Identity Management Day Is On April 12 – Industry Experts Comments

Identity Management Day on April 12 is a global day of awareness to educate about the importance of managing and securing digital identities. Industry leaders commented below on the importance of identity management.

Experts Comments

April 13, 2022
Carla Roncato
Founder
Authora Research

Whether you follow a zero-trust framework or not, identities are a critical control point for all organizations due to their ubiquitous use in our digital world. For many organizations, every day is identity management day--considering the amount of unprecedented attrition in the workforce coupled with persistent identity-based attacks-- there is no better time to spotlight how critical identity-security has become globally.

April 13, 2022
David Pignolet
Founder & CEO
SecZetta

Even though third-party access is at the heart of more than 51% of security breaches, it continues to be a gap in many organizations' identity programs. Non-employees are given the same level of access as employees, oftentimes with less scrutiny in confirming they are who they claim to be, and that the level of access granted to them is appropriate and limited to only when needed. Managing all identities with the same diligence is a critical first step in creating a strong cybersecurity

.....Read More

Even though third-party access is at the heart of more than 51% of security breaches, it continues to be a gap in many organizations' identity programs. Non-employees are given the same level of access as employees, oftentimes with less scrutiny in confirming they are who they claim to be, and that the level of access granted to them is appropriate and limited to only when needed. Managing all identities with the same diligence is a critical first step in creating a strong cybersecurity culture, inclusive of both employees and non-employees, and a resilient cyber framework to withstand ever increasing cyber security threats.

  Read Less
April 13, 2022
Manish Gupta
Customer Advisory Board Member
IDSA

On the 2nd Identity Management Day, we find the world in a tumultuous situation. Unlike the covert cyberwars and script kiddies of the past, we now find ourselves staring at overt cyber hostility by nation states, innovative concoctions of simple and complex tactics by underage actors, and independent mercenaries heading to call to action by national leaders. Identity Defined Security is the only security perimeter and defense we have in the absence of national borders in cyberspace. So,

.....Read More

On the 2nd Identity Management Day, we find the world in a tumultuous situation. Unlike the covert cyberwars and script kiddies of the past, we now find ourselves staring at overt cyber hostility by nation states, innovative concoctions of simple and complex tactics by underage actors, and independent mercenaries heading to call to action by national leaders. Identity Defined Security is the only security perimeter and defense we have in the absence of national borders in cyberspace. So, let’s double down on Identity Management awareness and excellence to ensure a safe cyberworld.

  Read Less
April 13, 2022
Morey Haber
Chief Security Officer
BeyondTrust

We all have a unique identity. When translated to technology, we have more than one account associated with our identities, and threat actors target our accounts to infiltrate an environment. Identity Management Day helps consumers, employees, and businesses understand the risks to their identities if an account is compromised, along with the best practices for securing accounts from identity-based attack vectors. If you consider how many accounts an individual may have to perform their role

.....Read More

We all have a unique identity. When translated to technology, we have more than one account associated with our identities, and threat actors target our accounts to infiltrate an environment. Identity Management Day helps consumers, employees, and businesses understand the risks to their identities if an account is compromised, along with the best practices for securing accounts from identity-based attack vectors. If you consider how many accounts an individual may have to perform their role within an organization, protecting users’ identities is one of the best strategies to prevent future security breaches.

  Read Less
April 13, 2022
Den Jones
CSO
Banyan Security

Identity is a foundational requirement for securing access to applications, resources, and infrastructure. With the transition to hybrid work becoming the new normal, identity becomes a core component when securing remote access to corporate networks. In fact, the CISA listed identity as the first pillar in a successful zero trust model when they released their Zero Trust Maturity Model guidance back in September. Traditional solutions such as legacy VPNs are no longer sufficient in order to

.....Read More

Identity is a foundational requirement for securing access to applications, resources, and infrastructure. With the transition to hybrid work becoming the new normal, identity becomes a core component when securing remote access to corporate networks. In fact, the CISA listed identity as the first pillar in a successful zero trust model when they released their Zero Trust Maturity Model guidance back in September. Traditional solutions such as legacy VPNs are no longer sufficient in order to properly secure this ever-growing attack surface.

  Read Less
April 13, 2022
Jason Lim
Founder and CEO
Cydentiq Sdn Bhd

Identity security is not just about ticking a checkbox to satisfy your compliance, it is part of your business. You can't run a business without giving access to your employees or contractors. Identity security is not an one-time project, it is a journey. A journey that includes a series of initiatives that is incorporated with strategy, capabilities, vision, people, process and technology to continuously addressing the ever-changing identity landscape in the business.

