Story image

Users, applications, and data: The new frontiers in identity

16 Jul 2018

Data breaches and compliance aren’t the only challenges facing security professionals today. The pressure to embrace digital transformation by enterprises is also mounting – both user and application populations are growing, data is exploding, and organisations are fighting to deliver customer value and competitive edge at every turn.

With the very nature of business changing, identity must evolve to meet the needs of the modern enterprise – across all users, all applications and all data.

New frontiers in identity

There are three core areas within the enterprise where growing scale and complexity is making identity management more central than ever, these include:

The user frontier – who, or maybe better yet what organisations consider an identity is changing. While enterprises have long focused on managing access rights and privileges for employees, contractors and partners, there’s a new enterprise user coming to the cloud and data centre: intelligent bots, or Robotic Process Automation. These bots are accessing data, making decisions on that data, and then performing actions. When we give such access to people, we scrutinise their access, which is now what organisations need to do with regard to bots.

The application frontier – most enterprises have experience in governing access to several hundred applications. However, with the explosion of cloud services, the number of applications that need to be governed is on the rise. It’s not unusual for larger organisations to deal with thousands of applications. As the number of applications grows, identity governance must adapt to cope with increased scale, and applications, both on and off-premises.

The data frontier – while the increasing number of applications creates identity management challenges, so does the rising amount of data stored in unstructured files (PDF or PowerPoint files, for example).

There’s a huge amount of sensitive data being created and stored in the enterprise and outside the application. For example, end users create a significant amount of risk by copying and storing company data in unstructured files in collaboration platforms such as SharePoint or cloud storage services like Box or DropBox.

With the growing pressures associated with new types of users, increased applications, and vast volumes of unstructured data, enterprises must take a different approach to managing identity. Fortunately, to meet these challenges, there are also new technologies coming to market that can help enterprises to manage identity more effectively and reduce risk and improve efficiency. 

AI + identity

Technologies such as AI are increasingly being deployed for new use cases – including for identity management – enabling enterprises to make fast but intelligent identity and access decisions.

For example, with AI enterprises can better distinguish how access is being used and quickly differentiate normal usage from suspicious usage. When organisations can understand what “normal” access looks like on a particular system, they can swiftly identify suspicious activity and terminate that access or, following an assessment by the appropriate team, determine that access is valid and then permit it.

Such technological advances show that, despite growing risks and complexity in managing enterprise technology and data, it’s not all doom and gloom. There are many ways AI and identity will help spark innovation.

AI will help organizations to govern smarter, define risk more precisely, while enabling enterprises to move forward much more nimbly and with less risk. Ultimately, AI provides a lens with which to focus on identity governance processes and controls so enterprises can manage the risk, not the noise.

And while AI isn’t a panacea for the new frontiers of identity – it will have a significant impact on how the overall identity management industry moves forward to keep pace with the rapid digitalisation of the enterprise world.

Navigating the path forward

Technology and innovation are changing the way we work, the nature of business users is evolving, and the volume of applications and data are furiously increasing. There is immense pressure to digitise the enterprise, which has enterprises pushing the boundaries to compete and to continually deliver value.

The only way to push those boundaries securely is to employ a comprehensive identity management strategy that secures these ‘new frontiers’ in identity: governing the digital identities of all users across all applications and all data.

Article by SailPoint CEO and founder Mark McClain.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.