How do you quickly empower remote workers with the right tools and applications? Or swiftly onboard hundreds of temporary workers to meet increasing customer demands Successfully navigating a crisis means ensuring the right people have the right access to do their jobs — and fast. It’s time to rethink Identity.
Watch this webinar with SailPoint & EY to learn how you can:
- Rapidly enable a secure remote workforce
- Automatically onboard hundreds of new contingent workers
- Stay secure in a time of crisis
SailPoint Marketing: Welcome and thank you for joining SailPoint and EY on our webinar workforce continuity in a time of crisis. I’m Kirby, your moderator today.
SailPoint Marketing: Joining me is Jacqueline Brinkerhoff , Solution and Product Marketing Senior Director and Sam Tang Managing Director, Chief Identity Architect at EY. Additionally, will have a special guest speaker today, Dave Burg, Americas Cyber Leader at EY.
SailPoint Marketing: Without further ado, I’ll go ahead and hand it off to Jackie.
Jackie Brinkerhoff: I thank you, Kirby and appreciate that. So let’s go ahead and just cover the agenda for today andnagain, welcome everyone for joining us.
Jackie Brinkerhoff: So we have a special guest as Kirby mentioned. We have Dave Burke from EY and Dave’s going to be providing us a keynote of the client perspective of what EY’s been seeing throughout these times, and then we’ll go into more deeper details and information regarding SailPoint and EY, and what we’ve been seeing in the market, especially during the last few months, and what organizations should be doing today to be able to continue navigating these interesting times.
Jackie Brinkerhoff: And then also how to actually, you know, put a plan and start moving forward as we move through all of this. So with that, Dave, thanks for joining us. I’m going to turn the time over to you.
Dave Burg: Wonderful, thank you so much, and it’s a pleasure to be here today. What I wanted to do just briefly is share some perspective based on feedback that we have heard or seen working with our clients, principally in North America, but many of them are large multinationals that operate all around the world. And you know, it’s very interesting, a shock to the system like this COVID shock can be the event that enables businesses to really re-examine themselves in many ways. And we certainly have seen that I think in a couple of respects that tie directly to the relationship that we have with SailPoint involving secure collaboration and authentication using a variety of different technology platforms. And so what I think is quite interesting is that, you know, when COVID hit, many of our clients were well position. They had a mobile workforce strategy in place and they were able to activate that strategy.
Dave Burg: There were of course clients and companies who were not ready, who did not anticipate a need to take what could be thousands or in some cases 10’s of thousands of employees and accommodate their ability to be able to securely authenticate and then collaborate with enterprise applications. And there was a heavy left, I think, you know, in reality, and in balance. I think that many of the challenges that our clients face had more to do with load balancing as opposed to standing up an infrastructure. But I think that story changes when you go down into small midsize companies who just may not have had a plan.
Dave Burg: There was a lot of technical work and a lot of on the fly decisions made about technology, which has today, I think, some lasting risk residue that they will have to pay attention to, which is really looking at the technologies, looking at the security of the communications, the security of the movement of data.
Dave Burg: From endpoint in application outside of the application back to endpoint, and perhaps the persistence of that information.
Dave Burg: I think the other areas that I think are very important and are likely going to be areas of focus now and for the next few months will be, for example, enabling secure authentication to manufacturing environments. So moving away from having to have a human being physically add a workstation managing a particular machine or a process.
Dave Burg: But recognizing the fact that we will likely see additional waves of COVID, either in the fall, or beyond that, that there may be a need to be able to manage that type of manufacturing environment at scale without having the ability to have a human being present again at a site.
Dave Burg: So I do think that the summertime is going to be a time of examination of where would be possible to enable those kinds of business processes.
Dave Burg: And I think that’s going to be really important. I think the other area that’s very interesting is, if you think about the negative consequences of COVID on so many businesses, particularly on those that have an element that is retail oriented or where a consumer needs to be physically present to be able to purchase a product or a service. And I know from talking to the CEO of a large retail oriented company that what they’re focused on right now is putting a lot of money into completely changing the way that the customer experience unfolds. So that if another lockdown occurs a consumer could purchase a new product or service completely remotely.
Dave Burg: But that means establishing net new technologies and really just changing the consumer experience radically.
Dave Burg: I think this is going to be a very big deal. And I think it’s going to be a big opportunity for all of us where we work in the secure authentication and identification space to enable these net new business processes, whether it’s remote workforce, whether it’s remote management and manufacturing capability or whether it’s a remote customer accessing a new type of consumer experience. We are going to be looking for working together, having an ability to to implement these kinds of new ideas. These kinds of new technologies. But, of course, have the right security naturally embedded in the solution. So I think that, you know, with challenge comes opportunity and right now there’s an enormous amount of collective opportunity for this for the group that’s on the line here today in to contemplate.
