A Primer on Identity Security Threat Modelling
Improving our analysis and control selection approach for critical IAM components
Introduction
Identity security threat modelling is a structured way of identifying how an attacker could abuse, bypass, or manipulate the components that make up an identity systems to gain unauthorised access, support data ex-filtration or disruption to core services.
As identity and access management (IAM) has become more important - and moved from being a tactical and reactive component, to more strategic and proactive - by design it has become a target for both internal and external malicious operators.
The vulnerabilities within the IAM landscape are both numerous and often difficult to identify. And whilst our approach to controls selection has improved, as an industry we are facing considerably more automated and sophisticated approaches that exploit weakness across the entire IAM landscape.
Organisations have numerous issues to contend with. Existing IAM infrastructure is often isolated, disconnected and delivered by a patchwork quilt of different vendors and homegrown components. A lack of visibility and central control is also likely. This contributes to a general lack of visibility - visibility as it pertains to infrastructure usage and configuration, but also with respect to identity usage too.
Hybrid deployments - with both applications, relying services and IAM components - are also common, with PaaS, SaaS and on-premise deployments resulting in inconsistent user experiences for both administrators and end users, alongside common mis-configuration issues.
To that end we need to combine some existing concepts in new ways - both existing threat modelling and our knowledge of IAM components and usage flows.






