{"id":18579,"date":"2018-08-09T14:16:44","date_gmt":"2018-08-09T18:16:44","guid":{"rendered":"https:\/\/www.jumpcloud.com\/?page_id=18579"},"modified":"2023-01-11T13:24:32","modified_gmt":"2023-01-11T18:24:32","slug":"why-its-time-to-take-identity-security-seriously","status":"publish","type":"resource","link":"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously","title":{"rendered":"Why It\u2019s Time to Take Identity Security Seriously"},"content":{"rendered":"<div class=\"wpb_row vc_row vc_row-fluid  mk-fullwidth-false  attched-false     js-master-row  mk-grid mk-in-viewport\" data-mk-stretch-content=\"true\">\n<div class=\"vc_col-sm-9 wpb_column column_container   _ height-full\">\n<div class=\" vc_custom_1555100436124\">\n<div id=\"text-block-8\" class=\"mk-text-block   \">\n<p>Phishing, stolen identities, and weak passwords were the leading causes of data breaches in 2018<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>1<\/sup><\/a>, placing users and their credentials at the forefront of your network defenses. This reality hasn\u2019t caught up with most organizations, though. According to Gartner, companies were predicted to spend $96.3 billion on security in 2018. Yet, only $4.7 billion was supposed to go towards identity and access management, while the rest was supposed to go towards infrastructure protection, network security equipment, security services, and consumer security software<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>2<\/sup><\/a>.\u00a0Spending more on segments like security services and infrastructure protection may have been adequate a decade ago, but today\u2019s prevalent cloud-forward IT environments call for an approach that takes <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-identity-management\">identity security<\/a> more seriously. Those who have experienced a data breach would agree, with 68% of executives acknowledging that a larger investment in identity and access protection could have helped in preventing a breach<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>3<\/sup><\/a>.<\/p>\n<h4>After all, consider this:<\/h4>\n<ul>\n<li class=\"clearboth\">\n<p>191 accounts used by the average user<\/p>\n<\/li>\n<li class=\"clearboth\">\n<p>10% of those accounts are controlled by IT**<\/p>\n<\/li>\n<li class=\"clearboth\">\n<p>61% of users leverage same or similar passwords across all online resources*<\/p>\n<\/li>\n<li class=\"clearboth\">\n<p>123456 &amp; password are the top 2 most popular passwords of 2018***<\/p>\n<\/li>\n<li class=\"clearboth\">\n<p>446 million records were exposed in 2018 alone.\u2020<\/p>\n<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"wpb_row vc_row vc_row-fluid  mk-fullwidth-false  attched-false     js-master-row  mk-grid mk-in-viewport\" data-mk-stretch-content=\"true\">\n<div class=\"vc_col-sm-9 wpb_column column_container   _ height-full\">\n<div class=\" vc_custom_1555101921924\">\n<div id=\"text-block-23\" class=\"mk-text-block   \">\n<p>With the amount of records exposed in 2018, that\u2019s enough to have affected the entire U.S. population and then some. This means that a majority of your employees have compromised credentials.\u00a0 To make matters worse, over half of your employees are using the same passwords across accounts, and those are supposed to guard access to your company\u2019s data. So, it\u2019s only a matter of time before a hacker finds one of your employee\u2019s reused passwords from the 1.4 billion available on the dark web<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>7<\/sup><\/a>\u00a0and uses it to try to gain access to your digital assets. If you do have identity security in place, more than likely you are utilizing an antiquated solution that is putting you in a weak position to defend your digital kingdom. If you don\u2019t have any identity management solutions in place, you are open to a world of risk and expense.<\/p>\n<p>So, why are 60% of execs who haven\u2019t experienced a breach still expecting to allocate most of their security budget to creating a strong perimeter even though the number one attack vector is identities<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>3<\/sup><\/a>? Why are legacy identity management solutions no longer sufficient? The answer to both of these questions requires a deep dive into why it\u2019s time to take identity security seriously.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"what-is\">First, What Exactly is Identity Security?<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/id-badge-2.png\" alt=\"Cloud identity security for MSPs\" class=\"wp-image-17137\" width=\"179\" height=\"179\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/id-badge-2.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/id-badge-2-80x80.png 80w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/id-badge-2-300x300.png 300w\" sizes=\"(max-width: 179px) 100vw, 179px\" \/><\/figure><\/div>\n\n\n<p>Most would define identity security as the practice of ensuring that only the right people are accessing company resources; it also includes verifying users are who they say they are when they authenticate to a resource. Effective identity security usually involves having an identity and access management (IAM) solution in place that allows IT admins to centrally manage user identities and their access to IT resources. With an IAM solution, IT admins can enforce password complexity requirements, MFA, and securely provision\/de-provision access throughout the network\u2014components that are vital to any solid identity security strategy whether your network is in the clouds or on-prem.