Skip to Main Content
Market Views Icon
Gain insights from identity security experts
Find out why KuppingerCole named us a leader in IGA. Get the Report
Take an interactive product tour.

Identity is Security: With Sensitive Data Comes Great Responsibility

 |   |  Market Views

With GDPR came a cascade of new privacy conversations. This week, we saw that conversation turn into action when the US’ National Institute of Standards and Technology announced it is extending its cybersecurity framework with a privacy framework. In their statement, they said the new framework will “bridge the gaps between privacy professionals and senior executives so that organizations can respond effectively to these challenges without stifling innovation.”

In theory, these privacy regulations and guidelines are meant to force good behavior by companies. But we have a long way to go to breaking bad habits. Our research found that even IT pros are breaking well-known password rules. In response to the sweeping password-hygiene issue, Google announced it’s going to add a baked-in password manager to Chrome to help push people in the right direction. Let’s be clear though, this doesn’t absolve each of us from doing our own security due diligence.

And speaking of privacy, on the data breach front, British Airways was breached, exposing customers’ personal and credit card data. While the airline seems to have addressed and disclosed it quickly, the breach serves as our weekly reminder that humans are the new security perimeter and attack ‘vector’ of choice today.

And in other cyberattack developments, a North Korean hacker who was behind the Sony breach and WannaCry was criminally charged this week by the federal government.

To close out this week’s news recap, let’s talk about bots. We’re long past the hot topic part of the bot conversation and what to do when the bots take over. What we should be discussing is what to do with these bots, especially as the stakes only grow higher on protecting data, or else. Bots aren’t people, yet they are accessing data, making decisions on that data and then performing actions around it. So, we leave you with this: Treat and govern your non-human users like you do your human users. 

Until next week, stay secure!

Related Articles

5 tips for strengthening your identity security program with integrated data access governance

April 9, 2024  | SailPoint

Don’t wait, accelerate: Non-Employee Risk Management launches QuickStart Templates

April 4, 2024  | SailPoint

Discussion