The proliferation of accounts wreaks havoc on IT administrators. Each one needs an ID and a way to authenticate its own set of rights within the ecosystem. The IAM risks inherent in modern IT infrastructures lead to security, privacy, operational, and compliance risks.
Information Security Risks
IAM risks increase as organizations create complex IT infrastructures. According to the 2021 Data Breach Investigations Report, 34% of data breaches involved internal actors. Additionally, 15% of data breaches involved authorized user privilege misuse. The report detailed that privilege misuse was one of the top three data breach patterns for the Financial and Insurance, Healthcare, Public Administration, Manufacturing, and Retail industries.
Another infosec risk to consider relates to personal privacy–specifically, giving people control over their personally identifiable information (PII). For example, Human Resources may need access to an employee’s medical history. However, that employee has the right to keep the information private from a manager. If your company is not managing access and identity effectively, you may be violating someone’s right to privacy.
Operational Risk
IAM also protects you from operational risks such as embezzlement and fraud. Organizations can use IAM to manage Separation of Duties (SOD). For example, a person accessing Accounts Receivable should not access Accounts Payable. If the person can access both, they can create a fake vendor account and pay it from the corporate bank account without oversight.
Compliance Risk
Depending on your industry, you likely need to meet regulatory compliance requirements. Most regulations require organizations to limit access to data. For example, under the Health Insurance Portability and Accountability Act (HIPAA), a healthcare provider can face fines ranging from $100 to $50,000 per violation.
A robust IAM and IGA program can provide proactive threat visibility and risk mitigation while helping meet more specific compliance criteria laid down by various regulations, including the following commonly encountered recent laws.