The state of Identity Security: Widespread attacks, wasted investment and identity sprawl

Identity management is in dire straits, according to a recently conducted survey by identity security firm One Identity. Surveying over 1,000 IT security professionals, the results showed that 96 percent of companies report using multiple identity management tools, with 41 percent deploying at least 25 different systems to manage access rights. However, 70 percent of companies reported they’re paying for identity tools they’re not actively using. This investment in multiple disparate identity tools is having a direct impact on their overall security posture.

Companies have acquired multiple identity tools to deal with the surge in digital identities (or digital profiles accessing enterprise data and applications), creating identity sprawl that weakens their cybersecurity postures. More than half of companies (52%) manage more than 10,000 identities, which include access rights given to employees, devices, machines, digital identities,  and customers. For over half of UK respondents, this indicates the identities they manage have more than doubled over the past two years

“Legacy approaches to identity and access management have caused organizations to adopt multiple identity solutions, and the lack of interoperability between these tools has a direct business and security impact,” said Mark Logan, CEO of One Identity. “Our research shows that organizations see the negative impact that multiple, fragmented identity tools have on their business. By shifting security professionals’ mindset from a disparate, tool-based approach to a platform approach, businesses can improve their identity security defenses to protect against the modern threat landscape.” 

Elsewhere, other key findings from the survey include:

The need for shoring up identity-based defenses is significant. Nine in 10 organizations were hit by an identity-based attack in the last year, with almost 70 percent of companies experiencing a phishing attack. According to 80 percent of respondents, better identity management tools could have prevented the impact of many such attacks.

Essentially all companies (99 percent) report that identity tool inefficiencies have a direct cost on their business. In fact, 42 percent of businesses report that those inefficiencies are costing businesses over $100,000 per year. This kind of loss is further outweighed by spending on these tools, which 61% of UK respondents placed at between £50 and £50,000.

The deployment of multiple identity management tools impacts security posture and drains productivity. Consider that for those with multiple tools:

  • 44% reported increased risk due to potential gaps in coverage
  • 46% reported IT admins are spending too much time managing redundancies
  • 46% reported IT admins are managing too many tools to gain in-depth expertise in any of them
  • 41% report that IT team’s productivity is lower because they have to learn similar tasks across multiple systems

The good news is that companies are looking to improve their identity security, with an overwhelming 90 percent of companies surveyed planning to consolidate their security or identity management tools. Of that 90 percent, more than half plan to do so in the next year. More than half (54%) of respondents also believe that a unified identity platform for access and identity management would benefit their organization’s identity management strategy.

A free executive summary and key findings of the survey results announced today is available online here.

The post The state of Identity Security: Widespread attacks, wasted investment and identity sprawl appeared first on IT Security Guru.

CrowdStrike ups the ante with investment in API security leader, Salt Security

CrowdStrike (Nasdaq: CRWD), the cloud-delivered protection of endpoints, cloud workloads, identity and data organisation, has announced that its strategic investment arm, Falcon Fund, has invested in Salt Security, the leader in Application Programming Interface (API) security. In addition to the investment, Salt Security and CrowdStrike are partnering to bring together leading technology to apply API discovery and runtime protection on applications, and enable security testing to harden APIs before release.

“With the proliferation and use of SaaS applications, APIs are becoming a key target for adversaries,” said Michael Sentonas, chief technology officer at CrowdStrike. “Salt Security has emerged as the clear leader in solving this major blindspot for organisations, which is why we have chosen to invest in this innovative team and technology.”

CrowdStrike says it is committed to building an ecosystem of next-generation security leaders and enabling seamless integrations with the solutions that customers need to protect themselves in a rapidly evolving threat landscape. CrowdStrike’s Falcon Fund has been active with investments in established and emerging leaders across adjacent markets including Dig Security (data detection and response), JumpCloud (open directory) and Talon Security (secure enterprise browser).

“APIs connect the critical data and services that drive today’s digital innovation,” said Roey Eliyahu, CEO and co-founder at Salt Security. “API usage is rapidly growing, and API attack traffic is growing year-over-year. Existing defences are not effective in detecting and stopping API attacks, leaving organisations vulnerable to today’s low-and-slow API attacks. Just as CrowdStrike revolutionised endpoint protection, Salt is pioneering a context-based approach to finding and stopping bad actors abusing APIs. We are honoured to welcome CrowdStrike as a strategic partner and help provide their customers with best-in-class API security.”

IT Security Guru recently sat down with Michelle McLean from Salt Security to discuss the significance of API security and what sets Salt apart; you can read that interview here.

The post CrowdStrike ups the ante with investment in API security leader, Salt Security appeared first on IT Security Guru.