Virtualization Technology News and Information
Celebrate Identity Management Day 2022 - Here's How To Better Manage and Protect Digital Identities


Over $3 billion in venture funding went into the identity management space last year — and rightfully so. An overwhelming majority (79%) of organizations have experienced an identity-related breach in the last two years.

Identity Management Day, which takes place on the second Tuesday of April each year, is an annual reminder about the importance of properly managing and securing digital identities.   

To help celebrate the event, VMblog reached out to a list of industry experts to get their personal tips, thoughts and commentary on this important day and topic.  And we're sharing those insights on how organizations and individuals can better strengthen identity management all year-round.


James Brodhurst, Principal Consultant at Resistant AI

"Securing identities is more important than ever, as fraud and identity theft have impacts for businesses as much as for individuals. There are real risks imposed on our interactions with each other, with service providers, or any other engagement in the digital world.

Consumers must be aware of those risks when applying their identity or personal data for use in the digital world. It has never been easier for cybercriminals to steal data and use it in seemingly unlimited ways, to commit fraud and other cybercrimes. That’s due, in part, to an overwhelming percentage of people not taking the necessary steps to safeguard their identity.

In addition, businesses and other organizations that use consumer identities as an integral part of operations must address the significant challenges of managing identities and recognize that there is no single solution to all possible cyber threats. Effective identity management is only achieved through a broad range of technologies and data. This is an important first step for organizations to know who they are interacting with, and subsequently distinguish between genuine or illicit actions."


Tom Jermoluk (TJ), CEO and Co-Founder at Beyond Identity

"The biggest problem with identity management today is how horrifically it has been mis-managed and allowed to repeatedly fail and collapse under its own weight. For businesses, it’s a ‘last mile’ problem that ultimately provides bad guys with a first mile on-ramp. While mechanisms to ensure trust between businesses have grown stronger, we’ve added only complexity, burden, and blame on end users. By persisting with decrepit user identity foundations – which enable everything from account takeover to ransomware – we as an industry are becoming dangerously close to complicit in cybercrime."


Keith Neilson, Technical Evangelist at CloudSphere

"With both cyberattacks and internal cyber threats on the rise, National Identity Management Day serves as a reminder for organizations to ensure that only the right personnel have access to the right data. Given the multi-layer implications between data, assets, applications and users, identity management should begin with developing an agile cyber asset management approach. When a security breach occurs, it is often due to a lack of full visibility into company cyber assets and connections across business services. To properly secure all company data, enterprises should begin by discovering all cyber assets within their IT environment to establish clear, real-time visibility of the attack surface. Once all cyber assets are accounted for, companies can effectively manage access and enforce security guardrails."


Rod Simmons, VP of Product Strategy, Omada

“Organizations today are faced with a rapidly proliferating workforce. This is not only in terms of remote work, but also in an explosion of third-parties, auditors, interns, and contracted workers who require access to a similarly growing IT landscape of applications, infrastructure and data. To wit, there is no one solution that organizations can turn to in order to solve their identity security issues. A connected ecosystem of solutions that are married with strong business processes and committed corporate buy-in is needed in order to properly secure identities.”


Den Jones, CSO, Banyan Security

“Identity is a foundational requirement for securing access to applications, resources, and infrastructure. With the transition to hybrid work becoming the new normal, identity becomes a core component when securing remote access to corporate networks. In fact, the CISA listed identity as the first pillar in a successful zero trust model when they released their Zero Trust Maturity Model guidance back in September. Traditional solutions such as legacy VPNs are no longer sufficient in order to properly secure this ever-growing attack surface.”


Morey Haber, Chief Security Officer, BeyondTrust

"We all have a unique identity. When translated to technology, we have more than one account associated with our identities, and threat actors target our accounts to infiltrate an environment. Identity Management Day helps consumers, employees, and businesses understand the risks to their identities if an account is compromised, along with the best practices for securing accounts from identity-based attack vectors. If you consider how many accounts an individual may have to perform their role within an organization, protecting users’ identities is one of the best strategies to prevent future security breaches."


Manish Gupta, IDSA Customer Advisory Board Member

"On the 2nd Identity Management Day, we find the world in a tumultuous situation. Unlike the covert cyberwars and script kiddies of the past, we now find ourselves staring at overt cyber hostility by nation states, innovative concoctions of simple and complex tactics by underage actors, and independent mercenaries heading to call to action by national leaders. Identity Defined Security is the only security perimeter and defense we have in the absence of national borders in cyberspace. So, let’s double down on Identity Management awareness and excellence to ensure a safe cyberworld."


