Products
Modern IGA Solution That Can Be Deployed in 12 Weeks
• Full-featured IGA
• Configurability without code
• Best-practice framework for solution design and deployment

Secure Digital Identities for All Users, Applications, and Data
• High degree of configurability
• Intelligent compliance
• Manage identities and access across hybrid platforms
Overview

Identity Lifecycle Management

Access Management

Business Alignment

Identity Security Breach Management

Identity Governance

Identity Administration

Auditing
Connectivity Framework

Connectivity Directory
Services
Best-Practice Processes and Standardized Implementation
• Support at every step of your IGA journey
• Personalized service package to accelerate your deployment
• Avoid common pitfalls and get value in 12 weeks

Proven Project Implementation Methodology
• Iterative implementation roadmap
• Standardized, well-documented best practices
• Support from Omada-certified project managers, architects, and consultants

Continuous Support for Ongoing Success
• Stellar Customer Success Team
• Quick and professional Service Desk
• Access to ITSM system and KPI reports

200 Hours of Identity Governance Training
• Single courses and role-based learning paths
• Certification program
• Knowledge-sharing Community

Omada Identity Cloud Accelerator Package
• Ensure fast and successful IGA deployment
• 5-step process with clear exit criteria
• 12 weeks time to value
Solutions
Identity Governance: The Strategic Tool That
• Helps support enterprise IT security
• Makes it easier to meet compliance mandates
• Automates access provisioning and enables the workforce from day 1

360° Overview of Identities and Access
• Automated access provisioning and deprovisioning
• Least privilege and separation of duties policies
• Simple-to-run certification campaigns

Full Compliance Overview and Audit Trail
• Access compliance status dashboards
• Cross-system certification campaigns
• 50+ audit report templates

Automated IGA Best Practices
• Identity lifecycle management
• Automatic access provisioning
• Self-service access requests

Identity Fabric and the Role of IGA
Omada provides Governance for Identity Fabric ensuring compliance regulations are met, security and efficiency around identity workflows are maintained.

Move to Modern IGA with Omada
Legacy and in-house developed IGA systems often fail to keep up with the evolving business needs. Learn how a reliable, scalable, cloud IGA platform can be adapted to your dynamic IT environment to help you stay ahead of developments.
Resources
IdentityPROCESS+
A definite guide to Identity Governance and
Administration best practices. Learn how to
successfully deploy and maintain an IGA solution.

Read guide

Gartner Market Guide for Identity
Governance and Administration
In this Guide, Gartner has identified Omada as a
Representative Vendor in IGA. Use it to evaluate top
Identity Governance vendors and anticipate future
trends, features, and capabilities in the IGA market.

Read guide

How to Overcome Challenges Moving
Legacy IGA to the Cloud
Familiarize yourself with the typical threats that
can derail a seamless legacy to cloud migration of
IGA functionality and get tips on managing them.

Read blog

DEKRA
As part of their digital transformation, DEKRA moved
from an in-house access management solution to
a modern, cloud based Omada IGA solution.

Read case study

5 Reasons to Prioritize IGA Today
Get practical examples and data proving the
value of IGA and learn the five key reasons you
must make it a business imperative today.

Read e-book

Product Briefs
We are constantly adding new features to Omada
products to ensure your IGA efforts keep pace with
the ever-evolving threat landscape.

Get product information

Product News
Get information about the newest Omada product
features, benefits, and use cases to ensure you get
the most from your IGA program.

Learn more

Interactive Product Tours
Participate in interactive product demos covering
capabilities such as Delegate Access, Request
Access, Approve Access Request, and more.

See all tours

Webinars
Get the latest IGA trends, information, and intelligence
from renowned industry experts in Omada’s live and
on-demand webinar presentations.

See all webinars
Company
- About
- Careers
- Partners
- Customers
- Newsroom
- Events
- Press Releases
- Contact Us
- Trust Center
We are Omada
A market-leading provider of identity governance
and administration solutions. Get to know us better!

Read our story

Become a key part of something special
At Omada, efficient teamwork creates extraordinary results.
We enable talented people to create career paths where
they can thrive, be inspired, and have fun.

