Identity management: how it is changing

OF BITMAT20 APRIL 2023reading 5 MIN


Massimo Carlotti of cyberark proposes three ways to strengthen the least privilege with the Identity Management

Massimo Carlotti, Sales Engineering Manager Italy of cyberark

The definition of privilege is changing, changing everything. Identities of all kinds - not just IT team members, but all employees - can access sensitive data, infrastructure and systems that are easily exploited by attackers. On average, more than 1,500 IT and security decision makers say more than half of their employees have access to sensitive business data. Managing digital identities - from granting, modifying and revoking authorisations to verifying compliance - is essential, but not easy. The number of identities that need protection is increasing as organizations' digital and in-the-cloud initiatives are constantly growing in scope and scale.

The problem is that manual and error-prone processes can prevent many companies from safely managing the lifecycle of employee identities.

When considering the beginning of the life cycle, new employees often wait days or weeks to gain access to the applications, services, and IT systems they need. At some point, impatience can lead them to look for other ways to do so, including the use of "shadow IT", a term often used to describe IT systems and solutions implemented and used within organizations without the explicit approval of the company itself.

Then consider what might happen if a member of the IT team forgets a critical step in a workflow performed manually. For example, if an employee leaves the company, the IT team may need to scroll through a list of applications to revoke access, one at a time, by hand.

What is the risk?

A misstep in identity management leaves the door open for threat actors to exploit underfunded, hyper-privileged, or orphaned accounts, and is an activity they routinely perform.

IT decision makers believe that accelerating employee turnover has caused security concerns.

The start and end dates of the workers' relationship, while important, are only the starting point for a continuous management of the life cycle of identities. Ensuring the least privilege for employees throughout their stay in the organization requires:

Months, years and even decades of monitoring and reassigning privileges per user.

Access provisioning and deprovisioning based on changing roles and systems, and increasing number of applications.

Guaranteed synchronization of the range of applications involved.

At a time when privileges are everywhere, including the ability of employees to take risky actions in business applications containing sensitive data, these pillars of identity management require a new approach.

In fact, most businesses manually manage integrations between data, applications, events, and services, and have no formal procedures or consistent workflows to re-evaluate, modify, or revoke access and privileges.

Here are some measures to implement to adopt a security-oriented approach to identity management, from the first to the last day of a user

1. Centralise policies, controls and lifecycle management capabilities, using automated workflows to:

Insert and delete employees

Define and apply each user’s roles, responsibilities, access rights and permissions

This approach can free the team from repetitive and error-prone tasks. The integration of these processes with HR software ensures consistency and accuracy across platforms.

2. Federate identities between cloud and on-premises applications and systems so that the team can:

Quickly provide access when users need it

Adapting access to changing roles or risks

Remove it when users leave the company.

Automated workflows can help prevent "privilege creep" and the persistence of orphaned accounts that attackers often exploit to launch attacks, steal data, and more.

3. Obtain a real-time view of the potential risks - and the ability to act on them - through automated tools that track areas such as:

Use of applications

Failed login attempts

Unused accounts

Data on external threats.

This three-step approach provides scalable visibility and control through automated workflows designed to prevent risky user actions and breach attempts.

Massimo Carlotti, Sales Engineering Manager Italy of cyberark

CyberArkgestion of identities identity managementleast privilege




• Website

• Facebook

• Twitter

BitMAT Edizioni is a publishing house based in Milan with a 360º coverage of communication aimed at specialists in Information & Communication Technology.


Kaspersky thinks about SMEs

28 APRIL 2023

Leave a Reply

Your email address will not be published. Required fields are marked *