ESG at RSA: Identity, No Passwords, and Email Security (Video)

In this video, ESG analysts Mark Bowker and Jon Oltsik run through some of the top topics they will be tuning into at RSA Conference 2018. Mark and Jon home in on how identity has become the control plane and how the software-defined perimeter is impacting the CISO's decision making process and future investments. 

Topics: Cybersecurity identity and access management RSA Security Conference software-defined perimeter

ESG360 Video: Who Owns Identity and Access Management (IAM)?

Mobility and cybersecurity. While those two areas may have very different roles inside an IT organization and business, they both play integral parts in identity and access management. Given that, I’m always getting asked, “Who owns IAM?”

Topics: Cybersecurity identity and access management Enterprise Mobility

Who Owns Identity and Access Management (IAM)? (Video)

When it comes to identity and access management (IAM), the cloud, mobility initiatives, and app dev are driving chaos. Security risks are on the rise due to the expanded perimeter, and though IT operations shoulders a great deal of IAM responsibility, who actually owns identity and access management?

The answer isn’t clear-cut. It actually depends on a number of things, including: an organization’s maturity, its security posture, and how aggressively the company is pursuing identity and access management strategies.

Topics: identity and access management Enterprise Mobility

How Is Identity and Access Management (IAM) Changing (Video)

With growing numbers of people using personal devices for work, most organizations no longer have ultimate control over their employees' devices. Today, it’s essential for CISOs and other security professionals to provide their employees with safe and secure access to the corporate data, applications, and devices they need to perform their jobs. Across industries, organizations are dealing with this challenging lack of corporate control, combined with the necessity of ensuring security, and providing employees with easy access.

Topics: Security identity and access management Enterprise Mobility

Cybersecurity, Mobility, and the Expanding Perimeter (Video)

As businesses lose control of devices and rapidly adopt cloud consumption models, identity and data have become the new perimeter for IT operations and information security teams to secure and protect. My colleague Jon Oltsik and I sit down together to highlight how mobility, identity, and security are creating technology challenges, organizational barriers, and business risks as the security perimeter expands at a faster pace than business can keep up with. The discussion sparks attention towards the IT vendors that are attempting to enhance security postures from within a silo as opposed to the new purview business are dealing with today.

Topics: Cybersecurity identity and access management Enterprise Mobility

Identity and Access Management (IAM) Has Been in Babysitting Mode for Years...Something Must Change!

IAM creates the first link in the “chain of trust” when a user, device, or a connected thing authenticates with a trusted source. Establishing this initial handshake is critical since it initializes the path to access and authorization—no wonder IAM has quickly become a renewed focal point for IT operations and information security professionals. To that end, ESG recently completed an IAM research study to validate existing business pain points around authentication, IAM professional white board priorities, and opportunities for IAM vendors to differentiate themselves amongst the countless tools littering a complex IAM landscape that are leading to buyer confusion.

Topics: identity and access management

Identity Management To-Do List Aligns with Cybersecurity

My colleague Mark Bowker just completed some comprehensive research on identity and access management (IAM) challenges, plans, and strategies at enterprise organizations. As a cybersecurity professional, I welcome this data. Identity management should be a major component of an enterprise risk management strategy, yet IAM technology decisions are often treated tactically or left to application developers or IT operations staff who don’t always prioritize security in their planning.

Topics: Cybersecurity Mark Bowker IAM identity and access management

The Internet of Identities (IoI)

Everyone is talking about IoT these days and for good reason – there are already billions of devices connected to the global Internet and some researchers are predicting 50 billion by 2020. This alone will make CISOs' jobs more difficult, but security executives face many other associated challenges as well:

Topics: Cybersecurity IoT identity and access management micro-segmentation SDP Internet of Identities

The Era of Identity-based Applications

Identity and access management (IAM) has always been a heavy burden for large organizations. Why? Multiple folks across companies – business people, software developers, IT operations, human resources, security, compliance auditors, etc. – play some role across the IAM spectrum.

As a result of this IAM group hug, technology decisions tend to be made tactically without any central oversight or integrated strategy but this behavior may be changing. According to ESG research, 49% of large organizations claim they now have a formal enterprise-wide strategy in which IAM technology decisions are managed by central IT. In other words, someone in IT is now responsible and accountable for all IAM technology.

Topics: Cybersecurity IAM identity and access management

Balancing user experience with security

The number one challenge I hear from IT professionals across the board is balancing security with user experience across multiple device types that employees use in the course of a day. If those IT pros turn the dial too far in one direction, they’re faced with security vulnerabilities. If they rotate the dial too far in the opposite direction, they faced user-experience hurdles.

This challenge is exacerbated for those companies that want to further embrace cloud consumption models, but are once again perplexed about where to set the dial.

Topics: identity and access management Enterprise Mobility