Jackie Brinkerhoff: Dave, thanks so much. And yes, a lot of great information there. And through a lot of this chaos. I guess is what you could call it. There’s always opportunity for, you know, new concepts, new innovations ways to change. And so, thank you.
Jackie Brinkerhoff: So let’s drop in and take a look and cover, you know, from a SailPoint and EY standpoint, what we’ve been seeing out in the market. And over the last past couple of months we’ve certainly been seeing a lot of change as he probably have across every industry.
Jackie Brinkerhoff: Every country organization and even every individual like you and me, we’re all having to take on changes in the way that we work as well as the way we live, and not only have we as workers experienced adjustments, such as having to work from our homes, but also if your parents, you’re getting to juggle being the teacher and the nanny, and the dog walker and the cook, and you know, and the list goes on. But one thing’s for sure, we’re all getting to stretch in some way as we’ve been navigating these interesting times. And it’s definitely stretched us.
Jackie Brinkerhoff: And so, as we’ve been observing organizations now navigating their way through this crisis. We’ve seen some key areas of the business that have been pretty much common for most.
Jackie Brinkerhoff: First of all, digital transformation plans that have been either on the table or have been scheduled when this happened. Everything was immediately fast tracked or most things were fast tracked and executed upon in order to facilitate supporting.
Jackie Brinkerhoff: The needs of this work from home model and supporting the needs of the business and ensuring that the workers had the right access to the tools and the applications, as well as the data that they need to do their jobs. However, this hard left turn or hard shift meant that some apps that were traditionally delivered perhaps on site from their data center.
Jackie Brinkerhoff: For instance, email, we heard of like a company that had to stand up an email application almost overnight and even some core business productivity applications. They all had to get stood up very quickly and the workers had to get provision very quickly. So they continue their work from home.
Jackie Brinkerhoff: And in some cases, remote workers had to be provisioned with new or additional hardware as well as VPN access for instance and access to these applications, including also collaboration tools like zoom and the other suspects that we’ve been using that may not have been used previously.
Jackie Brinkerhoff: And if you can imagine if you’re in the IT department, the Help Desk calls were getting flooded and everyone needed access and people were needing to respond quickly and so a lot of this quick swift action really centered around provisioning, access provisioning of the right access and helping workers do things even like resetting passwords.
Jackie Brinkerhoff: And in many industries. If we look at healthcare, for instance, different industries really have to respond very quickly in different ways. So in the case of health care a lot of what we saw was bringing on, you know, retired doctors or doctors and nurses that were perhaps not necessarily a payroll, but they we they had to determine how to quickly onboard them in volume in bulk.
Jackie Brinkerhoff: With access to medical information and systems so that they could treat patients and that was definitely a time based pressure, and as Dave mentioned, you know, there were other industries like manufacturing and retail that’s been having to respond quickly by not only bringing on contingent temporary workers to help with the onslaught of demand for new products, new production lines and and keeping up with demands from consumers, but it also extended out to suppliers and vendor to ensure that these other types of entities that you may do business with. That we’re able to communicate and collaborate and access the systems and information needed to keep the supply chain flowing so that we, as consumers can get things like masks and food and, dare I say toilet paper and and basic living essentials.
Jackie Brinkerhoff: So unfortunately there’s the other side of the coin where we also saw some organizations who found themselves having to furlough some workers because of mandated restrictions. So ensuring things like access was given properly, or revoked in the case of this example, was now another challenge that had to get addressed very quickly.
Jackie Brinkerhoff: And that’s all of this was happening. It was interesting to observe how behaviors quickly shifted initiatives.
Jackie Brinkerhoff: Organization who typically would have security as their top level priority during this time, we observed that they kind of switched due to priorities and the demands that I just talked about.
Jackie Brinkerhoff: And if you can take a wild guess, actions were taken in the spirit of maintaining continued productivity and while security and compliance are still important they may have inadvertently taken a backseat, if you will, for the time being, and this was seen as just get people access and the access they need, so we can just keep moving things forward, which has been resulting in a lot of users like the employees and the vendors and the contractors perhaps being over provisioned with access in some cases. So Sam. Thank you for joining again in joining me on this call today and I’m sure EY has been keeping a close contact with your clients through this time.
Jackie Brinkerhoff: What have you been seeing from your perspective, with regards to the rapid changes that have been taking place. And how have you been seeing organizations reacting to all of this.
Sam Tang: Great, thank you for having us Jackie, and giving us the opportunity to speak to what we’re hearing, what our thoughts are on how this is impacting not just your clients in the business environment but separate security IGA.