<\/p>\n\n\n\n<h2 class=\"past wp-block-heading\">Identity Security in the Past<\/h2>\n\n\n\n<p>Historically, identity security has been in the background of most security strategies, while the focus has been on fortifying the network perimeter. This worked okay in the past because resources only existed within the corporate network, behind firewalls, on-prem. This made it possible to keep them safely insulated from the \u2018world\u2019 (read: internet) , behind a heavily fortified perimeter. To access anything, employees would have to be physically inside the office and on its secure network, or gain access to it via VPN. Additionally, employees only needed a limited amount of IT resources to do their job, so there was a very limited number of touchpoints to keep track of.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/ad-centralized-before-the-rise-of-the-cloud-1030x1030.png\" alt=\"\" class=\"wp-image-16844\" width=\"249\" height=\"249\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/ad-centralized-before-the-rise-of-the-cloud-1030x1030.png 1030w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/ad-centralized-before-the-rise-of-the-cloud-80x80.png 80w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/ad-centralized-before-the-rise-of-the-cloud-300x300.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/ad-centralized-before-the-rise-of-the-cloud-768x768.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/ad-centralized-before-the-rise-of-the-cloud.png 1084w\" sizes=\"(max-width: 249px) 100vw, 249px\" \/><\/figure><\/div>\n\n\n<p>Identity security also remained a silent partner for some time because it seemed to take care of itself. This was, in large part, due to the monopoly that Microsoft<sup>\u00ae<\/sup>&nbsp;had over the IT landscape. From Windows<sup>\u00ae<\/sup>systems and Microsoft Office<sup>\u00ae<\/sup>&nbsp;to Active Directory<sup>\u00ae<\/sup>&nbsp;and Windows Server<sup>\u00ae<\/sup>, it was difficult to get through a workday without using a tool from Microsoft. Buying into this setup, though, provided organizations with secure, centralized user and resource management. When someone on the internal network accessed an IT resource, IT would &nbsp;depend on Active Directory to ensure only the right people were obtaining access to valuable company data.<\/p>\n\n\n\n<p>This on-prem, Microsoft-centric environment led IT organizations to believe that they could trust the internal network communication taking place in their environment, and so that\u2019s why they focused their efforts on protecting the network perimeter. This approach was commonly thought of as \u201chard on the outside, and soft on the inside\u201d. Kind of like M&amp;Ms<sup>\u00ae<\/sup>, but there are digital assets at the center instead of chocolate.<\/p>\n\n\n\n<p>However, the IT landscape has undergone a substantial transformation over the last two decades as technologies have \u2018lifted and shifted\u2019 themselves to the cloud as subscribed-for services. This traditional on-prem approach to identity management, therefore, would show its strain and demonstrate itself as a non-viable and potentially insecure solution moving forward.<\/p>\n\n\n\n<h2 class=\"modern wp-block-heading\">The Impact of Modern Technology on Security<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/silver-lock.png\" alt=\"\" class=\"wp-image-17144\" width=\"199\" height=\"199\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/silver-lock.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/silver-lock-80x80.png 80w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/silver-lock-300x300.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/silver-lock-60x60.png 60w\" sizes=\"(max-width: 199px) 100vw, 199px\" \/><\/figure><\/div>\n\n\n<p>First, many IT resources have moved to the cloud, and now most environments are utilizing web-based applications, cloud servers, cloud file storage solutions, and more. Second, the number of providers and platforms that organizations depend on has increased dramatically with the shift to the cloud. In turn, this has multiplied the number of touchpoints that IT and information security teams have &nbsp;to keep track of.<\/p>\n\n\n\n<p>Fortunately, security methods have adapted accordingly in response to this explosion of diversity, and a new network security model was presented in 2009 that has redefined the relationship between IT organizations, users, and their data. It\u2019s called Zero Trust Architecture or Zero Trust Security, and this updated network security model has been widely adopted since it burst on the scene, blueprinting how system resources and digital assets can be fortified with security from the inside out. The idea is relatively simple\u2014by necessity, all network traffic and network users can\u2019t be trusted. When implemented correctly, cybercrime can then be spotlighted and eradicated before it ever grows out of control.<\/p>\n\n\n\n<p>Zero Trust Security is predicated on three core concepts to help redesign security throughout a network<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>8<\/sup><\/a>. Networks must be:<\/p>\n\n\n\n<ol>\n<li>Easily managed and segmented for security and compliance<\/li>\n\n\n\n<li>Domain-less effectively (the concept of a centralized network won\u2019t exist)<\/li>\n\n\n\n<li>Centrally managed from a single console<\/li>\n<\/ol>\n\n\n\n<p><strong>The last concept, central management for all networking elements, was further described as the \u201ckey to creating the network of the future.