In alpine mountaineering, climbers often get heartbroken by ‘false peaks’: outcroppings that loom above the climbers like the actual summit but turn out to be short of the actual summit itself. To inexperienced climbers, realizing you’ve been looking at a false peak for hours of grueling climbing can be discouraging, if not morale shattering. You’re exhausted, the weather is miserable, your muscles are aching, but you’re almost there…and then you’re not.
Identity isn’t terribly different. It can be a slog of hard work in tough conditions as teams grind through one phase of growth only to realize they have a much bigger challenge ahead of them than they might have imagined.
Historically, as organizations grow, they start adding more applications, more integrations, more assets, and more accounts. Pretty soon, the team is too large to work informally, and systems start to show up. Pulling in data from HR, tying in IT, working through the inevitable security backlog, adding applications and even migrating to a new environment as the needs of the business dictate. Every couple of quarters, someone orders an identity audit and the fun of manually validating identities, accounts, and access begins again.
To a seasoned identity professional, this is what the job entails, but there’s a new class of worry: what if we’re working off of bad data?
Mark Twain famously said, “It ain’t what you don’t know that gets you in trouble. It’s what you know for sure that just ain’t so.” Identity pros have always known that adversaries who have exploited the right accounts could create their own accounts which would escape routine detection. Recently though, identity visibility is providing organizations a peek into what has been a blind spot for too long. When teams look to their HR systems for the ‘ground truth’ of human identities, they can’t see accounts with privileged access that may be wreaking havoc. When there’s a breach, one of the first incident response tasks is to uncover how the compromise happened and what accounts, if any, were involved. For those who’ve never had the pleasure, imagine a detailed audit with weeks of work compressed into several extremely stressful hours.
To avoid the disappointment of false security, Hydden looks deep into the any user directory where identity security resides. While it is far more complex to uncover the ‘truth’ of accounts and activity that exist than to just import a list of employees and related accounts from the HRIS solution, true discovery like Hydden’s gives a clear sight of the true and final source of truth.*
*Our marketing team wants to remind me that unlike alpine mountaineering, though, which requires great struggle to arrive at the true peak, Hydden can be fully implemented and perform a comprehensive baseline discovery of identities, accounts, and access in minutes. And then perform discovery continuously without degrading the performance of the systems being