Feet on the Street Navigate 2022 (Day 2)
Authored by Brian Royer, Content Marketing Writer
Day one of Navigate featured an exciting mix of speakers, including industry leaders, and identity champions. Day two of SailPoint’s annual in-person and virtual event just wrapped. We heard from our executives and board member, customers and partners, an analyst and even a bestselling author – and learned a lot. Let’s get to it.
Identity in the Boardroom
Day two of Navigate 2022 opened with a fireside chat between Matt Mills, President, Worldwide Field Operations and board member Tracey Newell. From IT to security to the individual contractor and even the boardroom, the responsibility for securing an organization falls on everyone in the entire organization. Tracey shared strategies anyone can use to promote identity security as a business accelerator to your executive team and your board.
Zero to Hero
A lively CISO-to-CISO panel moderated by SailPoint’s CISO, Heather Gantt-Evans followed the fireside chat. Joining her for a discussion were Omar Khawaja, CISO, Highmark Health; Mary Ann Blair, CISO, Carnegie Mellon University; and Greg Hall, Assistant Director/CISO, Department of Justice, Executive Office for the United States Attorneys.
Per Khawaja, identity’s omnipresence in the enterprise should not be taken for granted. “In many ways, IAM is the face of security to the enterprise. It’s the one security function they interact with daily, and anything we do to improve their day-to-day experience with it visibly will build confidence.”
Likewise, there are dependencies on foundational data sources that, while they can often slow down the initial time to value, can also serve as a living record of what’s possible when implementing successful identity security management.
“The lifecycle of a relationship with a university can be a lifetime,” said Blair. “Matching and merging identity information to master the most current person record, let alone aggregating and managing access rights when people hold multiple affiliations, can be challenging. However, it’s also an opportunity to demonstrate to stakeholders, strong data governance to the shared-business model of value.”
There’s also the matter of data clean-up and staging, which can often slow down the initial time to value.
“The old adage of garbage in, garbage out, is true,” said Hall. “We have to prioritize our data clean-up efforts. We must make time for process improvement and understand the relationship between data sources and critical business processes, as well as the people and devices and the data sources we have for them.”
That ability to showcase value across the business can resonate powerfully with stakeholders, so long as its outcomes are clearly articulated. “Imagine if the last time you bought a car and the salesperson spent all of their time explaining how the engine worked, most of us would never buy the car. We don’t care about the engine; we know it’s important. I care about my experience in the passenger cabin. I care about climate control, GPS, Car Play, and how the vehicle takes a turn. The engine may be the most important part of the car, but I don’t care about it.”
Which led the panelists to discuss how identity fits into implementing Zero Trust for their organizations.
Khawaja believes CX, or customer experience, is key to making a case for it in the business. “You have to engineer IAM for customer experience, just as much as Zero Trust – if the CX is poor, the ZT objectives will not be met sustainably.”
“Unlike many other organizations, our customers are our networks. They are on our networks during business hours and non-working hours. Many are also workers with more privileged access than typical customers. Safeguarding student credentials and access is as essential as for faculty and staff, including system administrators, who may manage their own sets of local accounts. Identity security must support and enable that culture,” said Blair.
“The federal government has recently codified its Zero Trust strategy. By doing so, it effectively acknowledged that even the federal government could no longer depend on conventional perimeter systems to protect its critical resources,” explained Hall. “It also put forth this paradigm of Zero Trust: you can’t trust actors, systems, networks, or services inside or outside the wire. Instead, you must continuously validate users, devices, applications, and transactions, so it becomes foundational for the federal government moving forward.”
Not a Project, a Program
Day two also featured a Fireside Chat between Chief Marketing Officer Wendy Wu and Merritt Maxim, VP and Research Director at Forrester, on the acceleration of identity security adoption across industries. Echoing Mark McClain’s keynote address of how the pandemic influenced companies to pivot to virtual and hybrid work before most were ready to do so, Maxim confirmed that the push to remote work drove an immediate need for users to have quick and seamless access to applications coupled with increased sensitivity to the risks that come with it, including excessive or inappropriate entitlements. That said, for those organizations just beginning their identity journey, Maxim noted that it’s less critical where to start (provisioning vs. access governance) than to keep going once you start, as “Identity is not a project, it’s a program.”
He also suggested that while identity management is mature – several decades old, in fact – “the innovations happening today including in AI/ML are helping to improve automation of various IAM processes whether it’s for anomaly detection among access rights and usage or for driving intelligence around entitlements.” Various additional topics followed, including SaaS options related to identity management, the benefits of a converged platform, and cloud identity governance. For takeaways, Maxim encouraged companies to maintain and even increase their investment in identity-related controls to protect their critical infrastructure assets.
The afternoon keynote on day two featured Special Guest Speaker Daniel Pink, #1 New York Times Bestselling Author of The Power of Regret, When, To Sell is Human, Drive, and A Whole New Mind. His talk, 5 Ways to Navigate What’s Next, was framed around “The Great Sorting” and a group of work-related, even human-centric considerations: collaboration vs. going solo; synchronous vs. asynchronous work, and, given the fallout from the recent pandemic, what is an office for? And, of course, what is a company for to its natural extension?
Briefly, the five ways he offered up to help find our footing in this New World included: (#1) Default to autonomy on the job as opposed to control; (#2) Have two fewer conversations at work around “here’s how” and focus two more around “here’s why”; (#3) Make progress in meaningful work by memorializing daily progress, so it becomes a ritual; (#4) Take breaks when you need them and think of them as part of your performance, rather than deviations from it, (this includes taking 15-minute walking breaks where you’re not discussing work with a colleague and your phone is left somewhere else); and finally (#5), based on a research project that surveyed regret among global citizens, where a recurring theme was inaction, either on the job or in their personal lives, Pink encouraged everyone to “Take Chances. Don’t play it safe. You Won’t Regret it.”
Following a brief Q&A where he joined the best-selling author on stage, CEO Mark McClain thanked everyone for attending Navigate 2022. Encouraging feedback from all attendees, he also announced that Navigate 2023 will take place in Austin, October 9-12, 2023.
We hope to see you there!