Infosecurity Europe, the region’s number one information security event, is wrapping up today, and I was fortunate enough to be able to join the SailPoint Crew on the ground in London to experience it for myself. The event’s venue, the Olympia London, provides an interesting contrast. Vendors come from all over the world to showcase the latest innovations in cybersecurity, all housed in a historical building that is more than 130 years old. And if our conversations at the SailPoint booth are any indication, this is a great metaphor for the struggle most enterprises are facing today. Namely, how to adapt their older cybersecurity strategies to an ever-changing IT environment in the face of hackers that are growing more sophisticated each and every day. Throughout my conversations the conference, several themes emerged around this struggle.
The Compliance Challenge
It’s no surprise that compliance was top of mind for attendees at Infosecurity Europe in light of the recent implementation of GDPR, even without the constant data privacy emails and cookie notifications when navigating to any website. The elephant in the room we’ve all been avoiding is here to stay, and everyone is waiting to see which organization will be the first example of a GDPR violation, setting the precedent for future data breaches. When talking with attendees, it’s clear that GPDR compliance is still a bit of a mystery, and part of that stems from the fact that most organizations are struggling with how to manage all the data they have stored in files and, as it relates to GDPR, how to find the sensitive data stored within those files. This data, commonly referred to as ‘unstructured data’ (think of all the files you have stored in Box, out on Sharepoint, in PDFs, etc.), is everywhere, it’s growing rapidly, and organizations are struggling to get it under control in the face of GDPR and future global regulations that will surely follow. But organizations need not reinvent the wheel. For those that are already managing their users’ access to applications and systems with identity governance, that same strategy can be employed to manage their access to data stored in files. This is one of the new frontiers in identity we expect to rapidly pick up steam in the months ahead, particularly in light of GDPR.
The Growing Threat of Cyberattacks
Cyberattacks were also top of mind at Infosecurity Europe, and for good reason. Our survey results released earlier this week found that 44 percent of organizations had suffered at least one data breach in the last year, and that the average was almost 30 data breaches per organization. It’s a wonder that IT teams have time to do anything else beyond protecting their organizations from the next big data breach, or alternatively burying their heads in the sand. With the stakes (and costs) being raised so exponentially, organizations cannot afford to ignore the data breach problem. Identity governance can provide the visibility organizations needs to mitigate the risk of data breaches as the perimeter becomes less effective, and I have a feeling this is why our booth presentations on using identity governance to improve your security posture were some of the most well-attended.
The ‘People’ Vulnerability
We all know that people are one of the leading causes of data breaches. We’re only human after all. As a result of this, people, or as we call them at SailPoint – users, were a big focus for organizations across the event. Whether it’s giving the right users the access to the right applications and data, helping them update that access when they change or leave jobs, or making sure they are who they say they are, users are a key factor in any organization’s security strategy. The failure to secure them properly can be catastrophic for an organization. Users – be they employees, contractors, partners or even bots – are the fabric that ties all of the increasingly disparate applications and data together, especially as organizations move into hybrid IT environments. How can IT teams address this growing challenge? Through a comprehensive identity governance strategy.
Maybe it’s the SailPoint Crew goggles, but when I walked around Infosecurity Europe and talked with customers, partners, journalists and even just booth visitors trying to understand what identity governance was, the value of the visibility that identity provides became even more obvious. And while new challenges might emerge – as is the current case with data stored in files and GDPR – governing all digital identities and their access to systems, applications and data absolutely need to stay at the center of cybersecurity.
Still wrapping your head around securing the sheer volume of apps, users and data? Watch this video to understand why identity is security.