Highlights –
- Entra Identity Governance, which brings new features, including lifecycle workflows to ease identity management and governance across clouds, devices, apps, and more, was officially launched by Microsoft today at Microsoft Ignite 2022.
- Microsoft also revealed the release of Microsoft Defender for DevOps, a tool that allows developers to find and fix code flaws before they affect production environments.
Regarding the enterprise attack surface, few infrastructure components are exploitable as identities. Research indicates that over 40% of all breaches contained stolen credentials, indicating that cybercriminals are constantly working to exploit digital identities. An individual can access all of the user’s downstream systems by stealing their identity.
It is here that at the Microsoft Ignite 2022 event, Microsoft announced Entra Identity Governance, which brings new features, including lifecycle workflows, to ease identity management and governance across clouds, devices, apps, and more.
The update supports Microsoft’s expanding ecosystem of identity protection solutions meant to guarantee that only the appropriate users, devices, apps, and services can access the proper resources at the right time.
Additional announcements: Microsoft Defender for DevOps and CSPM
Additionally, Microsoft introduced Workload Identities, a solution that can help manage identity and access for digital workloads, and Certificate-based Authentication (CBA), a phishing-resistant multifactor authentication option.
Microsoft also revealed the release of Microsoft Defender for DevOps, a tool that allows developers to find and fix code flaws before they affect production environments.
Last but not least, the company announced the launch of Microsoft Defender Cloud Security Posture Management, a service that can identify potential weaknesses in an enterprise environment for businesses to prioritize software upgrades and address possible exploits.
Future of identity management
The introduction of Entra Identity Governance has the potential to be the most disruptive of all the announcements made at the event.
According to the Identity Defined Security Alliance (IDSA), 84% of the firms witnessed an identity-related breach in the previous year. One of the factors contributing to this high prevalence of exploitation is that managing identities has become even more difficult.
“Every organization’s IT landscape will continue to evolve. Cloud adoption, cross-company collaboration, and the types and quantities of identities are all growing, while attackers continue to get smarter and more sophisticated,” according to Joy Chik, Microsoft’s President of identity and network access.
He added, “Appropriate checks and balances might limit the damage if bad actors gain access to an enterprise. That’s why it’s important to ensure that only the right people have the right access to resources for the right amount of time. But since this is a non-trivial task that IT can’t do alone, governance solutions are critical.”
To secure their environments, companies must not just secure user identities and accounts but also protect machine identities. Entra Identity Governance’s goal is to tackle this issue head-on.
“Most current identity systems were designed to manage human identities, but workloads, such as applications and services, also need identities so they can access cloud resources and communicate with other non-human identities,” according to Chik.
As with human identities, each machine ID, or “workload identities,” as Chik terms them, needs to be protected, maintained, and validated. Entra attempts to handle this issue throughout the whole machine identity lifetime.
This is a crucial aspect of business security, given that machine identities currently outweigh human identities by a factor of 45.
Examining the market for identity governance and administration
Researchers predict that by 2023, the identity governance and administration market will expand from USD 3.8 billion in 2018 to USD 7.7 billion. No wonder identity governance is becoming a priority for more and more enterprises.
The SailPoint Identity Platform, which automates the discovery, management, and control of all users, is one of Microsoft’s key rivals in the market.
This methodology has been designed to secure remote working environments under the zero-trust security model, offering security teams the power to control access to cloud platforms like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), with automated onboarding and offboarding.
The most recent revenue announcement from Sailpoint was a USD 134.3 million revenue raise in the second quarter of 2022.
Okta, a provider of identity and access management, is a critical rival in the market with its popular product – Okta Lifecycle Management.
The solution is built to automatically onboard and offboard customers, partners, vendors, and staff. Okta recently disclosed generating USD 383 million in sales in the fourth quarter of 2022.
Accessibility, in Chik’s opinion, is what sets Entra Identity Governance apart from its competing products.
“Our customers have told us that traditional identity governance solutions are frustrating and resource-intensive to use. They do not scale easily to the needs of hybrid and cloud environments, and they require integration with identity and access management systems,” according to Chik.