KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
People are the weak link in security. Most data breaches start with bad actors using stolen user credentials and this is fundamentally an identity problem. For too long Identity & Access Management has been viewed as silo often walled off from the security group but this must change. Now, more than ever Identity & Access Management must be viewed as a key security control that can help minimize and mitigate security intrusions.
People are the weak link in security. Most data breaches start with bad actors using stolen user credentials and this is fundamentally an identity problem. For too long Identity & Access Management has been viewed as silo often walled off from the security group but this must change. Now, more than ever Identity & Access Management must be viewed as a key security control that can help minimize and mitigate security intrusions.
Okay, good afternoon folks. And my colleagues from Germany.
Good Hab, but I'm not gonna speak in German today. I'll spare the rest of you guys. So what I wanna do is looks like I'm the opening act for even Ian, as people are gathering. So I'll keep you entertained. What I wanna do is share some experiences from some customer interactions, right? One of the things that I treasure the most is working with the number of customers, both at the it, as well as the CSO level, we have yearly conferences where we gather a number of executive from customers and work with them on, on key issues.
So I think it's, it's a, it's a set of patterns that I think would be very beneficial for this team as well. Anybody in the role of a CSO or a CIO office office of the CIO or risk office show of hands.
Okay, there's a few. So some of these topics will resonate with you as well as colleagues from I am. So there's two key things that we see driving. Some of the programs impacting both security and, and identity and access management. The first one is how do we keep the bad guys out, right? I'm not gonna go into the details of it. Most of you are familiar with this, but I think it's there.
And, and everybody wants to not make the headline use. The other side of that is allow the innovation, let the good guys in, right? How do you make sure that you're not completely paranoid, but at the same time, you're making sure that your innovations are moving forward and, and provide a mechanism to have risk based controls. So if you look at, you know, the current layer of the land security is not a new thing to many, many organizations, 20, 25 years, the landscape looks somewhere like this, right?
Number of different products, disparate solutions, some of them work together duplications because primarily we have addressed security from a compliance perspective as a, a mechanism to make sure that we address some of the regulatory requirements, as opposed to driving through risk level or risk driven programs. And, and for the friends who are in the CSO role or in the, in the office of the CSO, the CIO, this is why get paid the big bucks, right. To go figure out how to put some boy on this. And I definitely don't think, and I wanna be in that shoes, right.
So how do you make sense out of this one way is to start pulling them all into different categories, like core domains of security. And, and, and this will help to a certain extent in terms of awarding duplications, making sure that some of the capabilities work together. But I think the real value is when you start connecting these dots, this is when you will start being able to flow information back and forth.
And, and the analogy very similar to the human body, right, as a human body is working together. All the organs, the major organs are working together to fight a common cold or a virus, right? You can't have a point organ trying to deal with, you know, a situation by itself. You have to work together to work with the entire body.
And, and the analogies applies to the security principles as well. We look at it, the security as an immune system. So that information is flowing between these different core capabilities so that you can start addressing, you know, what's what is normal and what's an anomaly, right? This is when you can address questions like, you know, is this standard behavior or an anomaly. And based on that, take the appropriate actions.
Now, in addition to trying to make sense of what you have within the organization, integration is not complete until you start involving the ecosystem, your partner ecosystem as well. Right. Which is trying to leverage what's out there in the, in, in terms of a threat space, the global intelligence, the best practices from, from your industry as well, other subject matter experts. That's when you start seeing the real value of addressing some of the key security requirements, let's take for example, right?
You know, once you start joining these dots, you start addressing some of the problems let's take, for example, this one, this is where you are allowing your employees with B Y O D right, to be able to integrate with your existing identity and access management systems. So that they're not only coming in for authentication, strong authentication, but also take into consideration in a policy based enforcement and compliance, et cetera.
Similarly, identity and access management has to be integrated with the fraud systems, right, for your consumer access, because it's an unmanaged device there. So how do you make sure that you're detecting, there is either fraud or no fraud or, or threat or no threat based on that you then come up with the appropriate risk score that is then drive how you access or how you allow them to access applications. And you can continue traversing this map and, and come up with various examples, right?
This is an example of how data governance and identity governance need to come together to address some of the compliance requirements. You can also look at this as how data and privilege management need to come together for addressing the insider threat, right? So you get the point of how, once you have an immune system traversing, these, each of these triangles will give you some key value adds. So at the cost of probably, you know, biting off more than I can chew, I'm gonna try to take, you know, a deep dive off two to three are examples fairly quickly, right?
And, and I'm using some of the key initiatives that typically fund these programs. Typically at the security office level, we see programs that are driven to reduce the complexity and, and optimize the program to be more risk driven versus a compliance driven program or initiatives to go address insider a threat or external threat, right? Compliance, doesn't go away. It's always projects, funding compliance, but it's become deeper and more contextual, right. And plus programs to go and deal with innovation, right?
