convergence [ kən-vûr′jəns ] n. – The process of coming together or the state of having come together toward a common point.
There are many things that are better converged. Chocolate and peanut butter. Disney and Marvel. Queen and David Bowie (obviously, “Under Pressure”). Personally, I’m a big fan of converging Mexican and Chinese into glorious fusion cuisine, but the point is fairly obvious: the whole can be greater/tastier/cooler than the sum of the parts, and often it seems like fate has a hand in different entities that converge.
And fate acts on more than food. Identity Governance and Administration is– and to have effective security must be– that common meeting point of many different security disciplines. As we approach Saviynt’s third-annual user conference, Converge ‘19, we’ll be sharing a series of blog posts discussing why identity convergence is necessary for today’s risk-filled digital landscapes.
Security and Identity Come Together
From the perspective of those who have lived it, the historical arc of identity in technology is long, but it is bent toward convergence and bringing things together. Identity management began with synchronizing LDAP accounts, which was a small corner of an organization’s IT. It wasn’t looked at as essential to security, it was more about efficiency, but it was still bringing things together.
It was 2004 when the Jericho Foundation– a consortium of forward-thinking CISOs and technical business individuals– announced the de-perimeterization of the enterprise. They pointed out that the advent of laptops and mobile technology meant the model of a moat-like perimeter around an organization’s network was obsolete. Security was changing.
It took over a decade for that truth to become mainstream knowledge, but now conventional wisdom draws the security perimeter at identity. Which means, naturally, that almost everything has to be looked at as an identity. Seriously. Everything.
Broadening the Definition of Identity
Identity started with a focus on employees or at least humans. However, if I have a unique identity (meaning it has some unique attribute such as a name, serial number, key, etc.), and I can describe it with a consistent set of details/attributes, it’s an identity.
This means we can look at all sorts of things as identities:
If you can define an identity, then you can apply security to that identity by setting rules about how it should behave or be governed. This is, after all, why identity is the no-longer-new perimeter. Old news, people. Acknowledge and move on.
The Importance of Bringing Identities Together
Everywhere you go, organizations are in the middle of some sort of transformation. Whether it’s modernizing the platforms that have been there forever, trying to launch a data center in the cloud, or trying to manage manufacturing or IoT devices more efficiently, the size and shape of our digital footprint is changing. We no longer just have a “digital network”, or “digital services”, we now have an entire “digital ecosystem” and even that keeps expanding.
If we want to remain secure while realizing these new channels or efficiencies or agility, we have to keep using the lens of identity to see potential risks and inform where we draw the perimeter. Many types of identity comes with its own monitoring and security tools; look at IaaS or any SaaS application.
Unfortunately, this can lead to an explosion of tools and interfaces and dashboards and monitoring and logging and alerting and… and… it’s very daunting to consistently add YAMT (yet another monitoring tool) to the responsibility of IT. Even with the latest capabilities of artificial intelligence and machine learning, things slip through the cracks if you have to check a multitude of different interfaces to view organizational risks.
To efficiently and effectively draw the security perimeter, it makes more sense to have a single, holistic view of organizational identities where you can determine policy, view posture, enact compliance, and respond to risk. This was Saviynt’s vision when we started converging All The Things.
What Does Convergence Look Like
For every new type of identity or security function converged into our Identity Governance and Administration solution, convergence looks like new types of policies, new relationships between identities. For example, you should not have privileged access to a production server to deploy the code you developed yesterday, so we have to know you/server/code all as identities and who can do what, where. The structure, however, remains the same.
You need a central place to keep all of the identity data, attributes, and information. Saviynt’s centralized identity hub is cloud-architected to utilize elasticity to store all this information and cloud compute powers to run analytics upon it. This is the foundation upon which we are converging so many different identities.
All of this convergence enables smarter security through our rationalized, analyzed, intelligent identity, and makes Saviynt the solution the foundation of digital transformation. We’ll be exploring the nuances of this convergence and the value you get from each aspect of it in this series of blogs leading up to our Converge ‘19 conference, so come along and you can understand the power of the Saviynt solution!
Watch for the next blog, and if you’re going to be in Las Vegas for the Gartner Identity and Access Management Summit in early December, come early for ‘Converge 19.