Why Businesses Need to Rewrite Their Identity Security Playbook For 2024
by Chern-Yue Boey, Senior Vice President, APAC, SailPoint
With 9 in 10 businesses having suffered an identity-related breach, identity security remains a critical component to strengthening businesses’ cybersecurity posture in 2024. Yet, 44% of businesses are still at the beginning of their identity journeys, with 60% of Asia-Pacific businesses still in the first stage of identity maturity. Especially now, as AI enables Asia to unlock new growth frontiers, we are simultaneously witnessing new security considerations emerge with this development. The region will continue to up the ante on its digital investments, but it must be the same with its identity security strategies.
-
AI As A Double-Edged Security Sword
Building on the growing relevance of AI for businesses, encompassing automation, enhanced decision-making, heightened security, efficiency and productivity, AI is fostering innovation in unprecedented ways for businesses today.The flip side of that? Cyber attackers, too, are cashing in on their slice of the AI pie. Anticipated to reach a valuation of US$19 billion by 2025, AI is poised to become increasingly accessible and advanced. As AI technologies continue to evolve, cyber attackers can be expected to harness them to launch targeted cyberattacks with unprecedented precision and exploit vulnerabilities at speeds and scales unattainable by human hackers. Examples include crafting highly convincing phishing emails, creating malware that adapts to security measures, and even automating the extraction of valuable data from compromised systems. These underscore the critical need to transition away from human-driven identity management, as the sheer volume of identities to manage has surpassed human capacity, further emphasising the need for more automated and advanced security measures.
AI, however, also holds the key to staying ahead of the curve of these cyber attackers. Businesses equipped with AI-driven identity solutions will be able to analyse vast amounts of data to detect patterns indicative of potential threats. This intelligent automation of access permissions ensures that all digital identities including contract workers, third parties and non-humans will only have access to necessary resources – promptly revoking access privileges when no longer required. This agile response capability enables businesses to address emerging risks swiftly, reducing the likelihood of data breaches and other security incidents. Moreover, businesses can attain the trifecta of speed, automation, and flexibility. Considering the rapid growth of enterprise identities, embracing autonomous identity security has become a crucial necessity to ensure reliability, security, and compliance. By leveraging AI/ML, this alignment with the scale, speed, and evolving needs of today’s cloud-oriented, modern enterprise is essential to maintain a secure, and efficient identity security infrastructure.
-
More Unstructured Data, More Vulnerabilities
There is no question that data continues to be the lifeblood of businesses. It is a significant propeller for the success of businesses’ digital growth ambitions, enabling enhanced intelligence and efficiencies. Not to mention, for any business looking to jump on the AI bandwagon meaningfully, it is their data that will ensure accurate outputs that are tailored to the business.At the same time, as businesses create, share, and store more data than ever before, more blind spots are also surfacing. Specifically, unstructured data – that makes up 80% of businesses’ data – is posing to be a significant data security challenge. Examples include documents, emails, as well as text and files exchanged on corporate messaging and collaboration applications. Often scattered across various platforms, devices, and repositories, unstructured data adds an extra layer of complexity in being both difficult to monitor and, thus, secure. This is worrying since the volume of data doubles every two years.
To effectively mitigate the risks associated with unstructured data, organisations must evolve their identity security approaches to include managing access to this class of data as well. After all, unstructured data is particularly ubiquitous given its centrality to business operations; organisations then need to broaden the scope of their identity security programmes to plug vulnerabilities. Doing so can include utilising automated identity security solutions that can provide a unified view of access and a centralised control point across both applications and unstructured data to extend access policies as necessary. Only through bridging this gap between identity management across data and applications, can businesses truly have the visibility they need to address identity-related threats.
-
A Unified Approach to Identity Security Becomes Business-Essential
Growing adoption of AI means more cloud–centric than ever before. Businesses today are more digitised than ever, relying extensively on automation and smart devices – causing a proliferation of devices, applications, and identities that need to be managed. Part of the evolution in 2024 will see a shift in the identity security parameter from being device-centric to identity-focused instead.With remote and hybrid work models here to stay, indefinitely, for the foreseeable future, businesses should continue ensuring the secure management of all identities. As a greater number of individuals necessitate access to a business’s resources, the probability of weak or compromised access credentials rises, establishing potential entry points for cybercriminals aiming to exploit vulnerabilities in a company’s security infrastructure. It is hardly surprising then that businesses remain susceptible to insufficient controls over third-party entities – with 59% experiencing a data breach caused by a third party.
After all, the modern enterprise today features a multitude of identities, expanding beyond the workforce to encompass contractors, value chain partners, software bots, robotic processes, and intelligent devices. As businesses pursue heightened operational efficiency, the integration of non-human entities such as robotic process automation (RPA), physical robots, and Internet of Things (IoT) systems into the workforce is on the rise – with the APAC region at the frontline of IoT adoption. Despite the productivity gains, these entities introduce new security challenges, particularly with weak credential controls in many IoT devices, making them even more susceptible targets for cyberattacks. In fact, our recent report shows that more than 30% of identities in an organisation are not properly covered by identity solutions – with gaps around third-party identities, machine identities and data.
With that, the imperative for businesses will then be embracing the next generation of identity security solutions, fuelled by automation and machine learning. This entails an autonomous, unified, and integrated approach that systematically addresses the intricate web of identities and applications within the enterprise. A unified identity security platform powered by AI/ML technology will be able to provide unique insights driven by rich identity context, access activity intelligence, and embedded AI technology to run identity security programs and enable organisations to build an identity security foundation that fits their unique business needs due to its extensibility, flexibility and configurability. Instead of having end users and admins go to various systems for account access or privileged access, a unified approach is a way forward to manage enterprise identity challenges. This means one set of workflows for automation, one set of policies for control, a unified connectivity fabric, consistent APIs, and a unified data model that provides unprecedented control to secure all enterprise identities and address the current and evolving complexities of the modern enterprise.
The shift towards a unified identity security model will equip businesses with deeper identity and access understanding, complete access visibility across hybrid environments and a cohesive set of control policies to manage every type of identity and data – irrespective of their location, or whether the accounts are privileged or non-privileged. Through a unified and comprehensive approach that delivers policy-based, just-in-time access to critical data and resources, organisations can adeptly navigate and mitigate risks across the entirety of their operational spectrum, and drive business acceleration.