April 13, 2022
Adil Khan
CEO
SafePaaS

We all know that companies are going to get attacked. The question is, what are you doing when somebody gets in your network to protect your data and not just your identity? Knowing identities is half the battle when it comes to mitigating risk.

April 13, 2022
John Reade
Information Systems Director
Quanterion Solutions Incorporated

However, securing identities can be tackled one project at a time. Setting up multi-factor authentication, using password managers, creating processes for identity data management, and scheduling automatic updates are all a great place to start.

April 13, 2022
Matt Mills
President of Worldwide Operations
SailPoint

Identity security is more “essential” than ever. Many companies are only scratching the surface of identity security, focused only on granting access. That may have been good enough a couple of years ago, but today the stakes have never been higher for enterprise security. “Good enough” is no longer enough.

Enterprises face cyber threats daily, and breaches incur costs that are both financial and reputational—and in many cases, it has cost executives their careers. Today’s enterprises cannot

.....Read More

Identity security is more “essential” than ever. Many companies are only scratching the surface of identity security, focused only on granting access. That may have been good enough a couple of years ago, but today the stakes have never been higher for enterprise security. “Good enough” is no longer enough.

Enterprises face cyber threats daily, and breaches incur costs that are both financial and reputational—and in many cases, it has cost executives their careers. Today’s enterprises cannot afford to kick the can down the road further. Strong identity security is no longer a “nice to have” solution. It is essential. Placing identity at the core of the security architecture, and truly understanding who should have access to what and how that access is used is the only path forward to a secure enterprise.

  Read Less
April 12, 2022
Nelson Moulton
Security and Network Operations Director
PacificEast

When InfoSec people refer to the CIA of cybersecurity, they’re usually talking about the Confidentiality, Integrity, and Availability of the data we work to protect and not the three-letter government entity. These three tenets of security are fundamentally dependent on trusting the identity of the user accessing the data; without surety of identity, how do you build trust about who can or cannot access what, where, when and how? In our remote workforce world, assuring the identity of BYOD

.....Read More

When InfoSec people refer to the CIA of cybersecurity, they’re usually talking about the Confidentiality, Integrity, and Availability of the data we work to protect and not the three-letter government entity. These three tenets of security are fundamentally dependent on trusting the identity of the user accessing the data; without surety of identity, how do you build trust about who can or cannot access what, where, when and how? In our remote workforce world, assuring the identity of BYOD users has presented a challenge to many SMB organizations. This demand has led to impressive growth and accessibility of trusted identity management solutions that enable us to work together, even when we’re apart.

Small businesses often struggle to develop and implement a plan for securing their identities due to a lack of time and resources. A strategy for securing digital identities may involve identification of the need; planning, developing, testing and implementing the response; and finally, monitoring and maintaining the procedures and any software used. Those steps can become overwhelming for small businesses with staff shortages, small budgets or limited time.

  Read Less
April 12, 2022
Brendan Hannigan
CEO
Sonrai Security

In 2022, we will see some nasty public cloud breaches as criminals exploit risk and complexity that companies have left unaddressed,” said Brendan Hannigan, CEO of Sonrai Security. “While S3 bucket exposures are easily preventable, they keep happening, and these problems are the tip of the iceberg. Cloud identity and data access misconfigurations represent more vast and insidious risk and criminals are wising up to this.

Cloud security teams are ripping industries apart as cloud-native

.....Read More

In 2022, we will see some nasty public cloud breaches as criminals exploit risk and complexity that companies have left unaddressed,” said Brendan Hannigan, CEO of Sonrai Security. “While S3 bucket exposures are easily preventable, they keep happening, and these problems are the tip of the iceberg. Cloud identity and data access misconfigurations represent more vast and insidious risk and criminals are wising up to this.

Cloud security teams are ripping industries apart as cloud-native developers drive blazingly fast innovation to market,” aid Brendan Hannigan, CEO of Sonrai Security. s“This disruption also will tear apart traditional security teams. The old IT, device focused, manual and IP centric security world is irrelevant in this new world. Top security teams will be reinvented with automation, cloud and DevOps taking center stage.

