Login

Promote Your Company       |     Contact

Independent Cyber News.

Identity Management Day
The sixth Identity Management Day highlights the evolving nature of identity. The meteoric rise of AI in general and its impact on nonhuman identities (NHIs) has focused attention on identity security as never before. But in the long view, it simply highlights the same issues we have seen in identity management since it was called […]
Identity & Access Management | Security Operations
Posted: Wednesday, Apr 15

i 3 Table of Contents

Identity Management Day
From Sean Deuby

The sixth Identity Management Day highlights the evolving nature of identity.

The meteoric rise of AI in general and its impact on nonhuman identities (NHIs) has focused attention on identity security as never before. But in the long view, it simply highlights the same issues we have seen in identity management since it was called “identity management.” And discovery has always been a part of it.

Enabling the business has always been the priority for IT. Managing the identity pieces you have created for the business has not, because e it does not directly benefit the business.

Do you need this group created, populated, and added to an application? Sure. Do you need this service account immediately? Right away. Let’s give it some extra privileges because we know we will not have to troubleshoot permission problems in the future.

But ask yourself: how often have you seen “Please remove this account because we’re not using it anymore”? Rarely. Unless you’re a regulated business, identity governance and administration (IGA) is usually an afterthought. This has been the reality of IT as long as there’s been IT.

I lump this into the identity security category I call “eat your vegetables”: you know it’s good for you, but you don’t do it enough. Even after 26 years of general availability, identity governance is far from a given in Active Directory environments, especially smaller ones.

Since identity systems such as Active Directory have very long lifespans, these daily decisions accumulate over years or decades of production. Organisations find they have thousands or tens of thousands of under-regulated NHIs (we call them service accounts on premises). This is one of many reasons identity systems are a favourite target of threat actors; they know very well these NHIs are overprivileged, underprotected, and neglected.

Take these same factors, surround them with the tinder of cloud services’ ease of use, pour the gasoline of AI onto it, and give developers the match. That’s the dumpster fire we’re looking at today, with NHIs outpacing human identities at what seems like a geometric progression. We’re right to be concerned.

How does “finding identity” fit into this? We can’t just wring our hands about the situation; we need to take steps immediately. We must put controls in place as soon as possible. And we must discover what’s already out there, using any tools we have, so we know the scope. You don’t know the size of your dumpster fire until you’ve looked.

Sean Deuby
Sean Deuby (Principal Technologist, Americas) brings more than 30 years’ experience in enterprise IT and hybrid identity security to his role at Semperis. An original architect and technical leader of Intel's Active Directory and Texas Instrument’s Windows NT network, he is a 15-time MVP alumnus and has been involved with Microsoft identity technology since its inception. His experience as an identity strategy consultant for many Fortune 500 companies gives him a broad perspective on the challenges of today's identity-centered security. Sean is also an industry journalism veteran; as a former technical director for Windows IT Pro, he has over 400 published articles on Active Directory, Azure Active Directory, hybrid identity, and Windows Server.

Get Your Cyber News Delivered

Subscribe

Similar Posts

No results found.
Share This