See all available positions

World-class support and technical
expertise - right in your community
Omada partners provide unmatched advisory, product
and service re-sale, and project delivery resulting in
unsurpassed customer satisfaction scores.

Learn about Omada partners

Leading organizations doing more with identity
Don’t just take our word about the value of Omada
solutions. See what actual users think.

What our customers say

Omada is making news!
See what the media are reporting about our
innovative identity governance solutions.

Read the latest coverage

Come see us!
We frequently deliver expert presentations, exhibit, and
run demos at the world’s leading security and IGA events.
Look at our upcoming schedule to see if we cross paths –
we'd love to speak with you.

See Omada events schedule

Omada Wins "Overall ID Management
Solution of the Year" Award
Omada is a winner for a third consecutive year in the 7th
annual CyberSecurity Breakthrough Awards program.

Visit the virtual pressroom

We can help
Omada is a global market leader in Identity Governance.
Please reach out to us with questions or to get more information.

Reach out to Omada
Overview

Corporate Security

Customer Data Privacy

Infrastructure Security

Compliance

Products
Modern IGA Solution That Can Be Deployed in 12 Weeks
• Full-featured IGA
• Configurability without code
• Best-practice framework for solution design and deployment

Secure Digital Identities for All Users, Applications, and Data
• High degree of configurability
• Intelligent compliance
• Manage identities and access across hybrid platforms
Overview

Identity Lifecycle Management

Access Management

Business Alignment

Identity Security Breach Management

Identity Governance

Identity Administration

Auditing
Connectivity Framework

Connectivity Directory
Services
Best-Practice Processes and Standardized Implementation
• Support at every step of your IGA journey
• Personalized service package to accelerate your deployment
• Avoid common pitfalls and get value in 12 weeks

Proven Project Implementation Methodology
• Iterative implementation roadmap
• Standardized, well-documented best practices
• Support from Omada-certified project managers, architects, and consultants

Continuous Support for Ongoing Success
• Stellar Customer Success Team
• Quick and professional Service Desk
• Access to ITSM system and KPI reports

200 Hours of Identity Governance Training
• Single courses and role-based learning paths
• Certification program
• Knowledge-sharing Community

Omada Identity Cloud Accelerator Package
• Ensure fast and successful IGA deployment
• 5-step process with clear exit criteria
• 12 weeks time to value
Solutions
Identity Governance: The Strategic Tool That
• Helps support enterprise IT security
• Makes it easier to meet compliance mandates
• Automates access provisioning and enables the workforce from day 1

360° Overview of Identities and Access
• Automated access provisioning and deprovisioning
• Least privilege and separation of duties policies
• Simple-to-run certification campaigns

Full Compliance Overview and Audit Trail
• Access compliance status dashboards
• Cross-system certification campaigns
• 50+ audit report templates

Automated IGA Best Practices
• Identity lifecycle management
• Automatic access provisioning
• Self-service access requests

Identity Fabric and the Role of IGA
Omada provides Governance for Identity Fabric ensuring compliance regulations are met, security and efficiency around identity workflows are maintained.

Move to Modern IGA with Omada
Legacy and in-house developed IGA systems often fail to keep up with the evolving business needs. Learn how a reliable, scalable, cloud IGA platform can be adapted to your dynamic IT environment to help you stay ahead of developments.
Resources
IdentityPROCESS+
A definite guide to Identity Governance and
Administration best practices. Learn how to
successfully deploy and maintain an IGA solution.

Read guide

Gartner Market Guide for Identity
Governance and Administration
In this Guide, Gartner has identified Omada as a
Representative Vendor in IGA. Use it to evaluate top
Identity Governance vendors and anticipate future
trends, features, and capabilities in the IGA market.

Read guide

How to Overcome Challenges Moving
Legacy IGA to the Cloud
Familiarize yourself with the typical threats that
can derail a seamless legacy to cloud migration of
IGA functionality and get tips on managing them.

Read blog

DEKRA
As part of their digital transformation, DEKRA moved
from an in-house access management solution to
a modern, cloud based Omada IGA solution.

