There needs to be a transformation in identity access management (IAM) as a result of digital acceleration during the COVID-19 pandemic, according to Tricia Phillips, sr director analyst, Gartner, speaking during the Gartner Identity & Access Management Summit – EMEA.
Phillips firstly highlighted how lockdown restrictions had disrupted our everyday lives, including the way we work, parent, bank and socialize. This distributed world has had a major impact on cybersecurity, where “control and access has had to be decentralized just to support the changing demands of the business.” She added: “Our IAM architecture was not designed for this level of decentralization, and that’s left gaps in our security.”
In many ways, the crisis rapidly accelerated digital transformation plans that were already in the pipeline for many businesses. “Crisis is the mother of transformation,” stated Phillips.
In her view, to adapt to the new environment, IAM must transform. “Not tweak, adjust or modify slightly, but change completely,” she clarified.
Phillips noted that as a result of distributed workforces, cyber-criminals are increasingly using account compromise to attack organizations. “While they may have different strategies like exploiting supply chain vulnerabilities or using weak or unmanaged service credentials, they all have one thing in common – they use the compromise of user or machine identity to gain access and profit,” she outlined.
As a result, “it’s clear that the battle ground for cybersecurity starts and ends with identity.
As well as the development of new technologies, we also have to think radically differently about the make-up of security teams in order to reshape IAM, according to Phillips. “We have to change how we think about IAM, how we approach IAM and how we staff IAM roles,” she said.
Promoting diversity, such as neurodiversity, gender diversity and racial diversity is critical to ensure a broad range of experiences and thought processes are at play. Phillips explained that she has more than 20 years’ experience in the cybersecurity industry in a range of high profile positions, “but if I look at most cybersecurity job postings, I don’t meet the qualifications.” This is because her educational background is in English literature, rather than traditional STEM subjects. Yet, she noted “I have been successful in this industry largely because I come at security problems from a different perspective.”
The value in having people from diverse backgrounds is that they “will ask new questions, make new connections, and through the process, the entire team starts making new connections and asking new questions, and together the team is transformed and the outcomes are transformed,” commented Phillips.
She concluded: “There are identity technologies that will help you along your journey, but do not underestimate the importance of people, policies, processes and creativity, in meeting the challenges of the future.”