Identity Discombobulated – Reorienting Identity in the Enterprise
Authored by Gary Savarino, Identity Strategist APAC
Identity is not a new concept. Since the invention of the ‘digital identity,’ organizations have been tackling the challenges of identity with various approaches for decades.
Identity capabilities, often generically categorized as Identity and Access Management (IAM) or Identity Management (IDM), represent multiple distinct disciplines in the realm of identity. In fact, there are three distinct identity disciplines common in the enterprise. Below we will sail through the main three identity disciplines (in no particular order) and a brief explanation of each.
One of the disciplines, Access Management includes Single Sign-on (SSO) and Multi-Factor Authentication (MFA). These are important elements of overall identity management, representing the key (or keys) to gain entry to the enterprise i.e., you are who you say you are. But what happens when you are in? What’s controlling what you can do or where you can go? What determines the access you have?
Privileged Access Management
Another discipline, Privileged Access Management (PAM) is, as it sounds, designed to protect the enterprises’ most privileged credentials. Think of it as the safe containing the keys that unlock the door to gain entry to your most prized assets. But again, what’s controlling the access of these privileged credentials, and what they can do?
How do we know who has access to what and should they have that access? Enter the third main identity discipline: Identity Governance and Administration (IGA).
Identity Governance and Administration
IGA — often referred to as, simply, identity security — is arguably the most important identity discipline in today’s digital enterprise. SailPoint is proudly recognized as a leader in IGA and helps organizations around the world provide answers to the access questions, similar to the ones posed above, such as:
- Which people (or things) should be given access?
- How long will they need access?
- Should they have access while using another system?
- What is the process to shut down access when someone leaves or changes roles?
Additionally, identity security is foundational to zero trust where implementing and enforcing least privilege access is a key principle. Recently, SailPoint was selected by the National Institute of Standards & Technology (NIST), as the only identity security organization to participate in a US Federal Government collaboration project, “Implementing a Zero Trust Architecture”, in response to President Biden’s Executive order on “Improving the Nations Cybersecurity”.
Why is the focus on identity security so pronounced and emphasized?
Quite simply, the technology landscape has changed. It’s been evolving for many years in a bid to drive increased collaboration and productivity and modernize the workplace. However, in response to the pandemic, the steady stream of digital transformation initiatives in the enterprise accelerated overnight.
The pandemic has changed our world and the way we work, with the workforce transformed (work from home/anywhere) and enabled with fast-tracked digital transformation to maintain business continuity and productivity. Cloud everything, SaaS apps everywhere – accessible anywhere, any device, anytime. But just when organizations felt they could stop and take a breather, enter the rise of bad actors with ever-increasing sophistication in phishing attacks, ransomware, and social engineering attacks forcing organizations to shift their focus.
This shift wasn’t a matter of simply fine-tuning security policies, procedures, and reviewing perimeter security implementations. How could it be when every single person with access to organizational resources now represents a perimeter? If people are the perimeter, then identity is the firewall but not all identities are the same. In line with digital transformation efforts, identity needs to undergo its own transformation. As organizations look to address overall cybersecurity with greater capability and increased sophistication, identity must be able to respond with the same level of increased sophistication.
Identity security represents the convergence of compliance and automation of IGA, which SailPoint is enhancing with its SailPoint’s ongoing investment and innovation integrating true artificial intelligence and machine learning in its platforms, making identity security integral to the overall security ecosystem.
After all, in today’s security orientation, identity security should be everywhere, every device, every time.