The Next Radical Change is Now
What’s the next radical change in Identity Management and Access Governance solutions? Here’s my response to a recent LinkedIn post.
Here are 4 unbiased facts about our current predicament:
1. Infosec budgets are rising year over year and yet…
2. Breaches are increasing exponentially year over year. This is because volume and sophistication of threats are both escalating rapidly. Did you know you can get botnets as a service? Is the correct term for that BaaS? BaaS is still a cottage industry but it’s growing nicely and there are even entrepreneurial types out there who are giving it away in the hopes of making money later (Zuckerberg did okay with this approach).
3. Most companies only find out that they were breached when someone else tells them, but the evidence was right there almost all the time.
4. Most organizations are trying to protect themselves by doing access certification on as bi-annual or annual basis, but there’s clear evidence this isn’t helping (contact me and I’ll show you the data).
The solution here is not to keep piling on more controls -- that’s what we have been doing and it has failed. The solution is to be more efficient and intelligent about the ways we apply the controls we have.
We need to identify, understand, manage and settle access risks in real time. This requires us to flip the current workflow-centric approach and use a data-centric approach to continuously discover unauthorized changes, policy violations and suspicious behavior, and then fire actions to settle these risks immediately.
Think about what data-driven analytics did to MLB (Moneyball).
This isn’t the “next” radical change, it's the current one.
Come by and see us at a variety of industry events to learn more.