  Read Less
April 12, 2022
Eric Kedrosky
CISO and Director of Cloud Security
Sonrai Security

For almost every two cloud security jobs in the United States today, a third job is sitting empty because of a shortage of skilled people. It’s like going into football’s Super Bowl with only seven players on the field when the other team has all eleven.

April 12, 2022
Sandy Bird
CTO and Co-Founder
Sonrai Security

Excessive access will run rampant in the post-Covid cloud. However, most organizations no longer have this visibility making it easier for insiders to continue to do damage undetected.

April 12, 2022
Heath Spencer
CEO
TraitWare

While Big Business dominates the headlines for cyber-attacks, the SMB often underestimates the need for proper Identity and Access Management. Often ill-prepared, the SMB is therefore a prime target for attack – presenting low risk and high return for the cybercriminal.

All companies need to improve security now to avoid disaster – with 2 must-haves: SSO and MFA. Multiple sets of employee credentials for access to various applications increase friction, cost, and risk. A setup that combines

.....Read More

While Big Business dominates the headlines for cyber-attacks, the SMB often underestimates the need for proper Identity and Access Management. Often ill-prepared, the SMB is therefore a prime target for attack – presenting low risk and high return for the cybercriminal.

All companies need to improve security now to avoid disaster – with 2 must-haves: SSO and MFA. Multiple sets of employee credentials for access to various applications increase friction, cost, and risk. A setup that combines passwordless MFA with SSO vastly reduces risk by eliminating phishable credentials and shrinking the attack surface, while also reducing company costs and friction.

  Read Less
April 12, 2022
Jon Shende
Board Member
MyVada

Identity is our new security perimeter; close to 60% of the data breaches in 2021 exposed some form of PII with over 70% of such breaches including passwords. With the increase of “fuzzing” techniques to check variations of stolen passwords, identity attacks will only get more focused given the access an administrative or select user credentials will grant an attack targeting specific corporations and their systems.

April 12, 2022
Kurt Baumgartner
Principal Security Researcher
Kaspersky

Kaspersky proudly supports Identity Management Day. According to our survey data, three out of four people use default security settings in apps and online services at least some of the time. In order to take proper care of their identities, we encourage people to always check security settings, tighten them where possible and limit what they share. We also urge people to use a unique password for every website, app and service and use two-factor authentication wherever it’s available,

.....Read More

Kaspersky proudly supports Identity Management Day. According to our survey data, three out of four people use default security settings in apps and online services at least some of the time. In order to take proper care of their identities, we encourage people to always check security settings, tighten them where possible and limit what they share. We also urge people to use a unique password for every website, app and service and use two-factor authentication wherever it’s available, especially with bank accounts and credit cards.

  Read Less
April 12, 2022
Chad Thunberg
CISO
Yubico

It's reported that small businesses generate 44% of the U.S.economic activity. Many of them are a vital part of the overall supply chain and partner ecosystem of larger organizations. With attackers increasing their focus on the supply chain, it is imperative that these SMBs adopt fundamental and important security practices including the use of phishing-resistant MFA protocols, like FIDO, that are available as part of many Single Sign-On solutions as indicated by the “Sign in with”

.....Read More

It's reported that small businesses generate 44% of the U.S.economic activity. Many of them are a vital part of the overall supply chain and partner ecosystem of larger organizations. With attackers increasing their focus on the supply chain, it is imperative that these SMBs adopt fundamental and important security practices including the use of phishing-resistant MFA protocols, like FIDO, that are available as part of many Single Sign-On solutions as indicated by the “Sign in with” buttons. SMBs should also strongly consider using cloud data storage to mitigate ransomware threats and a password vault for those sites that have yet to adopt modern authentication.

  Read Less
April 12, 2022
Tom Ammirati
CRO
PlainID

Security risk vectors are dynamic and fluid, and as a result, data breaches continue to challenge even the most resilient of enterprise architectures. Historically, the root cause of the majority of breaches has been due to compromised credentials. As technologists, we are forced to evolve and innovate. To keep pace with the demands of digital work and life, organizations are implementing next level technologies, processes, and policies to ensure that trusted identities have authorized access

.....Read More

Security risk vectors are dynamic and fluid, and as a result, data breaches continue to challenge even the most resilient of enterprise architectures. Historically, the root cause of the majority of breaches has been due to compromised credentials. As technologists, we are forced to evolve and innovate. To keep pace with the demands of digital work and life, organizations are implementing next level technologies, processes, and policies to ensure that trusted identities have authorized access to digital assets. The goal is to allow the ‘right’ users to have access to the ‘right’ resources - and to ensure the wrong ones don't. If we can do that, then potentially we can prevent many of these breaches.