\u201d<\/strong><a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup><strong>8<\/strong><\/sup><\/a><strong>&nbsp;However, organizations have found it difficult to create a centralized management system for all of their networking elements, and subsequently, they have lost their control over identity security as well. So, why is this a challenge?<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"decentralized\">Identity Security, Decentralized<\/h2>\n\n\n\n<p>The most ubiquitous directory service (Active Directory) was built to support on-prem, Microsoft-based IT resources, so IT admins have had to resort to a patchwork of independent vendors to assist with the secure management and \u2018binding\u2019 to Active Directory. These have included utilities to manage privileged user access to non-Microsoft servers; deploying SAML and other identity federation technologies to secure web based applications; specialized MDM solutions to control non-Windows systems; and more.<\/p>\n\n\n\n<p>Sadly, these options have only ended up creating cumbersome workflows, introducing complex vendor relationships, and ultimately, increasing costs. Given this, it\u2019s understandable why a good number of organizations have been slow to pour more resources into identity security solutions like identity and access management.<\/p>\n\n\n\n<p>Yet, continuing to remain complacent about identity security will only increase your chances of getting breached, and here\u2019s why: \u201cThe average company currently uses 1,083 cloud services in total.\u201d If that\u2019s not alarming, consider that only 108 of these are known services\u2014meaning 975 unknown services on average per company.<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>9<\/sup><\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">In other words:<\/h4>\n\n\n\n<ul>\n<li><strong>10%<\/strong> Environment Under IT&#8217;s Control<\/li>\n\n\n\n<li><strong>90%<\/strong> Environment Outside IT&#8217;s Control<\/li>\n<\/ul>\n\n\n\n<p>Further, the subscription-based, credit card model most applications leverage has made it too easy for entire departments of companies to bypass IT altogether to get the applications they want to use for their job. This has resulted in the proliferation of shadow IT where confidential streams of data exist outside of the walls of an IT organization\u2019s governance, and therefore, outside of IT admins control. In today\u2019s world, this is a nightmare for two reasons. One, company data is being accessed on upwards of 975 services that have little protection and oversight. Two, the little protection they do have is under the control of end users. What\u2019s wrong with this?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"human\">The Human Factor<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Human Factor 1: The Desire for Convenience&nbsp;&nbsp;<\/h3>\n\n\n\n<p>As a reminder from the introduction, 61% of users reuse passwords despite 91% knowing the security risks;<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>4<\/sup><\/a>&nbsp;the top two passwords for 2018 were 123456 and Password.<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>5<\/sup><\/a><\/p>\n\n\n\n<p>Why do users have such a hard time with passwords? Well, a study from the Old Dominion University discovered a couple of things that may explain why users have trouble with this component to their credentials. The study found that,<\/p>\n\n\n\n<p>&#8220;Users choose strong passwords only if they are willing to sacrifice convenience; it is not sufficient for them to simply understand it is important\u2026<sup><a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\">10<\/a><\/sup>&#8220;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/12\/Laptop-2-1.png\" alt=\"Identity management with OpenLDAP\" class=\"wp-image-10047\" width=\"220\" height=\"220\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/12\/Laptop-2-1.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/12\/Laptop-2-1-80x80.png 80w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2017\/12\/Laptop-2-1-300x300.png 300w\" sizes=\"(max-width: 220px) 100vw, 220px\" \/><\/figure><\/div>\n\n\n<p>The study was also able to determine that users&nbsp;<em>are<\/em>&nbsp;willing to sacrifice convenience for accounts, that if breached, would result in deep personal loss (e.g., bank accounts). For accounts like email, on the other hand, the study indicates that users have no interest in giving up convenience for security because when it comes down to it:<\/p>\n\n\n\n<p>&#8220;Users are not concerned about security issues unless they feel they will be affected if the account is misused.<sup><a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\">10<\/a><\/sup>&#8220;<\/p>\n\n\n\n<p>Ultimately, users engage in poor password habits because they think they won\u2019t be impacted by the consequences.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Human Factor 2: The Effect of Information Cascade &nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/men-in-black-with-blue-and-purple-ties.png\" alt=\"Individual user management platforms\" class=\"wp-image-25253\" width=\"212\" height=\"212\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/men-in-black-with-blue-and-purple-ties.png 501w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/men-in-black-with-blue-and-purple-ties-80x80.png 80w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/men-in-black-with-blue-and-purple-ties-300x300.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/men-in-black-with-blue-and-purple-ties-60x60.png 60w\" sizes=\"(max-width: 212px) 100vw, 212px\" \/><\/figure><\/div>\n\n\n<p>Another human factor that weakens security is a psychological phenomenon known as information cascade.