Story image

Users, applications, and data: The new frontiers in identity

16 Jul 2018

Data breaches and compliance aren’t the only challenges facing security professionals today. The pressure to embrace digital transformation by enterprises is also mounting – both user and application populations are growing, data is exploding, and organisations are fighting to deliver customer value and competitive edge at every turn.

With the very nature of business changing, identity must evolve to meet the needs of the modern enterprise – across all users, all applications and all data.

New frontiers in identity

There are three core areas within the enterprise where growing scale and complexity is making identity management more central than ever, these include:

The user frontier – who, or maybe better yet what organisations consider an identity is changing. While enterprises have long focused on managing access rights and privileges for employees, contractors and partners, there’s a new enterprise user coming to the cloud and data centre: intelligent bots, or Robotic Process Automation. These bots are accessing data, making decisions on that data, and then performing actions. When we give such access to people, we scrutinise their access, which is now what organisations need to do with regard to bots.

The application frontier – most enterprises have experience in governing access to several hundred applications. However, with the explosion of cloud services, the number of applications that need to be governed is on the rise. It’s not unusual for larger organisations to deal with thousands of applications. As the number of applications grows, identity governance must adapt to cope with increased scale, and applications, both on and off-premises.

The data frontier – while the increasing number of applications creates identity management challenges, so does the rising amount of data stored in unstructured files (PDF or PowerPoint files, for example).

There’s a huge amount of sensitive data being created and stored in the enterprise and outside the application. For example, end users create a significant amount of risk by copying and storing company data in unstructured files in collaboration platforms such as SharePoint or cloud storage services like Box or DropBox.

With the growing pressures associated with new types of users, increased applications, and vast volumes of unstructured data, enterprises must take a different approach to managing identity. Fortunately, to meet these challenges, there are also new technologies coming to market that can help enterprises to manage identity more effectively and reduce risk and improve efficiency. 

AI + identity

Technologies such as AI are increasingly being deployed for new use cases – including for identity management – enabling enterprises to make fast but intelligent identity and access decisions.

For example, with AI enterprises can better distinguish how access is being used and quickly differentiate normal usage from suspicious usage. When organisations can understand what “normal” access looks like on a particular system, they can swiftly identify suspicious activity and terminate that access or, following an assessment by the appropriate team, determine that access is valid and then permit it.

Such technological advances show that, despite growing risks and complexity in managing enterprise technology and data, it’s not all doom and gloom. There are many ways AI and identity will help spark innovation.

AI will help organizations to govern smarter, define risk more precisely, while enabling enterprises to move forward much more nimbly and with less risk. Ultimately, AI provides a lens with which to focus on identity governance processes and controls so enterprises can manage the risk, not the noise.

And while AI isn’t a panacea for the new frontiers of identity – it will have a significant impact on how the overall identity management industry moves forward to keep pace with the rapid digitalisation of the enterprise world.

Navigating the path forward

Technology and innovation are changing the way we work, the nature of business users is evolving, and the volume of applications and data are furiously increasing. There is immense pressure to digitise the enterprise, which has enterprises pushing the boundaries to compete and to continually deliver value.

The only way to push those boundaries securely is to employ a comprehensive identity management strategy that secures these ‘new frontiers’ in identity: governing the digital identities of all users across all applications and all data.

Article by SailPoint CEO and founder Mark McClain.

Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.
How to avoid becoming a cryptojacking victim - Bitglass
Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum.
Symantec, Ixia combine efforts to secure hybrid networks
Ixia’s CloudLens and Symantec Security Analytics now feature complete integration, which allows Symantec customers to gain real-time visibility into their hybrid cloud environments.