The ongoing complexity of IT systems, along with evolving regulations are the major challenges faced by IT security professionals.
IDC says that while the C-Suite is paying more attention to the issue of security, there are many infrastructural issues across people and processes that, unless the C-Suite decides to address them, will continue to be problematic.
Chern-Yue Boey, senior vice president for Asia-Pacific at SailPoint, says identity management has evolved from governance and compliance to now moving into the core of an entire cybersecurity programme.
“Workforce transformation and digital transformation have accelerated the adoption of cloud and SaaS and bring about work from anywhere; on any device, by human and non-human workers and across assets on-prem and in the cloud.”
Chern-Yue Boey
He concluded that security has moved from being perimeter-based to becoming identity-based, and around a zero-trust architecture.
How the change is affecting the CIO/CISO
Asked about the significant differences between traditional and the new approaches, Boey explained that the traditional identity security platform caters to on-prem, legacy applications and focuses on governance and compliance more than visibility in the hybrid environment to manage complexities around identity.
He opined that artificial intelligence (AI) needs to be at the core of an identity security engine.
“A cloud-native identity security platform gives enterprises better intelligence using AI and ML, and drives better automation and comprehensive integration across a hybrid environment so enterprises can have full visibility to SaaS apps,” Boey added.
The good news, he continued, is that with a cloud-based solution, enterprises don’t have to worry about cloud operations and TCO and can drive value in a shorter time.
Challenges orchestrating this migration to the cloud
“The shift to the cloud has only accelerated over the past two years due to COVID-19, as organizations responded to a new business and social dynamic,” said Michael Warrilow, research vice president at Gartner.
Gartner predicts that by 2025, 51% of IT spending in four categories, including application software, infrastructure software, business process services and system infrastructure markets, will have shifted from traditional solutions to the public cloud, compared to 41% in 2022.
And with the shift to the cloud, Boey warns that enterprises that do not have existing identity security solutions and have manual processes in place will need to adopt one quickly, especially as they progress in their digital transformation journey.
“For companies that have a legacy identity security system in place, it is imperative for them to explore a modern, cloud-native identity platform that gives them visibility of all the identities, accounts, and accesses in their organization.” He continued.
He advises both CIOs and CISOs to consider the extent of migration, the amount of customisation required to alter their current processes to be more standardised and configuration-based, and whether workloads can co-exist in the new environment.
Common security mistakes during migration
To be certain, cloud migration is not without risks. Gartner predicts that through 2024, 60% of infrastructure and operations (I&O) leaders will encounter public cloud cost overruns that negatively impact their on-premises budgets.
Drawing from his team’s observations, Boey says enterprises (in Asia) want the benefits of a SaaS-based identity security solution but want to execute it the same way as on their on-premise solution.
He warns, however, that this is not always going to work as SaaS-based identity solutions can only provide scalability, performance and business value in a reduced timeframe, if they implement industry best practices instead of a highly customized environment.
“Enterprises should look at implementing a cloud-native, multi-tenant, single codebase, SaaS-based identity security solution instead of a cloud-hosted solution, for frequent updates and better TCO."
Chern-Yue Boey
"By understanding their environment, zero-trust implementation, and parts of their infrastructure they are willing to simplify, enterprises can get the most benefits of a SaaS-based platform,” he elaborated.
The right team and skills
According to Gartner, a migration will involve finding a suitable partner to assist an organisation in the process. Yes, it is possible to do the job internally. Either choice can lead to mistakes and rework if a wrong partner is taken on board or if the internal team is not ready for it.
One of the reasons for choosing to go to a SaaS or cloud model is the benefit of economies of scale. You are leveraging infrastructure, technology and expertise that are put together to serve common needs. You must also be willing to compromise, particularly when it comes to customisation.
Security in the cloud follows a similar thought process.
Boey says it is important to understand the concept of identity security and how it fits into security for a hybrid environment.
“The organisation will also need to know how to shift perimeter-based security into identity security, understand the platforms and solutions available and recognize what is important; the ability to cross between on-prem, cloud and SaaS for the organisation,” he opined.
What’s trending
Simon Piff, vice president of trust, security & blockchain research at IDC, observes that security is no longer static, it is incredibly dynamic.
"As such a strategy needs to have built into it the ability to be agile and change with demand. Passwords too need to be dynamic, if not backed up with some form of multi-factor authentication, then potentially worthless."
Simon Piff
For his part, Boey acknowledges that evolution in identity security means identity security platforms need to have the ability to integrate across hybrid environments and different types of devices.
He posited that with workforce and digital transformation, there’s a rise in non-human identities, RPA and IoT. He believes organisations must ensure these identities are managed with modern identity security solutions which incorporate AI and ML, especially as the volume of identity data and complexities have increased beyond human capacity.
“Zero trust is no longer a buzzword, it’s become a necessity. We will see an acceleration in the adoption of zero trust in the coming years, with the usage of AI and automation that provides cost savings and remediation,” he concluded.
Click on the PodChat player and listen to Boey elaborate on how identity security is evolving in the cloud.
- Let’s start by setting the baseline: what is identity security management? How does organisations adopting cloud and SaaS environments affect identity security management?
- What’s the difference between traditional identity security management and cloud identity security management?
- From the perspective of identity security, In the cloud, SaaS environment, what challenges do enterprises face?
- What are the common mistakes in moving to a cloud-native identity management solution?
- How about skills, expertise, and experience as we shift to a SaaS-based solution?
- Can you share the latest and most exciting trends in the identity and access management market?