What defines “next gen” identity security?
Our heritage is defined by our ability to shape and reshape identity security to fit the constantly changing needs of our customers. Grady Summers laid that out clearly in his recent blog post. This is what it takes to be the leader – you’ve got to lead, you’ve got to stay on your front foot, you’ve got to constantly push the envelope.
So, when I sit here and think about our next evolution as a company and as the leading technology in this space, a question comes to mind: What “should” next-gen look like? Anyone can claim they deliver a “next-gen” solution, but what does that mean in the context of enterprise identity security?
I look at it like this: what do our customers need to address today – and tomorrow? What are the must have’s? And most importantly, what business value does it deliver?
First – our customers’ needs
There is nothing about the enterprise identity security challenge that screams “give me something good enough” to address my needs. These are complex, highly sophisticated, often highly regulated enterprises. There is a lot going on every single day to keep these companies moving fast. The key is to deliver a solution that takes on the complexity on behalf of customers so that what they see is simplified but sophisticated, administered with ease.
At the same time, the balance between speed and security needs to be tightly orchestrated. And the depth of security policy has to address the following:
- All enterprise identities – spanning both employees and non-employees, including contractors, software bots, third-parties, etc.
- All levels of access – across sensitive and regular user access
- All critical applications and data – both cloud and on-prem
- With management of access, down to the entitlement level
- And access granted on an as-needed or “just in time” basis
The parameters I just described are constantly changing as each identity joins, moves, and eventually leaves the business. Multiply all of that change by the number of apps, data, and entitlements each identity has, and the ability to manage it all becomes exponentially harder, if not impossible if only managed by humans alone. Next-gen identity security has to be fueled by AI/ML – this is table stakes. There’s no way any large enterprise can handle the level of accelerated change happening across the business without the aid of automation. Through continuous machine learning, we fully believe AI will absolutely trump traditional convergence in this market and underpins true next-generation identity security.
Second – what are the must have’s for the next-gen identity security solution?
It needs to be driven by policy – not roles – to determine if and when access is granted, to what degree, and within what timeframe. We’ve moved far beyond simply granting access and assuming good intent, that that access will be used in the right way, at only the right time, no more, no less. Any access point can become a point of entry for an adversary at any given time. For that reason, enterprises need the ability to create a dynamic trust model that is context aware, with policy as the blueprint. Arming them with the intel needed to grant access just in time, and then shutting down that access when it’s no longer needed. All of this needs to be built on a platform, so that enterprises can build an identity security foundation that fits their unique business needs, delivering extensibility and scalability on repeat.
And third, what business value does next-gen identity security deliver?
For starters, peace of mind. That every enterprise has a trusted technology ecosystem, one that allows the business to flourish as quickly and as seamlessly as possible. Next-gen identity security should ultimately equip every enterprise to effortlessly manage and secure their identities at any speed, at any scale. The outcome of that is a business that can compete fiercely, can grow and evolve at any pace, and can drive business acceleration that enables every identity to do their best work, securely and efficiently.
This is how we define next-gen identity security at SailPoint. We’re ready to reveal how we plan to deliver on this vision during Navigate next week and hope to see you there. In the meantime, keep a close eye on this space as we get ready to publish the final installment of this blog series, authored by our leader and founder, Mark McClain where we reveal our future trajectory.