What an exciting time to be in identity. Identity is taking the critical role in enterprise cybersecurity that it always should have. We recently attended Identiverse (where the more than 2,000 attendees are referred to as the “Identerati”) and saw how mainstream identity has become in the overall cybersecurity market.
The core theme throughout the conference was how people, applications and devices are gravitating toward a digital world where they all recognize and interact with each other. This digital world is being built on a foundation of identity security designed by a community of people with a shared vision, from technologists and practitioners to thought leaders and end users. In other words: we live in a world of identities.
As a gold-level sponsor for our second year, it was so exciting to see how the focus and consistency of the event themes align with SailPoint around putting identity at the center of an organizations’ IT, security and governance-based initiatives.
One of the constant conversations that I had at the SailPoint booth was around the ongoing challenges that organizations are confronting today with how to adapt their current cybersecurity strategies to an ever-changing IT environment in the face of privacy concerns and cyber-attacks that are growing more and more sophisticated every day. With the on-going proliferation of enterprise applications, data, cloud services, mobile, intelligent devices, and smart software automation — enterprise defenses such as anti-malware, firewalls, and traffic encryption just aren’t enough. All of these technologies are essential, but any layered defense needs a robust identity governance strategy and approach.
These conversations were consistent with the key themes and sessions throughout the conference.
The Continued Threat of Cyberattacks
Cyberattacks were top of mind at this year’s Identiverse. Our recent survey found that 44 percent of organizations had suffered at least one data breach in the last year and that the average was almost 30 data breaches per organization. With the potential risk to an organization’s reputation and soaring costs, organizations cannot afford to ignore the data breach problem. Identity governance can provide the visibility an organization needs to mitigate the risk of data breaches as the perimeter becomes less effective. This is of course why we continue to hear this on-going theme around “identity as the new perimeter.”
Richard Bird, Optiv’s Client Director, summed this up in his keynote. Richard discussed how corporations have spent millions and, collectively, billions of dollars on security programs in the last decade. Hackers, with far less money and far fewer resources routinely defeat these defenses. Not because the defenses are wrong, but because companies refuse to put identity at the center of their security framework. Identity-centric security is the only way to win in a world where every information security organization is already out-manned and out-maneuvered by the enemy.
Data Privacy and Compliance
It’s no surprise that data privacy and compliance was top of mind for attendees considering the recent implementation of GDPR. When talking with attendees, it’s clear that GPDR compliance is still a bit of a mystery, and part of that stems from the fact that most organizations are struggling with how to manage all the data they have stored in files and, as it relates to GDPR, how to find the sensitive data stored within those files. This data, commonly referred to as ‘unstructured data’ (think of all the files you have stored in Box, out on SharePoint, in PDFs, etc.), is everywhere, it’s growing rapidly, and organizations are struggling to get it under control in the face of GDPR and future global regulations that will surely follow. However, organizations need not reinvent the wheel. For those that are already managing their users’ access to applications and systems with identity governance, that same strategy can be employed to manage their access to data stored in files. Governing access to data stored in files is one of the new areas of focus and innovation in identity that we expect to rapidly pick up steam in the months ahead, particularly in light of GDPR.
It certainly is an exciting time to be in identity. As evidenced by this year’s Identiverse conference, the world’s digital ecosystem is in a constant state of evolution, and identity needs to evolve to meet these new challenges.
As you try to make sense of all the identity needs your organization faces, start by asking yourself three fundamental questions: Do you know who has access to what data and resources, who should have access to your company’s data and resources, and are those who do have access acting responsibly?
That’s a good start.
You might also want to check out this video to understand why identity is security