Sam Tang: As a whole, I’m so proud to be part of the SailPoint family all this time. I’ve been part of the SailPoint family since the 90s. So a little bit of aging with myself.
Sam Tang: And I also want to take the chance to thank Dave Burg and EY leadership and how they’re responding to the crisis and there’s certain things. Even for the first time when they called an all hands on deck cyber meeting about a couple months ago, several key themes actually resonated with me and it still applies. It still applies to the product priorities of what people should be focused on and the themes are to be resilient. And I think that’s a word that I’ll be using quite a bit today, be strong, be empathetic be helpful.
Sam Tang: It can be these things for your family, your colleagues, your clients and just for people.
Sam Tang: And be sure to stay connected and continue to educate people on collaboration and use collaboration tools to stay in touch.
Sam Tang: And finally he said, We will get through this. And that’s very important to me because as we’re working through this, the key themes I just mentioned really applies to everything we’re trying to do with cybersecurity as well and even earlier this week, the New York Governor, there are certain key points that again just very common. It’s related back to what I heard two months ago from Dave, some key points I heard their life will be different, different but better.
Sam Tang: And build back better once we get started again and we will be tougher smarter, more resilient more unified just better. And notice that again.
Sam Tang: The reason why I said that I’ll be using the word resilient is because the theme is really truly how to, how do we actually get her clients.
Sam Tang: More resilient through the use of tools like IGA automation and visibility and analytics. So going back to your question, Jackie, What are we hearing from our clients about how people reacting to work for us and consumers? So, I can tell you of all the conversations I’ve had there’s there’s five key questions that are emerging from our clients and some things we have to address.
Sam Tang: And most of the questions could be addressed by really having better controls for a framework and shorthand on your risk and controls.
Sam Tang: Posturing and on the surface, as well as in the data and infrastructure and more importantly on automation and innovation that there are going to be net new tools like Dave said that’s going to attract a lot of these issues that we face. Some of the questions, What is good security posture and hygiene mean in the new norm? How prepared are we for the rebound? How do we guarantee safety to the workforce? How agile and resilient are we in supporting the business and the ever changing business model that would that environment that we’re in right now? What is the impact to to compliance and governance around the controls on the surface? It may not seem that different or complex but returning to work prevents presents logistical and also security challenges.
Sam Tang: And the word that we use is the old way but the old way is not going to allow you to have visibility as to what you need to do in the future. So, and the last question we’re hearing from our clients, How will the workplace workplace and physical security be impacted? Because the workplace is very social. And what does that mean to the workplace. What does that mean to security. What does that mean to the controls that we have to put in place. So we’re going to cover a lot of these topics in the session. So with that, back to you, Jackie.
Jackie Brinkerhoff: Okay. Sounds good. Thank you, Sam, you know, through all of this, we have seen that there’s some good news and some bad news, as we’re navigating all of this. And since since I typically like to get the bad news out of the way when someone poses that for me, I was going to just hit on that first. So, you know, again, let’s looking at what’s going on.
Jackie Brinkerhoff: You know, the bad news is that the criminals thrive on change cyber criminals, they just capitalize on it. And if you think back to that we’re going to use your terms and the old days, or the olden days. Remember the days when thieves would actually like steal in person and they would typically take advantage of when things were in flux. So, when the money bag would be leaving the bank and going into the truck. At least that’s how I remember from the movies.
Jackie Brinkerhoff: You know, they would, they would pounce, and they would do their heist, but in this case it’s really gone to digital world. And so with the changes in the workforce that have been taking place the cyber criminals have been taking advantage of that and it’s no surprise that workers are people, you know, have been the new attack vector for quite some time. They’d rather actually steal a workers credentials or users credentials and they compromise their account so they can gain access to the systems and data just because it’s so much easier to do that then breaking through the network perimeter, for instance, and they’re using tactics like phishing emails and installing malware. And I’ve even seen some reports of some ransomware happening out there.
Jackie Brinkerhoff: And it really you know is, is not shocking. Unfortunately, and to validate this, I saw a study conducted by CSO. It was a pandemic and impact survey that is just sharing here and they actually did this in March. And so it was done very quickly and back then in March, does not seem so far, long ago.
Jackie Brinkerhoff: Organizations were reporting an increase in volume, not only the volume but also the severity of cyber attacks and have a feeling that since this was done in March, that this number. The 26% probably has steadily been climbing. And now that we’re another month and half into this.
Jackie Brinkerhoff: So Sam, you know, how does this correlate with what EY’s been triaging and with your clients are they experiencing, you know, a new wave of attacks and threats that haven’t necessarily been seen before?