David Pignolet, founder & CEO, SecZetta

"Even though third-party access is at the heart of more than 51% of security breaches, it continues to be a gap in many organizations' identity programs. Non-employees are given the same level of access as employees, oftentimes with less scrutiny in confirming they are who they claim to be, and that the level of access granted to them is appropriate and limited to only when needed. Managing all identities with the same diligence is a critical first step in creating a strong cybersecurity culture, inclusive of both employees and non-employees, and a resilient cyber framework to withstand ever increasing cyber security threats."


Matt Mills, President of Worldwide Operations at SailPoint
"Identity security is more “essential” than ever. Many companies are only scratching the surface of identity security, focused only on granting access. That may have been good enough a couple of years ago, but today the stakes have never been higher for enterprise security. “Good enough” is no longer enough.
Enterprises face cyber threats daily, and breaches incur costs that are both financial and reputational—and in many cases, it has cost executives their careers. Today’s enterprises cannot afford to kick the can down the road further. Strong identity security is no longer a “nice to have” solution. It is essential. Placing identity at the core of the security architecture, and truly understanding who should have access to what and how that access is used is the only path forward to a secure enterprise."


Joseph Carson, Advisory CISO and Chief Security Scientist at Delinea
"When it comes to cyber threats, all roads continue to lead to identity. Digital transformation, the move to cloud, and requirements for remote work have only made it easier for cyber criminals as organizations struggle to secure an expanded threatscape and get a handle on identity sprawl. Companies of all sizes need to focus on centralizing identities while also reinforcing best practices and training to ensure employees are doing everything possible to secure their credentials. Remember: it only takes one compromised identity to negatively impact the company’s financial performance, customer loyalty, and brand reputation, potentially costing millions of dollars."


Chris Hickman, Chief Security Officer, Keyfactor
"Many organizations are just beginning to recognize the importance of having a strategy for managing the sprawling machine identities and credentials in their network. Just like human identities, machine identities are complex and come in many forms, which creates challenges and vulnerabilities for IT and security professionals. Two major challenges organizations face include a lack of visibility into the human and device identities accessing their data and managing them at scale. This makes it difficult for organizations to shift away from traditional networks and data centers and fully implement initiatives like cloud adoption and zero trust."


David Higgins, Senior Director, Field Technology Office
"Big rises in digital and IT initiatives have contributed to an accelerated number of digital identities, running into the hundreds of thousands per organization. These identities are associated with machines and applications, as well as customers, staff and suppliers. And the majority of them routinely access sensitive or privileged data and assets. 

Organizations face a widening identity-centric attack surface because investment in the cyber tools and techniques to secure this access has not kept pace with investments required to accelerate digital business initiatives, creating cybersecurity "debt" that must be paid down by introducing Zero Trust principles to Identity Security strategies."


Eve Maler, chief technology officer, ForgeRock
"n only two years, we’ve seen enterprises' digital footprints grow monumentally. Companies have onboarded many new – and newly remote – employees, challenging already-stretched IT teams, expanding attack surfaces, and putting the company and personal data at risk. Organizations also had to establish new direct-to-consumer channels, which opened up new avenues for fraud. Enterprises need to be hypervigilant to these new digital threats and deliver security and experience flawlessly, without compromising either."


Tyler Farrar, CISO, Exabeam

"Colonial Pipeline, SolarWinds, Twitch. All of these organizations have one thing in common: they suffered data breaches as a result of stolen credentials. Credential theft has become one of the most common and effective methods cyber threat actors use to infiltrate organizations of all sizes and access sensitive data.

We strongly support efforts, like Identity Management Day, that raise public awareness and can help to combat this pervasive issue. We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing.
Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organizations must build a security stack that is consistently monitoring for potential compromise. Organizations across industries can invest in data-driven behavioral analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behavior indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time."


David Putnam, Head of Identity Protection Products at NortonLifeLock

"Identity theft has become a booming business with cybercriminals looking to take advantage of consumers’ changing behaviors and increased digital footprint to launch coordinated attacks and convincing scams. To protect against this threat, consumers need to take charge of their digital lives and proactively invest in identity theft monitoring, alert and recovery services to help monitor threats to their identity and safeguard their personal information."