<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>11<\/sup><\/a>&nbsp;Information cascade is the name for when a person notices the decisions of one person and decides to make the same decisions, even if they know it\u2019s wrong. According to a study from the University of Basel in Switzerland, people are especially prone to copying the decisions of their supervisors.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">The study found that:<\/h4>\n\n\n\n<p><strong>82%<\/strong> of participants agreed with the decision of their supervisor despite privately having a different opinion.<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>12<\/sup><\/a><\/p>\n\n\n\n<p>This means if a tenured employee stores their password on a sticky note that\u2019s attached to their monitor, other employees will notice and do the same, especially newer employees.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Human Factor 3: The Power of Curiosity<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/identity-security-and-phishing-2.png\" alt=\"\" class=\"wp-image-18626\" width=\"200\" height=\"131\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/identity-security-and-phishing-2.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/identity-security-and-phishing-2-300x197.png 300w\" sizes=\"(max-width: 200px) 100vw, 200px\" \/><\/figure><\/div>\n\n\n<p>Lastly, users are still prone to falling for phishing scams, and hackers are not looking to let up on this type of attack any time soon. The The 2018 Verizon Data Breach Investigation Report found that phishing was in the top three for the kinds of attacks that resulted in a security incident\/breach.<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>1<\/sup><\/a>&nbsp;One of the reasons users continue to fall for phishing attacks, despite security training, has to do with their curiosity. In fact, a study conducted at Friedrich-Alexander University, Germany, found the following with their participants:<\/p>\n\n\n\n<ul>\n<li><strong>45%<\/strong> fell for a phishing email even though<\/li>\n\n\n\n<li><strong>78%<\/strong> reported they were aware of the risks of clicking on unknown links.<\/li>\n<\/ul>\n\n\n\n<p>When asked why they clicked on the link, the large majority of participants said that it was due to curiosity.<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>13<\/sup><\/a><\/p>\n\n\n\n<p>Sophisticated attacks are another reason why users continue to fall for phishing scams. Verizon\u2019s 2017 Data Breach Digest<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>14<\/sup><\/a>&nbsp;presents an interesting example of one organization\u2019s experience with a phishing attack that ultimately led to fraudulent wire transfers:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/dark-hats.png\" alt=\"\" class=\"wp-image-18529\" width=\"215\" height=\"215\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/dark-hats.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/dark-hats-80x80.png 80w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/dark-hats-300x300.png 300w\" sizes=\"(max-width: 215px) 100vw, 215px\" \/><\/figure><\/div>\n\n\n<p>&#8220;An accountant within the organization received an email from \u201ca customer claiming to have paid a late invoice. The email instructed the accountant to click a link and provide their email domain credentials to authenticate and review the payment receipt.\u201d<\/p>\n\n\n\n<p>Once the attacker had gained these credentials, they used them to \u201clog into [the accountant\u2019s] email account and study [the organization\u2019s] wire transfer approval process by searching through emails. The threat actor even used previously sent invoices and tax forms to create fake versions that were used to\u2026fabricate an approval email chain that they sent to [the] Wire Transfers Department.\u201d Sadly, in this case the attackers ended up getting what they came for, and at the time of the Data Breach Digest being released, the organization was still working with law enforcement to recover their stolen funds.<\/p>\n\n\n\n<p>So while a user\u2019s curiosity is certainly a weakness, it\u2019s important to realize that hackers also employ cunning tactics that make it increasingly difficult to spot a phishing email from a real one. &nbsp;<\/p>\n\n\n\n<p>Even with threat actors\u2019 cleverness at play, these three factors illustrate who ends up guarding your company data when identity security isn\u2019t taken seriously: users who care more about convenience than the security of your company\u2019s data, who are too easily influenced by the behavior that\u2018s occurring around them, and who are up against clever hackers who exploit their curiosity. It\u2019s no wonder that users and their credentials were the largest attack vector in 2017\u2014they are easy pickings for hackers who understand how to leverage human psychology for their own selfish gain.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"steps\">Steps for Accelerating Identity Security<\/h2>\n\n\n\n<p>So, now that there is an understanding as to why it\u2019s time to take identity security seriously, it\u2019s time to transition into providing a few steps that your organization can take to accelerate your identity security strategy. Since the human element is at the center of whether or not identity security is a success, the solutions discussed below will help you counter users\u2019 curiosity and strong desire for convenience. After all, \u201cIn the big data era, insiders are exposed to increasing amounts of sensitive data, posing huge security challenges to organizations.