There’s a lot of evolving risk facing enterprises today, whether it’s the risks associated with costly data breaches or from failing to meet regulatory compliance or ever-changing enterprise technologies fueled by cloud services and new intelligent bots — how enterprises manage identities must adapt.
That was the essence of SailPoint’s chief product officer Paul Trulove’s keynote The New Identity Frontier. There were three core areas Trulove identified within the enterprise where growing scale and complexity is making identity management more central than ever:
The User Frontier: Who, or maybe better yet what we consider an identity is changing. While enterprises have long focused on managing access rights and privileges for employees, contractors and partners there’s a new enterprise type coming to the cloud and data center: intelligent bots, or Robotic Process Automation. “These bots are accessing data, making decisions on that data, and then performing actions,” said Trulove. “When we give such access to people, we vet that access. We need to do the same for our bots,” he said.
The Application Frontier: While most enterprises used to typically govern access to several hundred applications, cloud services are expanding the number of applications which need to be governed within larger organizations to more than 1000. “It sounds like an unbelievable number, but when I speak with larger enterprise customers this is how many applications they have to contend with,” Trulove said. As the number of applications continues to grow, including cloud services outside of the data center, identity governance must also adapt to this increased scale and applications both on and off-premises.
The Data Frontier: While the increasing number of applications creates identity management challenges, so does the rising amount of data stored in unstructured files. There’s a lot of sensitive information that is being created and stored in the enterprise and outside the application. By end-users copying and storing that in unstructured files in collaboration platforms such as SharePoint, or cloud storage services a significant amount of risk to company data is being created, Trulove explained.
Considering the growing pressures associated with new types of users, increased applications, and vast volumes of unstructured data enterprises must ultimately take different approaches to managing identity. Fortunately, Trulove predicted, newer technologies such as AI are arising to help enterprises make more rapid, intelligent identity and access decisions.
For instance, AI will help enterprises better distinguish how access is being used and quickly determine normal usage from suspicious usage. When organizations can understand that for a particular user on a particular system, what normal access looks like, they can then suddenly identify suspicious activity and terminate that access or, following an assessment by the appropriate team, determine that access is valid and then permit it. In essence, risk is a lens through which we will govern in the future.
Such technological advances show that, despite growing risks and complexity in managing enterprise technology and data, it’s not all doom and gloom, said Trulove. “There are many ways AI and identity will help spark innovation,” he said. “AI will help us to govern smarter, define risk more precisely, and enable enterprises to move forward much more nimbly and with less risk,” he said.