Skip to Main Content

My top takeaways from Gartner IAM 2023

Authored by Jaishree Subramania, Vice President of Product Marketing

SailPoint was the premium partner for this year’s Gartner Identity & Access Management (IAM) Summit, which works to unite IAM and security leaders to foster identity-first security initiatives, modernize business models, and advise on a strong security posture in today’s identity era. The growth of identity security is bursting at the seams, which was evident with the number of companies at Gartner IAM this week, and further shows that a lot is happening in identity security right now. Below I’ve shared a few key takeaways from industry analysts at the summit:

Rebecca Archambault, Senior Director, Analyst-IAM at Gartner, on the importance of identity getting a seat at the grown-up table

The shift is happening. Identity security is a business enablement play. A seat at the table represents empowerment and credibility. Key stakeholders need to be in this together, from c-suite executives, security leaders, line of business owners, human resources, compliance/audit to product owners. A key component to a successful identity strategy is the ability to educate stakeholders on the value of identity and how it can enable the organization to deliver business value.

Alignment on the business value is critical. It is imperative to make the identity connection with business outcomes and track metrics. Identity provides the foundation that not only delivers security but also enables business leaders to deliver on their strategic initiatives.

A seat at the table will add credibility and transparency, enabling you to deliver and mature your IAM program. It’s okay to start with a folding chair!

Henrique Teixeria, Senior Director, Analyst at Gartner, on what’s next with Cloud Infrastructure Entitlement Management

Interesting stats to ponder on:99% of cloud security failures will be the customer’s fault. And 95% of identities use 2% of permissions (or less) in AWS. There is an explosion of entitlements, and Cloud Infrastructure Entitlement Management (CIEM) capabilities are growing rapidly to manage entitlement security posture in IaaS. CIEM allows organizations to extend identity security to their cloud infrastructure. However, regardless of environment, a strong security posture and good identity hygiene are necessary starting points to focus on the prevention of identity threats.

To address this need, SailPoint has introduced a single solution for cloud infrastructure entitlement management within its SailPoint Identity Security Cloud.

David Collinson, Senior Director, Analyst at Gartner, on how to significantly improve security with key Identity Governance and Administration features

 Don’t overlook existing investments you’d made in your identity security program. One good example is, the Separation of Duties (SoD) functionality. It’s important to educate business and risk leaders within your organization on how this SOD capability can be applied for key use cases across a range of risks, other than just finance. Start small by applying SOD controls to high-risk items that are not being addressed. For starters, SOD controls can be applied to operational technology and always be audit ready.

Nathan Harris, Senior Director, Analyst-IAM at Gartner, on maximizing business value with IAM

We know organizations that emerge stronger than competitors through economic downturns have been able to manage resilience and growth. We are at a moment where tech is critical and connected to everything.  So, getting specific insights about your identity security program maturity in the context of your business objective is essential. Ask yourself, “What are the top priorities in identity security maturity?”. Then align your maturity improvement plans to your business objectives. And always assess your identity security maturity on a yearly basis so you can ensure you are recalibrating your identity security program for maximum impact.

Not sure where to start? Check out SailPoint’s maturity assessment tool to better understand where you are in your identity security journey.

Other notable themes from the summit were around the need for convergence and a simplified user experience. In today’s age, we need to be triathletes. We need to give equal importance to growth, frugality, and learning. We should find the growth areas and set our focus there. We should be savvy about cutting costs where there is no value and focus back on innovation and growth areas. We should constantly be learning in these ever-changing uncertain times and move fast toward growth. Gartner had a good closing keynote slide that stated – “Time to Learn, Unlearn, and Relearn IAM!” I encourage all cybersecurity leaders to implore that mindset against the threats that lay ahead.