Latest research, product updates and best practices on staying secure in the cloud | Permiso

Survey Reveals Gaping Disconnect Between Existing Security Controls and the Identity Security Threat Reality

Written by Jared Elder | Oct 17, 2024 12:11:13 PM

Respondents are confident in their identity security posture, despite almost half reporting unauthorized access to their environment coupled with growing concerns over the ability to detect identity-based attacks 

PALO ALTO, CA – October 17, 2024 - Permiso, the leader in real-time identity security, today released its State of Identity Security Report for 2024. The comprehensive study, based on a survey of over 500 IT security and risk practitioners, highlights the ongoing challenges organizations face in protecting against evolving identity-based threats. 

Over 90% of respondents stated they have a comprehensive inventory of human and non-human identities across their environments, and 85% have a clear line of visibility and monitoring into ‘who is doing what’ within those identities. Despite this confidence, nearly half (45%) of those respondents had reported unauthorized access to their environments in the last year, and that same percentage of respondents described themselves as “concerned” or “extremely concerned” about their current team and tool’s ability to detect and protect against identity-based attacks.

“The survey highlights the complexity in securing identities for human and non-human, in all environments, when it comes to both posture and threat detection. Managing identities, and credentials across the modern tech stack is no easy task and organizations are beginning to recognize how pervasive of a problem identity security really is,” said Permiso co-founder and co-CEO Paul Nguyen. “While organizations are investing more in identity security, there's a clear need for a paradigm shift in how we approach this critical aspect of cybersecurity." 

The survey aimed to understand the number of human and non-human identities respondents manage, how they secure those identities, and what environments they feel pose the most risk to their organization. SaaS applications topped the list as the riskiest environments according to respondents, with IaaS labeled as the second most high-risk environment overall. While identity providers ranked third in overall risk, they also garnered the second number of top votes as the highest risk environment, just behind SaaS applications. 

 

The survey also found significant growth in the number of non-human identities that respondents managed from last year. In 2023, only 8.3% of respondents managed more than 5,000 NHIs such as keys and tokens in their environment. In 2024, 27.6% or 141 out of 510 respondents indicated that they manage more than 5,000 non-human identities in their environment, an increase of more than 230% from last year’s survey.  

Earlier this month, P0 Labs, the threat research arm of Permiso Security published research that documents how threat actors are exploiting hosted AI models to provide dark roleplaying services over several months of observing their activity. In the past, threat actors have hijacked cloud resources to conduct activities such as crypto mining. This recent research highlights how threat actors are leveraging non-human identities like access tokens to compromise LLM infrastructure. 

You can access results of the survey report here.

ABOUT PERMISO 

Permiso Security is dedicated to reimagining identity security for the modern, cloud-first enterprise. We provide real-time identity security across all environments, addressing the complex challenges of securing both human and non-human identities in today's distributed IT landscapes. By offering the industry’s first combined Identity Security Posture Management (ISPM) with Identity Threat Detection and Response (ITDR) solution across the IdP, IaaS, PaaS and SaaS layers, we bridge the security gap of siloed cloud security tools. Our unique approach enables organizations to track the full identity footprint across multiple authentication boundaries, providing unrivaled identity security defense.