Story image

RSA Security director dissects identity & access management industry

13 Mar 18

The Gartner Identity & Access Management Summit recently took place in London where I had the chance to speak with RSA Security identity governance and lifecycle director Steve Mowll.

As well as emerging technologies in the industry, Mowll spoke about the future, the implications of GDPR, and strategies that businesses can use to overcome the challenges to security that are emerging as a result of the rapid adoption of cloud computing.

Current trends in the industry

Blockchain was a major topic of discussion at the Summit and Mowll says it has a lot of potential to solve problems like identity proofing and dynamic access management.

“However, after two years of talk in the identity industry, it has yet to be adopted into any ‘live’ mainstream use, apart from its original use in cryptocurrency,” says Mowll.

“With the improvements in mobile tech, biometrics are becoming a much more popular and convenient option for authentication, and many companies and vendors have adopted it as a way to move away from the password. By allowing the private biometric data to reside on the user’s own device, mobile biometric authentication often removes the burden of having to manage and secure this personally-identifiable data, allaying privacy concerns.”

Mowll says analytics is also playing a huge role within authentication and identity governance and administration processes, helping to improve the decision-making process for organisations.

“These analytics are also starting to combine data from other IT Security technologies such as user activity information from the SIEM, and third party and application risk data from the GRC platform. This will help businesses to better understand what they need to do to reduce risk not just in terms of identity, but for the organisation as a whole,” says Mowll.

“These increased analytical capabilities will also allow Identity processes to become more convenient for end users. Currently, the pain of identity management within enterprise organisations continues to be felt – whether it’s new users not having the access they need when they start a new job, or risk professionals having to review thousands of accesses with no real context. Identity & Risk Analytics will soon reduce, and in some cases completely remove, these pains, and let the business get on with their day job.”

Centralised technologies for the future

Mowll believes centralised services that collect identity data points to understand identity risk in a broader context will transform the identity management industry in the future by sharing data across the whole IT security ecosystem with governance, risk and compliance.

“Using insights – from threat detection to user behaviour analytics and privileged access management – these technologies can reduce the friction within business processes (such as access request and approval, recertification and authentication), while also providing a greatly enhanced understanding of identity risk to these security functions,” says Mowll.

GDPR

Mowll says who has access to what and determining whether access is appropriate has been a requirement of many regulations and standards throughout the years.

“GDPR will increase the scope of applications needing identity governance to include applications holding personal data,” says Mowll.

“Data access governance will also become more important as companies look to understand where personal data exists in their unstructured data environments and determine who has access to it. For these reasons GDPR will continue to increase the value of identity & access management as part of an organisation’s IT security practices.”

Tips for overcoming challenges

Mowll says businesses can overcome the challenges presented by third party cloud apps by demanding standard interfaces throughout identity and access management practices.

While authentication standards such as SAML are common across cloud platforms, corresponding standards for access management are not,” says Mowll.

“Many identity professionals talk about simple cloud identity management, but the reality is that many cloud services do not do not support it. This means while you can get your users onto the service, the way you manage their access is different with every vendor.”

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.