Skip to Main Content

“Buyer Beware”

It’s an exciting time to be in the identity security business. It has become an essential mandate for enterprises to revisit their cyber security strategies to ensure they protect their data, finances, reputation and overall survival in today’s digital world. Identity security has become the bedrock in a subset of broader cybersecurity strategies and is foundational to any successful cybersecurity strategy.

In the ever-evolving threat landscape, cybercriminals use advanced malware, phishing tactics, ransomware and zero-day exploits that are harder to defend against with traditional security measures. On top of that, it is difficult for enterprises to understand what modern cybersecurity strategy and architecture should look like, making it a very confusing time to be an acquirer of security technologies. And it’s certainly not helping that there are conflicting terminologies used interchangeably to describe solutions to these complex problems. For example, today we hear about “converged identity platforms,” “workforce identity platforms” and an assortment of other buzzwords and terms that companies are creating and using to try and differentiate the solutions they are bringing to market. It’s becoming an ongoing challenge to tell what’s real, what’s proven and what’s simply “buzz”? While everyone is well-intentioned, many “advisors” often exacerbate the challenges by adding confusion rather than demystifying the market for buyers, and invariably send today’s buying community down the wrong path.

The technology world has always had a bit of a “copycat” culture, and lately, we’ve seen a few new terminologies introduced, for marketing purposes primarily, that are now spreading. Specifically, “Converged Identity Platforms” or “Workforce Identity Platforms” are two interchangeable terms that are being socialized as of late. At first glance, “Workforce Identity Platforms” sounds like it might be the “next-gen” identity security solution buyers are eager for today. But when you drill down into it, “Workforce Identity Platforms” for the most part is just another way of saying “convergence.” In the identity security world, convergence essentially means taking pieces of solutions, like access management, identity governance and legacy privileged access management and combining them. To be clear, this is not “unifying” or “integrating” with a common set of data and a policy-driven framework.

Workforce Identity Platforms or converged platforms invariably strip away core capabilities in the name of streamlining or simplifying the three technologies (access, governance and privileged access) into one via a hosted platform. The converged approach is underpinned by technologies that are initially designed to tackle contemporary identity challenges yet intrinsically outdated, which can lead to patchwork solutions that neglect the inherent complexities of today’s identity security scenarios, including the rise of AI and escalating access intricacies.

It’s important to note, this converged approach oftentimes over indexes on identity access management needs such as SSO and MFA while missing the foundational role identity governance plays.  And that’s where the danger resides. When a converged platform is heavily skewed towards access management, it simply opens the front door to more cyberattacks. As the threat landscape continues to evolve, we are seeing access management emerge as a new attack vector introducing increased vulnerability for enterprises. This risk is magnified when access management is treated as a cornerstone of a convergence strategy but without a cohesive integration or policy framework that unifies it with the rest of the identity management solutions.

This is just one sliver of solving the identity security challenge for enterprises today. It’s a complex problem that demands a solution that delivers the depth of policy controls to keep up with the ever-changing nature of the enterprise identity landscape. If governance isn’t properly prioritized, the consequences can be significant and the risk inordinate.

Now. Let’s take a step back from these terms and think about the big picture. What problem should enterprise identity security solve for? Managing and securing all enterprise identities and their access (both regular and sensitive access) to critical data, applications and cloud resources – at any speed and scale that your business requires. That’s the goal. The only way that is achieved is through an identity security platform that shares a common set of data and policy and is fueled by AI and ML technologies. This breaks down the silos still existing in the convergence approach and is THE next-gen approach to identity security. One that is unified. Accelerated. Enterprise-class. And importantly, grounded in governance. If the scenario I just described sounds like the shape and speed your business is taking, don’t let the latest industry buzzword distract you and take you down the wrong path. Take the proverbial step back and think about the business you’re in, the challenges you face, the risk in your business today and the business outcomes you’re solving for. Work back from there, and you will begin to have a better understanding of what your cyber strategy is lacking to confidently secure your enterprise in an ever-challenging cybersecurity world.  

Related Articles