User Identity, Access Becoming Cyber Focal Points

Reviewing IAM 'Ownership' And Market Stats



Dan Gunderman
05/30/2018

The threat landscape has changed drastically over the years, from defense in depth and perimeter setups, to a newer focus on the user identity. Strict identity and access management (IAM) controls typically equates to more seamless activity.

Today’s tools are capable of detecting anomalous activity (generally in real time), and allow for only proper access to accounts, directories, databases, etc. On a more macro level, this is crucial for the enterprise, which could preside over crown-jewel data sets that are both sensitive and, perhaps, regulated (if it’s personally identifiable information, or PII, then it sure is).

This is to say that for many security teams, the revamped focus falls on IAM, and analytics surrounding the user’s behavior. Proactive tools can head off threats at the pass, especially insiders – or folks who may already carry the keys to the kingdom.

Security In Flux

A recent Cyber Security Hub Market Report, entitled “User Security Begins With Access Management,” highlighted IAM’s presence in today’s enterprise, as well as the debate over ownership, and frequent attack methods threat actors can employ to seize critical data.

In the report, ESG Global Research Senior Analyst, Mark Bowker, prefaced IAM’s standing by saying: “IT and security professionals have lost control of applications in devices, and, ultimately, the only thing left to control is the user – specifically identity and data access.”

User Security Begins With Access Management

This report examines some of the most efficient strategies threat actors employ to access sensitive data, along with methods specialists can utilize to bolster their networks and tips for future logins.


He continued: “IAM is extremely important, then, and comprises a sort of front door into apps and data in an enterprise… With the proliferation of devices and mobile strategy, companies are leaning toward cloud computing; this means that IAM becomes exceedingly more important as a function.”

There are vital IAM questions circulating through enterprises at the moment; mainly, this involves “auto pilot.” Do companies have their IAM strategy in “babysitting” mode? With a wide security surface, folks in the SOC need to know. This posture within an organization must go from largely defunct to highly responsive.

See Related: The Cyber Security 'Perimeter': Has It Simply Vanished?

Perhaps some of this debate also hearkens back to the aforementioned “ownership” point. Where does IAM reside? Who is responsible for seeing it through? This extends to privileged accounts which, oftentimes, are an easier way for threat actors to siphon data and/or funds.

Bowker said that, traditionally, there has been no owner of IAM. However, he said 49% of relevant professionals report that the IT infrastructure ops team bears the majority of IAM responsibilities. Due to heightened compliance and organizational structure, however, it may make the most sense to have the chief information security officer (CISO) step in to administer the controls.

So, ownership of the user identity, then, may actually lie within the Information Security team. In addition to sorting out the rightful heirs to IAM, Bowker also said enterprises must deploy broader multi-factor implementation (MFA), and not just for privileged accounts.

“A means to provide strong authentication…should really be considered across the company,” Bowker advised.


What Does the Future Hold?

What’s more, in a report entitled "Global Identity & Access Management Markets to 2024 - Trends Analysis, Company Usability Profiles & Forecasts," researchers compiled projections for the expanding IAM market.

It suggests that authorized access to critical resources is “one of the factors largely attributing to the growth of the identity and access management market globally.”

See Related: Biometrics: A Leading Authenticator Within The Enterprise?

Its figures report that the market is expected to grow from $7.8 billion in 2016 to $23.2 billion by the end of 2024, at a compound annual growth rate of 14.6%.

The report lists banking, financial services and insurance (BFSI) as the largest IAM market (2016). It predicts that the automotive, transportation and logistics space will grow at the highest rate in the allotted timeframe (2016-2024).

The U.S. was identified as the largest market in 2016. The Asia-Pacific (APAC) market, however, will experience rapid growth within those eight years, according to the report from Research and Markets.

Stay tuned to the Cyber Security Hub for the latest coverage of the IAM/PAM space, especially as it soars in importance for CISOs and C-level security executives.

Again, Be Sure To Check Out: User Security Begins With Access Management