  Read Less
April 12, 2022
Jeremy Grant
Coordinator
Better Identity Coalition

The Better Identity Coalition is pleased to join with our partners in supporting Identity Management Day. So many services – in banking, health care, government, and e-commerce – depend on knowing “who is on the other side” of a transaction. Today, the ability to offer high-value transactions and services online is being tested more than ever, due in large part to the challenges of proving identity online. The lack of an easy, secure, reliable way for entities to verify identities of

.....Read More

The Better Identity Coalition is pleased to join with our partners in supporting Identity Management Day. So many services – in banking, health care, government, and e-commerce – depend on knowing “who is on the other side” of a transaction. Today, the ability to offer high-value transactions and services online is being tested more than ever, due in large part to the challenges of proving identity online. The lack of an easy, secure, reliable way for entities to verify identities of people they are dealing with online creates friction in commerce, leads to increased fraud and theft, degrades privacy, and hinders the availability of many services online.

The good news is that these problems are not insurmountable; by making identity management a priority and investing in digital identity infrastructure, we will prevent costly cybercrime, give businesses and consumers new confidence, improve inclusion, and foster growth and innovation across our economy.

  Read Less
April 12, 2022
Kapil Raina
VP, Zero Trust, Identity Protection, and Data Protection Marketing
CrowdStrike

Gartner recently noted (Feb 18, 2022 report) that one of the top trends for cybersecurity in 2022 will be Identity Threat Detection and Response. This aligns with CrowdStrike's 2022 Global Threat Hunting Report research that shows 80% of cyber breaches involving identity-based attacks. The industry's broader response to attacks has been to deploy Zero Trust architectures that feature identity security as a key pillar. Even when looking at more tactical responses, with modern attack methods, the

.....Read More

Gartner recently noted (Feb 18, 2022 report) that one of the top trends for cybersecurity in 2022 will be Identity Threat Detection and Response. This aligns with CrowdStrike's 2022 Global Threat Hunting Report research that shows 80% of cyber breaches involving identity-based attacks. The industry's broader response to attacks has been to deploy Zero Trust architectures that feature identity security as a key pillar. Even when looking at more tactical responses, with modern attack methods, the MITRE ATT&CK TTPs can no longer be covered without using identity attack detection and protection tools. And with enterprises deploying hybrid architectures and required to secure remote and on campus workers, the industry needs a platform based approach for defense without relying on a single vendor for a response. These trends make the protection of identities and identity stores - everywhere and for everyone - more urgent now than ever.

  Read Less
April 12, 2022
David Putnam
Head of Identity Protection Products
NortonLifeLock

Identity theft has become a booming business with cybercriminals looking to take advantage of consumers’ changing behaviors and increased digital footprint to launch coordinated attacks and convincing scams. To protect against this threat, consumers need to take charge of their digital lives and proactively invest in identity theft monitoring, alert and recovery services to help monitor threats to their identity and safeguard their personal information.

April 12, 2022
Tyler Farrar
CISO
Exabeam

Colonial Pipeline, SolarWinds, Twitch. All of these organizations have one thing in common: they suffered data breaches as a result of stolen credentials. Credential theft has become one of the most common and effective methods cyber threat actors use to infiltrate organizations of all sizes and access sensitive data. 

We strongly support efforts, like Identity Management Day, that raise public awareness and can help to combat this pervasive issue. We advocate for the best practices that ensure

.....Read More

Colonial Pipeline, SolarWinds, Twitch. All of these organizations have one thing in common: they suffered data breaches as a result of stolen credentials. Credential theft has become one of the most common and effective methods cyber threat actors use to infiltrate organizations of all sizes and access sensitive data. 

We strongly support efforts, like Identity Management Day, that raise public awareness and can help to combat this pervasive issue. We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing.

Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organizations must build a security stack that is consistently monitoring for potential compromise. Organizations across industries can invest in data-driven behavioral analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behavior indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.

  Read Less
April 13, 2022
David Higgins
EMEA Technical Director
CyberArk

Big rises in digital and IT initiatives have contributed to an accelerated number of digital identities, running into the hundreds of thousands per organization. These identities are associated with machines and applications, as well as customers, staff and suppliers. And the majority of them routinely access sensitive or privileged data and assets.  

