They say what happens in Vegas stays there, right? Well, that may not always be the case. Especially when it comes to the Gartner Identity & Access Management Summit last December. In fact, we are pretty sure the more than 2,200 attendees will take back with them new identity and access management insights, strategies, and intelligence to address their biggest challenges in their own organizations.
Core Security was a featured exhibitor at the Gartner IAM Summit, and our Director of IGA Product Management, Bill Glynn, presented innovative thoughts to a packed session—‘Finally! An Intelligent Approach to Access Governance, Role Management, and Access Reviews.’ This session examined how an intelligence-enabled, visual approach to the creation and management of roles and access reviews simplifies otherwise complex processes and helps enhance security.
So what were the top takeaways from the summit? We’ve identified three of the biggest items you should know in relation to your own business:
1) The IAM Struggle Is Still Real
During the event, we heard story after story of companies disappointed that their existing IAM solution had not solved all of their identity and access management challenges. Many attendees expressed their ongoing struggle with manual and error-prone approaches to role design, role governance, and role classifications.
Regardless of the solution they used for provisioning, including access requests and approvals, and access reviews, many organizations at the Gartner IAM Summit were still struggling to build roles in a manner that truly captured the roles needed by the business. Several attendees we spoke to are still relying on traditional role mining techniques, including spreadsheets or their web version counterparts—basically just automated lists of who has access to what, providing little context or intelligence of what the access really should be.
For many attendees, role-based access seems too far out of reach and is instead targeted for last stage deployment objectives. This limits the value an organization can realize from their IAM vendor solution and overlooks an important side benefit of proper contextual role development. However, during the conference, Gartner emphasized that the likelihood of IAM program success can be impacted and improved through analytics and data cleanup.
The ongoing frustrations from organizations attending the Gartner conference underscored the importance of a visual-first approach that creates the most intelligent and efficient path to a successful IAM program. It also emphasizes the importance of mitigating identity risk by leveraging tools like the identity governance solutions offered by Core Security.
2) Intelligence and Identity Governance Go Hand-in-Hand
Another theme that emerged during the Gartner IAM Summit was the importance of intelligence and analytics in driving and informing the entire identity governance and access management process. In other words, intelligence should be the cornerstone for your identity and access management strategy. Numerous speakers and even keynotes during the conference highlighted the need for organizations to turn toward intelligent governance-led IAM programs to manage identities and uncover potential hidden access risks in the business.
So how does this work exactly? One way is by leveraging intelligence-enabled context to simplify identity governance through an intuitive, visual-first role-designing tool, with a key feature being a graphical matrix display that groups like-access privileges together. This enables users to easily understand the access and context that individuals have in common and identify what outliers might be present. Another way is by incorporating intelligence to enhance access certification accuracy by providing context and guidance so that users can better understand what they are reviewing. When users are confident in the intelligence of the access review process, they make smarter, better decisions, making it easier to avoid rubber-stamping access as a default action.
3) IAM Is a Journey, Not a Destination
Organizations more mature in their approach to identity governance and access management view IAM as an ongoing initiative, with focused, achievable goals along the way. At the Gartner IAM Summit, those companies showcasing the greatest advances in improving security and boosting efficiencies leveraging IAM have strategically identified, prioritized, and addressed their biggest pain points. Most importantly, they do not rely on a prescribed approach to IAM.
These companies also recognize that partnering with leading-edge providers that are flexible at any phase of the identity governance journey, and can tailor their solutions, is an essential element for success. This enables them to do more with less, enhance organizational security, and prepare for growth and change—no matter what form it takes.
So Where Do You Go From Here?
These three big takeaways from the Gartner Identity & Access Management Summit have exciting applications for your organization in building a more intelligent, efficient, and impactful IAM strategy. But they can also seem overwhelming at first. We would love to show you how the right solutions can solve your most pressing challenges, fuel intelligence-driven identity governance, and support your identity and access management journey. Because our solutions are based on your needs and priorities—not the other way around.
Get a live demo of our industry-leading solutions and learn how you can solve your top identity governance challenges.
California’s groundbreaking privacy law went into effect January 1, 2020.
