Duplicate Identities Can Lead to Excessive Access, Fraud, Audit Failure, and Low Customer Satisfaction. Here’s How to Fix Them.
We all have the best of intentions when it comes to keeping our house clean. However, things come up. We’re tired after coming back from a trip and don’t get everything put away. We’re late for meeting up with friends and leave some dishes out, or put off the vacuuming. Over time, these decisions pile up.
The same thing happens with identity management. We know it’s important to keep our identities in order to provide proper governance throughout their lifecycle, but other things often get in the way, pushing identity management down the priority list. When this happens, identities, whether human or machine, tend to proliferate over time. Duplicate identities are inadvertently created, and because we don’t know they’re there, they aren’t being governed properly.
Excessive Access, Fraud, Audit Failure, and Low Customer Satisfaction
They may sound innocuous, but duplicate identities increase the possibility of fraud, audit failures leading to fines or other penalties, low customer or patient satisfaction, and more. They are often a source of too much user access that can be easily exploited. In short, they leave your organization vulnerable to attack.
Knowing who or what is on the network at any given time and their level of access is fundamental to reducing an organization’s threat landscape. Even with robust IAM solutions, keeping an identity warehouse clean and up to date can be a complicated task, compounded by:
- the size of the organization
- the number of third-party relationships involved
- increasing numbers of machine identities
With every identity that joins, moves, or leaves an environment, the possibility of unwanted access increases.
How Duplicates Get Created
There are many reasons (certainly more than will be included here) why duplicates exist. One common reason is that an organization may have multiple authoritative identity sources. Multinational organizations may have different HR or ERP systems in different geographies. An employee that moves between geographies and changes roles may end up with multiple identities with varying degrees of access.
Some organizations may have different HR systems for employees and contractors. If an employee leaves the organization and becomes a contractor, their new role may not require the same level of access as their old one. In an education environment, you may have an instructor who is also enrolled as a student in another discipline, with records for them in Workday as well as the student record system.
In the case of an organization merging with an organization that previously provided third-party services, they may decide to initially accept having duplicates to ensure employees have proper access to necessary applications during the transition so as to not impact productivity, converging identities at a later date.
Duplicates are also commonly created as users leave an organization and then come back at a later date. Bad process design or adherence to defined processes could also create duplicates.
The Benefits of Keeping a Clean House
To help organizations reduce the risk of a security incident due to duplicate identities, Saviynt’s EIC platform includes Duplicate Identity Management. Duplicate Identity Management enables enterprises with multiple authoritative sources to quickly import and reconcile any duplicate identities within those sources. Merging identities into a single, authoritative record helps reduce excessive privileges that would otherwise go undetected, and prevents the creation of toxic separation of duty (SoD) combinations to maintain continuous compliance for relevant regulations.
Saviynt detects duplicates across the most complicated hybrid and multi-cloud environments to present a clear understanding of an organization’s risk landscape. Utilizing Saviynt Duplicate Identity Management provides a range of benefits outside of simply being able to keep your identity warehouse in order.
Maintaining a clean identity warehouse reduces the attack surface an organization faces and limits the chances that overprovisioned access exists. With organizations having a better handle on rogue access and activities, deduplication also helps assure compliance with necessary regulations. Organizations also increase their agility by setting up processes around deduplication when importing and creating new identities.