At this time last year, I described 2020 as “a year like no other,” and as we always do at this time of year, we looked forward to 2021 with high hopes and big plans for a return to normalcy.
But as we wrap up 2021 and our third year dedicated to helping security leaders embrace and deploy identity-centric security strategies, we look back at a year that became an extension of the remote and online world we came to grips with in 2020. Organizations continued to focus on how to securely conduct business online, keeping the spotlight on identity security and the risks associated with insufficient people, processes, and technologies.
This year also brought some of the biggest and most impactful cyberattacks, however, they were not the result of new and innovative techniques, but the result of orphaned accounts and insufficient privileged account management. Identity-related attacks have been and continue to be the hacker’s favorite, as stolen or compromised valid credentials are the easiest and stealthiest way of gaining persistent access.
The good news – our research, 2021 Trends in Securing Digital Identities, found that 97% of organizations surveyed will invest in identity security in the next year (survey conducted in April). The investment community took notice in 2021, as well. According to Crunchbase, venture investment in identity management hit a new level in 2021…
“This year has already seen $3.2 billion in venture dollars go into the identity management space—about 2.5x the amount of investment from last year’s $1.3 billion, which was already a record.”
There is no doubt that the last 2 years provided a sense of urgency for organizations to shore up their identity and access management practices and transition to an identity-first security strategy. If you are ready to make that shift in 2022, we’ve compiled the must reads from 2021:
New Research Provides IAM Stakeholder Perspective on Access: In February, we published Identity and Access Management: The Stakeholder Perspective which provided a unique perspective on the state of identity programs from the key stakeholder perspective. The most alarming finding? Only 34% of organizations remove access for a terminated employee on the day they leave the organization. It’s a process and automation gap that can result in a significant ransomware payment or worse, disruption in critical infrastructure, as experienced this year.
Identity Management Advice for Organizations: In April, we partnered with the National Cybersecurity Alliance (NCA) on the first ever Identity Management Day focused on raising the importance of securing digital identities. This blog provides 8 key best practices to protect ALL digital identities (employees, contractors, third parties, customers, consumers, machines).
Identity Management Champion Advice: As part of Identity Management Day, we recognized over 150 individuals and organizations who are prioritizing identity management and security. We asked these Identity Management Champions “What is the biggest challenge facing your customers related to identity management/identity security and what one piece of advice would you give them?” And they had a lot to say.
Dark Reading: Identity-Centric Security Controls Prevail: In June, we published 2021 Trends in Security Digital Identities. Our second annual research report examined the impact that the events of 2020 had on identity and access management in the enterprise and the implementation of identity-focused security strategies. In this article published in Dark Reading, Clint Maples, Customer Advisory Board Member and Robert Half CISO, gives his perspective on the results and recommendations for an identity-centric security strategy.
Defining Identity Defined Security: This year we felt it important to provide some clarity around the terminology that is being used to describe how we address the security of digital identities and the resources they are accessing. In this blog from Asad Ali, IDSA Technical Working Group chair and technologist at Thales, examines the role of Identity Security and Identity Defined Security in protecting our organizations.
To #BeCyberSmart, You Must #BeIdentitySmart: In October we hosted #BeIdentitySmart week in conjunction with the NCA, which put a spotlight on the importance of identity security as part of Cybersecurity Awareness Month. Organizations were asked to focus on making security a priority, we went one step further to say that making security a priority, also means making identity a priority in your security strategy.
The Guide to Identity Defined Security: In honor of #BeIdentitySmart week, we published this definitive guide to identity defined security, a compilation of several years of research, domain expertise and best practices collaboratively developed by leading identity and security vendors, solution providers and practitioners. The ebook discusses the challenges facing organizations today, why an Identity Defined Security program is essential, and the steps to get started leveraging the Identity Defined Security Framework.
We hope these must reads inform your identity-first strategy. As we look forward to 2022, and as long as compromised identities are being used to wreak havoc in our work and personal lives, we will continue to deliver on our mission of helping organizations reduce the risk of identity-related security breaches.