CyberArk Glossary >

What is Identity Security?

Identity Security is a comprehensive solution for securing all identities used in an organization. It assumes that any identity – whether IT admin, remote worker, third-party vendor, device, or application – can become privileged under certain conditions, creating an attack path to an organization’s most valuable assets. That is why an Identity Security approach, built on a foundation of privileged access management, secures all identities – human or machine – throughout the cycle of accessing critical assets.

A comprehensive Identity Security approach includes authenticating every identity accurately, authorizing each identity with the proper permissions and providing access for that identity to privileged assets in a structured manner – all in a way that can be audited (or accounted for) to ensure the entire process is sound. Identity Security should also enable organizations to secure access across any device, anywhere, at just the right time – so they don’t have to choose between security and productivity.

Why is Identity Security Important?

Attackers targeting identities has long been recognized a critical path for organization to secure. However recent trends over the last few years have dramatically increased the quantities and types of identities in use. For example, to gain competitive advantage, companies have rapidly adopted cloud-based technologies and services, to deliver compelling digital experiences for their customers. We have also witnessed increasing support for remote and distributed workforces. These trends all accelerated tremendously in 2020 when only organizations with a strong digital business prospered. At the same time attackers continue to evolve their tactics and innovate new approaches, all of which have resulted in new and expanded dimensions to the threat landscape.

Just a few examples of these new dimensions include the extreme danger posed by cloud console access, excessive cloud entitlements, and embedded DevOps and applications secrets. Attackers fully recognize the opportunity: an IDSA study found 79% of enterprises have experienced an identity-related breach within the last two years. And like so many others, the recent SolarWinds digital supply chain attack involved the compromise of identity and manipulation of privileged access. In the face of these modern threats, it’s clear that identity has become the new security battleground and that an “assume breach” mentality, based on the principles of Zero Trust, is absolutely critical.

How is Identity Security Different from Zero Trust?

Zero Trust is not a solution or technology but rather an approach to security based on the principal of “never trust, always verify”. This approach ensures every user’s identity is verified, their devices are validated, and their privileged access is intelligently limited to just what they need – and taken away when they don’t. As the embodiment of this model, Identity Security offers a set of technologies and best practices that are foundational to achieving Zero Trust.

How is Identity Security Used?

To Enable Access.

Identity Security is used to empower workers and customers with easy, secure access across to the apps and resources from any device they use, from any location they are at, and at just the right time when they need access. Users should experience seamless access with a strong passwordless experience – and then use AI to ensure that threats are kept out.

  • Empower Workforce Identity. Identity Security empowers workers with simple and secure access to business resources using single sign-on and adaptive multi-factor authentication. Passwordless authentication improves the strength of security and reduces the friction involved for end-users.
  • Enable Customer Identity. Customers experience Identity Security with easy and secure access to the applications an organization provides, which helps keep them loyal to that business. Additionally, developers are enabled to develop secure identity-driven experiences from the start.

To Enforce Privilege.

Identity Security platforms includes Privileged Access Management (PAM) solutions to address a wide range of use cases to secure privileged credentials and secrets wherever they exist: on-premises, in the cloud, and anywhere in between.

  • Secure Privileged Access. PAM is used to continuously discover and manage privileged accounts and credentials, isolate and monitor privileged sessions, and remediate risky activities across environments.
  • Eliminate Excess Cloud Entitlements. PAM also improves visibility through continuous, AI-powered detection and remediation of hidden, misconfigured and unused permissions across cloud environments.
  • Lockdown Endpoint Privilege. Identity Security also includes Endpoint Privilege Management which is used to enforce least privilege, control applications, and prevent credential theft on Windows and Mac desktops and Windows servers to contain attacks.
  • Secure Vendor Remote Access. Importantly, PAM secures remote vendor access to the most sensitive IT assets, without the need for VPNs, agents or passwords.

To Secure DevOps.

Identity Security is important to keep innovation speeding forward without compromising security. Developer friendly tools enable applications and automation tools to securely use secrets and privileged credentials to access sensitive resources.

  • Secure Embedded Secrets. Identity Security is used to securely authenticate, centrally control, and audit how applications, DevOps and automation tools use secrets and privileged credentials to access databases, cloud environments and other sensitive resources.
  • Centrally Secure Application Credentials. Third-party software such as vulnerability scanners, RPA, automation tools, and IT management platforms are secured by managing the credentials they need to complete their jobs.

How to Learn more about Identity Security?