March 4, 2020
Next-Gen Access

Why is identity and access management so important in preventing data breaches?

Archit headshot
Archit Lohokare Chief Product Officer

Access Management solutions provide authentication and authorization services and enforce user access policy to a company’s employees and customers across the web, mobile apps, and other digital channels.

Archit quora 2

At its core, identity and access management is really all about ensuring that a user’s identity is authenticated to a high degree of assurance, and that the user is authorized to access just the right services he or she needs to be productive and efficient. It may sound simplistic, but that’s really it.

Access Management solutions provide authentication and authorization services and enforce user access policy to a company’s employees and customers across the web, mobile apps, and other digital channels. According to the 2019 Verizon Data Breach Investigation Report, 80% of hacking-related data breaches involve compromised or weak credentials, and 29% of all breaches (regardless of the type of attack) involve the use of stolen credentials. Passwords are the main point of vulnerability. The more passwords you have to juggle and the more frequently you have to request or change access for lost or forgotten passwords, the larger the risk that your personal and professional data may be hacked.

The first half of 2019 saw over 4.1 billion records exposed in data breaches. Three of those breaches were among the 10 largest of all time. This represented a 54% year-over-year increase according to the 2019 MidYear QuickView Data Breach Report from Risk Based Security. Increasing security while limiting our reliance on passwords is vital to helping prevent another surge in data breaches. IAM capabilities like multi-factor authentication, role and attribute-based access control help secure against data breaches resulting from password compromises. To better guard against data breaches, you must ensure that you have the right policies in place – policies that can understand and detect anomalous behavior as a second line of defense.

This is the basic concept behind Zero Trust. The idea is that, by default, you are asked to prove your identity at every single access point. Your system must be able to create a “behavior baseline” for what constitutes typical usage, such as location, time of day, type of device. It will then be able to better understand when something feels out of the ordinary. If you don’t typically logon from Romania at 3:00 in the morning, the system will treat the access attempt as suspicious.

We are ultimately headed for a password-less future. Standards and systems such as FIDO2, security keys (Yubikeys, Google Titan keys), and biometrics (FaceID, TouchID) are eliminating the need for manual password entry, paving the way for a future digital environment that is less vulnerable to human error… and much easier on overworked IT departments.

Learn more about Idaptive’s Next-Gen Access platform here.

This post originally appeared in a Quora Q&A session hosted in January 2020. Our CPO Archit Lohokare was asked to discuss the state of cybersecurity, Zero Trust, artificial technology and machine learning and working in the security field, among other things. Stay tuned as we share more of his answers in our blog!

Archit Lohokare

Archit headshot
Chief Product Officer

Archit Lohokare is Chief Product Officer at Idaptive, where he is responsible for product strategy, driving innovation, and bringing new products and services to market. He transitioned over to Idaptive as it was spun-out from Centrify, where—as Vice President of Product Management—he led the Identity-as-a-Service (IDaaS) and Unified Endpoint Management product portfolio. Prior to Centrify, Archit was Vice President of Products at Optymyze, where he led the product management team responsible for the company’s Sales Performance Management and Sales Platform-as-a-Service SaaS and PaaS solutions, securing a Leadership position in the first Gartner Magic Quadrant report on Sales Performance Management along the way. 

Earlier in his career, Archit led Symantec's Cloud Information Protection Security-as-a-Service offering, and IBM's Access Management product line, comprised of Web Access Management, Identity Federation, Enterprise Single Sign-On, and Risk-based Access and Entitlements Management products. Archit joined IBM through the acquisition of Encentuate, a leading Bay Area start-up in the security software space; as an early employee, he had the opportunity to contribute to its successful exit. 

Archit has an MBA from UC Berkeley-Haas School of Business, and a bachelor’s degree in Computer Engineering from NTU, Singapore, where he was awarded the SIA-NOL undergraduate scholarship by the Ministry of Education, Singapore.

Archit is an avid history buff, enjoys reading in his spare time and running breathlessly after his one-year-old, hyperactive son.


If Archit could have any Chameleon-like superpower, it would be the ability to change colors quickly and adapt. “Actually, it would be like the ability of our IAM solutions to adapt instantaneously to a customer’s environment and user behavior. Anomalous user access? A snap! Presto, change-o – like a chameleon from green to red in an instant, adapt to the change in user behavior and request user to assure their identities using multi-factor authentication...”