As more companies expand their cloud environments and add SaaS solutions, the pressure is on security teams to manage identity and control access. The focus on securing user identity has never been more intense.
That’s because today, a user’s identity is one of the only barriers preventing unauthorized individuals from accessing a company’s most sensitive data. But deploying multiple identity and access management (IAM) solutions with similar capabilities is not the answer. For businesses dealing with unauthorized users, “identity fabric” brings relief.
Identity fabric, a term coined by Gartner, isn’t a single solution, but a collection of identity solutions and tools that work together to form a strong bond. SaaS security posture management (SSPM), multifactor authentication (MFA), single sign-on (SSO), identity and access governance and identity threat detection and response (ITDR) are some of the tools that form an identity fabric.
Just as with clothing fabric, where fibers are weaved together to create a stronger material, the key to a strong identity fabric is to weave these multiple identity tools together.
Identity fabric primarily comes into play during login when users are trying to get into the application and access information. At this point, the fabric authenticates users and authorizes their access. This fabric includes built-in settings within applications; Microsoft 365, Salesforce and Google Workplace have dozens of access control configurations that control access into the application.
However, some tools like ITDR go one step further by tracking user and entity behavior analytics (UEBA) throughout the time users are accessing the application. If they detect anomalous behavior, such as unusual downloads or the creation of new high-privilege accounts, they can trigger an alert.
When done correctly, businesses have a better chance of preventing unauthorized access to their cloud and SaaS instances. At the same time, these tools allow the security team to manage and govern identities from a centralized point and ultimately stave off pressure from threat actors.
Here is a look at some of the key elements that make up an identity fabric:
Centralized View
With the explosion of cloud and SaaS, businesses need a single, centralized view of their users. This single pane of glass allows security teams to oversee and control all users and apply corporate policies to all their applications.
It also allows businesses to monitor users who are accessing widely dispersed applications, ensuring that each is managed by the same identity policies the business has in place for accessing other corporate assets. Security teams can also check the business’s compliance with industry standards to ensure that the configuration for all identity-centric security is in line.
This view is an essential piece of identity fabric. It enables security teams to detect and remove former employees from SaaS applications that are not connected to the company’s identity provider (IdP). Furthermore, it helps detect high-risk dormant accounts that are often used in setting up the SaaS applications, as well as identify unmanaged user accounts from outside vendors that may or may not still be involved in a company project.
Flexibility and Agility
Change is the one constant in the world of SaaS. New apps are introduced regularly, employees are added and removed from apps, credentials and privileges are altered, and the list goes on.
A business’s identity tools must be flexible and agile to keep up. This includes offboarding employee access to apps when they leave a company or move into a new role.
A study from Beyond Identity found that 83% of respondents continued accessing accounts from their previous employer after leaving the company? Of those, a shocking 56% said they had used their continued digital access to harm their former employer.
Third-Party Access
As reported in the SaaS-to-SaaS Access Report, third-party applications are often granted privileges that expand an organization’s attack surface.
When this occurs it puts valuable company resources and data at risk and ultimately compromises data privacy. For example, the research found that 39% of apps connected to M365 and 11% to Google Workspace have ‘high-risk’ permission access. In the case of the latter, 40% of high-risk scopes requested the ability to delete all Google Drive files.
A strong identity fabric monitors these non-human user accounts, which often have an uncomfortable level of access to a company’s security stack. The access controls put in place can limit or deny access to applications that request the ability to delete files, overwrite data, or send email on behalf of the user without explicit permission.
In this way, the identity fabric maintains the security of the app and its sensitive data.
Identity Threat Detection
Today’s SaaS apps lack sign-in context, such as where the person is located or the device they are using. This must be a part of this new fabric.
SSPMs, for example, capture user login information from any application. As a result, security teams gain critical new levels of context that allow them to identify potential behavior that could indicate a threat to SaaS security.
This piece of the identity fabric is critical in detecting threat actors who have made it past the perimeter. Identity threat detection and response picks up where access control leaves off, monitoring users and their behavior once they have entered a SaaS application.
This second level of defense detects anomalous user behavior, comparing actions of the user to standard behaviors. For example, it would detect a user logging into two different applications from two different countries at the same time. Such activity would likely trigger an alert to the SOC team.
If there’s one guarantee, it’s that businesses will continue to invest in cloud and SaaS. Yet, without taking the right security measures, they will become increasingly more susceptible to identity-based attacks.
By stitching together a robust, resilient identity fabric, security teams can gain a centralized view that is aligned with the ability to identify and track users, provision access based on role, assess compliance with key industry standards, and more. These efforts will assist businesses in building an enforceable security posture against an ever-changing threat landscape.