Sam Tang: Um, quick answer, Jackie, is that we always see new ways of how hackers attack. And if there’s any group of people the hackers are absolutely very resilient. So that’s what we’re dealing with, right. So the real question is, how easy is it for bad people and hackers to attack us. How do we stop that creativity that’s in front of them, because of the remote nature because of the business environment that we’re in right now. It’s absolutely exposing some things that we need to harden, that’s exposing the controls the weaknesses of some of the controls in some of our clients and it’s elevating the need for, especially going back to take a look at some of the frameworks like nest, to take a look at what the controls really mandate and to seriously take a good look at that now.
Sam Tang: So I’ll speak about a couple things here as an example, due to the nature of working from home, what we’re seeing is that before it was bring your own device, but now it’s actually use your own device at home. And so it’s on the flip side of that is we’ve seen with some of our clients is that because of the nature of some of the things that the resources do they’re actually bringing office devices back home to be used, because they have to function and the way they operate is that they have to bring devices back home as well. And additionally, the elevated requirement for MFA in the VPN.
Sam Tang: So those are the things that we’re seeing right now that we’re exposing quite a bit. And the reason why I mentioned and Dave mentioned endpoint protection and that’s much more the case today and to expand the requirement for the use of governance product, IGA products and also privileged access.
Sam Tang: And for the enterprise level, it’s for the purpose of continued productivity. We have been getting involved with things to look at from operational, security, financial challenges. But more importantly, how do we get the workforce back to work immediately and and of course VPN is one of those techniques.
Sam Tang: Two more points I want to share, awareness and visibility, and it’s elevated quite a bit. The phrase ‘we don’t know what we don’t know’ is no longer acceptable and this is, this has created the requirement for people to consider analytics and intelligence and put that on top of the priority list because especially now the movement to the cloud and people having access to cloud. Now the remote workers. So it’s timely, that’s a good point actually acquired some of the product of the event of the acquisition they made which is the cloud governance services and products in Orcas and Overwatch ID as part. It’s just very timely because the visibility of the cloud is very important and the launching of identity is very timely as well.
Sam Tang: And the the physical security last point I want to make, the logistics of a physical workplace. Something I found out by talking to my APAC and my EMEA counterparts and I wanted to see how they’re responding to physical security in general. And one of the things that they brought up, which I really didn’t even think that would be important are elevators, how do you actually operate the elevators, where it’s only one or two people that’s warranted to use the elevator. I live in New York and in our office, it’s 5000 more people and to allow workers go back to the workplace, with the social distancing it prevents quite a bit of a challenge.
Sam Tang: And one more example I want to give on physical security, I would think that because of the business modeling that I would see a lot of reduction on physical access. Therefore, you need to automate the removal of access as well because of risk. Right. So with an IGA product you can absolutely automate and in most of our implementations that we see physical architecture and physical security is always a separate process and it’s not integrated with logical access and we must take a look at that and we must join the two points of views and have a holistic approach to granting access.
Sam Tang: And so, the surprising thing is that one of the CSOs told me that the call centers they have not only are they not reducing the requirement for people because of some of the call centers financial services organizations, that they have no choice but to be inside the network because of security and privacy and so on so forth. And because of social distancing you can’t see more of that as they would in the past. So distancing has forced people to actually even expand on physical access.
Jackie Brinkerhoff: That’s very interesting. And it definitely is new ways of thinking. Who would have thought, even a year ago, we would be talking about something like this.
Sam Tang: And Jackie. I’m anxious to get to the good news. And so, back to you.
Jackie Brinkerhoff: Well, yeah, let’s get to the good news because there is some good news out of all of this.
Jackie Brinkerhoff: And, you know, while there’s been a lot of challenges during this time, I think it’s well worth a moment to stop and appreciate some of the great things that have been observed as well.
Jackie Brinkerhoff: First of all, there’s been some organizations that were prepared as Dave mentioned at the beginning of this call.
Jackie Brinkerhoff: And they were prepared because they have the right processes and the tools in place so that making a shift.
Jackie Brinkerhoff: Was not as dramatic to them as it may have been for others. And as we talked to them. We attributed their smooth sailing due to having clear visibility and controls like you were talking about Sam.
Jackie Brinkerhoff: And those controls and visibility were over user permissions due to having an identity governance program in place.
Jackie Brinkerhoff: And what they’re also getting out of it is the ability to avoid this this issue of over permissions are too much too many permissions, which can lead to access creep.
Jackie Brinkerhoff: Which creates the new vulnerabilities and targets for these bad guys that were just talking about or even instigate maybe insider threats and so it’s also been assisting with handling, you know, temporary privileges that are needed for these temporary vendors and workers and partners that you know, have been coming online to help with all of the lifting and shifting and the working. In fact, one of our cell phone customers and we’ve been in close contact with them and they one of them reported back that they were to retail customer and they were able to move their retail location meetings all to virtual meetings in six days. Like, wow, that was six days.
