Story image

Users, applications, and data: The new frontiers in identity

16 Jul 2018

Data breaches and compliance aren’t the only challenges facing security professionals today. The pressure to embrace digital transformation by enterprises is also mounting – both user and application populations are growing, data is exploding, and organisations are fighting to deliver customer value and competitive edge at every turn.

With the very nature of business changing, identity must evolve to meet the needs of the modern enterprise – across all users, all applications and all data.

New frontiers in identity

There are three core areas within the enterprise where growing scale and complexity is making identity management more central than ever, these include:

The user frontier – who, or maybe better yet what organisations consider an identity is changing. While enterprises have long focused on managing access rights and privileges for employees, contractors and partners, there’s a new enterprise user coming to the cloud and data centre: intelligent bots, or Robotic Process Automation. These bots are accessing data, making decisions on that data, and then performing actions. When we give such access to people, we scrutinise their access, which is now what organisations need to do with regard to bots.

The application frontier – most enterprises have experience in governing access to several hundred applications. However, with the explosion of cloud services, the number of applications that need to be governed is on the rise. It’s not unusual for larger organisations to deal with thousands of applications. As the number of applications grows, identity governance must adapt to cope with increased scale, and applications, both on and off-premises.

The data frontier – while the increasing number of applications creates identity management challenges, so does the rising amount of data stored in unstructured files (PDF or PowerPoint files, for example).

There’s a huge amount of sensitive data being created and stored in the enterprise and outside the application. For example, end users create a significant amount of risk by copying and storing company data in unstructured files in collaboration platforms such as SharePoint or cloud storage services like Box or DropBox.

With the growing pressures associated with new types of users, increased applications, and vast volumes of unstructured data, enterprises must take a different approach to managing identity. Fortunately, to meet these challenges, there are also new technologies coming to market that can help enterprises to manage identity more effectively and reduce risk and improve efficiency. 

AI + identity

Technologies such as AI are increasingly being deployed for new use cases – including for identity management – enabling enterprises to make fast but intelligent identity and access decisions.

For example, with AI enterprises can better distinguish how access is being used and quickly differentiate normal usage from suspicious usage. When organisations can understand what “normal” access looks like on a particular system, they can swiftly identify suspicious activity and terminate that access or, following an assessment by the appropriate team, determine that access is valid and then permit it.

Such technological advances show that, despite growing risks and complexity in managing enterprise technology and data, it’s not all doom and gloom. There are many ways AI and identity will help spark innovation.

AI will help organizations to govern smarter, define risk more precisely, while enabling enterprises to move forward much more nimbly and with less risk. Ultimately, AI provides a lens with which to focus on identity governance processes and controls so enterprises can manage the risk, not the noise.

And while AI isn’t a panacea for the new frontiers of identity – it will have a significant impact on how the overall identity management industry moves forward to keep pace with the rapid digitalisation of the enterprise world.

Navigating the path forward

Technology and innovation are changing the way we work, the nature of business users is evolving, and the volume of applications and data are furiously increasing. There is immense pressure to digitise the enterprise, which has enterprises pushing the boundaries to compete and to continually deliver value.

The only way to push those boundaries securely is to employ a comprehensive identity management strategy that secures these ‘new frontiers’ in identity: governing the digital identities of all users across all applications and all data.

Article by SailPoint CEO and founder Mark McClain.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.