Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our featured sessions here.
When it comes to the enterprise attack surface, few pieces of infrastructure are as exploitable as identities. Cybercriminals work round the clock to exploit digital identities, with research (2022) showing that over 40% of all breaches involved stolen credentials.
By stealing a user’s identity, an individual can gain access to all the downstream systems they have access to.
That’s why Today, at Microsoft Ignite 2022, Microsoft unveiled Entra Identity Governance, which introduces new features like lifecycle workflows to simplify identity management and governance across clouds, devices, apps and more.
The release serves to bolster Microsoft’s growing ecosystem of identity protection solutions, designed to ensure only the right people, machines, apps and services have access to the right resources at the right time.
Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.
Other announcements: Microsoft Defender for devops and CSPM
In addition to the launch of Entra Identity Governance, Microsoft also announced the launch of Workload Identities, a solution designed to manage identity and access for digital workloads, and Certificate-based Authentication (CBA), a multifactor authentication capability designed to be phishing resistant.
Microsoft also announced the release of Microsoft Defender for devops, a solution developers can use to identify and remediate code vulnerabilities before they reach production environments.
Finally, the organization announced the release of Microsoft Defender Cloud Security Posture Management, a tool that can map potential attack paths in an enterprise environment for organizations to prioritize software fixes and address potential exploits.
The future of identity management?
Out of all the announcements unveiled at the event, the launch of Entra Identity Governance has the potential to be the most disruptive.
According to the Identity Defined Security Alliance (IDSA), 84% of organizations experienced an identity-related breach in the past year. Part of the reason for this high rate of exploitation is that managing identities has become increasingly complex.
“Every organization’s IT landscape will continue to evolve. Cloud adoption, cross-company collaboration, and the types and quantities of identities are all growing, while attackers continue to get smarter and more sophisticated,” said Joy Chik, president of identity and network access at Microsoft.
“Appropriate checks and balances might limit damage if bad actors do gain access to an enterprise. That’s why it’s important to ensure that only the right people have the right access to resources for the right amount of time. But since this is a non-trivial task that IT can’t do alone, governance solutions are critical,” Chik said.
One of the key steps organizations need to take to secure their environments is not only to secure users’ identities and accounts, but also to secure machine identities. This is an area that Entra Identity Governance aims to address head on.
“Most current identity systems were designed to manage human identities, but workloads, such as applications and services, also need identities so they can access cloud resources, communicate with other non-human identities,” Chik said.
These machine identities, or “workload identities” as Chik refers to them, each need to be secured, managed and authenticated, just the same as human identities, which Entra aims to address throughout the entire machine identity lifecycle.
Given that machine identities now outnumber human identities by 45x, this is a component of enterprise security that can’t be overlooked.
A look at the identity governance and administration market
Identity governance is emerging as a priority for more and more organizations, with researchers anticipating the identity governance and administration market will grow from $3.8 billion in 2018 to reach $7.7 billion by 2023.
One of Microsoft’s main competitors in the market is the SailPoint Identity Platform, which is designed to automate the discovery, management and control of all users.
It’s an approach designed to secure remote working environments under the zero-trust security model, giving security teams the ability to govern access to cloud platforms including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), with automated onboarding and offboarding.
Sailpoint most recently announced raising $134.3 million in revenue in the second quarter of 2022.
Another significant competitor in the market is identity and access management provider Okta, with Okta Lifecycle Management.
The solution is designed to automatically onboard and offboard employees, contractors, vendors, partners and customers. Okta recently announced raising $383 million in revenue in the fourth quarter of 2022.
According to Chik, the key differentiator between Entra Identity Governance and existing solutions is accessibility.
“Our customers have told us that traditional identity governance solutions are frustrating and resource-intensive to use. They do not scale easily to the needs of hybrid and cloud environments, and they require integration with identity and access management systems,” Chik said.