Cybersecurity CEO: Identity Management is Here to Stay

May 25, 2020

Los Angeles, Calif. – May 25, 2020

Not long ago if you had asked any security pro about how they protect their perimeter, they would have said - firewalls. In fact, when I started Herjavec Group over 15 years ago, we were the first firewall reseller in Canada!  

Today, the security landscape looks a lot different – especially with entire workforces forced to work remotely due to COVID-19. When my team was prepping for Herjavec Group’s 2020 Cybersecurity Conversations report, I asked them a simple question: “What is the foundation of security?” 

The answer from our internal thought leaders was almost unanimous – Identity.  

As the perimeter disappears and organizations are experiencing (voluntarily or not) digital transformation, it’s clear that Identity is the answer to many of your security challenges.  

Five years ago, it used to be that digital transformation was something only the big guys could afford. Today, it’s necessary for all organizations. In response, as security and business leaders, we all have to start embracing context-aware security programs and Identity management solutions.  

Think of the newest tool you onboarded. Maybe it’s Expensify for the Finance team or Hubspot for sales and marketing. If you want to enable ease of use for your teams AND protect against malicious use of the tool and the data, you need identity management solutions. There’s no other way around it.  

I firmly believe that the best way to secure your digital transformation is by using context-driven identity management programs. When you take this approach you stop asking questions like “what data do I have access to” and focus more on questions like: 

• Do I know who my users are and what context they operate from?  
• What data is a user requesting? 
• How is the user connecting to my environment? 
• Why are they requesting the data? 
• When are they requesting the data? 

 Do you see how the questions have shifted from only focusing on the data to focus on who has access to the data?  

When I have conversations with C level executives there is often a big gap between their solid understanding of identity management, and what they’ve actually put into practice across their enterprises. I get it – Identity is a beast and introducing an advanced program can be cumbersome and complicated. Don’t get me started on the effort to manage it on a go-forward basis... 

Don’t know where to start? Don't know how mature your organization’s identity program really is? My advice is always to understand the rules of the game you’re playing.  What coverage do you have? Where are you at today? What’s your goal? I’m seeing enterprise leaders make an initial investment in security workshops and let me tell you – they're paying dividends!! A well-designed workshop is basically an executive consulting engagement that can set you and your identity program up for success. Taking the time to build out a workshop will help your team: 

• Gain a clear understanding of the current state of your identity controls & capabilities 
• Develop a clear vision of the Desired State (your end goal) 
• Set program and roadmap milestones to help you move towards the Desired State 
• Understand how your people, processes, and technology investments need to adapt to help you get there...  

As I’ve said – Identity can be complicated so don’t bite off more than you can chew all at once. It’s a mistake to jump into a quick deployment (hint – they're never QUICK) without considering the true impact to your enterprise.  

When it comes to securing your digital transformation, my advice is simple. Start with Identity.   

It really is the foundation of security.  

To Your Success,

Originally posted on cybersecurityceo.com