The California Consumer Privacy Act (CCPA) requires businesses to inform state residents if their data is being monetized as well as to provide them with a clearly stated means of opting out from the collection of their data and/or having it deleted. Businesses not in compliance with CCPA regulations may be fined by the state of California and sued by its residents.
The CCPA requirements only kick in for companies that have collected the personal data of more than 50,000 California residents and/or show more than $25 million in annual revenue. The primary exception to the CCPA are companies subject to California’s Insurance Information and Privacy Protection Act (IIPPA).
Under the CCPA, companies are allowed to sell “anonymized” user data. This exemption has drawn heavy criticism from privacy advocates due to several studies showing that anonymized data can be re-identified with personally identifiable information relatively easily.
While the protections of the law only applies to California residents, businesses such as Microsoft have implemented its provisions for all customers.
Much like the European Union’s General Data Protection Regulation, many of the details of the implementation of the CCPA have yet to be determined and will most likely require further clarification in court cases.
“If you thought the GDPR was bumpy, the CCPA is going to be a real roller coaster,” said privacy and cybersecurity legal expert Reece Hirsh in an interview with The Verge.
The post What’s In Your Business Plan? California’s Privacy Law Goes Into Effect appeared first on Adam Levin.
- Cyber Attacks are the Norm
- Only Focused on Patching? You’re Not Doing Vulnerability Management
- 12 days of Christmas Security Predictions: What lies ahead in 2020
- How the Cyber Grinch Stole Christmas: Managing Retailer Supply Chain Cyber Risk
- Plundervolt! A new Intel Processor 'undervolting' Vulnerability
- MoJ Reports Over 400% Increase in Lost Laptops in Three Years
- Accelerated Digital Innovation to impact the Cybersecurity Threat Landscape in 2020
- Cyber Security Roundup for November 2019
- Three Consequences of a Misaddressed Email
- New Year Honours List 1,000 Recipients Addresses Published Online in Error
- UK’s Cyber Security Chief Ciaran Martin to step down from NCSC
- Hijacked Bank of England Audio Feed Sold to Hedge Funds Seconds Ahead of Broadcast
- Santa Hacker Speaks to Girl via Smart Camera
- 1.6 billion LightInTheBox Customer Records left Exposed
- Spanish Security Company Prosegur hit with Ryuk
- Open Dark Web Database Exposes Info on 267 Million Facebook Users
- Open Database Exposes 26,000 Honda Motors Customers
- Iran 'foils second Cyber-Attack in a week'
- Briton extradited over claims he was key member of hacker group 'Dark Overlord'
- MicrosoftPatches 35 Vulnerabilities, including 6 Critical for Visual Studio, Win32k and Hyper-V
- Microsoft issues an Advisory for a SharePoint Vulnerability
- Adobe Patches 25 Vulnerabilities, 21 in Acrobat products
- Intel Patches 15 Vulnerabilities affecting Software and Firmware
- WordPress Patches Four Security Vulnerabilities
- Mozilla Patches 11 Vulnerabilities in Firefox 71 and ESR 68.3
- Citrix Vulnerability places80,000 Companies at Risk
- The Top 20 Vulnerabilities to Patch before 2020
- 2020 Cybersecurity Forecasts: 5 Trends and Predictions for the New Year
- Visa Warns against new POS attacks, Fin8 fingered as the Culprit
- Momentum Botnet Spotted in the Wild
- Chinese State 'likely' linked to Cyber Spies Targeting Human Rights Workers
- Biggest Malware Threats of 2019
- China-Based Cyber Espionage Group Targeting Orgs in 10 Countries
- Microsoft Reveals Phishing Tactic Evolution
- Microsoft Security Intelligence Report
- PreciseSecurity.com Research: XSS Nearly 40% of All Attacks
Michael Allen // Every year around the holidays I end up having a conversation with at least one friend or family member about the importance of choosing unique passwords for each web site or service they use. Usually, it’s after they’ve received a phone or a camera or some other “smart” device for Christmas and […]
As we enter the New Year, be sure to keep up, or adopt, these good data security habits to avoid identity theft
The post Simple steps to protect yourself against identity theft appeared first on WeLiveSecurity