As organizations grow, so should their maturity in process execution and governance, ensuring that things remain under control when scaling. With risk management, this maturity typically has two distinct aspects: ensuring that foundational risk controls are highly reliable and, secondly, that the organization continually expands its control coverage to address more and more of its applicable risk space. While you may be considering deploying the latest and greatest in security technologies - to address the latest attacks detailed in the news - you shouldn’t forget the foundations.
Identity, and the resulting access control, is one of these foundational risk controls. If implemented poorly, it impacts all of the other controls, and its failure most often results in major, often organization-wide incidents. Identity theft, a most common attack against identity controls, can allow both insiders and outside attackers to impersonate highly sensitive users or devices, leading to quick and rich rewards for the attacker.