data and systems.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.