ESG's Doug Cahill and Jon Oltsik discuss ESG Research on Cloud Driven Identity and Access Management.
Watch the related ESG Security Talk Video(s):
Doug: Hello again, and thanks for joining us for our next episode of "Car Talk" "Cybersecurity Talk." I'm Doug Cahill. I'm here with my colleague, Jon Oltsik.
Jon: Hello, Doug.
Doug: Hey, Jon. So, one of the interesting things about RSA this year in terms of the content for the conference is that the RSA Conference Committee, those folks who are looking at the speaking abstracts, shared the top 10 speaking abstract themes. And one of the interesting takeaways for me is very much weighted toward sort of people and process.
So, another thing for me that comes to mind when we're talking about the human element is, and this is related to a study we're going to do together this year, cloud-driven identity and access management programs. So, recent research, we asked respondents, "Has your organization's use of cloud services necessitated changes to your identity and access management program, in terms of the people, process, technologies that you use for identity and access management?"
Around two-thirds said yes. Thirty-three percent, a third, said their organization's use of cloud services will have a significant direct impact on their identity and access management program here heading into 2020.
Jon: That's right. I just looked at that research this morning as a matter of fact. And that will cause them to embrace multi-factor authentication. It'll change their behavior around privileged access management. It'll make identity access management a more federated exercise. It probably moves a lot of the infrastructure out to the cloud.
And so, we need better connectors and a lot more work on some of the standards around federation. So, a lot of work there. And it's high time, Doug, because identity and access management it's the infrastructure that everyone owns and no one owns. And so, people have been kind of postponing major upgrades or major investment and it's high time we did that.
Doug: I totally agree. I feel like we're at a tipping point on all things cloud that it's gone from sort of cloud being a tertiary storage target to some, you know, sort of off to the side app-dev. Now it's front and center, it's critical mass, it is business-critical and that's creating a lot of change in the environment, other than saying with identity and access management.
Jon: And it's changing the responsibility model, and also changing where we go for security controls, we're going more to the CSPs themselves. But the controls need to be heterogeneous and cover a hybrid infrastructure. So, identity is no different.
Doug: Yeah, and that reminds me about the enterprise-class cybersecurity vendor platform study we recently completed, the third annual study. Always fun to look at that data. And we had a bunch of questions around CSPs because they're enterprise-class cybersecurity vendors in their own right readying out in providing a broad set of controls and platforms.
Jon: Yeah, they're going to be the straw that stirs the drink pretty soon. But they have to branch out and they have to work with the existing cybersecurity infrastructure and vendors. And so, that will be an interesting mix in 2020.
Doug: Yeah, you bet. Well, a lot more to talk about in RSA Conference. We're going to pull on some more of the threads, in terms of themes shared by the RSA Committee, and also share a preview of our RSA breakfast.