2019 was another record-breaking year, but these records are not the type we’ll be celebrating. Data breaches in 2019 were the worst in history. According to a report by New Risk Based Security, by November 2019 there was already a 33% increase in data breaches and exposed records compared to 2018. With this in mind, we set off to Las Vegas in December 2019 to see what insights the Gartner IAM Conference would provide for 2020 to help defend our data better.
Now that we have had some time to reflect on the conference as a whole, I wanted to share a few more takeaways from Gartner IAM 2019.
Before you continue reading, how about following us on LinkedIn?
5 More Takeaways from Gartner IAM 2019
1. Illustrating the value of Identity & Access Management to upper management is still a struggle.
The sessions we attended were very informative, but the themes were relatively unchanged from last year. Discussions were less about supporting industry security standards, such as “Least Privileged” and “Minimum but Necessary” policies; instead, the same concern kept popping up: “How do we convince management of our value?”
For industries like healthcare, upper management continues to view data security budgets on the basis of a “minimum but necessary” funding model. They invest enough to keep the program operating, but not enough to innovate and transform the way that businesses manage security risk.
2. ROI on security spend is difficult to prove while cybersecurity technology continues to advance at an accelerating rate.
The latest advancements in Artificial Intelligence Monitoring systems, user behavior analytics (UBA), and strong multifactor authentication were all well represented at the show. These security technologies can help demonstrate that reasonable and necessary actions have been taken to protect an organization. However, ROI on cybersecurity spend is difficult to prove, especially considering the number of data breaches continues to rise at the rate they have in 2019.
3. Hackers don’t break-in, they log in.
Privileged Access Management (PAM) headlined the 2019 Gartner IAM Conference and one speaker accurately asserted, “Hackers don’t break-in, they log in.” According to a new report from the Identity Theft Resource Center, “unauthorized access” made up 36.5% of breaches in 2019. The majority of major breaches happened because basic Administrative Access wasn’t properly locked down, which leads me to believe that PAM is next on the horizon in Identity & Access Management. As organizations move to the Cloud, new skills are needed as businesses risk exposing their systems in ways they didn’t have to worry about when applications were running in their own data centers.
4. Decentralized Identity (DID) could be the next disruptive technology.
One promising and disruptive security framework that appears to be making its way through the Identity Management hype curve is Decentralized Identity (DID). The DID framework is based on concepts such as Trusted Framework and Zero-Knowledge Proofs (see Sovrin).
“A Decentralized Identifier (DID) is a new type of identifier that is globally unique, resolvable with high availability, and cryptographically verifiable. DIDs are typically associated with cryptographic material, such as public keys, and service endpoints, for establishing secure communication channels. DIDs are useful for any application that benefits from self-administered, cryptographically verifiable identifiers such as personal identifiers, organizational identifiers, and identifiers for Internet of Things scenarios.”
A Primer for Decentralized Identifiers
This would make trusted identities multi-factor point to multipoint and unique over the current risks created by the aggregation of identity attributes in centralized honey pots of personal data.
5. It’s time to align Identity Management with business objectives and risk management.
The biggest takeaway from Gartner IAM 2019 is that the Identity and Access Management Industry needs to change the conversation to be more focused on the value of the assets we are asked to protect. We need to paint a better picture of the skills and tools needed to protect those assets. We must start using language that aligns with the business’s objectives and risk management models instead of “Techno Talk and Acronyms”. This requires a much stronger understanding of how to tell the story in a way that opens the minds of all stakeholders and that aligns business risks with cybersecurity cost and value.
This article was authored by Ron Bowron, Director of IGA/IAM Services at Idenhaus.
Check out our previous articles on the Gartner IAM Summit:
- Highlights from “CISO Perspectives on Privileged Access Management” #GartnerIAM
- 2018 Gartner IAM Highlights: Looking Back at Looking Forward
- 6 Highlights from Gartner IAM Conference 2017
- Overcoming Challenges of Identity Governance & Administration (IGA)
- Why Digital Trust Is the Cornerstone of Identity Management
Idenhaus is honored to be featured in the Top 10 Identity Governance and Administration Consulting/Service Companies of 2019.
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us