How identity security is solving a problem as old as the internet

Recent high profile data breaches have showed that Australian businesses must have cyber security measures in place to protect themselves from emerging threats. In fact, this year, the Australian Cyber Security Centre issued an alert encouraging Australian organisations to urgently adopt an enhanced cybersecurity posture due to an increased risk of cyber attacks.

It’s an issue as old as the internet. But in today’s digital landscape, identity security is core to cybersecurity, and is essential for modern enterprises. In fact, any CISO worth their weight will tell you that the role that identity security plays in cyber protection is now indispensable.

Identity security includes the policies and tech that firms use to grant access to apps, data, systems, and cloud platforms, ensuring that the right people have the right access, for the right reasons. To provide adequate protection in the face of today’s risks, identity security must be evolving and continuous in its delivery, and flexible to adapt, as new threats emerge.

How can businesses leverage identity security?

Enterprises need to move beyond the traditional identity governance approach of looking at access after-the-fact, replacing it with a forward-looking approach. Given tech-led advancements such as AI, identity security is now more accessible than ever. But there is an imbalance between the importance that business leaders place on cybersecurity measures such as identity security, and the appetite for businesses to actually implement them.

Automating identity processes to optimise operational efficiencies

Identity security is recognised as being core to cybersecurity, but there is still some hesitancy when it comes to businesses deciding to adopt a modern identity security solution. When businesses think about identity security, they often think it’s a complicated process and that it could be expensive, disruptive, and perhaps not plausible to prove its value in the short term.

But with the average cost of a data breach being AU $3.35 million per breach in 2020, businesses simply can’t afford not to have a comprehensive and automated identity security strategy in place. Further, automation can actually result in lower costs for businesses and reduce the possibilities of human errors caused by manual detection processes. AI-based identity security also helps to streamline the most complex identity tasks in an organisation.

With access automation, as new users are created or roles change, access can be automatically granted and updated based on access policy. Unused access and dormant accounts can also be automatically de-provisioned to reduce risk exposure, while detecting and preventing toxic access combinations can avoid potential fraud or theft.

For any business, the costs involved in securing identities will be much lesser than the financial losses that can be caused by cyber attacks. A recent study identified an 80% cost difference associated with security breaches in firms where security AI and automation was fully deployed vs. not deployed. AI and automation had the biggest positive cost impact.

Through AI-driven insights, firms can get deep visibility and understanding of all user access, including trends, roles, outliers and relationships. Some of Australia’s largest organisations, including Mirvac, Beach Energy and Officeworks, have invested in these solutions.

A traditional identity approach is no match for new cyber risks

With more connected devices and identities, the volume of identity data and complexities have increased beyond human capacity. In a traditional, legacy approach, as work processes are siloed, IT teams do not have visibility into roles, responsibilities and data access.

This is why companies need an intelligent, automated identity platform that can easily identify risks, monitor behaviours and refine roles across hybrid and multi-cloud environments; and protect the firm at scale, ensure compliance and improve productivity. With AI, firms can get insights into access privileges and potential threats, and control access throughout a user’s lifecycle and make better identity-related decisions in today’s tumultuous digital environment.

For example, SailPoint has recently added new intelligence capabilities to its Identity Security Cloud, including contextual insights into access anomalies and persona-based reporting.

These insights are powered by AI and build on SailPoint’s heritage as the first company to drive the vision of AI into identity security. The platform is underpinned by AI that speed and standardise the measurement of access risks across the firm. With its enhanced capabilities, SailPoint Identity Security Cloud allows administrators to automate complex and repetitive identity security processes, reducing business cost and risk while improving productivity.

These capabilities not only provide stronger security controls, but also help firms meet regulatory compliance through automated certification of orphaned accounts. The solution of advanced intelligence, automation, and integration capabilities allows SailPoint Identity Security Cloud to work with existing security tools so clients can get up and running, and effectively govern access to apps and resources as they are added to user environments.

While the notion of AI-driven identity security is still fairly new, it is important to understand that by leveraging autonomous and intelligent identity security solutions, organisations can develop a resilient and adaptable identity strategy for their evolving business needs.

Gary Savarino is the Identity Strategist, APAC at SailPoint.