Editorial

‘Identity sprawl’ causing headaches for companies

8 out of 10 IT security professionals says the identities they manage has more than doubled, and 25 percent reported a 10X increase

Posted 4 November 2021 by Christine Horton


Half of companies use more than 25 different systems to manage identity security – and more than one in five use more than 100.

The findings from identity security firm One Identity follow a significant increase in digital identities, globally.

The company says its research shows ‘identity sprawl’ is being driven by surges in user identities (internal, third parties, and customers), machine identities and new accounts generated in response to an uptick in remote work.

More than 8 out of 10 IT security professionals indicate that the identities they manage has more than doubled, and 25 percent reported a 10X increase. 

A second challenge, says One Identity, is the fragmented way most organisations address identity security. Fifty one percent of respondents stated that multiple silos yield a lack of visibility regarding who has access to what system.

The company notes: “The result of managing identity security in silos is significant levels of complexity and risk. Eighty-five percent of organisations have employees with more privileged access than necessary, making it easier for bad actors to exploit unknowing internal stakeholders to gain access to a given organisation. Only 12 percent of professionals are fully confident they can prevent a credential-based attack, which occurs when attackers steal insider credentials to gain initial access, bypassing an organisation’s security measures.”

Gaps, inconsistencies, and expands windows of exposure

“Virtually every day we see a new cyber incident make headlines, in large part because organisations are managing more identities than ever before and because they are unable to attain a 360-degree view of all their identities – which creates gaps, inconsistencies, and expands windows of exposure,” said Bhagwat Swaroop, president and general manager, One Identity. “We’ve seen first-hand that a holistic identity management strategy is a proven way for organisations to optimise visibility, control and protection.”

A trend toward an end-to-end approach for identity security was underscored by the survey, with half of the respondents stating that an end-to-end unification of identities and accounts is needed to better respond to evolving market conditions. Almost two thirds of respondents stated that a unified identity and access management platform would streamline their businesses approach.

Industry practices recognise that as ransomware (66 percent), phishing (52 percent) and RPA adoption concerns remain top of mind – 94 percent of organisations who have deployed bots or RPA report challenges securing them.