Top leaders from some of the most successful companies of our time treated viewers attending Saviynt’s Executive Fireside Chat to an exciting conversation with three top executives from premier companies. Jim Dubois, former CIO at Microsoft, joined Elissa Fink, former Tableau Software’s CMO, and Amit Saha, the Saviynt CEO, share their wisdom and lessons learned through decades of service. Collectively, they have more than a half-century of experience and dispensed a generous amount of advice and expertise throughout the webinar, which included an interactive question and answers session.
Discussions ranged from how to tackle security and compliance daily during Covid-19 to giving executives advice on managing the struggles they feel with the challenges to stay abreast of identity, security, and governance when trying to make their IT ecosystem secure.
“COVID-19 has essentially made nearly every workforce remote in some way. And as a result, there’s an onset of sensitive data moving outside of office walls, across public wifi, and lots of different devices often with questionable security.” ~ Elissa Fink, Former Tableau Software’s CMO
The conversation centered around security and compliance in an evolving global economy. Elissa pressed discussion on issues affecting organizations working to thrive in today’s global marketplace. Amit and Jim were open with advice on keeping daily operations consistent while driving forward with innovation despite the COVID-19 crisis. Let’s recap a few of the highlights from this engaging event.
Risk Management: It’s Not Just IT’s Problem
“Now is a time of opportunity for companies that are ready to do the right stuff” ~ Elissa Fink, Former Tableau Software’s CMO.
Organizations need to be ready to manage risk across the board in these trying times. As security risk transcends IT, it delves deeper into all business processes and operations. Getting the entire organization aligned and consistently managing risk, the organization can run more efficiently like a well-oiled machine. Good risk management gives companies the agility to take on additional risks and seize new opportunities as the mechanisms for handling these new challenges would already be in place, avoiding the need for ad hoc solutions.
Managing Risks for Growth = Taking the Right Risks.
“…this whole topic of risk management really isn’t about eliminating risk because that’s not possible.” ~ Jim Dubois, Former CIO at Microsoft
Jim offered insights on how risk management helps to drive business. Many organizations focus on removing risk altogether, he noted, then explained that no state of zero-risk exists, so the goal is to maintain a managed risk state. How well an organization can understand and manage its risks drives its level of agility. Organizations with a better handle on risk management move faster and more nimbly because of reduced response time to alterations in the organizational environment and threats arising from those changes.
“…risk management, it’s very complicated. It’s not simple. There is no easy or silver bullet. It’s not once and done, right? It’s a continuous journey. “ ~ Amit Saha, Saviynt CEO
Mitigate the risk and move on; many organizations think this is true. Amit challenges that mentality explaining that much like the Internet of Things (IoT) devices and ‘bring your own device’ (BYOD) policies, some risk is required. Organizations address tools and policies periodically to verify controls remain relevant to the evolving security risk. The same holds true for more complicated initiatives where periodic review and re-tuning are required. Security is rarely ever “fix it and forget it.”
More than Human: Identity Transformation
“…identity is also going through its transformation journey. And as part of that identity transformation, a lot of organizations are looking at identity also holistically…” ~ Amit Saha, Saviynt CEO.
The risks we manage have changed due to the evolution of identity. Amit explained that IT modernization and cloud transformation has altered how identities play into the IT ecosystem. Identity has evolved from simple human-based identities to a broader definition encompassing non-human identities meant to integrate into complex cloud environments. These identities open additional risk when left with persistent privileged access rights.
To manage this changing identity space, organizations need to review and revise how they handle identity in all of its forms. Amit explained that governing and securing non-human identities is more challenging because they may not stem back to an authoritative source as most human identities do. Instead, different mechanisms need to be in place to ensure these identities can be managed appropriately and secured consistently like human identities.
Making Security a Business Enabler
“So it’s both thinking about how do we protect data that’s going everywhere and thinking about identity in a different way, but also how do we do it in a way that helps the productivity of employees, so people aren’t trying to go around the security that we’re putting in place.” ~ Jim Dubois, Former CIO at Microsoft
Strike a balance between making security and identity user friendly, getting user buy-in, and preventing users from circumventing security. Jim linked this concept to complex password policy driving employees to write down passwords and thus creating more risk than functional security. Security controls need to be well thought out, particularly how they integrate with the business processes. The design should make employees’ work more manageable and streamlined. Well-designed security enables business productivity while simultaneously thwarting bad actors. It’s not the “either-or” choice that many presume.
“I feel like we just got a masterclass; the highlights in the identity transformation journey, and how companies go about thinking more strategically about identity and identity transformation, and how it can enable them.“ ~ Elissa Fink, Former Tableau Software’s CMO
My favorite quote of the day: “complain a lot, learn fast, listen, and be innovative,” was spoken by Elissa. She explained that, as an executive, there are so many areas in which this mentality benefits your team. Complaining a lot doesn’t need to be the sour grapes griping as much as it should be the unwillingness to settle for the status quo. Learning fast is a given for any new or rising executive. Listening is vital for connecting with the people in your organization and discovering needs that might not be obvious. Being innovative is the only way to survive this ever-evolving global economy. Stagnation is the beginning of a slow death for your company.
This fireside chat was indeed a masterclass. Led by industry leaders, it was chocked full of life lessons and experiences in implementing identity transformation and security within top tier organizations. You can catch up by watching the broadcast at your leisure for those who missed seeing this event live.