\u201d<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>15<\/sup><\/a>&nbsp;Hence, the focus is on taking steps that strengthen the weakest link, whoever that may be.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Combating Curiosity<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/orange-and-blue-security-training.png\" alt=\"\" class=\"wp-image-25232\" width=\"231\" height=\"231\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/orange-and-blue-security-training.png 501w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/orange-and-blue-security-training-80x80.png 80w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/orange-and-blue-security-training-300x300.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/orange-and-blue-security-training-60x60.png 60w\" sizes=\"(max-width: 231px) 100vw, 231px\" \/><\/figure><\/div>\n\n\n<p>One way IT organizations can proactively address risk associated with user curiosity is by providing information security awareness training. When conducted in-depth, security awareness training has been shown to effectively teach users how to identify phishing&nbsp;techniques and improve their password and browsing habits. A 2010 study found that almost all of the participants involved with the study\u2019s security awareness training completed it with the \u201ccorrect idea about phishing and the dangers it poses both to the individual and to an organization.\u201d<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>16<\/sup><\/a>&nbsp;<\/p>\n\n\n\n<p>Additionally, the type of delivery method for security training was found to significantly impact users\u2019 understanding. A 2014 study on user preference for security training suggested that the best approach is to combine training methods and use them together to teach users about a specific cyber security topic. For example, the study focused on teaching users how to identify phishing attacks. They used a game-based training method to teach users what to look for in URLs in combination with text- and video-based training methods to cement their knowledge. The study found that users gain a more complete understanding from this multimodal approach, and almost all participants walked away with a correct idea about phishing.<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>17<\/sup><\/a>&nbsp;In theory, once phishing is recognized in the wild, the jig is up for hackers so to speak, and the temptation to open a curious email can be sidestepped.<\/p>\n\n\n\n<p>In addition to making sure employees understand email security, here are a few other recommended talking points that should be discussed in your quarterly security training:<\/p>\n\n\n\n<ul>\n<li><strong>IDENTITIES:<\/strong> Enable MFA everywhere possible and use passwords that are impossible to guess<\/li>\n\n\n\n<li><strong>SYSTEMS:<\/strong> Remember, don\u2019t insert flash drives of questionable origin and lock systems when leaving them unattended<\/li>\n\n\n\n<li><strong>BROWSERS:<\/strong> Use a reputable browser like Chrome, Safari, or Firefox, only add plugins if they have a true business need, use an ad blocker, and don\u2019t accept invalid SSL. certificates<\/li>\n\n\n\n<li><strong>PHONES:<\/strong> Have a PIN that wipes your phone after a certain number of incorrect attempts and have remote wipe enabled on your phone<\/li>\n<\/ul>\n\n\n\n<p>While security training is a fantastic starting point to mitigate human curiosity, technology can be a powerful layer to add to your security strategy; one that often works well at preventing users from making choices based on convenience.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Fighting Convenience with Convenience<\/h3>\n\n\n\n<p>In order to greatly combat the human factor of convenience, implementing single sign-on (SSO) technology has been recommended.<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>10<\/sup><\/a>&nbsp;This technology largely removes the temptation to repeat passwords for convenience. Thus, many security malpractices disappear.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/fighting-convenience-with-convenience.png\" alt=\"\" class=\"wp-image-18530\" width=\"207\" height=\"207\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/fighting-convenience-with-convenience.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/fighting-convenience-with-convenience-80x80.png 80w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/fighting-convenience-with-convenience-300x300.png 300w\" sizes=\"(max-width: 207px) 100vw, 207px\" \/><\/figure><\/div>\n\n\n<p>However, not all SSO solutions are created equal. In fact, the term \u2018SSO\u2019 has become synonymous with web-based authentication using AD credentials because most SSO providers emerged as a means to connect Active Directory to the flood of web-based applications that had emerged in the early 2000s. But, as mentioned a few sections ago, web-based applications were only part of the changes that have taken place in the IT landscape. Modern IT environments are also leveraging cloud infrastructure hosted in AWS<sup>\u00ae<\/sup>&nbsp;or Google Cloud Platform\u2122 , wireless networks, Mac<sup>\u00ae<\/sup>&nbsp;and Linux<sup>\u00ae<\/sup>&nbsp;systems, and file storage solutions like on-prem Samba-based file servers and cloud solutions such as Box\u2122, Google Drive\u2122, and more. Active Directory still does not natively support many of these modern IT resources. Therefore, solely implementing a web app SSO provider isn\u2019t going to be enough for effective identity security because cloud infrastructure, Mac and Linux systems, and file storage will each require additional third-party add-ons or remain outside of IT\u2019s control. In other words, your IT environment will largely remain decentralized and rely upon the \u2018patchwork\u2019 of vendors to ensure you\u2019re covered.