Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

October 23, 2024 at 09:55AM

Identity security is increasingly critical due to recent breaches involving major companies. A Permiso report reveals 45% of organizations are concerned about their tools’ effectiveness. Human identities, often seen as riskier, lead to impersonation attacks and data breaches. A unified approach is needed to enhance identity security across environments.

### Meeting Takeaways – October 23, 2024

**Topic: Identity Security / Data Protection Insights**

1. **Current Landscape of Identity Security:**
– Recent breaches affecting major organizations (e.g., Microsoft, Okta, Cloudflare, Snowflake) have highlighted the urgent need for a new approach to identity security.
– There’s a necessity to shift perspectives from traditional access management to a more comprehensive strategy.

2. **Limitations of Conventional Identity Security:**
– Identity security has been primarily viewed as a mechanism for provisioning and de-provisioning access, which is insufficient given the evolving threats.
– The Permiso Security State of Identity Security Report (2024) reveals that while confidence in identifying risks is increasing, 45% of organizations remain worried about their tools’ effectiveness against identity attacks.

3. **Key Statistics from the Survey:**
– 93% of organizations can inventory identities across environments.
– 85% can track user activities across different authentication methods.
– Despite this, 45% experienced an identity-related security incident in the past year, with impersonation attacks being most common.
– Human identities, particularly employees, are identified as the primary risk, contrary to the perception that non-human identities (e.g., API keys) are riskier.

4. **Concerns Over Identity Security Tools:**
– There is a significant gap between the ability to detect risky identities and the incidents organizations experience, emphasizing challenges in preventing social engineering attacks.
– Common consequences of breaches include targeting sensitive data (54%), privilege escalation (46%), and supply chain impacts (45%).

5. **Understanding Responsibility and Resource Allocation:**
– Identity security responsibility often resides with IT teams (56%), rather than security teams, indicating potential gaps in comprehensive identity security strategy across hybrid and multi-cloud environments.
– Security budget allocations show that a larger portion is directed towards SaaS (87%) and IaaS (81%) environments, highlighting a misalignment in resource distribution.

6. **Urgent Need for Strategic Reformulation:**
– There’s a call to redefine identity security from a basic access control focus to a strategic business enabler that incorporates people, processes, and technology.
– Collaborative efforts from vendors, organizations, and the security community are necessary to effectively address emerging identity threats.

7. **Future Directions:**
– Transition towards universal identity security to cater to both human and non-human identities as critical threat vectors.
– Permiso Security aims to unify identity security across all environments and identities, aligning with this strategic shift.

**Next Steps:**
– Explore how Permiso can assist in implementing enhanced identity security measures.
– Read the full Permiso Security report for deeper insights: [State of Identity Security Survey Report 2024](https://ift.tt/sY6IHc9).

**Engagement:**
– Follow our channels on Twitter and LinkedIn for more related updates and content.

Full Article