{"id":43622,"date":"2021-10-27T14:00:00","date_gmt":"2021-10-27T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/operations\/identity-focused-security-controls-prevail"},"modified":"2021-10-27T14:00:00","modified_gmt":"2021-10-27T14:00:00","slug":"identity-focused-security-controls-prevail","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/identity-focused-security-controls-prevail\/","title":{"rendered":"Identity-Focused Security Controls Prevail"},"content":{"rendered":"

As the military saying goes, “No plan survives contact with the enemy.” We spend a great deal of time teaching our military leaders to improvise, adapt, and overcome as a way to deal with this reality. For many of us, the COVID-19 pandemic induced an instant shift to a fully remote workforce and presented a challenge we hadn’t prepared for. New research provides some insight into just how well we\u2019re improvising, adapting, and overcoming.<\/p>\n

In spite of transitioning to a fully remote workforce almost overnight as a result of the pandemic, according to the “2021 Trends in Securing Digital Identities<\/a>” report, 79% of organizations suffered an identity-related breach within the last two years. Surprisingly, this response is identical to the results of a similar 2020 survey conducted pre-pandemic. This is an unexpected win given the previously mentioned drastic change to the way we all work. If breaches stayed flat, what did change? Eighty-three percent of respondents say the shift to remote work increased the number of identities in their organization, and their confidence in the ability to manage employee identities dropped significantly, from 49% to 32%.<\/p>\n

According to the same report, 93% believe they may have prevented or minimized security breaches if they had implemented some specific identity-related security outcomes. That\u2019s a key takeaway for how to mitigate the risk of a future attack \u2014 at least those we can anticipate today. For security practitioners, it’s about putting up enough roadblocks to slow down the attackers and make it harder for them. They might even decide to move on to easier targets.<\/p>\n

\"DR.C_Maples_Picture1.png\"
Source: Identity Defined Security Alliance<\/figcaption><\/figure>\n

Putting Together Your Identity Security Road Map
<\/strong>Security is an organizational mindset. It’s important to establish a common security language, a security conscious culture and an approved set of identity-related security controls. To make the task less daunting, these core identity-related outcomes should be prioritized and adopted throughout the organization. Resources like theIDSA’s Identity Defined Security Outcome library<\/a> are a great place to start, but organizations will need to prioritize implementation based on their unique situation.<\/p>\n