How do you move from a workloads to cloud or adopt cloud applications or adopt mobile? These are the innovations from the business that you don't wanna stop, but allow them to be successful. So if you take one example, right, this is the thesis, and I'm, I'm, I'll follow it up with a customer examples that hopefully that can raise the point, right? The thesis over here is that to be able to deal with insider threat, there's two ways of looking at it.
One is managing the risk of insider threat, which is how do you go find out all your critical data and put some controls on it so that you making sure that the right people get access to the right sort of data information. The other side of the coin is how do you go detect that insider, who could potentially be a threat, whether it's malicious or non-malicious or intentional or intentional that's besides the point. So if you look at the first one, data and identity have to be integrated, right? Specifically, you know, privilege and management.
This is where you have to understand where your critical data recites through data activity, monitoring, understand what is privileged data, understand who has access to that. And it's not enough to just have a privileged and management solution, but also need to govern that on a regular basis, right? Contractors come in contractors, go in employees, change roles. So it's not enough to just put users into a shared vault and check out and check in, but he also able to certify that and check for any regulatory or, or sod violations.
So that's why you see that integration at the bottom right over here means integration green is the value or, or the inherent assumption that you would get out of IAM. Now that helps in times of mitigating the, the risk on the other side, over here, the example is just showing identity and access management, you know, network and data. All of that information has to go to some level of security, intelligence, user activity monitoring so that you can then figure out through machine learning through correlations. How do you go find that insider, who could potentially be at risk, right?
Whether again, it is somebody who's a user or could be a bot like a, an application. It could be, you know, somebody clicking on a phishing link and that downloads a bot, and that could result in an insider as well. Right? So the flip side of that is to take that information, correlate all of that, and then identify the insiders so that you can then take the appropriate action to either block it or, or drive the appropriate remediation program. So this is an example of one such integration, which helps with the insider threat, right? As an example, there's actually two customer examples.
So here, one is coming from the left hand side, right? This is a large electronics manufacturing company. They had a privilege in management system, right? Able to say that, you know, John DOE is able to check out a password or a key for access to a database, right? On the other side, you have the database activity monitoring to say that this is DB admin, trying to do some sequel queries on this. There's no correlation between them, right?
So by pulling them together, you're able to say, John has in the, in the capacity of the privileged user has checked out a password and used that to do some privileged activity, right? That's when you can define some of the rules and baseline and anomalies to find out if anything suspicious going on on the flip side and just to continue the story on, on, on, on the third one over here, you have to maintain that constant state of compliance by providing that governance to John, to make sure that you know, his role or any of his job functions did not change, or, or we need to change.
He still has a continuous need to have access to their critical resources. On the flip side, you have another customer in the financial space, too big, right? Not able to monitor or not able to gather all the information, all the data sources and discover them. They wanna go after the users. They want to be able to collect all the information from the user activity, pull them all into one place, use extremely strong algorithms, machine learning. This is where the, the data scientists role comes into picture to be able to find those potential insiders.
Once you find them, then you can question of, you know, how do you go and drill down to say what caused it? And some could be real. Some could be not real. So that's an example of, you know, how that helps some of the real problems. Here's an ex other example.
I'll, I'll try to go a little bit faster on the next ones, just to give you an idea. This is the use case for demonstrating compliance, right? This is where identity and, and identity governance and data governance have to come together, right? So that you have a consistent view of how do you provide access to the right resources and not just from the people perspective, but also from the data perspective and data where here means structured as well as unstructured, right?
And once you have that, then it's easier to basically say, how do I provide that governance to ensure that the right user has access to the right sort of resources detect any violations, and then be able to constantly monitor that so that you continuously validating that the user is indeed doing the right things based on access privileges in this case, it's not a great story. So I'm, I'm gonna be very careful in not giving you any clues other than the fact that this is a large financial institution, right?
Very mature, as you can imagine, with many financial institutions and they have identity access management solution, not one, but more than one, right? Directory solutions, virtual directories, log management, they still failed audits, right? Not something to sneeze about, right?
It is, it was an expensive proposition. The situation over here was in terms of, you know, understanding all the different resources, all the different assets, they have to be able to then put the appropriate governance.
So the, the customer here, what they did was to take, apply the data protection capabilities, to discover data, be able to classify into high, medium, low, and then be able to see, okay, what is that risky data? And is it being governed properly? And as you can imagine, not all risky data was being governed. They're going after the systems, hence they were failing audits, right? This is an example of how getting the data governance as well as identity governance together, help them save millions of dollars a year.
Again, going back to the point in the previous place, you gotta continuously monitor it to make sure that that's still true. So there's couple of other scenarios.
And, and I think I'm trying to combine some patterns in the interest of time, but this is a use case for mobile adoption, as well as context based access, right? This is a opportunity to say, if you're coming from the left time side, which is basically employees accessing applications, you need to be able to integrate with some of the EMM capabilities or mobile device management capabilities, right. Be able to understand that there's a appropriate association of the user to a mobile device.
