Identity sprawl is a common issue that organizations face, especially those that don\u2019t enforce single sign-on (SSO) capabilities across all user accounts. It\u2019s a problem that\u2019s becoming more and more apparent as breaches continue to occur and organizations realize that every new identity one of their users creates is a shiny new attack vector ready to be exploited by bad actors.<\/p>\n\n\n\n
Identity sprawl happens when users create a variety of different identities across their work resources, and those accounts typically go unmanaged. The best way to estimate how big this issue is in your organization is to estimate the average number of resources each employee needs access to (including apps, devices, networks, websites, etc.) and multiply that number by how many employees you have. <\/p>\n\n\n\n
This number might be intimidating, but the key here is to focus on dealing with the unnecessary identity sprawl your organization has, as opposed to the necessary identity sprawl that all organizations have. <\/p>\n\n\n\n
The difference?<\/p>\n\n\n\n
Necessary identity sprawl<\/strong> occurs when an employee uses more than one identity to access their resources, and there is no immediate or reasonable way to avoid that.<\/p>\n\n\n\n
Unnecessary identity sprawl<\/strong> occurs when an employee uses more than one identity to access their resources, and the issue can be remedied via a tool such as single sign-on with minimal to no adverse effects on the general user experience.<\/p>\n\n\n\n
Let\u2019s say one user in your organization has 20 different identities across all of their resources with some username or password reuse<\/a>, or they use slight variations of the same username and password. A breach occurs, and one set of that user\u2019s credentials becomes compromised, and unfortunately, that user created an identity that gives them access to a critical company resource with those compromised credentials. As it happens, luck is not on that user\u2019s side that day, and a bad actor quickly gains access to that critical resource before the user is even aware that a breach involving their credentials and data has occurred.<\/p>\n\n\n\n
These two scenarios are meant to highlight the security issues that accompany identity sprawl, but too much identity sprawl can also affect whether your organization can maintain or even achieve compliance<\/a>. Identity sprawl is a security problem because each identity is its own attack vector, and the more attack vectors your organization has, the larger its attack surface, making it easier for bad actors to hone in on it and attempt to cause damage. <\/p>\n\n\n\n
The best way to avoid identity sprawl is through the use of single sign-on<\/a>. SSO enables users to access their resources with a single, secure identity. This eliminates the need for employees to create a new account for each resource they use for work, thus reducing identity sprawl significantly. This also improves security, because employees will no longer need to write down or store different credentials in insecure places (a sticky note, a note file on their device, etc.) for different resources to remember and keep track of them.<\/p>\n\n\n\n
However, using SSO on its own doesn\u2019t necessarily solve the entire problem. It\u2019s integral to use layered security measures in conjunction with SSO, such as multi-factor authentication (MFA)<\/a>, conditional\/dynamic access policies<\/a>, as well as a modern password manager<\/a> to help generate and store unique, complex passwords. This way, if a user does fall victim to a phishing scam or anything else happens to compromise their credentials, there are extra security measures in place to not only deny access to bad actors, but to give IT a heads up that something might be off.<\/p>\n\n\n\n
How this all comes to life: <\/strong><\/p>\n\n\n\n
Using all of these features together not only reduces identity sprawl significantly, but it also dramatically improves security<\/a> across your entire organization in ways that aren\u2019t possible with unchecked identity sprawl.<\/p>\n\n\n\n
If you\u2019re interested in adopting any of these features, they\u2019re all included in the JumpCloud Directory Platform<\/a>. Use this open directory platform to unify all of your identity, access, and device management needs to ensure the security of your users and their resources. <\/p>\n\n\n\n
Check out the SSO, MFA, conditional access, and password manager features, among many other useful capabilities. Try JumpCloud for free by creating a JumpCloud Free account<\/a> \u2014 add up to 10 users and 10 devices to your account, free of charge, and see if it\u2019s right for your organization before committing to anything. <\/p>\n","protected":false},"excerpt":{"rendered":"