Why Third-Party Identity Risks Are Impeding Zero Trust Strategies
Today’s digital transformation has dramatically changed the security landscape from the perimeter defence standard that protected an organization’s on-premise systems to one in the cloud where diverse security best practices must be incorporated far beyond the walls of an organization. Also gone with the perimeter, is also the notion that access is provided to office-based employees alone. In fact, many organizations have such a substantial operational reliance on third parties that they have more “outsiders” who are provided with “insider” access than employees.
According to a recent report by Ponemon Institute, 51% of businesses have suffered a data breach caused by a third party. This could be an individual in the organization’s supply chain, an IT service provider, volunteer, consultant, partner, or even a non-human “thing” that has been granted access to the organization’s data and systems. Cost savings, on-demand access to sought after skillsets, and business efficiencies are just a few forces driving organizations to provide network, data, and facility access to a diverse population of third-party individuals and entities. A Ponemon Institute study found that the average organization utilizes nearly 6000 third parties in various business functions. This increased volume has pushed manual identity practices, proprietary solutions, and customized IGA systems beyond their limits, rendering them inadequate to keep assets safe.
Read more in our solution brief by clicking below.