sb-au logo
Story image

RSA Security director dissects identity & access management industry

13 Mar 2018

The Gartner Identity & Access Management Summit recently took place in London where I had the chance to speak with RSA Security identity governance and lifecycle director Steve Mowll.

As well as emerging technologies in the industry, Mowll spoke about the future, the implications of GDPR, and strategies that businesses can use to overcome the challenges to security that are emerging as a result of the rapid adoption of cloud computing.

Current trends in the industry

Blockchain was a major topic of discussion at the Summit and Mowll says it has a lot of potential to solve problems like identity proofing and dynamic access management.

“However, after two years of talk in the identity industry, it has yet to be adopted into any ‘live’ mainstream use, apart from its original use in cryptocurrency,” says Mowll.

“With the improvements in mobile tech, biometrics are becoming a much more popular and convenient option for authentication, and many companies and vendors have adopted it as a way to move away from the password. By allowing the private biometric data to reside on the user’s own device, mobile biometric authentication often removes the burden of having to manage and secure this personally-identifiable data, allaying privacy concerns.”

Mowll says analytics is also playing a huge role within authentication and identity governance and administration processes, helping to improve the decision-making process for organisations.

“These analytics are also starting to combine data from other IT Security technologies such as user activity information from the SIEM, and third party and application risk data from the GRC platform. This will help businesses to better understand what they need to do to reduce risk not just in terms of identity, but for the organisation as a whole,” says Mowll.

“These increased analytical capabilities will also allow Identity processes to become more convenient for end users. Currently, the pain of identity management within enterprise organisations continues to be felt – whether it’s new users not having the access they need when they start a new job, or risk professionals having to review thousands of accesses with no real context. Identity & Risk Analytics will soon reduce, and in some cases completely remove, these pains, and let the business get on with their day job.”

Centralised technologies for the future

Mowll believes centralised services that collect identity data points to understand identity risk in a broader context will transform the identity management industry in the future by sharing data across the whole IT security ecosystem with governance, risk and compliance.

“Using insights – from threat detection to user behaviour analytics and privileged access management – these technologies can reduce the friction within business processes (such as access request and approval, recertification and authentication), while also providing a greatly enhanced understanding of identity risk to these security functions,” says Mowll.

GDPR

Mowll says who has access to what and determining whether access is appropriate has been a requirement of many regulations and standards throughout the years.

“GDPR will increase the scope of applications needing identity governance to include applications holding personal data,” says Mowll.

“Data access governance will also become more important as companies look to understand where personal data exists in their unstructured data environments and determine who has access to it. For these reasons GDPR will continue to increase the value of identity & access management as part of an organisation’s IT security practices.”

Tips for overcoming challenges

Mowll says businesses can overcome the challenges presented by third party cloud apps by demanding standard interfaces throughout identity and access management practices.

While authentication standards such as SAML are common across cloud platforms, corresponding standards for access management are not,” says Mowll.

“Many identity professionals talk about simple cloud identity management, but the reality is that many cloud services do not do not support it. This means while you can get your users onto the service, the way you manage their access is different with every vendor.”

Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Link image
What's new in Genetec Security Center 5.9
The platform supports physical security that empowers organisations with greater situational awareness.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More