Really, this posting is intended to recap my thoughts and impressions from last month's RSA Conference. At the show, I met with dozens of customers and prospects, walked through the expo to see what the vendors were talking about, and even managed to squeeze in a few sessions.
Returning to our thought experiment, let's explore several areas of security, and see whether my argument – that identity performs or informs almost every element of security – stands up to scrutiny.
Single Sign-On & Federation
This is clearly a hot market area, with many vendors (including RSA) innovating and offering different types of approaches and technology. We're seeing lots of customer interest as well. Without exception, every organization I talk to has SaaS applications in use by the line of business, which they need to secure and also provide streamlined onboarding, authentication, and offboarding.
The Security Operations Center (SOC)
There was also a lot of emphasis on the SOC at the conference – including keynote presentations, vendor announcements, and technical sessions. I heard much discussion and debate about the roles and capabilities needed for a successful SOC. One point on which there is general agreement is that identity context is critical to the effectiveness of the SOC.
What's interesting to me is how there's value in bidirectional integration of identity management with the SOC. First, injecting identity context into SOC tools allows for a better view of users – mapping from disparate and disconnected accounts to a rich view of people. Being able to easily see who people are, what roles they have in the company, and what systems and entitlements they have access to can significantly improve SOC analysis, triage, and prioritization.
Second, because the Identity and Access Management (IAM) system manages both process and policy around user access, the SOC team can validate whether newly detected access rights are appropriate, and have been legitimately requested and approved – or have been illegitimately assigned. This is a great way to help squash the common privilege escalation attack mechanism.
Data Security
This topic has never been more critical, with high-profile breaches in the news nearly every week. Organizations increasingly recognize that they have a security and compliance problem with data access. For example, in a recent Forrester survey, 71% of users admit having access to data that they should not be able to see.
The good news is that tying unstructured data access to the overall identity lifecycle is the right way to do this. By establishing business ownership and accountability for the data, organizations can ensure security and compliance, and enable IT to partner with the business to meet their data access and security needs.
Operational Technology Security (the Industrial Internet)
I'll be covering this topic in more detail in a future blog posting. But to summarize, OT security (including the Internet of Things) is of interest to many organizations, who are looking to bring OT data (and to some degree, OT management) into the IT fold.
There's lots of business value to be gained from bridging the traditional gap between OT and IT (or, as one of our manufacturing customers refers to them, the `concrete and the carpet`). For example, by pushing real-time operational data into IT analytics tools, businesses can reliably predict machine problems and perform proactive maintenance. This can measurably and significantly improve uptime and profits – but opens up additional avenues of risk that must be addressed. Like any access management initiative, identity is central to achieving visibility and control of this risk.
So, is Identity the keystone for security? Is it, to misquote The Player (one of the best films of all time), `Identity, now more than ever` ?
Read original article
No comments:
Post a Comment