Identity Security: Putting It All Together

August 11, 2022 CyberArk Blog Team

Identity Security: Putting It All Together

Here at CyberArk, we’ve been sharing how Identity Security offers a modern approach grounded in Zero Trust and least privilege to protect organizations’ most critical assets. In recent weeks, we’ve emphasized our Identity Security vision; our unified platform approach; and our continued work in shaping and advancing the Identity Security market.

Centered on intelligent privilege controls, Identity Security works to seamlessly secure access for all identities, flexibly automate the identity lifecycle and provide continuous threat detection and prevention. To help our readers envision how this all comes together, we’re sharing a “day in the life” story of Rachel, a developer working on a major app launch. We’ll also sprinkle in some real-world examples of Identity Security in action, as shared by CyberArk customers during our recent Impact 2022 event.

Seamless and Secure Access for All Identities

For Rachel, a protected and productive day starts with seamless, secure access. She’s just dropped her kids off at school, poured a cup of coffee, and is now logging into her laptop from her home office using adaptive multi-factor authentication (MFA). As Rachel “knocks on the door” to request access to the corporate network, that “knock” is compared with her historical user behavior data, which shows that she typically logs in around 8:30 a.m. EDT from an IP address in the Philadelphia area – exactly what she’s doing now. If suspicious activity occurs, such as multiple failed login attempts, she is prompted for additional authentication factors.

Some organizations focus on this “people” part of Identity Security first. After all, humans continue to play a significant role in security incidents, with 82% of breaches in 2021 involving the human element.

Identity Security in the Real-World: Responsible for taming access sprawl across a massive portfolio, a CISO at a large consulting firm set an initial goal of protecting all workforce and customer identities. His team rolled out a series of strong access management controls to improve the organization’s overall security posture and its ability to defend against attacks at scale. Coupling these “wins” with mounting cyber insurance requirements, he built a compelling case for a unified Identity Security program. His team is now rolling out privileged access management to better understand – and demonstrate to insurance carriers – who or what has access to which sensitive resources, for what reasons and for how long.

Intelligent Privilege Controls

Back to our friend Rachel, who’s writing code in the cloud – something that requires her to access highly sensitive DevOps and CI/CD resources and tools. Rachel’s also got a handy bot helping her out behind the scenes so she doesn’t get bogged down with committing code to a repository. To do this, the bot needs privileged credentials. Some bots have credentials or secrets embedded into their scripts for efficiency’s sake, but that makes it easier for attackers to sniff them out.

Instead, intelligent privilege controls – the heart of Identity Security – are applied to both Rachel (the privileged human identity) and her trusty bot (the privileged machine identity). This enables Rachel to get into her cloud workspace, but only with minimal required access and for the least amount of time necessary. Meanwhile, the bot’s secrets are centrally secured and managed and can be retrieved exactly when they’re needed.

But it’s not just privileged identities that companies need to think about. In today’s environment, sensitive resources can live anywhere – and they’re widely accessible: 68% of non-humans or bots and 52% of workforce employees have access to sensitive data and assets. And virtually any identity can gain privileged access, depending on the context. Because of this, many organizations begin their Identity Security journeys with privileged access management.

Identity Security in the Real-World: For instance, a large regional bank in Africa focused initially on enforcing least privilege across all privileged and non-privileged workforce users to satisfy new SWIFT Customer Security Controls Framework (CSCF) requirements. When COVID-19 surged, the bank’s identity and access management (IAM) team quickly shifted focus to off-site vendors to help ensure secure third-party access to critical internal resources. By operationalizing vendor onboarding and access, the team is providing fast, secure connections for vendors in 14 different countries. The bank’s IAM team is now looking to extend Identity Security protections to the cloud and its software supply chain.

Continuous Identity Threat Detection and Prevention

Let’s check back in with Rachel, who has privileged access to cloud infrastructure, but is also considered a “workforce user,” who is part of a hybrid workforce team. She’s just opened a browser tab for a popular project management app to ask a colleague a question. Sure, it’s an everyday interaction, but this app happens to contain a trove of IP data in the chat files.

If a threat actor from within or outside of Rachel’s company were able to guess or steal her password, they could log in, start rummaging around and find this confidential information. This is where privilege controls like session monitoring and AI-powered Identity Security Intelligence capabilities can detect threats earlier in the attack cycle. And automated authentication prompts can double-check that the person who initiated the session is the one who is still using the application as another security layer.

Identity Security in the Real-World: At Impact, an IAM leader at a multi-national investment bank recounted how limited visibility into user activity within web-based apps and cloud consoles made it difficult for his team to catch misuse or abuse of access to business applications. This was especially concerning since web-based management consoles allow users to make configuration changes and updates that can impact entire companies. By implementing controls such as continuous monitoring and authentication over these sensitive apps and tools, his team can more quickly identify, investigate and respond to production issues and risky user actions, while maintaining a low-friction user experience.

Flexible Identity Automation and Orchestration

Six months later, Rachel has decided to leave her current job and take a position elsewhere. Her employer has experienced significant churn over the past few years, which can make the process of manually provisioning and deprovisioning access an operational nightmare. Fortunately, by applying lifecycle management controls, the organization’s IT team can automatically shut off Rachel’s access and permissions at just the right time – free of human error. Not only does this help reduce cyber risk, but it also prevents cybersecurity debt accumulation in the form of unused and misconfigured identities. Meanwhile, the trusty helper bot retains its access and keeps working in support of another member of the development team.

Identity Security in the Real-World: In another example, a leading biotech company streamlined the management of application access requests across its business, in addition to enforcing MFA for all external network access and standing up a hybrid authentication and authorization system. Through it all, one tenet became abundantly clear to the organization’s senior IT architect of IAM: Never lose sight of the human owner behind the application. During Impact, he emphasized the importance of an organized directory that maps SSO apps to their respective owners, with redundant contacts, to improve SSO issue responsiveness and change communication. He spoke of automation’s key role in advancing IAM service delivery – and how, in his view, IDP platforms will increasingly focus on mapping application ownership and actively involving these stakeholders in the SSO application lifecycle journey.

Getting Started with Identity Security

Wherever you choose to start your Identity Security journey, the end goal should be the same: Secure any human or machine identity that’s accessing your organization’s resources from anywhere and to the widest range of resources or environment – all done in a way that enables Zero Trust by enforcing least privilege.

As illustrated by these real-world success stories, with a unified approach to Identity Security, your organization can effectively defend against attacks and satisfy audit and compliance, while unleashing new levels of operational efficiency and propelling digital innovation forward.

Previous Video
Securing Application Identities in 2023: Five Trends And A Prediction
Securing Application Identities in 2023: Five Trends And A Prediction

Join Kurt Sand, General Manager of DevSecOps at CyberArk, as he sits down with The Reg’s Tim Phillips to di...

Next Article
RPA and the Speed vs. Security Balancing Act
RPA and the Speed vs. Security Balancing Act

Robotic process automation, or RPA for short, is one of those hefty technical terms that can be tough to ex...