Many organizations have room for growth when it comes to using identity to prevent data breaches

We’ve always kept a pulse on the security landscape. We believe the best way to continue to evolve and adapt our solutions to protect enterprise organizations, is by zooming in on the specific challenges of businesses today.

We recently surveyed companies across the U.S. about their current cybersecurity challenges now that many have moved to a predominantly remote workforce. Unfortunately, what we found was that most organizations are only scratching the surface when it comes to identity and access management, as they may only be addressing a fraction of what identity can provide. This is leaving many organizations exposed to data breach and compliance fines.

While many organizations see identity only as access management and authentication, identity is more than just granting/provisioning user access to apps. It goes deeper. Identity governance provides the backbone and brains of securing and managing access for every worker, human and nonhuman, so they only get the access they need to do their jobs successfully – no more, no less. It does this by ensuring access is only granted if it adheres to your policies. It records every transaction/event where access is concerned. This is important because it allows you to answer three crucial questions: Who has access to what? Who should have access? And how are they using that access? If required, could you answer those questions today? According to our survey responses, only 17% of organizations have an identity governance solution in place - this is a significant indicator that there is an exciting opportunity for organizations to uplevel their security efforts while at the same time streamlining IT workflows for enhanced productivity.

The findings

We asked respondents to pinpoint the top four challenges or risks they recently faced when managing identities during the COVID-19 crisis. They reported that they had poor management of accounts, including orphaned accounts or overentitled identities (41%) and limited visibility into user access across the organization (38%). To top this off, 30% lacked confidence that their access policies were current, and 56% struggle to identify which users/identities pose the highest risk.

The good news is that you can employ the strength of an AI-driven identity governance solution to ferret out what cannot be seen with human eyes. This includes discovering dormant accounts, outliers that possess excessive access, and seeing how access policies and roles should be updated as change occurs across the organization.

Of the organizations surveyed, 81% say that over half of the workforce at their respective companies are now working remotely, compared to only 11% that had half of their workforce working remotely before the COVID-19 outbreak. And, as we’ve seen recently, more and more companies are making arrangements to work from home indefinitely given the continued uncertainty surrounding the pandemic. It’s safe to say that remote work is not going away any time soon.

This means organizations must find a balance between keeping workers productive without compromising on security. Our survey respondents indicated that they were currently challenged with finding a balance between security and operational functionality for remote workers (59%), and 23% mentioned the need to rapidly provision or de-provision access for large groups of employees was challenging. In contrast, remote – these both are areas where an AI-driven identity governance solution can shine. It does this by allowing you to place guardrails or policies, such as Separation of Duty, that prevents toxic access combinations that can lead to theft. Also, an open identity governance platform enables you to connect to all resources found across your environment, making it possible to automate the process of granting and revoking access as worker status' change. This matters extraordinarily when compliance auditors inquire to see proof that accounts were properly terminated, and access revoked when workers left the company.

Businesses will always face challenges. Some are outside of an organization's control – like a widespread pandemic – but others are entirely manageable with the right processes and technology. To effectively protect your organization, it’s essential that you not only grant and provision access but even more importantly, govern access for every identity within your business. And, as this research shows, companies have room for growth in this area since they are leaving out a crucial part of the identity equation.

Jackie Brinkerhoff is Senior Director of Product Marketing at SailPoint.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.