From Cloud Identity Summit to Identiverse
The nice folks at Ping Identity, founders of the annual Cloud Identity Summit, announced that they were going to rebrand the name of the conference to Identiverse. Shortly after the announcement, I had a chat with my former colleague Brian Bell, the CMO of Ping. My thought was that they wanted to change the name because ‘Cloud’ likely limited their vision and intended audience, because companies are not necessarily 100% cloud. Brian agreed, this was a reason for the rebrand, as well as the fact that the name seemed too generic for what they wanted to achieve. This got me thinking about the perception of IGA as a Service amongst large companies that are still predominantly on-premise, and the reality that these companies need an strategy that will cover them for a hybrid IT model, which we are seeing more and more.
Ready or not…
At our booth, we had a wide range of companies visit us, from some of the largest banking institutions to Pharma, and their IGA leadership told me that even though they had not fully thought out a strategy for securing cloud services, departments within their corporations were either moving independently to the cloud, or were sending requests to do so, and that they needed to be able to govern these assets in the cloud, whether they liked it or not.
There was a lot of discussion at the summit around compliance and “overlooked” security threats, for example, a pretty lady with her hands full with 2 cups of coffee, has a very good chance of someone holding the door open for her to get into a secure environment, even though this ‘door’ has 5 different modes of security built on it. However, it was not secure in this scenario. Or take compliance – you may have a group of users who are in compliance, but have privileges that they do not use or need, which is a risk. Compliance does not equal security. The point they were making is that a holistic approach is needed to have a 100% confidence level in your security strategy, and this starts with being able to have visibility into all of your people, process and protocols.
The Saviynt Perspective
Saviynt takes a strategy which is very much in this vein. Our products are built not only to provide governance on your critical assets, but to ensure the entirety of the corporate infrastructure, applications and data have ongoing security, with the knowledge that new technologies will be coming to market, and the IGA strategy will need to be able to grow with it. While our Security Manager has out of the box connectors, this is not what allows us to be so future-proof. It’s the fact that we have a framework that allows companies to onboard new technologies as they appear, continuously making product upgrades, and with it, all of our customers continue to receive the level of security across all their platforms that they initially signed up for.
Filling the gaps
Another popular topic was the fact that many companies have major legacy investments that are just too risky to ‘rip and replace.’ Certainly, an issue that is not unique to the IGA space, we are increasingly working with companies that are using multiple IGA related tools, but still have various gaps that are either not being addressed by their stack. Often, we will come in and start by filling in the gaps. Our Analytics are best in class, and can bring the visibility that is missing, allowing a company to get the holistic view that is necessary to bring their risk level up to where they see the full picture and be able to address those outlying issues that tend to be missed if looking through a single lens. For example, Saviynt can integrate with a Ping, or an Okta, and fill in the gaps that are keeping a company’s security risk at levels that are too low for the C-suite’s comfort level.
Coming full circle
Which brings me back to Identiverse. It’s a universe of technology out there for the taking, and it’s a universe of risk that’s also there for the protecting. Identity management is not something that can be managed at the point of entry, rather it needs to be managed at the global level, with integration and visibility into every aspect of identity, merging your people, process and protocols so that they form a seamless net of protection, ever expanding, without gaps to let in those ‘2 cups of coffee.’
Tea and crumpets anyone?