Gartner warns IAM professionals that cybersecurity depends on them

by

Australian identity access management professionals have been urged to consolidate identity as the foundation of their organisations' cybersecurity posture, as poor management of significant exposures, including machine identities, was putting many at risk. organizations.

Felix Gaehtgens, vice president analyst at Gartner, speaking at Gartner's Security and Risk Management Summit in Sydney, argued that IAM professionals should advocate for investment in mature IAM programmes, focused on an identity weaving approach within their organisations.

Organizations could improve resilience through better IAM hygiene, Gaehtgens said. She warned against allowing technology providers to silo data and use AI without first getting the right data. One suggestion was to adopt a product management approach to involve different stakeholders.

IAM now at the center of a mature cybersecurity posture

IAM leaders have faced a fundamental shift in the identity landscape in recent years, Gaehtgens said. This was primarily due to the reality that they were now “expected to create centralized control in a fully decentralized world” to protect cybersecurity.

Employees working from anywhere had eroded the value of legacy security controls at the perimeter, Gaehtgens said, while assets, data and applications were now protected with different types of access controls, many of them implemented by third parties, such as cloud providers.

PEOPLE ALSO LIKE:  Google Cloud Next 2024: All the day-two announcements live

PREMIUM: Consider creating a cloud security policy.

“The board asks the CISO three main questions: 'Are we safe?' 'Are we compliant?' and 'What's wrong with AI?'” Gaehtgens said. “IAM is at the center of all this. The role is increasingly important. Because? Because it is at the center of security in the new world.”

The rise of machine identities

The growth of machine identities, in addition to human identities, had become a “big problem,” Gaehtgens said. There are currently 10 to 45 times more machine identities in an organization, many of them highly privileged, making them a huge unmanaged cyber risk.

Organizations must prioritize identity with a mature IAM program

Moving identity to the center of cybersecurity is key, Gaehtgens said.

“Many of you have a lot of tools but you don't really have a good, working IAM program; this is your opportunity,” Gaehtgens said. “It is the control plane and the foundation of cybersecurity; this is where you have to focus.”

IAM programs must make identity management “consistent, contextual and continuous” and be enabled by IAM leaders willing to build relationships outside of IT.

Consistent

According to Gaehtgens, global regulations are designed to protect personal data wherever it is, including in databases, unstructured files, in motion or at rest. Gaehtgens said this means that while organizations have a wealth of tools, they need consistency in the access policies applied.

Contextual

Policies must be dynamic and context-aware.

“Just because someone can access a folder doesn't mean they should download 30 documents per minute; that's not typical for a human being and could indicate that a robot has taken over your account,” Gaehtgens said.

PEOPLE ALSO LIKE:  Upskilling the workforce is key to avoiding the AI ​​job loss 'apocalypse'

Continuous

The future will see the application of continuous adaptive trust throughout sessions. Gaehtgens said single sign-off was coming, which would mean the ability to end multiple sessions across systems based on user events, something he said would become normal for users.

Leadership

To implement an IAM program, IAM leaders will need to strengthen relationships beyond IT. Gaehtgens urged IAM leaders to learn business language, including financial and legal, so they can measure and communicate about IAM in terms such as business value and risk.

SEE: A superior IAM solution can help strengthen cybersecurity efforts.

Success might be easier with a product management approach. Gaehtgens said there is a trend toward product management approaches for IAM programs, which is leading to an acceleration of business value and delivery through a “highly cross-functional” style.

Focus on identity fabric instead of IAM tools

A more coherent and architecturally sound way of managing IAM is needed for the future, Gaehtgens said.

“Most organizations struggle with delivering basic IAM capabilities for humans and machines, even after years of investing and working on this,” Gaehtgens said.

Adopt an architectural approach of identity fabric

An “identity weave” approach could help IAM professionals take advantage of their current opportunities and free themselves from vendor shackles, Gaehtgens said. He presented a framework of 10 principles that Gartner uses to guide clients toward an identity fabric model (Figure A).

Gartner's 10 Identity Fabric Principles enable organizations to build identity access management capabilities for a decentralized world.
Figure A: Gartner's 10 Identity Fabric Principles enable organizations to build identity access management capabilities for a decentralized world. Image: Gartner

These include expanding the scope to include:

  • Machine identities, responsible for many “credential leak acquisitions.”
  • Event-based connectivity, rather than static batch analysis
  • Composable “and, in the long term, compostable” architecture that can adapt to change.

Working with topology could allow organizations to gain centralized control in a decentralized environment by removing tooling functions with an abstraction layer. This sees the functions of the underlying tools connected at a higher level to orchestrate them for different use cases.

PEOPLE ALSO LIKE:  Tech Triumphs Over Luxury: The Changing Face of Consumer Preferences

AI capabilities could increase IAM team productivity

AI is likely to take on aspects of IAM, such as detecting account takeover and analyzing the behavior of user entities. It could also recommend appropriately sized access policies from entitlements data or help integrate applications with IAM services, including encryption and configuration updates.

Gaehtgens cautioned that the data needed to be correct and that data management and engineering could become a formal capability for an IAM program.

“AI can offer some value as long as you also work on the necessary data management and data engineering dependencies,” Gaehtgens said.

Identity hygiene is the first line of cybersecurity defense

IAM is “the first line of defense to reduce the number of alerts coming into your (security operations center),” Gaehtgens said. This means IAM professionals must focus on identity hygiene to drive prevention and detection, including machine identities.

SEE: Explore the difference between IAM and PAM solutions

IAM teams can start with lower-effort activities, such as account existence (Figure B). However, Gaehtgens said that while Australia's Essential Eight framework recommends addressing machine identities at maturity level 3, it should be something organizations consider before then.

IAM professionals can perform a variety of activities that will bring their organizations closer to good identity hygiene.
Figure B: IAM professionals can perform a variety of activities that will move their organizations closer to good identity hygiene. Image: Gartner

Recommended monitoring of IAM configuration.

“I've seen live IAM systems configured with privileged access to test something that was never removed,” Gaehtgens said. “If someone found out about that, they could take over the IAM system and change the roles to whatever they wanted.”

IAM teams could also perform activities with a medium level of effort, such as implementing adaptive access and MFA.

“The key is the balance between investing in hygiene and detecting and responding to threats,” Gaehtgens said. “The better we are at prevention, the fewer results there will be for detection.”

Source link

Leave a Comment