As the number of identities in organizations continues to grow, so do identity-related attacks.
Companies are faced with a dynamic growth of identities: both machines and people. There are currently 45 machine identities for every human identity. In 2023, the total number of identities is expected to at least double. Parallel to this development, the number of identity-related attacks – for example using ransomware or phishing – is also increasing dramatically.
Security concepts for digital identities
How can a company get this complex situation under control? The answer is: with an identity security strategy. It is considered the basis of modern cyber resilience. Identity Security combines Identity and Access Management (IAM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM). This allows companies to reliably protect their digital resources by merging security concepts from end devices to data centers to the cloud for both human and digital identities.
It is crucial that companies implement and use intelligent controls for the privileged access of all identities. In concrete terms, this involves four control procedures: just-in-time access, session isolation, the principle of least privilege, and credential and secrets management. These intelligent authorization controls must be used in combination to secure access for any identity type and identity.
The four control mechanisms at a glance:
Setting up just-in-time access
With the just-in-time access method, organizations can grant users extended access rights in real-time so that they can perform required tasks. That is, an end user can access the resources needed to perform a specific activity for a specific period of time. Then his rights are withdrawn.
session isolation
With session isolation, traffic between a user's end device and the resources they want to access is routed through a proxy server. In this way, in the event of an attack on an end user, the risk of the target system being compromised is reduced and an additional control point is set up for attack detection.
Implementation of the principle of least privilege
Unrestricted or unregulated access for identities is one of the main causes of sensitive data misuse and potential security breaches. For this reason, it is important to always enforce the principle of least privilege and to grant each identity the correct – i.e. the minimum necessary – rights for access to critical resources.
Credential and secrets management implementation
In addition to the dynamic use of credentials at runtime, credential management primarily includes the rotation of passwords and keys and the enforcement of password guidelines. Secrets management enables companies to enforce security policies for non-human (machine) identities similar to those already standard for human identities.
More at CyberArk.com
About CyberArk CyberArk is the global leader in identity security. With Privileged Access Management as a core component, CyberArk provides comprehensive security for any identity - human or non-human - across business applications, distributed work environments, hybrid cloud workloads and DevOps lifecycles. The world's leading companies rely on CyberArk to secure their most critical data, infrastructure and applications. Around a third of the DAX 30 and 20 of the Euro Stoxx 50 companies use CyberArk's solutions.