Identity Security
What is identity security?
Identity security protects the digital identities of human users and non-human machines that interact with data, applications, and infrastructure. It also manages what those identities are authorized to do by granting permissions and controlling access. Importantly, identity security ensures controls are working as expected and provides context to detect and respond to unauthorized behaviors.
Identity security is essential for preventing identity-based cyberattacks, maintaining data privacy, meeting regulatory, compliance, and cyber insurance requirements, and avoiding financial fraud.
As a cybersecurity category, identity security shifts the focus from protecting the traditional, physical network toward establishing a trust model for identities that move in and out of a porous perimeter.
What are identities?
Human identities are the online—or digital—versions of our real-world identities. They’re the virtual profiles or accounts we create and use to access digital services, apps, and resources. They represent us—the users—in the online world just like our driver’s licenses and personal legal documents represent us in the physical world, and they need the same level of protection.
Identities can also refer to machines that connect systems and run processes within and across networks. These non-human identities can be workloads, applications, service accounts, APIs, containers, virtual machines, IoT/OT devices, and code signing.
In the workplace, identity security focuses on identities that access enterprise data within servers, applications, databases, laptops, and mobile devices. This includes human identities, such as on-site and remote employees and third-party contractors, as well as machine identities that need access to complete required tasks.
Identity as the new perimeter
As a cybersecurity category, identity security shifts the focus from protecting the traditional, physical network toward establishing a trust model for identities that move in and out of a porous perimeter.
How do identities typically get compromised?
Organizations typically have many times the number of identities operating in their environment as they do employees. Machines make up 43% of digital identities on enterprise networks, according to a recent survey of cybersecurity leaders.
It’s easy for identities to become orphaned, overprivileged, and unmanaged. Identity security is particularly challenging for distributed organizations with complex, hybrid, and multi-cloud infrastructure, as each application and cloud environment has its own process for establishing and managing identities.
Without effective controls, identities are vulnerable attack vectors. In fact, 80% of enterprises have experienced an identity-based attack within the previous 12 months, and 93% of victims suffered measurable losses, according to Delinea’s global survey of 1,800 IT and security decision-makers: 2024 State of Identity Security in the Age of AI
The list of identity breach techniques continuously evolves as malicious actors get more sophisticated.
Here are some common ways identities get compromised:
- Criminal hackers crack weak passwords using malware, keylogging tools, or brute-force attacks.
- Cybercriminals exploit misconfigured identities and excessive cloud entitlements.
- Cybercriminals use social engineering tactics such as phishing to trick users into revealing personal information.
- Personal information, including usernames, passwords, and other credentials, are acquired via major data breaches and made available for sale on the dark web or via access brokers.
In a typical identity attack chain, the pathology usually revolves around incremental escalations of privilege. Once attackers gain initial access (typically through compromised credentials), they gain a foothold on a server or workstation. Then, they escalate privileges in phases, possibly by executing malware or stealing hashes that are in system memory.
Once they have elevated privileges, they can achieve their nefarious goals, like stealing data or shutting down systems for ransom. They can even cover their tracks so they can stay under the radar for extended periods.
To defend against identity-related attacks, you need to protect identities at every interaction.
Identity security throughout the identity lifecycle
Identity security is a continuous process. An identity’s lifecycle encompasses all the things that happen to an identity that need to be provisioned, tracked, and managed. In general, this is typically broken down into three high-level lifecycle events that identities experience: joining, moving, and leaving.
To provision user identities within the enterprise, most companies use Identity and Access Management (IAM) solutions that integrate with Identity Directory Providers (IdPs), specifically Active Directory. These solutions manage all types of user identities within an enterprise, including standard or business users as well as privileged users like Domain Administrators.
However, cloud services and third parties are blurring the network perimeter more than ever, which can make this process complex. Some companies are moving away from legacy solutions like AD toward Okta, Azure AD, and Ping. The range of identity providers and management techniques has downstream impacts for identity security. For example, if a single user has multiple identities across different directories, it can be incredibly challenging to understand the full scope of their permissions and potential access path without advanced tools that provide comprehensive oversight and controls.