Read case study

5 Reasons to Prioritize IGA Today
Get practical examples and data proving the
value of IGA and learn the five key reasons you
must make it a business imperative today.

Read e-book

Product Briefs
We are constantly adding new features to Omada
products to ensure your IGA efforts keep pace with
the ever-evolving threat landscape.

Get product information

Product News
Get information about the newest Omada product
features, benefits, and use cases to ensure you get
the most from your IGA program.

Learn more

Interactive Product Tours
Participate in interactive product demos covering
capabilities such as Delegate Access, Request
Access, Approve Access Request, and more.

See all tours

Webinars
Get the latest IGA trends, information, and intelligence
from renowned industry experts in Omada’s live and
on-demand webinar presentations.

See all webinars
Company
- About
- Careers
- Partners
- Customers
- Newsroom
- Events
- Press Releases
- Contact Us
- Trust Center
We are Omada
A market-leading provider of identity governance
and administration solutions. Get to know us better!

Read our story

Become a key part of something special
At Omada, efficient teamwork creates extraordinary results.
We enable talented people to create career paths where
they can thrive, be inspired, and have fun.

See all available positions

World-class support and technical
expertise - right in your community
Omada partners provide unmatched advisory, product
and service re-sale, and project delivery resulting in
unsurpassed customer satisfaction scores.

Learn about Omada partners

Leading organizations doing more with identity
Don’t just take our word about the value of Omada
solutions. See what actual users think.

What our customers say

Omada is making news!
See what the media are reporting about our
innovative identity governance solutions.

Read the latest coverage

Come see us!
We frequently deliver expert presentations, exhibit, and
run demos at the world’s leading security and IGA events.
Look at our upcoming schedule to see if we cross paths –
we'd love to speak with you.

See Omada events schedule

Omada Wins "Overall ID Management
Solution of the Year" Award
Omada is a winner for a third consecutive year in the 7th
annual CyberSecurity Breakthrough Awards program.

Visit the virtual pressroom

We can help
Omada is a global market leader in Identity Governance.
Please reach out to us with questions or to get more information.

Reach out to Omada
Overview

Corporate Security

Customer Data Privacy

Infrastructure Security

Compliance

Demo

Home / Products / Functionality / Identity Security Breach Management

Functionality

Identity Security Breach Management

Accelerate your IAM projects with a proven process framework

A breach is something that no security leader likes to think about, nevermind deal with in real-time. Breaches can be particularly damaging when they are identity-related, both in terms of how long it takes to identify that a breach has occurred and in overall economic damage.

As part of Omada IdentityPROCESS+, an identity governance framework focusing on best practice processes, there are several key components to Identity Security Breach Management. These are critical to follow best practices, to ensure that business efficiency is optimized, security is tight, and compliance is met.

In the event of an incident where an organization suspects a breach, the security team may want to suspend access to one or more identities immediately to prevent the lateral spreading of the breach.

The identity security breach processes in IdentityPROCESS+ provide an emergency lockout description which enables the administrator to disable a user’s access to all on-premises and cloud-based systems.

This cross-system access suspension limits the company’s exposure to further breaches while an investigation is carried out and the user’s passwords are reset. An emergency lockout can be triggered using the automatic incident response process or manually carried out by an administrator.

Having a defined procedure for when an identity security breach occurs can limit the loss or corruption of sensitive data, limit lateral movement, and enable automation of emergency lockout. If not planned out in advance, the process to secure data can be incredibly lengthy. Identity Security Breach Management processes outlined in Omada’s IdentityPROCESS+ provide administrators with the ability to suspend all accounts associated with an identity that is suspected to be breached. This allows the administrator to reactivate access once the situation is under control.