Kapil Raina, VP, Zero Trust, Identity Protection, and Data Protection Marketing, CrowdStrike
"Gartner recently noted (Feb 18, 2022 report) that one of the top trends for cybersecurity in 2022 will be Identity Threat Detection and Response. This aligns with CrowdStrike's 2022 Global Threat Hunting Report research that shows 80% of cyber breaches involving identity-based attacks. The industry's broader response to attacks has been to deploy Zero Trust architectures that feature identity security as a key pillar. Even when looking at more tactical responses, with modern attack methods, the MITRE ATT&CK TTPs can no longer be covered without using identity attack detection and protection tools. And with enterprises deploying hybrid architectures and required to secure remote and on campus workers, the industry needs a platform based approach for defense without relying on a single vendor for a response. These trends make the protection of identities and identity stores - everywhere and for everyone - more urgent now than ever."


Jeremy Grant, Coordinator, Better Identity Coalition

"The Better Identity Coalition is pleased to join with our partners in supporting Identity Management Day. So many services – in banking, health care, government, and e-commerce – depend on knowing “who is on the other side” of a transaction. Today, the ability to offer high-value transactions and services online is being tested more than ever, due in large part to the challenges of proving identity online. The lack of an easy, secure, reliable way for entities to verify identities of people they are dealing with online creates friction in commerce, leads to increased fraud and theft, degrades privacy, and hinders the availability of many services online.

The good news is that these problems are not insurmountable; by making identity management a priority and investing in digital identity infrastructure, we will prevent costly cybercrime, give businesses and consumers new confidence, improve inclusion, and foster growth and innovation across our economy."


Tom Ammirati, CRO, PlainID

"Security risk vectors are dynamic and fluid, and as a result, data breaches continue to challenge even the most resilient of enterprise architectures. Historically, the root cause of the majority of breaches has been due to compromised credentials. As technologists, we are forced to evolve and innovate. To keep pace with the demands of digital work and life, organizations are implementing next level technologies, processes, and policies to ensure that trusted identities have authorized access to digital assets. The goal is to allow the ‘right’ users to have access to the ‘right’ resources - and to ensure the wrong ones don't. If we can do that, then potentially we can prevent many of these breaches."


Chad Thunberg, CISO, Yubico
"It's reported that small businesses generate 44% of the U.S.economic activity. Many of them are a vital part of the overall supply chain and partner ecosystem of larger organizations. With attackers increasing their focus on the supply chain, it is imperative that these SMBs adopt fundamental and important security practices including the use of phishing-resistant MFA protocols, like FIDO, that are available as part of many Single Sign-On solutions as indicated by the “Sign in with” buttons. SMBs should also strongly consider using cloud data storage to mitigate ransomware threats and a password vault for those sites that have yet to adopt modern authentication."


Kurt Baumgartner, principal security researcher, Kaspersky
"Kaspersky proudly supports Identity Management Day. According to our survey data, three out of four people use default security settings in apps and online services at least some of the time. In order to take proper care of their identities, we encourage people to always check security settings, tighten them where possible and limit what they share. We also urge people to use a unique password for every website, app and service and use two-factor authentication wherever it’s available, especially with bank accounts and credit cards."


Jon Shende, Board Member, MyVada

"Identity is our new security perimeter; close to 60% of the data breaches in 2021 exposed some form of PII with over 70% of such breaches including passwords. With the increase of “fuzzing” techniques to check variations of stolen passwords, identity attacks will only get more focused given the access an administrative or select user credentials will grant an attack targeting specific corporations and their systems."


Heath Spencer, CEO, TraitWare

"While Big Business dominates the headlines for cyber-attacks, the SMB often underestimates the need for proper Identity and Access Management. Often ill-prepared, the SMB is therefore a prime target for attack – presenting low risk and high return for the cybercriminal.
All companies need to improve security now to avoid disaster – with 2 must-haves: SSO and MFA. Multiple sets of employee credentials for access to various applications increase friction, cost, and risk. A setup that combines passwordless MFA with SSO vastly reduces risk by eliminating phishable credentials and shrinking the attack surface, while also reducing company costs and friction.

There are different ways to enter a structure. There are different ways to enter digital environments as well. The easiest path of least resistance for a bad actor as well as an upstanding citizen is the front door. So our access through that front door ["legacy login," with a username and password] is still the number one cause of data breach and why we need to address at least looking at how we modernize the front door lock."