Jackie Brinkerhoff: That’s really good compared to what we’ve been seeing out in the market with some other companies and they were attributing that thanks to automation because they built automation around their identity platform.
Jackie Brinkerhoff: And they were able to move from physical meetings and they had 800 retail stores where they would do these physical meetings.
Jackie Brinkerhoff: And which encompassed over 10,000 users, not only in the US but internationally and so they’ve gone to a full virtual meeting experience.
Jackie Brinkerhoff: Using zoom. So kudos to to them and kudos to the rest of you who are who were basically prepared because it was just the way you were already doing business.
Jackie Brinkerhoff: So Sam. In some ways it’s exciting to see how it is really coming forward as this game changing component
Jackie Brinkerhoff: That’s allowing organizations to be more strategic through times like this, rather than having to get stuck in the mire of manually addressing you know and provisioning workers that are shifting and processes that are just, you know, that addressing a distributed remote work capacity.
Jackie Brinkerhoff: But I guess the good news doesn’t stop there. I remember you mentioned to me how this crisis has actually been a forcing function for some other cool innovation. So maybe, would you mind just touching on you know some of the good news and the benefits and then kind of share with us some of the other cool nuggets that you’ve been hearing. Great.
Sam Tang: Thank you Jackie. So with that I would like to give one of my colleagues, a plug and one of the key themes that Dave had set forth for the practice, and the leaders of the practice, is to focus on helping people.
Sam Tang: Make sure that we continue to find ways to help our clients help more people so and and Patel and his team. He’s one of the leaders in the practice as well and his innovation is to how to better equip and better help hospitals in managing crisis like this, and it started with his sister actually invented for a company a helmet as a form of a replacement for the the legacy ventilators where it’s actually less impact on your body and health where it doesn’t require any two way to go into your lungs. And she was actually featured on NBC News a couple weeks ago.
Sam Tang: And also his wife is actually a doctor physician at a hospital. And, um, she’s right now personally in charge of treating 20 plus patients across virus patients. And you can imagine the frustration that she goes through some of the emotions that she goes through, but more importantly it’s the frustration. It got to the point where she can’t find any devices that are needed, even he can’t really find logistics as to who’s assigned to ICU rooms and beds and and devices and ventilators, and so on so forth.
Sam Tang: And so, he took this and said, you know what, we can actually include AI intelligence and correlate all this stuff and be able to present to a holistic view as to how to manage mysteriously logistically all the things that are needed to be managed inside an environment like a hospital.
Sam Tang: So this is where I am going to put an IGA spin on it, where what if we treated the the devices and the beds as entitlements.
Sam Tang: So what if we did that. And now you begin to see. Now we can actually take advantage of this AI the days building the correlation that he’s using to build the algorithms that he’s actually putting together and be able to actually make the AI actionable and in conjunction with a product like it.
Sam Tang: So again, I want. I’m very proud of what Patel is trying to do and taking advantage of innovation and really making a difference a positive difference in the crisis of that. So with that, back to you.
Jackie Brinkerhoff: Thank you. That’s really cool. And it’s really, it’s really neat to start seeing a lot of these innovations it again, you know, through chaos some really cool things are birthed and innovations, we get creative.
Jackie Brinkerhoff: And so it definitely. There’s a lot of silver lining that’s coming from it and it’s really interesting. Sam to hear how you’re starting to
Jackie Brinkerhoff: You know, integrate IGA, and the whole concept of access and you know authorizations and such. So that’s, that’s really exciting.
Jackie Brinkerhoff: So let’s, let’s move forward. And now that we’ve been in the thick of things.
Jackie Brinkerhoff: Some would think that. Okay. All of this is now behind us now but you know as Dave mentioned, we may be experiencing some additional waves coming forward it
Jackie Brinkerhoff: It’s like, you know, navigating a sea of change. There’s going to be waves. And so really, I think the real work just has started and just begun.
Jackie Brinkerhoff: In fact, really all of this has surface a lot for organizations and shine the light and so organizations are having a realization of where their gaps are existing so I wanted to share this.
Jackie Brinkerhoff: SailPoint conducted a study last year and found that this was before the crisis. So last year when we did our survey we found that there were only 8% of organizations that had a completely 100% fully automated provisioning system in place, 8% and so 50% of the organizations we spoke to had about maybe half of their applications under an automated process provisioning process. So if you think about that and what life may be looking like or has been looking like for these poor IT departments that exist in the other companies that don’t have anything automated and especially their help desks, you know, they’ve been having most likely to have to provision new access manually and or maybe using scripts. But again, it’s probably been very overwhelming for them.