So that as a coming in to access corporate data, you not only checking to do a proper user experience of single sign on, but also checking for compliance and, and policy enforcement before you can allow them access to applications, which these days are either on-prem or off-prem right. Either way adopt some context based access principles to do that.
Similarly, the right hand side of the picture is from the consumer side, right? Same customer, actually consumer side, it's an unmanaged device. So you need to figure out how to integrate with the threat and fraud management capabilities to understand if the device is jail broken. If there's any malware sitting on it, if there's any malicious activity or, or improper activity going on, use that as a risk mechanism or a risk scoring mechanism to power your context based access to access your applications. So I think you can imagine the, the scenarios over here, right?
I think we we've talked about that. And then the last example I want to give is on the cloud side, right on the cloud side, we have, you know, typically a, a, a number of applications, you know, customers adopting a large number of applications. On-prem and off-prem the first thing is to understand, know where these address points are, right? How many applications is a customer using? And typically, you know, it's an order of magnitude larger than that, what they usually think, right?
So the first thing is to understand, and, and from all the logs, how do you discover access to various applications like Google or, or office 65 or, or, or Salesforce, etcetera. And once you do that, you then classify that according to the risk, some are sanctioned, some are not sanctioned, and then be able to provide that context based access to the sanctioned applications and teach your employees good behavior.
If not, if you just block them, they'll find another way to break through the fence, right? There's, that's a classic security principles, right? So once you do that, then the, the second point is then how do you do protection? Protection is from network security, as well as data security. So you can see that how these things have to come together to allow organizations to adopt cloud more easily, right? Things like your visibility, your access, as well as data protection have to come together to provide that unified solution. So where are we right now?
So the key takeaways for these four scenarios, you know, for the, the audience is primarily right. You need to engage with the, your, your colleagues in your organization. I am was usually a separately funded initiative, but it's more and more integrated with securities. You need to understand those adjacencies and use that as a context to drive some of the program. The second thing is, you know, work with your line of business shadow. It is not necessarily a bad thing. Be able to figure out how do you advance it and, and allow them to innovate.
So I've got a minute and I want to use that to, to highlight one quick innovation that I think has, has at least made me very proud. I've been working on this along with the team for almost a year is the next generation, right?
So, so far we all understand that we are over the, the Moss and castles and we are over the parameter is not sufficient by itself. So we talked about the integration as the next generation, which is what we are in, but there's still a lot of work in terms of lot of structured and unstructured data out there, lot of skill shortage. And the next era that we see is cognitive. We've seen a lot of ads on the TV with respect to Watson, and we've been working almost a year and yesterday we announced Watson for cybersecurity. It took us six months to train Watson. Watson is like a baby, right?
It took us six months to teach Watson the language of cybersecurity. Right? Understand what a backdoor is, backdoor to my house, or a backdoor to something else. From a security perspective, we had to teach them the whole ontology. And then it took another six months for us to go and perfect it, to be able to help ease the pain of an Analyst.
The Analyst could be for the IM side of the house, somebody who's doing risk based access governance, be able to empower them, to make decisions faster, be able to empower an Analyst to go and make sense of not just what's happening within the company, but also gather the information from across the world to make it more relevant for how they should deal with it. So thank you. Can we quickly see the questions, please? There you go.
Oh, There you Israel. So can anybody it, Yeah. You mean by immune system one that is a hundred percent immune against all types of malware slash attacks or one that does allow certain level of infection like the human body, right? It's it's the analogies with the human body, right? You cannot catch everything.
But the idea is if some of the key capabilities of security functions work together, you have more chances of fighting against malware, fighting against threats and be able to understand who has come in from what network, what did they try to do so that you can evaluate against baseline and see if it's malicious or UN malicious. Right? So the analogy is like a human body, but It's okay.
Next one, where are the natural intersections of IM and other security initiatives? So the natural section in section, we showed that map, right? Things like insider threat, things like external threat, obviously DLP is a, is a big one. Insider threat seems to be the big one. These days, cloud access to cloud applications, mobile applications, some of the attack chains, every sec identity provides a context to security, right? Without that you are just seeing a whole bunch of, you know, network packets, you know, in, in, in the, in the, in the ecosystem.
So there's many areas of intersection and that's what we were trying to show with that map. Okay. And quickly, the last one is data classification now moved up with related metadata, a precondition to implement an efficient threat protection on business data. I wouldn't say it's a precondition. It helps. Right. Obviously you cannot go and, and, and discover all the data and try to go and solve every problem. Right? There's limited resources, both in terms of funding, as well as skill skills, what classification helps you in trying to prioritize where to focus?
So that, like the example I was giving in this case, the company was focusing on the wrong things by doing that, it helped them go and focus on the right things to at least save some dollars. Thank you very much. Thanks again. Thank you.