Sandy Bird, CTO and Co-Founder of Sonrai Security

"Excessive access will run rampant in the post-Covid cloud. However, most organizations no longer have this visibility making it easier for insiders to continue to do damage undetected."


Nelson Moulton, Security and Network Operations Director at PacificEast

"When InfoSec people refer to the CIA of cybersecurity, they’re usually talking about the Confidentiality, Integrity, and Availability of the data we work to protect and not the three-letter government entity. These three tenets of security are fundamentally dependent on trusting the identity of the user accessing the data; without surety of identity, how do you build trust about who can or cannot access what, where, when and how? In our remote workforce world, assuring the identity of BYOD users has presented a challenge to many SMB organizations. This demand has led to impressive growth and accessibility of trusted identity management solutions that enable us to work together, even when we’re apart."


John Reade, Information Systems Director at Quanterion Solutions Incorporated
"Small businesses often struggle to develop and implement a plan for securing their identities due to a lack of time and resources. A strategy for securing digital identities may involve identification of the need; planning, developing, testing and implementing the response; and finally, monitoring and maintaining the procedures and any software used. Those steps can become overwhelming for small businesses with staff shortages, small budgets or limited time.

However, securing identities can be tackled one project at a time. Setting up multi-factor authentication, using password managers, creating processes for identity data management, and scheduling automatic updates are all a great place to start."



"According to the National Cybersecurity Alliance and CyBSafe study, "Oh Behave!" 53% of employees don't think it is their responsibility to protect company online information. When you think about it, this is because the tech industry has always said "we control access" and "we control the technology," but that isn't necessarily true. Employees who use the information each day control that information. We believe in giving employees the critical thinking skills and tools to protect customer and company information."


Carla Roncato, Founder of Authora Research

"Whether you follow a zero-trust framework or not, identities are a critical control point for all organizations due to their ubiquitous use in our digital world. For many organizations, every day is identity management day--considering the amount of unprecedented attrition in the workforce coupled with persistent identity-based attacks-- there is no better time to spotlight how critical identity-security has become globally."


Adil Khan, CEO, SafePaaS

"We all know that companies are going to get attacked. The question is, what are you doing when somebody gets in your network to protect your data and not just your identity? Knowing identities is half the battle when it comes to mitigating risk."


Jason Lim, Founder and CEO, Cydentiq Sdn Bhd

"Identity security is not just about ticking a checkbox to satisfy your compliance, it is part of your business. You can't run a business without giving access to your employees or contractors. Identity security is not a one-time project, it is a journey. A journey that includes a series of initiatives that are incorporated with strategy, capabilities, vision, people, process and technology to continuously address the ever-changing identity landscape in the business."


Greg Smith, Solutions Architect at Radiant Logic

"Although only in its second year, Identity Management Day is already doing its job of highlighting the importance of securing and managing digital identities. In the past, Identity and Access Management (IAM) has been an afterthought – organizations didn’t recognize that not having a handle on identity management can cause a genuine security risk to the business. However, according to recent research, security professionals named an identity management solution as the number one priority to address their current security gaps. Evidently, IAM is becoming recognised as an important process to have within a business.

This has been particularly apparent in the past year as governments implement more initiatives ensuring organizations follow best cybersecurity practices, including identity management. The recent White House Zero Trust strategy is a prime example, stressing the significance of consolidating identity systems so that protections and monitoring can be applied.

We have seen, however, that all too often organizations store identity data across different applications, which all use a variety of protocols and therefore cannot communicate with each other. What’s more, the number of identities relating to a business is expanding, and as the IT estate grows, the more unwieldy it becomes. This is called identity sprawl, which inevitably hampers the ability of organizations to manage, audit, and control digital identities.

New security frameworks such as zero trust rely on accurate and accessible information about the people, objects, and devices that interact with its network. And it’s the quality, granularity, and availability of that information that determines the security or vulnerability of the organization. Managing this identity data is essential in order to understand the security risks to the business.