Jackie Brinkerhoff: And and what we may. What we found is that workers, like I mentioned earlier, maybe receiving more access or permissions than they really need and it’s all in the spirit of maintaining productivity and with only 35% if you can see that on of organizations really actually monitoring and governing access.
Jackie Brinkerhoff: This really creates a huge security gap that really should be looked at straight away.
Jackie Brinkerhoff: And so, Sam. It seems that it’s pretty apparent that, you know, providing workers or vendors and contractors and and partners with access but specifically with self service capabilities and taking those provisioning tasks off the shoulders of IT is super important.
Jackie Brinkerhoff: But if we dig deeper and just follow those breadcrumbs to the applications and data that these workers are utilizing, we see that a lot of that’s being served up from the cloud like cloud platforms such as AWS and Azure and Google platforms. But in addition to that, I mean, we’re talking about like applications for consumers as well. And so from what we’re seeing from these cloud platforms they’re the new target.
Jackie Brinkerhoff: I mean cyber criminals are kind of like foaming at the mouth because there’s so many you know so much rich data out there that is waiting to be taken is EY also seeing the same situation from your perspective?
Sam Tang: Yeah absolutely are. And not only just from a self service for end users. But it’s really taking taking a close look at the entire user journey and how it’s impacting for all the actors and we’re seeing a lot of clients ask us, and also us educating our clients on how best to review their controls how to simplify their user journey for how things get granted how to simplify the workflows. How do they simplify? What things do people have to do? Why do we need so many approvals? Is there a way for us to even simplify the user journeys to the point where we take advantage of of risk modeling and trust model A and so on so forth to make it so that there’s less dependency on manual intervention?
Sam Tang: With what Dave mentioned earlier, automation is key and and to optimize the workflows and to really revisit the controls and the mandates that are set forth and see if those are absolutely necessary.
Sam Tang: And so there’s four things I want to mention that or emerging as really what people need to take advantage of with IGA.
Sam Tang: Of course, the lifecycle management and requesting approval. Especially for remote access, what we’re seeing is that birth rights and termination and everything in between. And you were seeing additional use cases emerge as well. So your typical ones are you know that we have to dealing with our birthright provisioning termination of access at a time when people, you know, are leaving companies and everything in between the movement of the user. The job changes of user and so on so forth.
Sam Tang: But now we’re seeing a temporary nature that in addition to temporary leave now. We have people working from home. What does that mean to access?
Sam Tang: What does that mean to physical access. And how long do they stay there. What happens when there’s movement where we could have people go back to work.
Sam Tang: And again, knock on wood, it doesn’t happen in second wave, and we have to do this all over again, are we really ready for that to truly take a look at the the user journey.
Sam Tang: The second thing I wanted to point out is it’s elevated the requirement to take a look at how people are managing unstructured data file folders and SharePoint and so on so forth.
Sam Tang: It just elevates need to to migrate a lot of this stuff to the cloud and and luckily Salesforce has, it has a file access manager to actually allow you to to simplify and two minutes to have visibility as to what you need to move over and allow a platform to actually assist in that process cloud governance, again, I think I mentioned that earlier.
Sam Tang: The last thing I want to talk about is the integration of IGA and DevOps. Why, and one of the asks from one of the CIOs, I spoke to over the couple weeks ago is like, Sam, Why is it always that IGA is always just integrated with logical access, of course, physical access be one of those things that are elevating. But how about DevOps. Why can’t we we integrate IGA with infrastructure as code, and if we see someone being hired as a developer, why did they have to wait two weeks to get x assets to stop working. So those are the kind of things. How do we manage the better with IGA and cloud.
Sam Tang: And provisioning assets into the cloud. And so, those, those are the things that we’re seeing emerging and as a requirement really elevating the need for for automation and governance Jackie, back to you.
Jackie Brinkerhoff: Yeah, thanks Sam and you know we’ve been seeing a lot with cloud platforms as well. And it, you know, going back to the point of you know it’s it’s not necessarily just about providing access but it’s providing the right access and and automating
Jackie Brinkerhoff: Does help, but when you combine the automation with a policy driven automation. That’s where you know the magic happens from what we’re seeing. And when you apply that now to the Cloud Platform.
Jackie Brinkerhoff: You know, we’ve got AWS and Azure and Google Cloud Platform and you know these DevOps folks for some time now in the spirit of, you know, driving new experiences and better experiences for consumers, let’s say it’s
Jackie Brinkerhoff: What we’ve talked to these organizations, you probably seen the same thing is
Jackie Brinkerhoff: You know, practically DevOps has been given, like, you know, a credit card. And it’s like, Go stand up what you need to stand up and get things deployed out
Jackie Brinkerhoff: And we’ve seen some friction happening between the DevOps folks and the it and security folks because DevOps is all about, you know, I need to get my job done. Leave me alone. I want to let go, go, go.
