In the Cloud a Security-First Mindset Wins

Cloud Migration Changes Our Foundational Understandings of Identity

During my career, I’ve worked with Fortune 5000 retail, financial and healthcare customers to help design complex roadmaps and strategies for managing and governing identity to keep critical business data secure. As more of my customers migrate data to the cloud, one thing stays the same: the perimeter is shifting. Network security only provides one level of data protection, but a true “security-first” approach to the cloud means organizations need to create Identity-centric strategies to secure their cloud deployments. 

I remember years ago a visionary CIO telling with me that there was more to identity. Looking to the future of security, he explained, “There is more to understanding what people were doing with the access they had by associating users with SIEM and DLP data.” This CIO had an exceptions role-based access control (RBAC) practice at the time; he was far ahead of his peers.  He was always seeking more. “There must be a way to continually refine roles based on patterns of usage”.

While he didn’t know it at the time, he was right in so many ways and ahead of what our industry has finally come to realize.

An identity-centric view is integral to a security-first approach to cloud migration. Organizations need to know more than who has access to what, they need to break down the disparate technology barriers and bridge the gap to incorporate activity data. They need to find solutions that provide visibility into who is doing what and how are they using the access they have.  

With artificial intelligence (AI) and machine learning (ML) becoming more important to creating a proactive security posture, companies now look to these technologies as part of their risk mitigation strategies. 

Digital transformation creates new business growth opportunities, such as new customer engagement models and collaborative platforms, that when properly deployed outweigh the risks involved with implementation. Managing these new identity risks in the dynamic cloud and hybrid ecosystems is paramount.  CEOs, CIOs and CMOs are looking to integrate technology into the operations of a business to power tomorrow’s internal workforce and define new customer experiences.

Migrating Business Critical Operations

Today’s businesses are leveraging the cloud’s volume and velocity to maintain their competitive advantage. For some companies, streamlining business operations drives their cloud migration decisions. For others, increasing revenue with new customer engagement models leads them to the cloud. In either case, digital business models are changing how and where companies store their most sensitive information. 

Businesses are also changing the way they operate which is shifting the security perimeter. It is now common knowledge among global business organizations that Identity Governance and Administration (IGA) is as important to protecting data privacy and security as network security was a decade ago.

Using Intelligence for Continuous Assurance

As companies evolve their business models, they’re also evolving their security programs. At the enterprise level, I see successful security programs embracing an identity-based foundation which focuses on monitoring and limiting user access to data so they can minimize access risk. 

Identity-centric security starts with knowing who accesses what resource, why they need to use it, and how they’re accessing it. With the speed and dynamic nature of the cloud, comes changes in the foundational understanding of identity. Adding new types of identities, such as robotic process automation (RPA) and service accounts, are reshaping what it means to be a user. These silicon identities increase access risk because many companies lack tools or are disparate across the organization and unable to provide visibility into the “when” and “how” of IGA.

Intelligent analytics gives organizations insights into a hybrid ecosystem and creates better governance strategies. Creating dynamic access policies with peer- and usage-based data helps companies govern the proliferation of new identities and access requirements. Intelligence coupled with analytics also gives companies a way to continuously monitor their controls and detect evolving patterns of access. If a user requests access, the predictive analytics can compare that request to peers and grant or deny the access. 

One thing is certain: Like my CIO friend observed, the next decade of IGA solutions will look nothing like the last — it’s an exciting time to work with innovative companies like yours, planning and implementing today’s leading business transformation solutions for positive impact and change on the future.

Join Me at Saviynt Converge ’19  

Join me at Saviynt’s Third Annual Converge where I will be hosting a panel discussing Saviynt’s “Assured Compliance-as-a-Service” model with Karla Clarke (KPMG), Kum Chai Shin (Western Digital), Jennifer Aguinaga (Royal Caribbean Cruises), and Vanessa Gale (Origin Energy). We will cover their program journeys and how they have used AI/ML to create proactive identity-focused security programs.

Why Saviynt Converge?

Saviynt’s annual conference focuses on the continual convergence of people, process, and technology. Come explore themes like managing the innovation of intelligence and analytics, new types of identities, automation capabilities, and ever-increasing regulatory compliance requirements with organizational leadership, technical professionals and domain experts. 

Register now for Converge 2019, and join our Women in Tech Panel.   

 

 

Jamie Lewis

About author

Jaime Lewis-Gross is Saviynt’s Global Director for Solution Strategy. As a sales director and team leader, she brings extensive knowledge in creating customer roadmaps and guiding the adoption of emerging technologies. She also advocates for and mentors young professionals, contributes to organizations such as the MSPCA and Girls Who Code as well as volunteers for American Poodles at Work.

Leave a Reply

Your email address will not be published. Required fields are marked *