So, what is needed going forward for 2022, and what can we learn this Identity Management Day? Having a unified and logical identity system, such as an identity data fabric, is crucial. An identity data fabric provides a connective layer that sits between consumers of identity (applications, services, as well as other identity solutions that provide access management and governance) and all the silos of identity data. Applications now have one re-usable service that they can connect to for unified and normalized identity data, on-premise or in the cloud, using the format and protocol of their choice. As a result, applications can effectively delegate the complex identity integration work to the fabric and focus on the core capabilities they were designed for.
A single version of identity truth – one place to go to get everything that’s needed, in exactly the right format every time – is something that organizations should consider when moving forward with their identity management plans. The ease of which this solution can be applied to a business will mean organizations will have a better security posture because their identity data is in one place. A flexible and manageable resource will ensure that organizations are able to finally gain control over their identity data, and turn it into something that works for the business."


Mike Pedrick, VP of Cybersecurity Consulting at Nuspire

"In the enterprise space, users are most likely to adopt good security and privacy hygiene when they can tie organizational policy to their personal life - in the larger conversation surrounding identity management, this becomes paramount. 'Identity theft' has been a household phrase for decades now, though for many folks, they're most concerned about having to deal with convincing their credit card providers that recent purchases are not theirs.

It isn't hyperbolic to say that, in terms of digital identity, identity theft means that for the period that the attacker has an individual's identity, for all intents and purposes, and in many of the ways that matter, that attacker IS the individual.

At home, this means that they can have devastating impacts on the individual's finances, credit profile, even their social relationships. But at work, a digital identity compromise at the individual level can have catastrophic effect for the business. For this reason, it isn't enough for cybersecurity, risk and privacy leaders to defend the organization - they must also arm individual employees with the tools and knowledge they need to responsibly protect their digital identities at home AND at work."


Philipp Pointner, Chief of Digital Identity, Jumio

"Identity Management Day highlights the importance of keeping our digital identities secure and promotes the use of identity-centric security best practices. As the cybersecurity landscape evolves, business leaders and IT decision makers must remain aware of the new ways that hackers are able to steal identity-related information. Credentials still remain one of the most coveted data types for hackers. Sixty percent of hacking-related data breaches are linked to stolen or lost credentials. Therefore it is crucial that organizations implement identity-centric best practices to keep employee and customer  information safe and secure.

To ensure the security of customers and employee identity information, companies must strengthen their security protocols to prevent hackers from stealing credentials from all angles. For example, utilizing stronger identity verification capabilities like multi-factor authentication (MFA) with biometrics to confirm a user is who they are claiming to be protects credentials even further. By properly verifying users using biometrics and utilizing multiple enhanced security measures like MFA, organizations can contribute to a safer internet community and keep digital identity information out of harm's way."


Asanka Abeysinghe, Chief Technology Evangelist, WSO2
"Organizations now view their ability to create trusted digital experiences as a significant opportunity to build customer loyalty and gain a competitive advantage. Customer identity and access management (CIAM) is playing a central role in maintaining trusted relationships with consumers online.  
Consumers not only use their digital identities online to pay bills, set up doctor’s appointments, or shop at a favorite retailer’s website, but also increasingly in the digital-physical mashups such as using an Amazon dash button or experiences inside a department store built via iBeacon detection, etc. They want to be sure that those organizations know who they are, protect their privacy, and let them control how their personal data is shared.
We are seeing more software developers assuming responsibility for incorporating security into the applications driving consumers’ digital experiences. This is driving the demand for cloud based highly automated solutions that allow developers to quickly and easily add CIAM functionality without having to become security software experts."


Renjith Babu, VP of Solution Engineering at Cloudentity

"Identity-related data breaches are becoming increasingly common, making it critical for IT and security teams to properly manage and consistently secure all digital identities in their environment. Organizations that implement the necessary level of security that supports context-based, granular authorization for APIs as well as a Zero Trust API Authorization approach have the greatest chances of protecting themselves against cybercriminals looking to get ahold of valuable data.
According to Gartner, APIs are expected to be the most frequent attack vector in 2022, and API protection is a key component in managing both human and machine identities. Digital identities work to protect sensitive data and affect how we interact with each other, access technology and complete transactions. When these digital identities are impacted by threats, necessary routine processes are disrupted and often left inaccessible. To ensure that digital identities exist with the highest level of protection, organizations must design and execute an effective identity management strategy that protects their APIs, as well as ensure that this strategy is securely operated within automated identity, authorization, consent and governance guardrails. With these controls in place, organizations can trust that digital identities stored within their IT systems are well-protected and maintain data security."


Published Tuesday, April 12, 2022 7:30 AM by David Marshall
Filed under: , ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2022>