Why it takes 11 hours to resolve one ID-related cyber incident | Computer Weekly

Why it takes 11 hours to resolve one ID-related cyber incident | Computer Weekly

Briefly

"Let's do a thought experiment. An identity-related security alert just flared up at an enterprise, perhaps a carmaker or an airport. It could be nothing, or the start of a ransomware attack about to force all infrastructure offline. How long would it take to trace the root cause of the alert? Minutes? Hours? It might shock you that according to a Teleport-commissioned study by Enterprise Strategy Group (ESG), it takes 11 hours on average for enterprises to resolve one identity-related security incident."

"Computing environments have become so absurdly fragmented that our inventions have created tech borders, not unlike national borders. Humans, machines, applications, and even AI agents now all have identities. In most organisations, they're scattered across systems, managed in isolation. Cloud platforms, on-prem servers, identity providers, developer tools, legacy systems, SaaS, databases, and Kubernetes clusters have become their own countries with their own rules, logs, and blind spots."

"Managing those identities would be like a customs officer tracking who's coming and going between countries with totally divergent passport systems, except a passport (your identity) in one country doesn't work in the rest. Consistency? Forget that. Some countries want your passport, others want a visa. Some have strict guards; others don't bother with credentials. The rest lost your files, to say nothing of the people with outda"