Identity Security Breach Management Statistics for 2022:

83% of organizations had more than one data breach in the last year
The cost of a data breach averaged USD 4.35 million
Cyberattacks caused 90% of all data breaches
The number of publicly reported data compromises in the U.S. totaled 1,802 in 2022

Source: Cost of Data Breach Report, Identity Theft Resource Center

Identity Security Breach Process

When an organization suspects that a user’s identity has been compromised, it is important to act quickly to limit any damage. If the company has not automated its identity security breach process, the IT department may spend valuable time creating an overview of which access the identity has and locking these down individually in the relevant business system. To address this, the following processes are included in the identity security breach management processes:

Give administrators the ability to suspend all accounts associated with an identity
Allow the administrator to reactivate the access once the situation is under control

The first step quickly stops an attacker from continuing to perform any network reconnaissance, stealing confidential or sensitive data, or causing disruption to operations by corrupting data or making critical business systems unusable. In addition, suspending breached accounts gives the company time to perform a technical investigation and to deal with the non-technical aspects of critical security incidents such as internal and external communications management, protecting the company’s reputation and brand, and fielding external calls from customers and the press.

The second step ensures that once investigations have established the causes of the breach and the security administrators have taken the necessary steps to ensure the breach will not reoccur, the locked identities can be quickly reactivated so that business operations can continue.

The IdentityPROCESS+ framework allows the identity security breach processes to be initiated manually. In addition, companies can also implement more advanced solutions by having the emergency lockout triggered by an external security solution, such as a security information and event management (SIEM) system, a user and entity behavior analytics (UEBA) system, or a threat analytics solution. As this process is automated, the emergency lockout takes place quicker, resulting in greater protection of the organization’s infrastructure.

Why Identity Security Breach Management is important

Why identity security breach management is important

The Identity Security Breach process area includes the following process groups and sub-processes:

Suspend or Reactivate Access
- Emergency lockout
- Revoke emergency lockout

These sub-processes are further explained below.

Process Group: Suspend or Reactive Access

Enables administrators to quickly disable user accounts that they suspect have been breached and to re-enable accounts once investigations are complete and remedial actions have been implemented to prevent a repeat of the incident.

Emergency Lockout

Organizations need to be able to quickly disable user accounts belonging to an individual if they suspect that one or more of them have been compromised to prevent attackers from continuing to perform network reconnaissance, steal confidential or sensitive data, or cause disruption to operations by corrupting data or making critical business systems unusable.

Process description. In the event a user account is compromised, the emergency lockout process is used to set an identity to “locked” which disables access to all systems for that identity. To reduce the time to implement the lockout, this process shortcuts the need for permission from the employee’s manager which would be the normal procedure. As a result, it should only be used in emergency cases or if requested by authorities. Therefore, a process should be defined in written documentation for the company.

Best practice IGA system functionality. A manager or operation administrator starts the emergency lockout process in the IGA system and selects the identity they want to lock. For auditing purposes, they must input a reason why the identity is being blocked. The IGA system sets the identity to “locked,” and the assignment is set to “disabled.” While an identity is set to “locked,” the status cannot be overwritten by any external interface.

Technical process flow:

1. A suspected security breach means that immediate action is required.
2. A manager or operation administrator starts the emergency lockout process.
3. Managers can block any of their managed identities and must input a reason for auditing purposes.
4. Operation administrators can block any identities and must input a reason for auditing purposes.
5. The chosen identity is set to “locked” and assignment is set to “disabled”

Revoke Emergency Lockout

When an emergency lockout for an identity is no longer needed, managers and operation administrators need to quickly unlock the identities, so users can access their systems to continue working.

Process description. Once the situation causing an organization to lock out an account has been resolved, managers and operation administrators can reactivate the locked identities. This will reenable previous access to all target systems for the identity.

Best practice IGA system functionality. A manager or operation administrator starts the revoke emergency lockout process in the
IGA system and selects the identity they want to unlock. For audit auditing purposes, they must input a reason why the identity is to be unblocked. The IGA system then sets the identity “unlocked” and the assignment parameter is set back to “active.”

Technical Process Flow:

1. The suspected breach is either discounted or the security situation resolved.
2. A manager unblocks the identities that he / she manages, or an operation administrator unblocks any locked identity.
3. A reason for the unblocking is given for auditing purposes.
4. The identity is set to “unlocked,” and assignments are set to “active.”

