Skip to content
cyber-security.eu
DEEN

Identity security

Identities are a primary target today. Clean handling of accounts, roles and permissions reduces the risk of many incidents significantly.

Who this page is for

IT leaders, identity engineering, security and compliance treating identity as a foundation.

Why identities are a primary target

Attackers look for the easiest entry. Often that is a compromised identity through phishing, data leaks or weak MFA. Protecting identities removes the most important door.

Which identities we mean

User accounts are the broad surface.

Admin accounts are critical and must be separated.

Service accounts and technical identities are often poorly monitored.

Roles and permissions define what these identities can do.

Key measures

[MFA](/en/mfa) everywhere, phishing resistant for admins.

Least privilege as default principle.

Conditional access for risk-aware decisions.

Monitoring of suspicious sign-ins and activity.

Lifecycle processes for onboarding, changes and offboarding.

Privileged access management for critical roles.

Scenario

An organisation reduces global admins from twelve to three, separates admin from user accounts and rolls out phishing-resistant MFA. A later phishing attempt fails to log in because conditional access blocks unusual devices.

Checklist

  • Inventory of all accounts and roles
  • Phishing-resistant MFA for admins
  • Separate identities for administration
  • Least privilege reviewed regularly
  • Conditional access with risk policies
  • Lifecycle processes implemented
  • Service accounts monitored and rotated

Frequently asked questions

+What is least privilege?

Accounts and services receive only the rights they actually need.

+How does identity security relate to zero trust?

[Zero trust](/en/zero-trust) builds heavily on identity security - it is one of the foundational pillars.

Related topics

Multi-factor authentication

MFA significantly reduces the risk of compromised accounts. This page explains which methods actually work, where the weak points are and how to prioritise rollout in practice.

Account compromise

A compromised account is one of the most common incident types today. This page outlines causes, early signs and reasonable first actions.

Zero trust

Zero trust is an architectural principle, not a product. It means: trust nothing automatically, verify every access based on identity, device and context.

Microsoft 365 security

Microsoft 365 is the central workspace and identity ecosystem for many organisations. This page outlines the key security building blocks without admin step-by-step instructions.

Cloud security

Cloud security combines safe configuration, strong identities, good logging and clear responsibility. This page outlines the core building blocks.

Phishing

Phishing remains one of the most common entry points. Modern attacks look professional, use trusted brands and adapt quickly. Technical filters, awareness and a simple report button belong together.