Identity eats security: How identity management is driving security

New intelligent identity management systems are changing the way organizations authenticate users and devices, and they’re making identity the new security perimeter.

1 2 Page 2
Page 2 of 2

Historically, identity has not been the responsibility of the security teams. “If you play it back a few years, Ping’s champions reported into IT,” says Durand. “Today we’re seeing identity report to the CISO.”

That’s creating a management and skillset challenge. “I often find that Identity professionals and security professionals have a different mindset,” says Durand. “Finding people who live in two mental spaces simultaneously, Identity for connecting things and security for defending things, is rare. Most of the time people fall into one category or the other, but that is beginning to change.”

The gap between identity and security in terms of understanding what the other one does has historically been pretty wide. The solution, Durand suggests, is a strong training program for both identity and security professionals. Panelists at an Identiverse session titled “Should Identity Own Security?” (the unanimous response was “No!”), all emphasized the need for greater collaboration between identity and security groups.

Even if intelligent identity management systems meet their full potential, they might never provide 100 percent accurate recognition of users. “There’s a difference between trusting and knowing,” says Durand. “In life, we’re forced to trust when we don’t or can’t know something for certain, and most things in life are either too inconvenient or too expensive to know for certain. For example, how many times have you arrived at a new restaurant and handed the keys to your new car to an 18-year-old stranger wearing what appears to be a valet t-shirt? You've made a conscious decision to trust because you’ve decided it’s too inconvenient to park three blocks away. In identity, as in life, it’s many times too hard or too expensive to know anything for certain. This is why we need intelligent systems to help us determine risk and make more intelligent decisions around access control.”

Copyright © 2018 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 hot cybersecurity trends (and 2 going cold)