<\/p>\n\n\n\n<p>Clearly, an effective identity security strategy doesn\u2019t benefit from an approach that utilizes AD and a string of third-party solutions. Instead, it needs a new kind of directory service altogether. One that joins the move to the cloud, embraces resources of all protocols, providers, and platforms, and securely connects users to their resources regardless of location. Such a solution would make it possible to centrally manage user authentication to all IT resources, giving IT full control and widespread visibility over their environment.<\/p>\n\n\n\n<p>Fortunately, there is one solution on the market that is providing a more comprehensive approach to SSO. By JumpCloud<sup>\u00ae<\/sup>, the concept of True Single Sign-On\u2122 is delivered via the Directory-as-a-Service<sup>\u00ae<\/sup>&nbsp;platform. And, by implementing a True SSO solution for the enterprise as a whole, users no longer have to remember multiple passwords.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"true-sso\">Securing Identities with True Single Sign-on\u2122<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" width=\"1030\" height=\"627\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/true-sso-systems-apps-networks-samba-1030x627.jpg\" alt=\"Endpoint management from Directory-as-a-Service\" class=\"wp-image-20275\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/true-sso-systems-apps-networks-samba-1030x627.jpg 1030w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/true-sso-systems-apps-networks-samba-300x183.jpg 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/true-sso-systems-apps-networks-samba-768x468.jpg 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/true-sso-systems-apps-networks-samba.jpg 1600w\" sizes=\"(max-width: 1030px) 100vw, 1030px\" \/><\/figure>\n\n\n\n<p>Leveraging True SSO with JumpCloud enables organizations to provide their end users with a single set of credentials to access virtually all of their IT resources, including systems, servers, applications, file storage, and networks. End users only have to remember one secure password instead of hundreds, providing users with a more convenient workflow. Additionally, this comprehensive approach to SSO provides IT admins with centralized control over user authentication and authorization. When used with JumpCloud\u2019s identity security features like MFA, Password Complexity Management, and SSH Key Authentication, IT is able to subtly guide users into making good identity security choices. For example, IT admins can ensure users are leveraging secure passwords and are rotating them on a regular basis. On top of that, IT can enable MFA across Mac and Linux systems as well as the JumpCloud admin and user console. This increases security around users accessing applications, tightens administrative access control, and bolsters Mac and Linux device security. Lastly, SSH authentication no longer has to be a hassle. Users can conveniently manage their public SSH keys without any intervention from IT\u2014improving efficiency and security.<\/p>\n\n\n\n<p>While you can\u2019t stop hackers and bad actors from using phishing techniques to obtain your users\u2019 credentials, what you can do is start taking action now to ensure their efforts to steal digital assets are in vain. Dumping the majority of your security budget into fortifying the perimeter with anti-malware, firewalls, IDS, and \u201canomaly threat\u201d detection solutions has been shown to be a dated security strategy, and hackers are well aware that the weakest link lies within. As Zohar Steinberg, CEO of the security-driven payment company Token, once said:<\/p>\n\n\n\n<p>\u201cAny piece of your personal information, when in malicious hands, can be considered serious. Often times, once hackers get a hold of certain pieces of personal information, they can use various techniques to get more, so even something as an email can seem harmless, but can eventually lead to other information being stolen from that first step.\u201d<a href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\/#Sources\"><sup>18<\/sup><\/a><\/p>\n\n\n\n<p>Take it from the execs who have experienced a data breach and upgraded their identity security game: revamping your identity security approach is fundamental for avoiding data breaches and defending the long-term success of your enterprise.<\/p>\n\n\n\n<div class=\"wp-block-cgb-block-container container has-text-centered\">\n<a class=\"wp-block-cgb-button button is-primary-green is-medium\" href=\"https:\/\/jumpcloud.com\/demo\/\">Learn More About JumpCloud<\/a>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"sources\">Sources<\/h2>\n\n\n\n<ol>\n<li><em>2018 Verizon Data Breach Investigations Report<\/em>. Report. 2018. Accessed July 31, 2018.&nbsp;<a href=\"http:\/\/www.documentwereld.nl\/files\/2018\/Verizon-DBIR_2018-Main_report.pdf\">http:\/\/www.documentwereld.nl\/files\/2018\/Verizon-DBIR_2018-Main_report.pdf<\/a>.<\/li>\n\n\n\n<li>\u201cGartner Forecasts Worldwide Security Spending Will Reach $96 Billion in 2018, Up 8 Percent from 2017.\u201d Hype Cycle Research Methodology | Gartner Inc. December 7, 2017. Accessed July 31, 2018.&nbsp;<a href=\"https:\/\/www.gartner.com\/newsroom\/id\/3836563\">https:\/\/www.gartner.com\/newsroom\/id\/3836563<\/a>.