Deficiencies of traditional security solutions
Until recently, many security vendors approached the identity attack vector in a very compartmentalized way. A Cloud Security Posture Management (CSPM) vendor would approach it from the perspective of cloud infrastructure. Other approaches it from the SaaS tenant or application perspective, a la SaaS Security Posture Management (SSPM) vendors. Still others such as eXtended Detection and Response (XDR) and Identity Governance and Administration (IGA) vendors approach it from the perspective of device-based threat and manual Joiner-Mover-Leaver IT flow, respectively. While these solutions offer broad coverage in their respective areas of focus, they are not architected to address identity security holistically. The result is often a disjointed security solution that offers only minimal identity security coverage.
We witness these challenges in many breaches today. For example, a successful breach targeting customers or employee identity data often leads to unauthorized access to multiple SaaS applications and infrastructures as well as on-prem entitlements. Without sufficient context, there is no way for organizations to fully understand the impact of the breach. Of course, that limits the effective remediation actions they can take.
As organizations come to grips with the need to take a fresh and different approach to identity security, so are the cybersecurity vendors. The recent announcement by Cisco Systems to acquire Oort is a good example of how cybersecurity vendors are recognizing the gap in their product portfolio and the stark realization that applying non-identity-focused solutions to solve modern identity security problems will simply fail.
Heavy reliance on IT and security staff
You would naturally assume that various cybersecurity solutions are designed to help the organization’s IT and security staff. While that is true in some regards, it’s not the case when it comes to identity security. For the organizations relying on traditional security solutions I mentioned earlier or the likes of Privileged Access Management (PAM) solutions, there is a heavy reliance on the organizations’ IT and security staff to make sense of it all and stich together the big picture. It’s not that these solutions don’t provide some context. The information, however, is not meant to enhance risk monitoring or reduce the attack surface. Hence, there is a lack of confidence by the security team with these data.
As I speak with security leaders across various organizations, I hear consistent challenges. When it comes to identity security, their security teams are spending more time correlating and validating data from their Identity stack, cloud infrastructure, SaaS applications, and security solutions than executing remediation plans to lower their overall cybersecurity risks. There is no denying that when it comes to identity security, traditional security solutions rely on the security team as the connective tissue to bring it all together and formulate a story. A very heavy burden for a team that’s already stretched thin.
A different lens for Identity Security
Where do you go from here? The most common advice I offer security leaders is to start viewing the identity security challenge through a different lens. This is the same advice I offer Spera Security customers and how I ask them to assess the ROI from deploying Spera Security.
Do you believe that identity is your last line of defense, and the number of identity-based attacks are on the rise? Are you concerned that you have incomplete or partially offboarded users? How many overprivileged administrators do you have across your tech stack?
In almost all cases, when an organization does not have insight into one cloud service or applications, they lack similar insight for all cloud services and applications. Rather than addressing these issues piecemeal, organizations must look for security solutions that puts identity security first.