Process Stakeholders

The identity security breach processes are started by the IGA team as they are trained to understand the implications of the emergency lockout procedures. Due to the nature of the potential incidents that could trigger the processes (e.g., employees misusing computer resources), HR needs to ensure that there are policies in place and that they are followed during any suspected incident.

Stakeholders in the identity security breach management process

Human Resources (HR)
- Need to ensure that HR policies are being followed
IGA Team
- The IGA team will start the emergency lockout process when a security breach or computer misuse internally is suspected.

Key Best Practice Recommendations

Create a Written Policy for the Security Breach Process

The use of the security breach process must be considered carefully as it involves removing access from individuals. The possible negative implications of using this process include unnecessarily restricting a user’s access to critical business systems or resources due to a suspected external or internal security breach, thus preventing users from carrying out their job.

However, as there are instances when disabling a user’s access is legitimate – such as when a security breach is detected or when inappropriate use of the systems is evident – there are times when this process needs to be used. Therefore, it is important for the organization to have a formal policy governing how this process should be used and what should be taken into consideration.

Ensure Limited Exposure to the Emergency Lockout

As the reasons for performing an emergency lockout can be sensitive – such as a security breach or a dishonest employee – organizations should put measures in place to limit the number of people who knows about the incident. If the suspicion turns out to be incorrect, then this will limit internal speculations as well as any breach of personal confidentiality. If the reasons for the emergency lockout turn out to be correct, then any necessary actions, such as internal disciplinary procedures or criminal investigations, will not be influenced by speculations.

Blog

Potential Insider Threat Indicators

Understanding potential insider threats enhances the cyber awareness of any organization. Do you know how to recognize potential insider threat indicators? Read our blog to learn common indicators and how to stop insider threats.

Read blog

Summary

The Identity Security Breach processes make it easy for administrators to temporarily disable user access when they suspect that the accounts are being used for malicious purposes either by the users themselves or by an external attacker. As this is a powerful process, it needs to be handled carefully, and the implications of using it need to be documented and understood by anyone who could use it.

Identity Security Breach Management Solution Brief Cover

Get a summary of Identity Security Breach Management

Having a defined procedure for when an Identity Security breach occurs can limit the loss or corruption of sensitive data, limit lateral movement, and enable automation of emergency lockout. Identity Security Breach Management processes outlined here provide administrators with a proven best-practice framework.

Download PDF

Frequently Asked Questions

What is an identity security breach?

An identity security breach occurs when someone or something gains unauthorized access to the data associated with a person’s identity. This could be a malicious attack or accidental, like leaving confidential data on an unsecured server. In either case, it’s important to have processes and policies in place to protect identity information from being accessed by unauthorized parties. Without proper guidance and support, organizations may find themselves vulnerable to ongoing breaches.

What are the most common steps in an identity security breach process?

The first step is to identify and isolate the compromised data. This can be done through intrusion detection systems or manual investigation. Next, a detailed assessment should be conducted to determine how the breach occurred and what data was exposed. After that, the affected individuals should be notified of the breach and appropriate steps taken to protect their identity information. Finally, the organization needs to take measures to prevent similar breach events in the future.

What are some best practices for preventing identity security breaches?

Organizations should have robust identity management solutions in place, such as access controls, identity access management systems, and encryption protocols. They should also have comprehensive identity security breach policies that outline processes for detecting, responding to, and preventing breaches. Finally, organizations should perform regular audits of their identity security systems to ensure they are up-to-date with the latest security practices.

What are some common mistakes organizations make when it comes to identity security breach management?

One of the most common mistakes is failing to recognize signs of a potential breach. Organizations should proactively monitor unusual activity, such as sudden spikes in login attempts or unexpected access requests. Another mistake is not taking appropriate measures once a breach has been identified. Organizations should have an established program in place for responding to a breach. In addition, they should ensure that all affected individuals are notified in a timely manner to mitigate any further security risks.

What else should organizations be aware of when it comes to identity security breaches?

Organizations should be aware of the legal implications of a data breach. Depending on the type of data exposed, additional compliance requirements like reporting to regulators or providing affected individuals with credit monitoring services may exist. Organizations should also ensure that they have adequate insurance coverage in the event of a data breach.