*<\/li>\n\n\n\n<li>*Editors, Forbes Technology Council. \u201cCEO Disconnect On Cybersecurity Increases Risk Of Breaches.\u201d Forbes. March 21, 2018. Accessed July 31, 2018.&nbsp;<a href=\"https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2018\/03\/21\/ceo-disconnect-on-cybersecurity-increases-risk-of-breaches\/#4ec28f393e53\">https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2018\/03\/21\/ceo-disconnect-on-cybersecurity-increases-risk-of-breaches\/#4ec28f393e53<\/a>.<\/li>\n\n\n\n<li>**\u201dThe Password Expose.\u201d LastPass. November 1, 2017. Accessed July 31, 2018.&nbsp;<a href=\"https:\/\/lp-cdn.lastpass.com\/lporcamedia\/document-library\/lastpass\/pdf\/en\/LastPass-Enterprise-The-Password-Expose-Ebook-v2.pdf\">https:\/\/lp-cdn.lastpass.com\/lporcamedia\/document-library\/lastpass\/pdf\/en\/LastPass-Enterprise-The-Password-Expose-Ebook-v2.pdf<\/a>.<\/li>\n\n\n\n<li>***\u201d\u2018The Most Popular Passwords of 2018 Revealed: Are Yours on the List?\u2019.\u201d welivesecurity. December 17, 2018. Accessed December 17, 2018.&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2018\/12\/17\/most-popular-passwords-2018-revealed\/\" target=\"_blank\" rel=\"noreferrer noopener\">http:\/\/welivesecurity.com\/2018\/12\/17\/most-popular-passwords-2018-revealed<\/a>.<\/li>\n\n\n\n<li>\u2020\u201d2018 Annual Data Breach Year-End Review.\u201d Identity Theft Resource Center (ITRC). February 2019. Accessed February 2019.&nbsp;<a href=\"https:\/\/www.idtheftcenter.org\/wp-content\/uploads\/2019\/02\/ITRC_2018-End-of-Year-Aftermath_FINALWEB-V2-2.pdf\">https:\/\/www.idtheftcenter.org\/images\/breach\/2017Breaches\/2017AnnualDataBreachYearEndReview.pdf<\/a>.<\/li>\n\n\n\n<li>Mathews, Lee. \u201cFile With 1.4 Billion Hacked And Leaked Passwords Found On The Dark Web.\u201d Forbes. December 12, 2017. Accessed August 06, 2018.&nbsp;<a href=\"https:\/\/www.forbes.com\/sites\/leemathews\/2017\/12\/11\/billion-hacked-passwords-dark-web\/\">https:\/\/www.forbes.com\/sites\/leemathews\/2017\/12\/11\/billion-hacked-passwords-dark-web\/<\/a>.<\/li>\n\n\n\n<li>Kindervag, John.&nbsp;<em>Build Security Into Your Network\u2019s DNA: The Zero Trust Network Architecture<\/em>. Report. November 5, 2010. Accessed July 31, 2018.&nbsp;<a href=\"http:\/\/www.virtualstarmedia.com\/downloads\/Forrester_zero_trust_DNA.pdf\">http:\/\/www.virtualstarmedia.com\/downloads\/Forrester_zero_trust_DNA.pdf<\/a><\/li>\n\n\n\n<li>\u201cWhat Is Shadow IT? How Do I Control It? Download Checklist.\u201d Skyhigh. Accessed July 31, 2018.&nbsp;<a href=\"https:\/\/www.skyhighnetworks.com\/cloud-security-university\/what-is-shadow-it\/\">https:\/\/www.skyhighnetworks.com\/cloud-security-university\/what-is-shadow-it\/<\/a>.<\/li>\n\n\n\n<li>Tam, L., M. Glassman, and M. Vandenwauver. 2010. \u201cThe Psychology of Password Management: A Tradeoff Between Security and Convenience.\u201d&nbsp;<em>Behaviour &amp; Information Technology<\/em>&nbsp;29, no. 3: 233-244.&nbsp;<em>Academic Search Premier<\/em>, EBSCOhost (accessed July 31, 2018).<\/li>\n\n\n\n<li>MBE, Oz Alashe. \u201cThe Psychology Of Cyber Security: How Hackers Exploit Human Bias.\u201d HuffPost UK. November 27, 2017. Accessed July 31, 2018.&nbsp;<a href=\"https:\/\/www.huffingtonpost.co.uk\/entry\/the-psychology-of-cyber-security-how-hackers-exploit-human-bias_uk_5a159c0ce4b0815d3ce65bbd?guccounter=1\">https:\/\/www.huffingtonpost.co.uk\/entry\/the-psychology-of-cyber-security-how-hackers-exploit-human-bias_uk_5a159c0ce4b0815d3ce65bbd?guccounter=1<\/a>.<\/li>\n\n\n\n<li>Sch\u00f6bel, Markus, J\u00f6rg Rieskamp, and Rafael Huber. 2016. \u201cSocial Influences in Sequential Decision Making.\u201d&nbsp;<em>Plos ONE<\/em>&nbsp;11, no. 1: 1-23.&nbsp;<em>Academic Search Premier<\/em>, EBSCOhost (accessed July 31, 2018).<\/li>\n\n\n\n<li>\u201cOne in Two Users Click on Links from Unknown Senders \u203a Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg.\u201d Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg. August 25, 2016. Accessed July 31, 2018.&nbsp;<a href=\"https:\/\/www.fau.eu\/2016\/08\/25\/news\/research\/one-in-two-users-click-on-links-from-unknown-senders\/\">https:\/\/www.fau.eu\/2016\/08\/25\/news\/research\/one-in-two-users-click-on-links-from-unknown-senders\/<\/a>.<\/li>\n\n\n\n<li>\u201cDown to the Wire.\u201d&nbsp;<em>Data Breach Digest<\/em>, February 2017. Accessed August 7, 2018.&nbsp;<a href=\"http:\/\/www.verizonenterprise.com\/resources\/reports\/rp_data-breach-digest-2017-perspective-is-reality_xg_en.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">http:\/\/www.verizonenterprise.com\/resources\/reports\/rp_data-breach-digest-2017-perspective-is-reality_xg_en.pdf<\/a>.<\/li>\n\n\n\n<li>Cheng, Long, Fang Liu, and Danfeng Daphne Yao. \u201cEnterprise Data Breach: Causes, Challenges, Prevention, and Future Directions.\u201d&nbsp;<em>Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery<\/em>&nbsp;7, no. 5 (2017). Accessed July 31, 2018. doi:10.1002\/widm.1211.<\/li>\n\n\n\n<li>\u201cThe Positive Outcomes of Information Security Awareness Training in Companies \u2013 A Case Study.\u201d ScienceDirect. June 09, 2010. Accessed July 31, 2018.&nbsp;<a href=\"https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1363412710000099\">https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1363412710000099<\/a>.<\/li>\n\n\n\n<li>Abawajy, Jemal. 2014. \u201cUser Preference of Cyber Security Awareness Delivery Methods.\u201d Behaviour &amp; Information Technology 33, no. 3: 236-247.&nbsp;<em>Academic Search Premier<\/em>, EBSCOhost (accessed July 31, 2018).