View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
May 20, 2016updated 21 Oct 2016 4:57pm

The five biggest issues in identity management and what’s behind them

CEO Briefing: Sailpoint's CEO reveals what he thinks should be the first question on every CISO's mind and shares what he believes are the biggest cyber security market drivers

By Sam

Sailpoint CEO Mark McClain answers CBR’s questions and reveals his top five issues in cybersecurity Identity Management.

CBR: What’s the first question a CISO should ask you?
"How can identity and access management help me move my company forward and make my company more competitive in the marketplace, while simultaneously making us more secure?" IAM empowers not only IT professionals, but also business users, allowing them to do their jobs more easily and securely. With the rise of the hybrid IT environment, coupled with a growing, globally dispersed workforce; the proliferation of BYOD; the addition of contractors who need access to important business systems; and migration to the cloud, only IAM can tie everything back to the user, providing a holistic view into the enterprise’s IT infrastructure.

CBR: If you were to propose one piece of cybersecurity compliance legislation for the world, what would it be?
MMcC: While there are some clear downsides to compliance legislation (e.g. unintended consequences, too much focus on following the letter of the law and too little focus on achieving the true objective, etc.), I suppose I would be in favour of a single piece of legislation that required companies to produce a report detailing the access privileges for each and every "insider" (employee, contractor, partner, etc.) to all critical information (PII, financial, etc.). Insisting on this level of clarity would go a long way toward controlling the "breach" problems we see in the industry.

Mark McClain’s Top five issues cybersecurity issues
1. The dissolution of the traditional perimeter: The traditional network perimeter is rapidly vanishing, thanks to the increasingly complex relationships between people and data. Relying on a well-protected wall around the corporate network is no longer a sufficient form of security. Enterprise security is moving into a new paradigm, becoming identity-centric. And as identity is put at the centre of IT, organisations are becoming better equipped to optimise their workforce, reduce security risks and maximise the return on their computing, networking and application investment.

2. The proliferation of the cloud: Cloud adoption is accelerating for most enterprises, and cloud computing is becoming an integral part of enterprise IT and security infrastructure. Based on current adoption trends, it’s clear that the vast majority of new applications purchased by organisations will be SaaS applications. The allure is evident, from cost savings to speed of deployment to flexibility and simplicity. Industry experts have continued to predict that the cloud migration would stop short of mission-critical applications in some organisations, though, because of the prevalent belief that on-premises systems are more secure than those in the cloud. Although it’s clear that cloud apps are the future for enterprises, the benefits of the cloud can be negated if it leaves a business exposed to security breaches and compliance issues. An organisation’s security profile changes with the cloud, so too must its security measures.

3. The new attack vector is the human vector: In today’s digital world, business users need access to a myriad of critical systems, applications, and data in order to do their jobs. There is more data to protect than ever before, spread increasingly far and wide, and often outside the corporate firewall perimeter. At the same time, hackers have moved on to a new attack vector, the human vector (employees, contractors, partners and even suppliers). In many of these cases, a legitimate identity is knowingly or unknowingly hijacked for illicit purposes. In order to prevent or minimise data breaches tied directly to insiders, businesses have to become more user-centric when it comes to security. That means leveraging a comprehensive approach to IAM programmes, ensuring a single, unified view into and automated control over all user access.

4. The rise of shadow IT: As the proliferation of the cloud continues, so too will instances of shadow IT. On one hand, shadow IT means that business users are adopting applications and technology that give them the power and flexibility to do their job. However, without oversight from IT, those very same tools are increasing the organisation’s risk exposure. By going around IT to deploy new technologies, organisations not only have limited visibility into what data exists and where, but also who can access that data and how to govern that access. As this trend continues, it will only increase the risk of security breaches and failed audits if enterprises don’t learn how to manage it. It’s imperative that companies have automated policy and controls in place to monitor and manage user access across the entire enterprise – including mobile and cloud applications – in order to minimise that security and compliance risk.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

5. Getting ready for GDPR: The battle for privacy over personal data took an important step forward recently with the EU’s approval of the General Data Protection Regulation. The new law dramatically changes how organisations approach protecting customer data. Not only does it give citizens in the EU better control over when their personal information is collected and how it will be used, but it also includes significant financial penalties if companies fail to protect their collected data. These penalties can reach up to 4 per cent of a corporation’s annual revenue – a "stick" that will definitely get the attention of senior management teams. The passage of GDPR has important implications for enterprise identity governance programmes. Now is the time for organisations to check the security of their identity, before the enforcement and penalty phases of the law take force.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.