Jackie Brinkerhoff: I tend security has been wondering like how do I secure that I need visibility, I need some controls and so
Jackie Brinkerhoff: Really what’s what we’re seeing is that IDA can start coming in and helping bridge that gap between the two, you know,
Jackie Brinkerhoff: Departments, if you will. So DevOps can continue driving and creating but no longer I was using this term earlier the sanction shadow IT concept it
Jackie Brinkerhoff: It’s killing it, you know. And so again, that’s where I can start bridging this and giving it and security, the visibility of what what is really out there who has access to what
Jackie Brinkerhoff: And start putting some controls around that which definitely has been very helpful and can navigating these waters, so that’s that’s exciting to hear that you’re also seeing that as well.
Jackie Brinkerhoff: So let’s let’s keep on moving and let’s let’s take a look. Now, if you will, into the future and
Jackie Brinkerhoff: Really we can’t really say well all experience. Another pandemic in our life, maybe will experience some additional waves, but you know even moving forward. One thing’s for sure there. There’s so many other types of crises that
Jackie Brinkerhoff: Can occur. I mean, we’ve seen natural disasters happening and attacks and the sorts and so it’s not only important to deal with what’s going on now.
Jackie Brinkerhoff: But what about all the tomorrow’s to come. Right. And so the first thing to look at is the most prominent thing that we’ve been talking about dreams experience and
Jackie Brinkerhoff: And that’s the new work from home model. I found it to be interesting to see again the CSO pandemic survey, this report.
Jackie Brinkerhoff: They showed that there’s been a huge pendulum swing and the number in this no surprise, right, the number of remote workers so
Jackie Brinkerhoff: Previous to the the pandemic about 16% of the order of folks had I worked from home or remote situation and now it’s completely gone, you know, to the other side was 78% now working from home.
Jackie Brinkerhoff: So now, as I’ve spoken to various organizations. It really sounds like many were either not open to allowing their folks to work from home due to, you know, a number of reasons. One of them.
Jackie Brinkerhoff: I was hearing a report, the other day, and they were saying, well, we don’t know if they’re actually being
Jackie Brinkerhoff: Productive and working. So there’s some of those other aspects too. But now with this required shift.
Jackie Brinkerhoff: You know, a lot of organizations are starting to experience, you know, what does would. It’s kind of a good pilot test, if you will, if you want to call it that. And so they can realize some of the upside benefits that may not have been apparent to them earlier, one of which could be greater productivity and collaboration.
Jackie Brinkerhoff: Which may have been a surprise to a lot of folks and, dare I say, perhaps even some potential long term cost efficiencies could be happening like we’ve, you know, reduction in real estate costs and things like that.
Jackie Brinkerhoff: But what it comes down to is I’m hearing workers are actually experiencing a little bit of a shift and like their work life balance and feeling happier at home. And being able to kind of balance their life in that way. So Sam.
Jackie Brinkerhoff: What is this looking like for organizations that you’re working with, are they becoming more open to this work from home model and what about those that will be, I mean you address and talked about, you know, this whole concept of coming back to work. So maybe even go down a little bit deeper as far as what reentry is might look like for these people.
Sam Tang: Yeah and you know
Sam Tang: If you ask people for four weeks ago on everybody would say, yeah, they’re open because they’re getting used to working from home. But if you ask people today.
Sam Tang: It’s not only are they open, it’s actually going to be a preference. And so that’s going to drive a lot of the remote worker and the remote nature of what we do is going to be a norm. It’s the crisis that we’re in, it’s still not known. Some states are starting to be open. Some countries to start on reopened, but the second it’s not going to work. If a second wave hits. It’s we’re going to be back to square one. And people are going to be forced to really rethink the remote nature of what we do and so I’ll point out, if you haven’t done so already we have seen a lot of our clients include crisis management and facilities management as part of our key stakeholder when it comes to cyber security.
Sam Tang: And they’re going to drive a lot of the thinking a lot of the preparation, a lot of resilience that we need to really be thinking about going forward. I don’t think it there’s going to be a guarantee for people to feel comfortable returning to work.
Jackie Brinkerhoff: As we move forward. And I think we’ll probably see some of that, you know, we won’t see it today, but it’s it’s definitely on up ahead.
Jackie Brinkerhoff: And it again if we want to look at, you know, look at the silver lining on the glass half full, if you will. I mean,
Jackie Brinkerhoff: The good thing here is that the light has been shined and so organizations are starting to notice that, wow, we need to start looking at not only the short term.
Jackie Brinkerhoff: But also the long term security needs. And as you can see here there’s a big majority of organizations that are talking about that. This is going to create a reevaluation of how they address risk.
