{"id":85249,"date":"2023-05-18T11:30:00","date_gmt":"2023-05-18T15:30:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=85249"},"modified":"2023-05-18T12:12:11","modified_gmt":"2023-05-18T16:12:11","slug":"mitigating-identity-sprawl","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/mitigating-identity-sprawl","title":{"rendered":"Mitigating the Identity Sprawl Problem"},"content":{"rendered":"\n

Identity sprawl is a common issue that organizations face, especially those that don\u2019t enforce single sign-on (SSO) capabilities across all user accounts. It\u2019s a problem that\u2019s becoming more and more apparent as breaches continue to occur and organizations realize that every new identity one of their users creates is a shiny new attack vector ready to be exploited by bad actors.<\/p>\n\n\n\n

What Is Identity Sprawl?<\/h2>\n\n\n\n

Identity sprawl happens when users create a variety of different identities across their work resources, and those accounts typically go unmanaged. The best way to estimate how big this issue is in your organization is to estimate the average number of resources each employee needs access to (including apps, devices, networks, websites, etc.) and multiply that number by how many employees you have. <\/p>\n\n\n\n

This number might be intimidating, but the key here is to focus on dealing with the unnecessary identity sprawl your organization has, as opposed to the necessary identity sprawl that all organizations have. <\/p>\n\n\n\n

The difference?<\/p>\n\n\n\n

Necessary identity sprawl<\/strong> occurs when an employee uses more than one identity to access their resources, and there is no immediate or reasonable way to avoid that.<\/p>\n\n\n\n

Unnecessary identity sprawl<\/strong> occurs when an employee uses more than one identity to access their resources, and the issue can be remedied via a tool such as single sign-on with minimal to no adverse effects on the general user experience.<\/p>\n\n\n\n

\"An
An example of unnecessary identity sprawl in action \u2014 a user chooses to enter their email and create a new password to log in to a new app, rather than choosing a single sign-on option.<\/figcaption><\/figure>\n\n\n\n

Why Avoiding Identity Sprawl Is Important<\/h2>\n\n\n\n

One stat shows that at least 30,000<\/a> websites are hacked daily. If one of your organization\u2019s users has an account on one of those websites, or their information is obtained through other means, that user and now your company\u2019s data are both at risk. This is especially true when users fall victim to identity sprawl.<\/p>\n\n\n\n

Security and Compliance Implications<\/h3>\n\n\n\n

Let\u2019s say one user in your organization has 20 different identities across all of their resources with some username or password reuse<\/a>, or they use slight variations of the same username and password. A breach occurs, and one set of that user\u2019s credentials becomes compromised, and unfortunately, that user created an identity that gives them access to a critical company resource with those compromised credentials. As it happens, luck is not on that user\u2019s side that day, and a bad actor quickly gains access to that critical resource before the user is even aware that a breach involving their credentials and data has occurred.<\/p>\n\n\n\n

On top of that, a few weeks back, a different user got an email that looked completely legitimate, and they followed a link that requested they enter their username and reset their password. And, unfortunately, this user also reuses slight variations of that username and password combination across different work resources. Now a different bad actor has gained access to multiple resources within your organization and is in the process of causing substantial damage.<\/p>\n\n\n\n

These two scenarios are meant to highlight the security issues that accompany identity sprawl, but too much identity sprawl can also affect whether your organization can maintain or even achieve compliance<\/a>. Identity sprawl is a security problem because each identity is its own attack vector, and the more attack vectors your organization has, the larger its attack surface, making it easier for bad actors to hone in on it and attempt to cause damage. <\/p>\n\n\n\n

Identity sprawl then becomes a compliance issue when those identities are not centrally monitored, managed, or secured by IT. It can be difficult or even impossible to achieve compliance, depending on the standard, if users have numerous identities floating around on the web that are completely uncontrolled by your organization.<\/p>\n\n\n\n

How to Avoid Identity Sprawl<\/h2>\n\n\n\n

The best way to avoid identity sprawl is through the use of single sign-on<\/a>. SSO enables users to access their resources with a single, secure identity. This eliminates the need for employees to create a new account for each resource they use for work, thus reducing identity sprawl significantly. This also improves security, because employees will no longer need to write down or store different credentials in insecure places (a sticky note, a note file on their device, etc.) for different resources to remember and keep track of them.<\/p>\n\n\n\n

However, using SSO on its own doesn\u2019t necessarily solve the entire problem. It\u2019s integral to use layered security measures in conjunction with SSO, such as multi-factor authentication (MFA)<\/a>, conditional\/dynamic access policies<\/a>, as well as a modern password manager<\/a> to help generate and store unique, complex passwords. This way, if a user does fall victim to a phishing scam or anything else happens to compromise their credentials, there are extra security measures in place to not only deny access to bad actors, but to give IT a heads up that something might be off.<\/p>\n\n\n\n

How this all comes to life: <\/strong><\/p>\n\n\n\n