After provisioning, all identities must be managed and secured throughout the identity lifecycle. For example, a user may change roles and their access must be adjusted. When someone leaves the organization, their identity must be removed and all their access revoked.
How to address identity security use cases
Organizations typically employ multiple cybersecurity vendors and integrations to ensure all aspects of their identity security program are covered. A survey from Dimensional Research found the average company uses more than 25 different systems for identity management.
Let’s look at common identity security use cases to demonstrate which categories of controls and technology solutions are designed to address them.
1. Securing credentials
Because identity-based attacks typically begin with compromised passwords, the first aspect of identity security to address is protecting credentials. With an enterprise password management vault or Privileged Access Management (PAM) solution, you can vault all privileged account credentials, including passwords, SSH keys, and secrets used by service accounts.
Before allowing users to check out credentials that give them privileged access, add a layer of security by validating that users are who they claim to be. After a certain period has elapsed, identity security policies typically require another round of authentication.
Authentication methods include multi-factor authentication (MFA), biometric identification or facial recognition, and single sign-on (SSO). Passwordless authentication improves the login experience for users, while performing necessary authentication behind the scenes.
2. Privilege and entitlement elevation
Identities that have excessive or standing privileges unnecessarily increase your attack surface. Instead, implement granular, real-time controls for authorization that provide just-enough access to sensitive data and systems. For the strongest identity security, only grant standard, low levels of permissions to users until such time as they need additional access to do their jobs. At that point, you can elevate privileges for the specific need and time required.
Once again, require users to validate their identities through MFA before elevating privileges or allowing users to do things like executing specific commands or downloading applications. PAM solutions grant fine-grained permissions to identities through policy-based access and privilege elevation controls.
3. Privileged remote access
Remote work increases identity security risk because users are often logging in through insecure networks and VPNs. Make sure you provide secure access methods to third parties and remote workers. Limit access based on their needs, only for the time they need it.
4. Identity governance and access controls
Identity governance involves checking and reporting on identity security controls to be sure they’re working as expected, even as risks and other conditions change. Proper identity governance provides oversight of identities throughout their lifecycle and avoids permission "drift" that commonly happens to identities over time.
You can automate authorization throughout the identity lifecycle while demonstrating the controls required for compliance with solutions for Identity and Governance Administration (IGA). IGA solutions enforce Separation of Duties (SoD) requirements, such as preventing someone from your accounts receivable department from also authorizing payments. IGA solutions reduce human error, streamline compliance efforts, and provide auditors with comprehensive, real-time compliance data. They automate many manual tasks like user access reviews, access certifications, and audit reporting.
5. Identity protection
Detection of unusual behavior that is an indicator of compromise gives you the intelligence and context you need to investigate.
Privileged Access Management solutions provide oversight through monitoring and recording privileged identity behavior. They enable organizations to easily—even automatically—adjust access privileges based on risk and changing context, such as when a user’s role changes, or a new system is introduced in an IT environment.
In addition, identity security solutions such as Identity Threat Detection and Response (ITDR) identify misconfigurations and threats based on anomalous behavior and provide your incident response team and Security Operations Center (SOC) with the context to investigate suspicious activity. They can proactively remediate issues to reduce your risk and even stop identity-related attacks in progress.
Identity security platforms for end-to-end management
Identity security platforms integrate multiple aspects of identity security so you have full visibility and context of identities that are operating in your environment. They enable you to discover and validate identities, assign privileges through policy-based access controls, detect irregularities, and respond to threats in real time.
With comprehensive visibility and consistent management controls , you can save time and reduce your risk of identity-based attacks.
More identity security resources
Whitepapers
Understand the Identity Attack Chain to Protect Your Critical Systems
Blogs
Identity-based attacks and the identity attack chain
More than Decorative AI: Identity security that works for you
Delinea is identity security for the modern enterprise
Dynamic authorization for modern identity protection
Webinars
5 Steps to Achieving Identity Security in the Cloud
How are organizations leveraging AI in their identity security strategies?