ESG Blogs

I’m about to leave New England and brave temperatures of 110 degrees or above. It may sound crazy, but I’m actually looking forward to the trip next week. Why? I’m heading to Black Hat USA in Las Vegas, and I’m excited to learn more about:

1. Artificial intelligence in cybersecurity. I am hosting a panel at the CISO Summit titled, The Real Impact of AI on Cybersecurity. As part of this panel discussion, we will cut through the industry hype around AI/ML and talk about how real enterprise organizations are using and benefiting from the technology. It should be a fruitful and enlightening discussion.

In this video, ESG analysts Mark Bowker and Jon Oltsik run through some of the top topics they will be tuning into at RSA Conference 2018. Mark and Jon home in on how identity has become the control plane and how the software-defined perimeter is impacting the CISO's decision making process and future investments. 

With February behind us, the cybersecurity industry is about to experience a push toward the annual RSA Security Conference in San Francisco. I expect around 50,000 people to attend this year. It ought to be crowded, loud, and extremely passionate.

Mobility and cybersecurity. While those two areas may have very different roles inside an IT organization and business, they both play integral parts in identity and access management. Given that, I’m always getting asked, “Who owns IAM?”

When it comes to identity and access management (IAM), the cloud, mobility initiatives, and app dev are driving chaos. Security risks are on the rise due to the expanded perimeter, and though IT operations shoulders a great deal of IAM responsibility, who actually owns identity and access management?

The answer isn’t clear-cut. It actually depends on a number of things, including: an organization’s maturity, its security posture, and how aggressively the company is pursuing identity and access management strategies.

With growing numbers of people using personal devices for work, most organizations no longer have ultimate control over their employees' devices. Today, it’s essential for CISOs and other security professionals to provide their employees with safe and secure access to the corporate data, applications, and devices they need to perform their jobs. Across industries, organizations are dealing with this challenging lack of corporate control, combined with the necessity of ensuring security, and providing employees with easy access.

As November ends, everyone and their brother/sister will be writing about their IT and security predictions for 2018. Here’s a no-brainer from me: We’ll see massive proliferation of IoT devices on the network next year. Some of these will be general purpose like IP cameras, smart thermostats, smart electric meters, etc., but many others will be industry-specific sensors, actuators, and data collectors.

As businesses lose control of devices and rapidly adopt cloud consumption models, identity and data have become the new perimeter for IT operations and information security teams to secure and protect. My colleague Jon Oltsik and I sit down together to highlight how mobility, identity, and security are creating technology challenges, organizational barriers, and business risks as the security perimeter expands at a faster pace than business can keep up with. The discussion sparks attention towards the IT vendors that are attempting to enhance security postures from within a silo as opposed to the new purview business are dealing with today.

IAM creates the first link in the “chain of trust” when a user, device, or a connected thing authenticates with a trusted source. Establishing this initial handshake is critical since it initializes the path to access and authorization—no wonder IAM has quickly become a renewed focal point for IT operations and information security professionals. To that end, ESG recently completed an IAM research study to validate existing business pain points around authentication, IAM professional white board priorities, and opportunities for IAM vendors to differentiate themselves amongst the countless tools littering a complex IAM landscape that are leading to buyer confusion.

My colleague Mark Bowker just completed some comprehensive research on identity and access management (IAM) challenges, plans, and strategies at enterprise organizations. As a cybersecurity professional, I welcome this data. Identity management should be a major component of an enterprise risk management strategy, yet IAM technology decisions are often treated tactically or left to application developers or IT operations staff who don’t always prioritize security in their planning.