Identity management is an increasingly tricky area for many enterprises to manage in the age of remote working and third-party onboarding. The phenomenon known as identity sprawl has surged during the COVID-19 pandemic and not all companies are coping.

That’s the focus of a survey of more than 1,009 information technology professionals released today by One Identity LLC.

Because of the pandemic, more than 80% of respondents said, the number of identities they managed has more than doubled, with 25% reporting a 10-fold increase during the period. Identity sprawl has driven an increase in internal, third-party and customer accounts, machine identities and new accounts generated in response to the shift to remote work.

As businesses seek to optimize their overall cybersecurity posture, identity sprawl is described as one critical obstacle to overcome  More than half of respondents said they use more than 25 different systems to manage access rights, with one in five respondents using more than 100. A second challenge is the fragmented way most organizations address identity security. Just over half of respondents stated that multiple silos yield a lack of visibility regarding who has access to what system.

Management of identity silos was also found to be an ongoing issue. A full 85% of organizations have employees with more privileged access than necessary, making it easier for bad actors to exploit unknowing internal stakeholders to gain access to a given organization. Only 12% of information technology professionals said they are fully confident they can prevent a credential-based attack, where attackers steal insider credentials to gain initial access, bypassing an organization’s security measures.

The need for an end-to-end approach for identity security was also noted, with half of the respondents stating that an end-to-end unification of identities and accounts is needed to better respond to evolving market conditions.  Nearly two-thirds of respondents said a unified identity and access management platform would streamline their business’s approach.

On the security side, 66% identified ransomware as a risk, followed by phishing at 54%. Robotic process automation security concerns were also noted, with 94% of those who have deployed bots or RPA saying they had issues.

“Virtually every day we see a new cyber incident make headlines, in large part because organizations are managing more identities than ever before and because they are unable to attain a 360-degree view of all their identities,” Bhagwat Swaroop, president and general manager of One Identity, said in a statement. This “creates gaps, inconsistencies and expands windows of exposure,” Swaroop added.

Image: Pxfuel