<\/li>\n\n\n\n<li>Paul, Kari. \u201cEverything You Wanted to Know About Data Breaches, Privacy Violations and Hacks\u201d last modified April 3, 2018. &nbsp;<a href=\"https:\/\/www.marketwatch.com\/story\/at-what-point-should-you-be-concerned-about-a-data-breach-2018-04-03\">https:\/\/www.marketwatch.com\/story\/at-what-point-should-you-be-concerned-about-a-data-breach-2018-04-03<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s tough to count the amount of recent data breaches. If those aren&#8217;t enough to tell you why it&#8217;s time to take identity security seriously, read this.<\/p>\n","protected":false},"author":55,"featured_media":18581,"template":"","categories":[2337],"collection":[2775],"wheel_hubs":[],"platform":[],"resource_type":[2311],"funnel_stage":[],"coauthors":[2513],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Importance of Identity Security In The Age Of The Cloud - JumpCloud<\/title>\n<meta name=\"description\" content=\"It&#039;s tough to count the amount of recent data breaches. If those aren&#039;t enough to tell you why it&#039;s time to take identity security seriously, read this.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why It\u2019s Time to Take Identity Security Seriously\" \/>\n<meta property=\"og:description\" content=\"It&#039;s tough to count the amount of recent data breaches. If those aren&#039;t enough to tell you why it&#039;s time to take identity security seriously, read this.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-11T18:24:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/why-its-time-to-take-identity-security-seriously.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"19 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Natalie Bluhm\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\",\"url\":\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\",\"name\":\"The Importance of Identity Security In The Age Of The Cloud - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/why-its-time-to-take-identity-security-seriously.png\",\"datePublished\":\"2018-08-09T18:16:44+00:00\",\"dateModified\":\"2023-01-11T18:24:32+00:00\",\"description\":\"It's tough to count the amount of recent data breaches. If those aren't enough to tell you why it's time to take identity security seriously, read this.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/why-its-time-to-take-identity-security-seriously.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/why-its-time-to-take-identity-security-seriously.png\",\"width\":1024,\"height\":512},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Resources\",\"item\":\"https:\/\/jumpcloud.com\/resources\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Why It\u2019s Time to Take Identity Security Seriously\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The Importance of Identity Security In The Age Of The Cloud - JumpCloud","description":"It's tough to count the amount of recent data breaches. If those aren't enough to tell you why it's time to take identity security seriously, read this.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously","og_locale":"en_US","og_type":"article","og_title":"Why It\u2019s Time to Take Identity Security Seriously","og_description":"It's tough to count the amount of recent data breaches. If those aren't enough to tell you why it's time to take identity security seriously, read this.","og_url":"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously","og_site_name":"JumpCloud","article_modified_time":"2023-01-11T18:24:32+00:00","og_image":[{"width":1024,"height":512,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/why-its-time-to-take-identity-security-seriously.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"19 minutes","Written by":"Natalie Bluhm"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously","url":"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously","name":"The Importance of Identity Security In The Age Of The Cloud - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/why-its-time-to-take-identity-security-seriously.png","datePublished":"2018-08-09T18:16:44+00:00","dateModified":"2023-01-11T18:24:32+00:00","description":"It's tough to count the amount of recent data breaches. If those aren't enough to tell you why it's time to take identity security seriously, read this.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/why-its-time-to-take-identity-security-seriously.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/08\/why-its-time-to-take-identity-security-seriously.png","width":1024,"height":512},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/resources\/why-its-time-to-take-identity-security-seriously#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Resources","item":"https:\/\/jumpcloud.com\/resources"},{"@type":"ListItem","position":3,"name":"Why It\u2019s Time to Take Identity Security Seriously"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource\/18579"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/55"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/18581"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=18579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=18579"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=18579"},{"taxonomy":"wheel_hubs","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/wheel_hubs?post=18579"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=18579"},{"taxonomy":"resource_type","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource_type?post=18579"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=18579"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=18579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}