October 18, 2016 By Patricia Diaz 2 min read

Everyone within an organization understands the need for basic authentication, if only for ensuring email accounts and laptops are being used by the appropriate people. But not everyone outside (or even inside) of IT sees the importance of allocating resources to identity and access management (IAM) as a standalone authority.

As a matter of fact, one of the top five IAM issues to be addressed at this year’s Gartner IAM Summit highlights just this problem. “IAM leaders struggle with getting their organizations to recognize that IAM is a distinct discipline that requires focus and commitment,” the program said.

Three Reasons to Prioritize IAM and Authentication

As such, below are three reasons why IAM, and specifically authentication, is an area that your organization not only needs to but should also want to develop.

1. All Data Breaches Are an Identity Problem

What is a data breach other than an unauthorized user accessing sensitive information? By definition, a data breach is an IAM issue, and many organizations fail to recognize that this important discipline could have the single most significant impact on reducing data breach risk. According to Verizon’s “2016 Data Breach Investigations Report,” weak, default or stolen passwords account for 63 percent of confirmed data breaches.

Furthermore, with the average cost of a data breach amounting to $4 million and growing, establishing strong protection against data breach risk is an organizationwide issue, not just an IT matter. Costs associated with data breaches continue to climb, in part due to the fact that the costs of lost business and detection are growing and churn rates have increased by 2.9 percent. As these costs increase, there is no better time than today to build up a stronger defense.

2. Security Threats Often Come From Within

Keep your enemies close and your friends closer. When it comes to securing the strongest trade secrets, upcoming launches, new offers and other sensitive data, it is easy to immediately identify the enemy looking to steal this information as a competitor or the like. But IBM’s “2016 Cyber Security Intelligence Index” reported that 60 percent of attacks were caused by insiders.

Be it knowingly, inadvertently or otherwise, insiders such as employees and third-party business partners are placing sensitive information at risk for malicious individuals to capitalize on. Therefore, it is more important than ever to ensure your authentication process is strong and continuous throughout a user session.

Why now? The number of attacks carried out by insiders has been on the rise: Whereas insiders were responsible for 55 percent of attacks in 2014, that figure bumped up to 60 percent in 2015. With no signs of slowing down, strong IAM and authentication could not be more timely.

3. With Bigger Business Comes Bigger Responsibilities

More users, more applications, more business processes. In an increasingly and already heavily digital world, IAM directly supports the growth and continuity of a business.

Sure, it is unrealistic to say that IAM enables all business growth. However, the processes of onboarding an employee, setting up a secure mobile application to interact with customers or other operations would be unsustainable if not for an IAM platform to correctly authenticate and authorize each user.

Maintaining quick and easy business support for customers and employees alike can help sustain customer satisfaction as well as the quality of future interactions with your enterprise. As Gartner noted, “IAM leaders must develop a vision and road map, build the business case and communicate architectural requirements as well as the tools needed to successfully build their IAM programs.”

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today