How the Tech Industry Got Identity Wrong

https://www.infosecurity-magazine.com/opinions/how-the-tech-industry-got-identity/

Publish Date: 2026-04-02 02:51:25

Source Domain: www.infosecurity-magazine.com

Addressing identity-related security incidents typically takes an average of 11 hours to resolve, revealing a significant issue in the cybersecurity landscape. The fragmented infrastructure comprising various cloud services, databases, and tools makes it exceedingly challenging to track and analyze security breaches effectively. This fragmented approach echoes the complexities of incompatible passports and visa systems, hindering a clear and swift identification of compromised credentials, which are at the root of a significant number of data breaches.

Consequently, organizations face the pressing challenge of not only managing security teams stretched thin by this cumbersome process but also battling the broader issue of how identity is managed in computing. Misunderstanding identity as synonymous with credentials has led to the proliferation of systems with their own insular rules and logs. This has not only facilitated attackers but also complicated efforts to secure and monitor infrastructure at scale. The pressing need is to redefine identity in computing, treating all identities equally and ensuring they all hinge on a common cryptographic- and hardware-backed source of trust, akin to a digital birth certificate that cannot be easily replicated.

Key Points:

– Fragmentation of infrastructure and identity systems causes significant delays in resolving security incidents.
– Compromised credentials are a major driver of data breaches and pose unique challenges for detection.
– Misunderstanding identity as just credentials has led to fragmented, insular security infrastructures.