Jackie Brinkerhoff: You know, over the next five years. And Sam, you know, how about with your clients or how are they, you re evaluating things like business continuity and disaster recovery.
Jackie Brinkerhoff: To include more security aspects and especially like identity. They may have not necessarily thought about identity as part of those plans, you know, traditionally, but maybe more so now.
Sam Tang: Absolutely more so now you know we always talk about identity as the perimeter. And not only is it. It’s actually the core of everything that we do now and and because the because of the cloud.
Sam Tang: That being AWS, Google and Azure, but now we’re seeing a lot of people go into Oracle because of what’s going on here because the Oracle Cloud, a lot of business applications and build business data are being moved to the cloud as well. What does that mean to security. Right. What does that mean, how do we secure the business applications now.
Sam Tang: And a couple of points here because of sake of time, that are key.
Sam Tang: Really, truly, take a look at what or essential and what it’s not essential. And that’s going to surface. A lot of things out of what we really truly need to secure.
Sam Tang: Take advantage of collaboration tools like that but that even that presents challenges, and look how fast the hackers responded when people started using zoom.
Sam Tang: And one last thing I want to say here is the shift of the consideration of using offshore resources has elevated. It has increased. And what does that mean to to security. What does that mean to how we function. And how do we do so.
Sam Tang: And lastly, what, what I want to really emphasize here is again going back to apply the resiliency aspect of security and continuity and you begin to see how truly, how simplify, how much simplification, you need to apply to the environment in order for you to be truly resilient. So, back to you. Jackie,
Jackie Brinkerhoff: You know, this idea of like what, you know, how can identity help you prepare and so you were talking about resiliency and, you know, and we’re talking about workforce continuity and just keeping business going and we can talk about it as a business continuity plan.
Jackie Brinkerhoff: You know, and so the way that identity really comes into play is, you know, we talked about visibility and controls.
Jackie Brinkerhoff: But in addition to that, I think Sam, you were talking about intelligence earlier. And so there’s so much that goes on.
Jackie Brinkerhoff: That is so much to be done, that it’s beyond the human capabilities. And so, you know, using an identity program that has a rich set of AI and machine learning to help do the heavy lifting is key and so that way you can get control over things. So you can start seeing where those risky areas are and then being able to use your human resources to then go you know address those issues.
Jackie Brinkerhoff: I’m excited to see that it’s starting to become more of a board level discussion and they’re starting to realize how integral, it can be and being able to be prepared, especially if there’s, you know, another wave coming.
Jackie Brinkerhoff: Sam I know at EY identity is being used in so many use cases. I’m just going to take you to that this next this next slide where maybe if you don’t mind just kind of giving us an overview of like a recap of what else you might be seeing.
Sam Tang: I just want to point out a couple things here and resiliency, agility and intelligence. I’m going to start with intelligence because before you can really have resiliency and agility, you must have intelligence, and the more you know about the environment, and more you know what you’re really managing the more you can detect bad behavior and balances and the more you integrate that that intelligence has actionable.
Sam Tang: The more closer, you’re going to get to that, and especially with integration IGA where you can actually automate a lot of the the intelligence and the things that you find.
Sam Tang: I think the word that even SailPoint users when they launched it today is predictive analytics.
Sam Tang: Yeah, pretty preemptive predictive analytics is how can you use this intelligence to make it actionable and make it easier for people. It’s not just the intelligence I’m talking about. It’s not just for security, it’s also for user behavior and user experience as well.
Sam Tang: And resiliency really take a look at your controls to really take a look at what your mandates really are and agility of making sure that simplify your environment. Simplify your workflows simplify your business processes and your user journeys.
Sam Tang: And to make it. and everything else it will fall in place, and especially your cloud access and the the the elevation of the importance of cloud. So Jackie, back to you.
Jackie Brinkerhoff: Well, I have to say that the past couple of months have been quite a journey. And while some things will go back to quote normal this has been and as someone on my team called it the other day, a great awakening in many ways.
Jackie Brinkerhoff: Not only has it shine that light in areas that need attention, but it’s also given us an opportunity, all of us to reevaluate how we are addressing things like security and compliance, even when productivity is the most important thing on the docket right so Sam anything, any parting words as you as we close things off here.
Sam Tang: Yeah, you know, I heard a word that Dave us today, which is something that I heard for the first time that he’s using a presentation like this it’s shock I think everybody. There’s a lot of shock.
Sam Tang: With people a lot of shock and emotions going around, but so again to read the word that I use a lot today be resilient indoors collaboration embrace empathy. And finally, stay safe and healthy.
Jackie Brinkerhoff: Yes. Yeah, and state. And that’s really bottom line is, let’s all stay safe and healthy.
You might also be interested in:
Find out how SailPoint can help your organization.