One thing is certain. Capitalism ensures that change is the new constant. \u00a0In the early 1990s, internet pioneers Prodigy Communications and America Online connected users and changed how we communicate with each other. In 1995, Windows 95 was launched by Microsoft which helped personal computing go mainstream. An activity that previously took days could now be done in seconds.Since then, the Internet accelerated the rate of change to usher in what is commonly known as the Secondary Information Age which we live in today. According to global internet usage statistics, more than half of the world\u2019s population have Internet access as of June 2018. The disruptive impact of the Internet rippled across every aspect of society from entertainment, retail, travel and hospitality to healthcare, education and politics.Not only has this trend accelerated the transformation of the world we now live in, it has a marked increase on how much time users spend online each day from minutes to hours. It has resulted in the number of identifiers and accounts that each user has. In a study conducted by Dashlane in 2015, the average user had at least 90 online accounts, and that number doubles every five years. Perhaps not surprisingly, the accelerated rate of change has also bought about a dramatic increase in cybercrime. \u00a0In Shape Security\u2019s 2017 credential spill report, it was reported that as much as 90% of login traffic on many websites can be attributed to criminal activity.The heterogenous enterpriseBeginning in the early 2000s when Active Directory (AD) was first introduced with Windows 2000 Server, mid to large sized enterprises have enjoyed the convenience and standardized approach for authenticating users with \u201cnetwork credentials\u201d from AD. Multi-national organizations could also realize the benefits of a standardized approach to network-based authentication. Nearing the 20th anniversary of AD, it remains a robust and reliable platform for businesses to manage the identities of its users and securely authenticate them to enterprise applications.In a recent interview with entrepreneur and former CEO of Centrify Tom Kemp, he reflected on his company\u2019s formation in 2004 and explained how a theme of investors during that time: \u201cActive Directory was going to become a major platform and there could be companies and technologies built around AD.\u201d Another theme of that time, Tom adds, \u201cwas the rise of open source such as Red Hat with Linux.\u201dAs predicted by Kemp, and a host of other entrepreneurs and investors, the rise in popularity of the Linux operating system gave birth to the modern enterprise. Being open-source, Linux provided a low-cost alternative to Windows Server that often benefitted by receiving more frequent core updates and security patches to fix vulnerabilities.While free is not always free, by the late 2000s Linux earned a reputation for being a more reliable and secure operating system than Windows Server. Large software firms such as IBM, Oracle and Novell developed their own versions of the Linux operating system which fueled the phenomenon we now observe as heterogenous computing environments.AD evolved into a major platform with hundreds of tools developed to ease the administrative and support burden. However, the larger business opportunity would lie in having one centralized identity management solution that connected and synchronized policies, identities, and credentials for the heterogenous enterprise.The multi-cloud gold rushIn 1999, Salesforce became an example of what computing and software would become without the need for business owners to purchase hardware or multi-year software licenses. Organizations would begin moving their customer databases to the cloud and begin taking advantage of new platforms designed for collaboration, marketing automation and customer service \u2013 billed on a subscription basis \u2013 making it simpler and cost effective to consume on an as-needed basis.Witnessing this success, new cloud solutions started popping up everywhere offering buildings blocks of modern enterprise IT, from infrastructure and compute as-a-service to storage, identity services -- think Okta, Ping Identity and Microsoft\u2019s own Azure Active Directory and productivity apps such Office 365 delivered via the cloud. Start-ups wouldn\u2019t even think of building their own datacenters now, as basic IT services can be provisioned with the speed and economics far outpacing the IT organization\u2019s ability to keep up.Fighting their own inertia, organizations continue taking advantage of cloud computing, finding that their IT infrastructure is better managed (and often more secure) than on-premise equivalents. The economics of the cloud, from subscription-based metered billing to cloud-scale networking (that is the ability to scale in real time and optimize for the highest possible performance) help organizations to bring products to market faster, offer new delivery models for their services, driving net new revenue and protecting margins.Through 2021, Gartner reports that cloud revenues are set to reach $300B with infrastructure being the fastest growth segment and the number of cloud service providers expanding by 3X. That is good news from a macro economic and growth perspective, but it will create a new set of risks that organizations must be mindful of and proactive about addressing. \u00a0The ability to scale safely, reducing business risk through continuous compliance and preserving privacy, remain elusive yet necessary objectives for any digital transformation and cloud migration effort.Toward a better cloud governance modelIn "Managing IAM in uncertain times," I wrote that \u201cWhile there are merits in each of these frameworks, the devil is in the details. Tactics and execution are more important than ever.\u201d Fixing what\u2019s broke with authentication and improving identity & access management is surely going to be a hot topic at the RSA Conference this year. Business and security leaders must not lose sight of the fact that the operational and governance aspects need ongoing investment and support from the executive leadership team.In a multi-cloud world, expert managed security service providers (MSSP) offer the tooling, expertise and operational maturity to support large and multi-national businesses. An MSSP can help achieve and maintain regulatory compliance and improved security posture with instrumentation that enables visibility, control, integration, incident response, and various tiers of support that most IT teams are unable to deliver. \u00a0\u00a0While enterprises may never completely abandon their in-house IT departments, having an overarching top-down strategy for real-time governance that encompasses both on-premise and multi-cloud assets is a critical component of any business strategy.