Navigate ’18: All About Identity at the Speed of the Modern Business

It’s indeed taken some time. And it’s taken much longer than I ever thought it would, but identity management is finally taking the central role in security it always (in my view) should have held. For decades now, providing access to those who need it (and only those who need it) to the right applications and resources was key to security. But for whatever set of reasons, identity was treated more of a way to increase efficiencies and productivity than security.

Not anymore. It’s clear today — with the proliferation of enterprise applications, data, cloud services, mobile, intelligent devices, and smart software automations — that staple enterprise defenses such as anti-malware, various flavors of firewalls, and traffic encryption aren’t enough. All of these technologies are essential, but any layered defense needs strong access control and privilege management.

The security industry has long been heading this way, but we’ve just recently passed the inflection point. Consider the points made in SailPoint CEO and founder Mark McClain’s keynote. His keynote focused on the enormous amount of digital transformation enterprises currently have underway. He spoke about how identity helps maintain the balance between the speed of business and security.

McClain cited a recent survey that questioned business leaders regarding their most pressing concerns, and it found that it wasn’t global trade tensions, geopolitical flare-ups, or other areas of unease — it was Amazon. These business leaders are concerned about being digitally disintermediated.

This shows how the scope and the scale of business-technology is not only more complex, but it’s more important than ever.

What does this have to do with identity? Just about everything.

As enterprises digitize and automate more business processes, they are deploying more applications, using more on-premises and cloud-based systems, and generating a lot more data. And, increasingly, there are more intelligent bots that are accessing data and making data-driven decisions on enterprise data. These bots have expanded the concept of identity. SailPoint chief product officer, Paul Trulove went into more details in his keynote, The New Identity Frontier.

In his talk, Trulove predicted that AI will soon help enterprises to better manage access to all of these new (and existing) applications, systems, and data by helping to identify better what normal access looks like and then provide necessary insights on how to adjust. And it’s such data-driven (as opposed to gut-driven) decision-making that would make Jeff Ma (of MIT Blackjack Team and movie 21 fame). Ma showed, as Anna Lindsey covered in her Feet On The Street At Navigate ‘18: Part II post, Ma’s presentation focused on how to make better decisions with information, avoid omission bias and gut feelings (which are often wrong), and trust a well-proven process over the most recent result. All good advice for anyone who is trying to better manage and mitigate risk.

And manage risk better is something every attendee to Navigate ’18 is striving to do. During the Customer Identity Panel, for instance, Humana’s director of access management, Andy Weeks, spoke about how cloud helps the health insurer keep up with the accelerating pace of their business. “We look to the cloud to speed velocity. It’s very important for users to be able to keep up,” he said. In addition to turning to cloud-based identity tools, Weeks said they are always looking for ways to accelerate the pace of their identity management team.

How does he hope to do that? More data-driven decision making. “We need data analytics to be able to make better decisions intelligently,” Weeks said.

I’ve no doubt about that. And I don’t think any of the attendees this year would have much, if any doubt, either. Now that it’s clear to nearly everyone that identity is central to success, and security, of the modern enterprise, identity managers and organizations are going to need all of the guidance they can gather to ensure their identity governance efforts are effectively and successfully piloted forward.