SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Users, applications, and data: The new frontiers in identity
Mon, 16th Jul 2018
FYI, this story is more than a year old

Data breaches and compliance aren't the only challenges facing security professionals today. The pressure to embrace digital transformation by enterprises is also mounting – both user and application populations are growing, data is exploding, and organisations are fighting to deliver customer value and competitive edge at every turn.

With the very nature of business changing, identity must evolve to meet the needs of the modern enterprise – across all users, all applications and all data.

New frontiers in identity

There are three core areas within the enterprise where growing scale and complexity is making identity management more central than ever, these include:

The user frontier – who, or maybe better yet what organisations consider an identity is changing. While enterprises have long focused on managing access rights and privileges for employees, contractors and partners, there's a new enterprise user coming to the cloud and data center: intelligent bots, or Robotic Process Automation. These bots are accessing data, making decisions on that data, and then performing actions. When we give such access to people, we scrutinise their access, which is now what organisations need to do with regard to bots.

The application frontier– most enterprises have experience in governing access to several hundred applications. However, with the explosion of cloud services, the number of applications that need to be governed is on the rise. It's not unusual for larger organisations to deal with thousands of applications. As the number of applications grows, identity governance must adapt to cope with increased scale, and applications, both on and off-premises.

The data frontier – while the increasing number of applications creates identity management challenges, so does the rising amount of data stored in unstructured files (PDF or PowerPoint files, for example).

There's a huge amount of sensitive data being created and stored in the enterprise and outside the application. For example, end users create a significant amount of risk by copying and storing company data in unstructured files in collaboration platforms such as SharePoint or cloud storage services like Box or DropBox.

With the growing pressures associated with new types of users, increased applications, and vast volumes of unstructured data, enterprises must take a different approach to managing identity. Fortunately, to meet these challenges, there are also new technologies coming to market that can help enterprises to manage identity more effectively and reduce risk and improve efficiency.

AI + identity

Technologies such as AI are increasingly being deployed for new use cases – including for identity management – enabling enterprises to make fast but intelligent identity and access decisions.

For example, with AI enterprises can better distinguish how access is being used and quickly differentiate normal usage from suspicious usage. When organisations can understand what “normal” access looks like on a particular system, they can swiftly identify suspicious activity and terminate that access or, following an assessment by the appropriate team, determine that access is valid and then permit it.

Such technological advances show that, despite growing risks and complexity in managing enterprise technology and data, it's not all doom and gloom. There are many ways AI and identity will help spark innovation.

AI will help organizations to govern smarter, define risk more precisely, while enabling enterprises to move forward much more nimbly and with less risk. Ultimately, AI provides a lens with which to focus on identity governance processes and controls so enterprises can manage the risk, not the noise.

And while AI isn't a panacea for the new frontiers of identity – it will have a significant impact on how the overall identity management industry moves forward to keep pace with the rapid digitalisation of the enterprise world.

Navigating the path forward

Technology and innovation are changing the way we work, the nature of business users is evolving, and the volume of applications and data are furiously increasing. There is immense pressure to digitise the enterprise, which has enterprises pushing the boundaries to compete and to continually deliver value.

The only way to push those boundaries securely is to employ a comprehensive identity management strategy that secures these ‘new frontiers' in identity: governing the digital identities of all users across all applications and all data.