Organizations face a widening identity-centric attack surface because investment in the cyber tools and techniques to secure this access has not

.....Read More

Big rises in digital and IT initiatives have contributed to an accelerated number of digital identities, running into the hundreds of thousands per organization. These identities are associated with machines and applications, as well as customers, staff and suppliers. And the majority of them routinely access sensitive or privileged data and assets.  

Organizations face a widening identity-centric attack surface because investment in the cyber tools and techniques to secure this access has not kept pace with investments required to accelerate digital business initiatives, creating
 cybersecurity “debt” that must be paid down by introducing Zero Trust principles to Identity Security strategies.

  Read Less
April 13, 2022
Chris Hickman
Chief Security Officer
Keyfactor

Many organizations are just beginning to recognize the importance of having a strategy for managing the sprawling machine identities and credentials in their network. Just like human identities, machine identities are complex and come in many forms, which creates challenges and vulnerabilities for IT and security professionals. Two major challenges organizations face include a lack of visibility into the human and device identities accessing their data and managing them at scale. This makes it

.....Read More

Many organizations are just beginning to recognize the importance of having a strategy for managing the sprawling machine identities and credentials in their network. Just like human identities, machine identities are complex and come in many forms, which creates challenges and vulnerabilities for IT and security professionals. Two major challenges organizations face include a lack of visibility into the human and device identities accessing their data and managing them at scale. This makes it difficult for organizations to shift away from traditional networks and data centers and fully implement initiatives like cloud adoption and zero trust.

  Read Less
April 13, 2022
Rod Simmons
Vice President of Product Strategy
STEALTHbits Technologies

Organizations today are faced with a rapidly proliferating workforce. This is not only in terms of remote work, but also in an explosion of third-parties, auditors, interns, and contracted workers who require access to a similarly growing IT landscape of applications, infrastructure and data. To wit, there is no one solution that organizations can turn to in order to solve their identity security issues. A connected ecosystem of solutions that are married with strong business processes and

.....Read More

Organizations today are faced with a rapidly proliferating workforce. This is not only in terms of remote work, but also in an explosion of third-parties, auditors, interns, and contracted workers who require access to a similarly growing IT landscape of applications, infrastructure and data. To wit, there is no one solution that organizations can turn to in order to solve their identity security issues. A connected ecosystem of solutions that are married with strong business processes and committed corporate buy-in is needed in order to properly secure identities.

  Read Less
April 12, 2022
Joseph Carson
Chief Security Scientist & Advisory CISO
Thycotic

When it comes to cyber threats, all roads continue to lead to identity. Digital transformation, the move to cloud, and requirements for remote work have only made it easier for cyber criminals as organizations struggle to secure an expanded threatscape and get a handle on identity sprawl. Companies of all sizes need to focus on centralizing identities while also reinforcing best practices and training to ensure employees are doing everything possible to secure their credentials. Remember: it

.....Read More

When it comes to cyber threats, all roads continue to lead to identity. Digital transformation, the move to cloud, and requirements for remote work have only made it easier for cyber criminals as organizations struggle to secure an expanded threatscape and get a handle on identity sprawl. Companies of all sizes need to focus on centralizing identities while also reinforcing best practices and training to ensure employees are doing everything possible to secure their credentials. Remember: it only takes one compromised identity to negatively impact the company’s financial performance, customer loyalty, and brand reputation, potentially costing millions of dollars.

  Read Less
April 12, 2022
Keith Neilson
Technical Evangelist
CloudSphere

With both cyberattacks and internal cyber threats on the rise, National Identity Management Day serves as a reminder for organizations to ensure that only the right personnel have access to the right data. Given the multi-layer implications between data, assets, applications and users, identity management should begin with developing an agile cyber asset management approach. When a security breach occurs, it is often due to a lack of full visibility into company cyber assets and connections

.....Read More

With both cyberattacks and internal cyber threats on the rise, National Identity Management Day serves as a reminder for organizations to ensure that only the right personnel have access to the right data. Given the multi-layer implications between data, assets, applications and users, identity management should begin with developing an agile cyber asset management approach. When a security breach occurs, it is often due to a lack of full visibility into company cyber assets and connections across business services. To properly secure all company data, enterprises should begin by discovering all cyber assets within their IT environment to establish clear, real-time visibility of the attack surface. Once all cyber assets are accounted for, companies can effectively manage access and enforce security guardrails.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.