The second official Identity Management Day happens to be during the most intense cybersecurity situations and tensions we’ve seen in history. From the increased cyber threat warnings to Biden’s cry for cybersecurity help — and cyber budget increases — Identity Management Day on April 12 shines light on the importance of identity and access management (IAM) programs.
Amid looming Russian cyber threats and an industry-wide battle cry for \’Zero Trust\’ strategies, organizations from both the private and public sectors are scrambling to embrace and implement Zero Trust strategies across digital assets. An important aspect of Zero Trust is mastering an identity and access management (IAM) program, however, the blurred lines created by a remote workforce and using personal devices for work have made it more challenging than ever for IT and security teams to manage across the organization.
Given the spate of recent attacks leveraging privileged identities, governance of privilege has claimed its stake in Zero Trust initiatives. With this new reality, one imperative element that many businesses overlook is limiting the privileges a person — or a machine — has access to by maintaining zero standing privilege (ZSP). This includes protecting admin authorization and protecting organizations against the discovery of admin credentials, hashes or secrets from inside the network.
Reducing the attack surface is the most important proactive IAM measure an organization can do to mitigate threats, as the majority of today\’s attackers accomplish their mission by leveraging privilege (or admin) account sprawl — a very large and highly exploited attack surface. Simply put, today\’s hackers know what they\’re doing. Once an attacker is inside any infrastructure or system, for example, elevating privileges and moving laterally to find crown jewels is straightforward. From there, they can encrypt data, execute a ransomware attack, and much more.