Cybersecurity, Mobility, and the Expanding Perimeter (Video)

As businesses lose control of devices and rapidly adopt cloud consumption models, identity and data have become the new perimeter for IT operations and information security teams to secure and protect. My colleague Jon Oltsik and I sit down together to highlight how mobility, identity, and security are creating technology challenges, organizational barriers, and business risks as the security perimeter expands at a faster pace than business can keep up with. The discussion sparks attention towards the IT vendors that are attempting to enhance security postures from within a silo as opposed to the new purview business are dealing with today.

Topics: Cybersecurity identity and access management Enterprise Mobility

Identity and Access Management (IAM) Has Been in Babysitting Mode for Years...Something Must Change!

IAM creates the first link in the “chain of trust” when a user, device, or a connected thing authenticates with a trusted source. Establishing this initial handshake is critical since it initializes the path to access and authorization—no wonder IAM has quickly become a renewed focal point for IT operations and information security professionals. To that end, ESG recently completed an IAM research study to validate existing business pain points around authentication, IAM professional white board priorities, and opportunities for IAM vendors to differentiate themselves amongst the countless tools littering a complex IAM landscape that are leading to buyer confusion.

Topics: identity and access management

Identity Management To-Do List Aligns with Cybersecurity

My colleague Mark Bowker just completed some comprehensive research on identity and access management (IAM) challenges, plans, and strategies at enterprise organizations. As a cybersecurity professional, I welcome this data. Identity management should be a major component of an enterprise risk management strategy, yet IAM technology decisions are often treated tactically or left to application developers or IT operations staff who don’t always prioritize security in their planning.

Topics: Cybersecurity Mark Bowker IAM identity and access management

The Internet of Identities (IoI)

Everyone is talking about IoT these days and for good reason – there are already billions of devices connected to the global Internet and some researchers are predicting 50 billion by 2020. This alone will make CISOs' jobs more difficult, but security executives face many other associated challenges as well:

Topics: Cybersecurity IoT identity and access management micro-segmentation SDP Internet of Identities

The Era of Identity-based Applications

Identity and access management (IAM) has always been a heavy burden for large organizations. Why? Multiple folks across companies – business people, software developers, IT operations, human resources, security, compliance auditors, etc. – play some role across the IAM spectrum.

As a result of this IAM group hug, technology decisions tend to be made tactically without any central oversight or integrated strategy but this behavior may be changing. According to ESG research, 49% of large organizations claim they now have a formal enterprise-wide strategy in which IAM technology decisions are managed by central IT. In other words, someone in IT is now responsible and accountable for all IAM technology.

Topics: Cybersecurity IAM identity and access management

Balancing user experience with security

The number one challenge I hear from IT professionals across the board is balancing security with user experience across multiple device types that employees use in the course of a day. If those IT pros turn the dial too far in one direction, they’re faced with security vulnerabilities. If they rotate the dial too far in the opposite direction, they faced user-experience hurdles.

This challenge is exacerbated for those companies that want to further embrace cloud consumption models, but are once again perplexed about where to set the dial.

Topics: identity and access management Enterprise Mobility

Identity and Access Management (IAM) infrastructure is misaligned with security

Several CISOs I’ve spoken to over the past few years agree that identity is a new security perimeter. The thought here is that a combination of mobile device and cloud use renders existing network perimeters obsolete, so security policy enforcement decisions must be driven by identity attributes (i.e. user identity, role, device identity, location, etc.) rather than IP packet attributes. We see this transition coming to fruition with the concept of a software-defined perimeter (SDP) and technologies such as Google BeyondCorp and Vidder PrecisionAccess.

Topics: Cybersecurity IAM identity and access management

Enterprises Are Not Monitoring Access to Sensitive Data

If you want to make a cybersecurity professional uncomfortable, simply utter these two word: ‘Data exfiltration.’ Why will this term garner an emotional response? Because data exfiltration is a worst-case outcome of a cyber-attack – think Target, the NY Times, Google Aurora, Titan Rain, etc. Simply stated, ‘data exfiltration’ is a quasi-military term used to describe the theft of sensitive data like credit card numbers, health care records, manufacturing processes, or classified military plans.

Most enterprises now recognize the risks associated with data exfiltration and are now reacting with new types of security technologies, granular network segmentation, and tighter access controls. Good start but what about simply monitoring sensitive data access activities? You know, who accesses the data, how often, what they do, etc.?

Topics: Information and Risk Management Dell Security and Privacy Security google Centrify CyberArk Courion Sailpoint data security Quest Box Symantec Target nsa cybercrime identity and access management security analytics Edward Snowden