We have a big week ahead, and I’m thrilled to be at the sixth SailPoint identity governance conference, Navigate ’18, this week at the JW Marriott in downtown Austin. This is my third-year attending Navigate, and it’s always a time filled with interesting discussion, panels, and keynotes about the current and future state of identity management.
I had a chance to catch up with SailPoint CEO and founder Mark McClain, who (not so surprisingly) has a lot to say when it comes to the role of identity. And a fascinating time in identity it is, with so many enterprises digitally transforming their businesses, the emerging role of identity to help manage an increasing number of IoT devices and automated software processes, as well as a heightened focus on buttoning-up access to unstructured files, and the increasing potential role of AI.
The first part of our discussion focused on how good identity governance can help organizations be more successful in their digital transformation efforts.
Identity helps organizations to become more nimble
Every organization is dealing with digital transformation today, and the role of technology is to help these organizations become as nimble as they can. “It means you’re getting things out of the more static and traditional ways of doing things. And as part of your transformation, you’re investing more into the cloud, mobile, and other emerging areas such as AI and IoT,” McClain said.
The goal is to help people move more quickly, easily, from anywhere and rapidly adapt to changing business conditions. This is a much more agile world when it comes to people and data. And this has a profound impact on security and identity. “You now have the challenge to try to protect your existing franchise of technology and all that it does to run your business while simultaneously adapting all of these new agile, nimble technologies. This creates a very complicated reality for identity management,” McClain said.
It comes down to ensuring three fundamental questions: who has access to what data and resources, who should have access to what data and resources, and are those who do have access acting responsibly? “Answering those three questions has gotten far more complex in this digital transformation reality, and the risk and the negative impact of doing those things poorly is much clearer to people,” he said.
This balance between security and the speed of business has never been more important: if employees, partners, and suppliers take weeks to gain access to new digital assets while competitors can do so daily will find themselves at a great disadvantage.
According to IDC, enterprises spent $1.2 trillion on digital transformation technologies, and much of that will go toward driving more software efficiencies and automated processes.
Identity isn’t just about humans anymore
IoT and machine processes bring us to another emerging trend that will be discussed during Navigate ’18. “An identity used to equate to a particular person. Now we have some automated processes and even some IoT devices that require their being managed as a particular identity in a way a person’s identity is managed,” McClain said.
An example he cited, for instance, is how today’s factory process controllers make decisions that are similar to decisions that a human might have previously made. And in many ways, these processes will behave just like a person’s online identity would. They access systems. They grab data. They make decisions and act on those data. It’s commonplace today, for example, for software bots and algorithms to perform an initial analysis of a loan application or sift through an initial set of incoming calls within a call center to identify what’s immediately urgent and what’s not. “Today, there’s a great deal of software automation work that’s underway. These interactions look very much like a traditional identity, and our customers are increasingly telling us that they have to manage these interactions just like they manage any other identity,” McClain said.
Another area where identity management is growing more complex is ensuring only the right users have access to all of the unstructured data (PDF files, documents, PowerPoint presentations, etc.) created by organizations today.
Governing access to applications and data
“We’ve always focused on identity governance for applications. That’s the focus of ensuring that an employee, based on their role in the organization, has the appropriate access to their applications, whether an ERP, human resource, CRM or another system,” said McClain. “Organizations are starting to realize that all of the data that lives in those applications get exported and downloaded to local and cloud drives, or to collaboration tools like SharePoint and the access isn’t nearly as controlled,” he said.
“There’s been this Wild Wild West of unstructured data. It doesn’t make sense for organizations to pay so much attention to application security and not also on file security. We don’t do this with our homes. We don’t triple-lock and dead bolt the front door and then leave the back door open,” he said.
What organizations are waking to, explained McClain is the need for properly governing access to files, which is the realization that these unstructured files need a similar level of identity governance as people and applications. It’s a big challenge for organizations because unstructured files are strewn everywhere in an organization.
Similarly, as the number of applications that enterprises now manage – think hundreds if not thousands – and organizations are struggling to keep up. To worsen matters, these applications are spread across SaaS apps and on-premise apps which only adds complexity to the issue. This is yet another new frontier that identity needs to address as the enterprise IT landscape continues to change shape, McClain noted.
With digital transformation driving the creation of so many new applications and digital services, increased software automation, IoT and unstructured data files, it’s clear identity managers, and enterprises will need all the help they can muster to succeed. That’s where machine learning comes in, and its why machine learning/AI will also be such a large theme this week.
The rise of machine assistance
While there are many new identity management challenges arising, there are also new technologies coming to market that can help enterprises to manage identity more effectively and better reduce risk and improve efficiency. And the ability to spot areas that increase risk and identify processes that can be automated are perfect fits for machine learning and analytics.
With machine learning, McClain explained, enterprises can better see who is accessing what resources as part of their job, identify unusual activity, and bring this information to identity teams for evaluation. In addition to detecting anomalous behavior and threats within identity data, said McClain, the technology can also help organizations to better identify and focus on high-risk situations and not spend as much time as they currently do on the lower priority, lower value activities.
As you can see, there’s much to discuss this week at Navigate ’18, and hopefully, you can make the show. But if not, you can still stay up-to-date this week by following @SailPoint on Twitter. The official hashtag for Navigate ’18 is #SPNav18.