Digital transformation is reshaping not only business models but also approaches to corporate security. Traditional perimeter boundaries are increasingly blurred: employees work remotely, services have moved to the cloud, and business processes involve dozens of external partners. Today, the primary risk is less about system vulnerabilities and more about uncontrolled access.
In a modern organization, data does not exist in isolation – it constantly interacts with specific users and services. Protecting it effectively requires a clear understanding of who is accessing it, why, and under what conditions.
As a result, companies are moving away from traditional perimeter-focused security strategies. They are adopting an Identity-Centric Security approach, where security is structured around the identity of users and systems.
This article explores the key principles of Identity-Centric Security and how it can help organizations reduce information security risks while streamlining business processes.
When authorized access turns into a threat
Today, security incidents are increasingly less likely to start with a technical breach. Instead, attackers often gain entry using legitimate credentials. Yet these credentials are only seemingly legitimate. Experience shows that many organizations lack unified visibility over accounts, creating so-called blind spots. For instance, an employee or contractor may change roles or finish a project, while their access privileges remain active or even excessive.
Insufficient control over data access within an organization can have serious consequences, including leaks of confidential information due to accumulated privileges among employees and contractors, financial losses from downtime and fines, reputational damage, and violations of regulatory requirements. According to IBM, 51% of all data breaches worldwide result from malicious attacks, with the average cost of a breach reaching approximately $4.44 million per incident.
A notable example is the large-scale cyberattack on British automaker Jaguar Land Rover (JLR) in August 2025. Attackers accessed the company’s infrastructure using the credentials of a contractor. While the access was technically valid, it was exploited beyond legitimate business purposes and initially went undetected. The attack not only brought vehicle assembly to a standstill but also disrupted the broader supply chain and impacted the economy more widely. JLR faced direct costs of approximately £196 million to respond to and recover from the incident.
Other incidents can also be referenced, such as the 2021 attack on Colonial Pipeline, which led to the shutdown of the United States’ largest fuel pipeline. The breach began with attackers gaining access through a single remote account that had not been disabled in a timely manner.
In many organizations, access management processes are poorly structured, built around individual accounts, or both. Even when formal procedures exist, they often fail to account for business dynamics such as roles, projects, human behavior, and other factors. As a result, companies are unable to answer fundamental questions as to who currently has access to critical systems and data, on what basis that access was granted, and for how long it remains valid.
This approach leads to several key issues:
- Lack of visibility with a lack of unified view of all access, making it difficult to detect anomalies.
- Violation of the principle of least privilege, with permissions accumulating over time without being revoked.
- High operational costs driven by routine and approval workflows rather than strategic priorities.
- Delays in onboarding, offboarding, and role transitions.
- Greater risk of errors and incidents caused by human factors.
Identity-Centric Security, a modern approach, addresses these challenges by embedding security into business processes as well as focusing on the user’s digital identity rather than on individual systems or network segments.
How Identity-Centric Security works
A digital identity is a collection of attributes that define a user within a digital environment. Those include role, job title, device, access rights, project involvement, behavioral patterns, and activity history.
Rather than representing just an account, digital identity captures the full context of who a person is within the corporate ecosystem and how they interact with company resources. The digital identity becomes the core element of a modern security model. Importantly, digital identity encompasses not only employees, contractors, and partners, but also service accounts, technical accounts, automated processes, and applications.
This concept is implemented through a class of data access management solutions that ensure security by considering complete user information and interaction context.
To illustrate how this works, consider a new employee, Liora, who joins the marketing department as a department manager. On her first day, the access management system creates a digital identity with the following attributes: Job Title = Department Manager; Department = Marketing; Location = Novosibirsk; Status = Active.
Based on predefined business policies, the system automatically grants access to relevant services and data. For Liora, this would include:
- If Department = Marketing, grant access to the “Marketing” workspace in the knowledge base and the “Marketing_Shared” folder on the server.
- If Job Title = Department Manager, grant access to the CRM with permission to edit reports, and to the “Budgets_Marketing” folder with write access.
- All users with Status = Active receive an account on the corporate network.
If Liora later attempts to store sensitive documents in folders belonging to employees whose roles do not require access to such data, the system will block this action.
Six months later, Liora is promoted to Product Director. An HR specialist updates her Job Title in the system, which automatically revokes permissions associated with her previous role and assigns new ones in accordance with policies for the Product Director position.
All changes are logged and undergo the required approvals in line with configured business processes.
Benefits of this approach:
- Lower operational costs through automation of onboarding, offboarding, and access changes.
- Fewer errors due to reduced reliance on manual processes.
- Faster business operations, as access is granted based on roles and business rules.
- Greater transparency and control, with a complete and up-to-date view of access and rights.
- Reduced risk of information security incidents and misuse.
Conclusion
Today, effective information security essentially depends on understanding who has access, what permissions they hold, and why those permissions were granted. Data protection must be approached in the context of digital identity.
An identity-centric model provides a comprehensive view of the digital environment, enabling organizations to build effective security systems while optimizing processes. This ultimately reduces the likelihood of data breaches and incidents, as well as associated financial costs.
By Pavel Yeremenko, Product Owner, Avanpost DAG