Digital identity, access management efforts are dangerously fractured — insiders
Threat complexity outstrips the identity and access management capabilities of governments and businesses, and the situation is made worse because digital identity management tactics and strategies are uncoordinated.
A survey of 150 U.S. IT executives paid for by ThycoticCentrify, a recently-merged privileged access management vendor, found that 89 percent had deployed credible management in cloud and multi-cloud environments.
But 40 percent of respondents said multi-cloud layouts have become a pain to work with. They reported that they are using different IAM tools for each cloud services. For context, 75 percent of those responding said they started adopting cloud strategies for digital identity three to six years ago.
Too often organizations lack of a coherent and integrated strategy even as cyber threats grow in number and in scale, and are tailored to national and world events such as the pandemic. Nine in 10 attacks on cloud environments in the last year were made possible by compromised privileged credentials, according to the survey.
Uncoordinated strategies bedevil the federal government, too.
Speaking at a cyber defense summit this month, Chris DeRusha, the federal chief information security officer, said that agencies deliberately cut themselves off from other agencies when preparing IAM budgets.
At the same time, officials are falling for vendor marketing that confuses the issue.
Zero trust is fairly widely accepted as something to implement in keeping data secure, but, said DeRusha, that is a strategy, not a product. Companies are pitching digital identity products they have had been selling for some time as new zero trust products.
It is a strategy for securing data stores and access which includes credible technology, he said.
In a Nextgov article, DeRusha listed three principle of zero trust: user verification, device validation and intelligently limiting access.