Overview: The Layoffs and Underlying Risks
The first quarter of 2023 witnessed large scale layoffs in the technology domain across the globe. More than three hundred thousand people were handed over pink slips. And there can be few more numbers that may be unaccounted for as such massive layoffs lead to “domino” effect.
Such incidents lead to mental stress and uncertainties among the employees and their family members. For few it results in frustration and for another few it results in a revengeful attitude. Employees may feel left out, unrecognized and turn their frustration into vengeance.
But the bigger risk is Identity-based threats
While the objective of layoffs is cost reduction and increased profitability, it could turn out to be counterproductive exercise for an organization if the Identity Access Management (IAM) mechanism is fragile.
Let’s consider some scenario-based risks due to poor IAM implementation
- Think of the risks and uncertainties that linger around the enormous number of digital identities that are no longer active in the IAM systems. Daily hundreds of identities interact with hundreds of cloud applications, including legacy applications. If those identities are not deprovisioned on time, that could result in account take over, social engineering and other forms of insider threats.
- On the other hand, if this enormous number of identities are deprovisioned manually, there could be chances of human errors and it could be time-consuming, eventually leading to utter chaos.
- Risks multiply if there are dormant accounts or any orphaned account that remain undetected for longer period and any disgruntled insider out of vengeance misuses the accounts. Unless the provisioned accounts are not deprovisioned on time, malicious insiders, suspicious third-parties or even hacktivists can misuse them for compromising IT assets.
- Adding to the woes, if any of these identities are privileged identities, then the outcome can be catastrophic. There are many privileged entitlements on cloud, for example, administrative access to cloud consoles, critical applications, DevOps tool chains among other cloud resources. In addition, in on-prem IT set-up, there are many administrative privileged identities that have to access to network devices, databases and servers. Any sort of misuse or abuse of such identities can bring the entire IT operations to a standstill.
- Lastly, it’s not just data loss or financial loss. The organization could face non-compliance financial penalties from the global IT standards and regulatory compliance bodies that demand secure and authorized logins to every critical account.
How to Mitigate the Risks?
Automation is the key to mitigate the security threats from orphaned accounts, and deprovisioned accounts. This is the age of automation and organizations are continuously transforming their IT infrastructure to hybrid models or/ and adopting SaaS (Software as a Service) models. As a result, provisioning of user accounts for multiple applications happens regularly to enhance productivity and operational efficiency.
However, too many user accounts create complexities in managing large and distinct identities. It requires utmost attention when it comes to ever-increasing number of SaaS applications because of its vulnerabilities and most of the time unmanaged identities become the intrusion doors for anomalies. Similarly, while laying off employees, especially those working remotely, organizations tend to take unlimited time in deprovisioning their identities. It increases the numbers of dormant/orphan accounts and the chances of compromising those accounts.
Modern enterprises seek an automated solution that can provision and deprovision all types of identities including human identities, machine identities, and privileged identities without human intervention.
Converged Identity Approach
Not just privileged identities, modern IAM infrastructure equally demands utmost security of any named identity, shared identity, machine identity, bot identity, API identity, and cloud identity. Converged Identity platform offers comprehensive visibility over all sorts of identities and is believed to be the future of Identity Access Management (IAM) initiatives.
So, considering the above scenarios, what today’s IAM pros need is a single glass pane that shows the status of every identity in real-time. ARCON’s Converged Identity platform helps to give an overview of how many different identities are there in an IT setup at any point of time. The IT administrator can have a clear overview of:
- Total number of digital identities (both human and non-human)
- Total number of active identities
- Number of privileged identities
- How many dormant identities
- Total number of disabled users & suspended users
- Number of departments and user groups
- Total number of business assets & infrastructure assets
- Overall login records
- Day & month-wise login records
- Most accessed resource/ application
In short, CI (Converged Identity) offers comprehensive mapping of all sorts of identities.
In the current mass scale lay off scenario, as discussed above, most of the organizations seek a holistic and comprehensive IAM security approach in the most easy-to-use and secure manner. The future of IT security stands tall with ARCON’s Converged Identity approach because the solution:
- Manages every identity from a centralized location to detect and prevent unauthorized access
- Provisions/ Deprovisions both business assets (e.g. Web applications), infrastructure assets (e.g. OS or network devices) and the users
- Ensures role-based access only and thereby eliminates the chances of unnecessary privilege access
- Possesses the ability to integrate multiple solutions under one roof and improves operational efficiency
- Eliminates the requirement of manual intervention due to automated approach
- Maintains lifecycle of every identity starting with creation of identities, modifying their access rights, and even disabling/removing their access rights
- Authorizes end-users with access certifications, entitlement management and makes proper segregation of duties to prevent unauthorized activities
- Helps to meet regular audit and standard compliance requirements
Converged Identity approach is the new age mantra for Identity Access Management (IAM) initiatives that administers overall access management and comprehensively helps to manage the lifecycle of distinct digital identities.