Story image

RSA Security director dissects identity & access management industry

13 Mar 2018

The Gartner Identity & Access Management Summit recently took place in London where I had the chance to speak with RSA Security identity governance and lifecycle director Steve Mowll.

As well as emerging technologies in the industry, Mowll spoke about the future, the implications of GDPR, and strategies that businesses can use to overcome the challenges to security that are emerging as a result of the rapid adoption of cloud computing.

Current trends in the industry

Blockchain was a major topic of discussion at the Summit and Mowll says it has a lot of potential to solve problems like identity proofing and dynamic access management.

“However, after two years of talk in the identity industry, it has yet to be adopted into any ‘live’ mainstream use, apart from its original use in cryptocurrency,” says Mowll.

“With the improvements in mobile tech, biometrics are becoming a much more popular and convenient option for authentication, and many companies and vendors have adopted it as a way to move away from the password. By allowing the private biometric data to reside on the user’s own device, mobile biometric authentication often removes the burden of having to manage and secure this personally-identifiable data, allaying privacy concerns.”

Mowll says analytics is also playing a huge role within authentication and identity governance and administration processes, helping to improve the decision-making process for organisations.

“These analytics are also starting to combine data from other IT Security technologies such as user activity information from the SIEM, and third party and application risk data from the GRC platform. This will help businesses to better understand what they need to do to reduce risk not just in terms of identity, but for the organisation as a whole,” says Mowll.

“These increased analytical capabilities will also allow Identity processes to become more convenient for end users. Currently, the pain of identity management within enterprise organisations continues to be felt – whether it’s new users not having the access they need when they start a new job, or risk professionals having to review thousands of accesses with no real context. Identity & Risk Analytics will soon reduce, and in some cases completely remove, these pains, and let the business get on with their day job.”

Centralised technologies for the future

Mowll believes centralised services that collect identity data points to understand identity risk in a broader context will transform the identity management industry in the future by sharing data across the whole IT security ecosystem with governance, risk and compliance.

“Using insights – from threat detection to user behaviour analytics and privileged access management – these technologies can reduce the friction within business processes (such as access request and approval, recertification and authentication), while also providing a greatly enhanced understanding of identity risk to these security functions,” says Mowll.

GDPR

Mowll says who has access to what and determining whether access is appropriate has been a requirement of many regulations and standards throughout the years.

“GDPR will increase the scope of applications needing identity governance to include applications holding personal data,” says Mowll.

“Data access governance will also become more important as companies look to understand where personal data exists in their unstructured data environments and determine who has access to it. For these reasons GDPR will continue to increase the value of identity & access management as part of an organisation’s IT security practices.”

Tips for overcoming challenges

Mowll says businesses can overcome the challenges presented by third party cloud apps by demanding standard interfaces throughout identity and access management practices.

While authentication standards such as SAML are common across cloud platforms, corresponding standards for access management are not,” says Mowll.

“Many identity professionals talk about simple cloud identity management, but the reality is that many cloud services do not do not support it. This means while you can get your users onto the service, the way you manage their access is different with every vendor.”

Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.