Why identity infrastructure is the new cyberattack surface
October 13, 2023
Yaron Kassner, co-founder and CTO of Silverfort, discusses the security challenges that companies face in the realms of digital transformation and identity access management.
Yaron Kassner is the chief technical officer (CTO) and co-founder of computer and network security company Silverfort. He has a bachelor’s degree in mathematics, a PhD in computer science and more than 10 years of experience in cybersecurity and big data technology.
Prior to his current role at Silverfort, he worked on big data analytics and machine learning algorithms at Microsoft, as well as working as a consultant for Cisco.
As CTO of Silverfort, Kassner is responsible for setting the company’s product strategy, leading research and innovation, and guiding the technical team.
The ongoing shift to the cloud continues to be very challenging for organisations whose operations rely heavily on legacy apps and infrastructure. In most enterprises, you will find multiple identity providers and authentication solutions to manage identity and access across environments, including a legacy on-premise identity solution (usually Active Directory), a modern identity solution for web and cloud applications (such as Azure AD, Okta, Ping or others – and often more than one), a PAM [privileged access management] solution (such as CyberArk), and an access solution for the perimeter (such as VPN or ZTNA solutions).
In some cases, additional solutions are used, all of which play different, small parts in the incredibly complex identity stack that enterprises have to deal with. It is harder when there is M&A activity and a company inherits additional redundant solutions. Managing multiple solutions is tough enough, but the real problem is that competing vendors only work with their own isolated security controls. None of them offer a unified identity control across an enterprise’s entire identity infrastructure.
Without a complete picture of your entire identity infrastructure – and a way to protect it – attackers will continue to take advantage of the gaps between these identity ‘silos’ and easily spread across on-premises and different cloud environments that belong to the same organisation. As long as a user can fail the MFA [multi-factor authentication] verification in one IAM [identity access management] platform but still log in freely to all the others – identity will remain the attackers’ weapon of choice.
Digital transformation efforts have accelerated productivity to new heights and we’ll continue to see this acceleration with the widespread use of AI. However, the productivity acceleration was at the expense of strong security and identity controls. The market has seen that come to light with the series of attention-grabbing hacks that are in the news daily.
Now more than ever, executive teams realise that security must be at the forefront of all DX [digital transformation]...