Image Credit: Getty Images
Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
Identity is the new network perimeter. In a world powered by cloud computing, every human and machine identity, whether it exists on-premises or in the cloud, needs to be protected to prevent a breach. Yet the Gartner IAM Summit, which began yesterday in Grapevine, Texas, highlights that most organizations still have a long way to go.
Gartner senior director analyst Rebecca Archambault’s “The State of IAM Program Management, 2023” talk suggested that enterprises have an average IAM maturity score of 2.4 out of 5.
Archambault also suggested that by 2026, 70% of identity-first security strategies will fail unless organizations adopt context-based access policies that are continuous and consistent.
At a high level, organizations need to course-correct by applying three strategies:
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
- using centralizing policies to control access to decentralized digital assets
- using contextual data to define access controls for identities and assets
- applying adaptive controls throughout user’s sessions, not just at login
4 top trends: ITDR, identity-first security, CIEM, IAM orchestration
The main purpose of the Gartner IAM summit is to bring together IT leaders and Gartner analysts to find new ways to prioritize identity-first security initiatives. After all, when a single account takeover can result in the exfiltration of critical data, the stakes couldn’t be higher.
Recently, VentureBeat spoke to some of the top Gartner analysts presenting at the event. We identified four of the top IAM trends being discussed this week.
1. Avoiding breaches with identity threat detection and response
In an environment with more identities and such a high rate of exploitation by experienced threat actors, traditional security controls won’t cut it.
“Conventional identity and access management and security preventive controls are insufficient to protect identity systems from attack,” said Henrique Texeira, senior director analyst, Gartner. Texeira headed a presentation on how cloud infrastructure entitlement management (CIEM) and identity threat detection and response (ITDR) can enhance security posture management.
“To enhance cyberattack preparedness, security and risk management leaders must add identity threat detection and response capabilities to their security infrastructure,” Texeira said.
ITDR can harden existing IAM platforms by streamlining investigation of identity-based breach attempts, improving detection of account takeovers and credential abuse.
2. Identity-first security should guide IAM strategy
While the onslaught of identity-based attacks, social engineering and phishing scams may seem daunting, enterprises can confront them by making securing the identity perimeter an organization-wide priority.
“An identity-first approach is the North Star to guide you on your identity and access management journey,” said Mary Ruddy, VP analyst, Gartner, whose talk called for organizations to deploy IAM more cohesively as a resilient identity fabric.
In practice, that means organizations should use identity data to “share more context between security and identity tools; apply zero-trust principles to your decision-making; and remember that maturing your IAM structure is an evolutionary process. Take it one step at a time with a use-case approach,” Ruddy said.
3. CIEM paves the way to smarter strategies for enabling identity fabric immunity
Organizations that want to build a secure identity fabric will inevitably need to rely on technologies like CIEM.
“The identity infrastructure in most organizations is too brittle to survive a targeted attack,” Texeira said. “Over 80% of organizations have suffered an identity-related breach in the last 12 months.”
“[This] fragility is in large part related to incomplete, misconfigured or vulnerable elements in the identity fabric. Identity fabric immunity applies the concept of digital immune systems to identity infrastructure to minimize defects and failures,” Texeira said.
CIEM thus enables organizations to implement access controls and continuously assess risk throughout their cloud environments, to identify vulnerabilities at scale.
4. Journey-time IAM orchestration delivers better user experience (UX)
Creating a streamlined user experience is easier said than done. That’s especially true when an organization is looking to tighten its defenses with thorough authentication processes for different applications and services.
For Akif Khan, VP analyst at Gartner, organizations need to find a way to harmonize the user journey, which combines identity proofing, authentication, access management and fraud detection, into a cohesive whole.
“Orchestration solutions manage vendor integrations and deliver a unified control layer. Develop a journey-time orchestration solution to deliver a tailored and dynamic risk-based UX, and leverage your solution to drive improvements through A/B testing and providing failover paths,” Khan said.
With IAM orchestration, security teams can increase transparency over authentication while also minimizing friction for end users.
But, Khan warned: “To achieve success, be aware of the risks involved, and ensure you have the expertise to implement the solution.”
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.