實況記錄： 我從 Microsoft Ignite 獲得的 3 大重要訊息
A few weeks ago, nearly 26,000 IT and security professionals left home and flew into Orlando, Florida. Not for Mickey and the theme parks, believe it or not, but for Microsoft Ignite.
Coming off the heels of my previous sales role here at SailPoint, and into my new product marketing shoes for my first Ignite, I was excited to take it all in with my new perspective. This new lens definitely gave me a different view of the event and my many conversations. For anyone that hasn’t attended Ignite, the conference is enormous, and the conversations are endless. It was so interesting to see how identity was such a major and consistent theme throughout the event. It seems that not too long ago, all of the security focus was on the original enterprise security perimeter. Think firewalls, VPNs, etc. But with the growing and expansive network (and move to the hybrid cloud) this is no longer the case.
Understanding identity and how to manage it is key to helping organizations not only have greater visibility but a stronger understanding of how to mitigate risk. With that in mind, here are my key takeaways from my week at Microsoft Ignite.
Identity must be at the heart of your security strategy.
Zero trust, least privileged access, MFA, step-up authentication… the event certainly didn’t lack security terms discussed and demoed throughout the event. Many of the conversations I had were, of course, around the term identity, which at times gets misconstrued as it is a very broad category. I heard quite often, “We have an SSO, or we have a PAM solution or we have MFA,” all of which are one aspect to security involving identity; however, I’d like to break that down even further.
Managing or governing an identity holistically, you can see access from every level, understand permissions and roles, enable automated certifications and access requests, streamlining life cycle management process, to mention just a few of the key differences. So yes, MFA, SSO, & PAM solutions are all a critical part of the identity journey but just one side of the coin. Identity governance takes a next-level approach, almost like the brain of the ecosystem, controlling and ensuring the users have the appropriate access. By having this identity-centric mindset, this elevates the security of the enterprise, helping to mitigate risk.
Artificial Intelligence (AI) and Machine Learning (ML) are becoming a must-have and no longer a nice to have.
I can’t begin to tell you how many conversations started with someone telling me how there is just too much for IT to do these days. With all this unstructured data that organizations are having to deal with, it’s just too much for any one person, department or organization to have to manage and secure.
Organizations are turning to AI and ML to help tackle and guide their identity program from a more predictive, automated and adaptive lens. With the power AI-driven identity, teams can deploy a new identity program, with defined roles and permissions, in weeks rather than months. This also is a game-changer as ML adapts and responds with intelligent insights and recommendations that help organizations find low-risk workstreams that can be automated. I’m talking serious acceleration in productivity! It also helps identify risky users and behavior, like finding needles in the haystack. But best of all it helps guide non-tech folks know if certain access requests are smart to grant and why.
Moving to the cloud can be a benefit and a curse.
We are certainly seeing seismic changes to the security landscape as organizations are moving more to the cloud and multi-cloud environments. It wasn’t uncommon for the organizations that I spoke to have hundreds of cloud applications being deployed in their organization, while still needing to govern access to their legacy apps as well, at least until they can migrate those to the cloud. These are all additive. This doesn’t even include the cloud applications that have crept in ala shadow IT. The need to secure and govern this expansive user access is more critical than ever before.
And when you boil it down, it comes down having a way to centrally manage and automate the provisioning and de-provisioning of access to anything and everything. I’m talking apps, systems, and files – across a hybrid IT environment. This is the beauty of identity governance, you define the policies and it streamlines the work for you so that you can be confident that access approvals are within the bounds you’ve established. This is a great way to reduce IT resources and have them focusing on the right things and be confident that your migration to the cloud is secure and compliant.
Identity as the big picture
Understanding the whole picture is where SailPoint comes into play. Cybersecurity is constantly evolving and to keep up with the everchanging landscape, enterprises need to understand and invest in identity. SailPoint is a firm believer in identity and it seems that the Microsoft Ignite goers would agree. Making identity simple and transparent is a must-have, from security, efficiency and compliance standpoint. That is certainly our key strategy here at SailPoint as evidenced by our predictive identity vision and strategy. It is certainly an exciting time to be in identity! I am excited to see what is in store for next year’s Microsoft Ignite and the everchanging identity landscape. Until then.