Matt Mills, President, SailPoint
From smartphones to video game consoles, people love to throw around the term “next generation.” But what does it actually mean? Well, when the term is applied to a piece of technology, it usually means something that fundamentally changes the way we think about and use that technology. Blackberry revolutionized the way users interacted with their phones. A few years later, the iPhone came along and did it again. What consumers want and need out of their devices looks quite a bit different than it did a few generations ago, and today’s providers have evolved to meet that demand.
Enterprise identity security isn’t so different – though the generational leaps aren’t always as obvious to the average consumer as the jump from flip phones to iPhones. But the threats faced by modern businesses have changed considerably over the past five to ten years, and the way organizations manage and secure their identities has had to change as well. True “next-gen” identity security represents a seismic shift in the way organizations think about identities. Employee identities are no longer front and center, flanked instead by third-party users, smart devices, cloud applications, automated software, and dozens of other human and nonhuman identities. The task of managing applications, data, permissions, and entitlements for tens (or even hundreds) of thousands of identities requires a new approach – one that only next-generation identity solutions are capable of providing.
Why next-gen identity security is necessary
Not so long ago, enterprise security was primarily about defending the perimeter. While the COVID-19 pandemic and subsequent rise of remote work certainly accelerated the process, the truth is that security had already been shifting away from perimeter defense for some time. “Identity is the new perimeter” has been a common refrain in the security industry for a while, and vulnerable identities are now one of the most common vectors for attackers to gain access to a network. The reason? It’s the path of least resistance. Logging in with a set of compromised credentials is easier than breaking through or evading perimeter defenses. Add in the fact that the right identity can effectively provide an attacker with the keys to the kingdom and it’s easy to see why identities are a popular target.
While there are certainly additional layers of defense that organizations can add to better protect their user identities, including periodic password resets, multifactor authentication (MFA), and other measures, those methods alone are not enough and cannot be applied to all identities. But modern organizations also need layers of policy control that govern access even after the initial authentication process is complete. Nonhuman identities like bots, databases, and applications can’t respond to password prompts or MFA requests, but they still have privileges and entitlements that attackers can exploit. Next-gen identity solutions need to account for the vulnerability of these wide-ranging identities – and what’s more, they must be able to effectively manage the permissions granted to those identities according to their real-time access needs.
Modern identity needs demand next-gen solutions
Of course, that’s easier said than done. Broken down into the simplest terms, true next-gen identity security needs to cover all enterprise identities at all levels of access. That means all critical applications and data (both cloud and on-premises) need their access managed down to the entitlement level, with additional permissions granted on an as-needed basis. This is a heavy lift. Keep in mind that modern digital environments are constantly changing as identities are added, removed, and altered – and this has to happen for every single identity, for every single change. The access needs of a given identity can change considerably over its lifetime. That’s true of the hundreds of thousands of identities an organization might be managing. As a result, manual identity and entitlement management is, in a word, impossible. Any next-gen identity security solution must necessarily leverage artificial intelligence (AI) and machine learning (ML).
Next, it’s important to consider the heart of identity security: protecting data. All access points to data – both structured and unstructured – need to be tightly controlled and managed in a holistic and unified manner. When access control solutions first emerged, so-called “privileged” access evolved as a separate discipline, and for nearly two decades regular and privileged access have been unnecessarily siloed. In today’s environment, this isn’t just inconvenient, it actively hampers security efforts. The line between regular access and privileged access has grown increasingly fuzzy, as identities at all levels of the organization require access to a wide range of data. The more siloed the two disciplines are, the greater the risk of hidden exposures or overlooked risk. Next-gen identity security unifies regular and privileged access under a single umbrella, allowing organizations to understand and manage risk across the entire spectrum of access through a single control point that provides visibility into each identity.
By leveraging AI/ML, next-gen identity security can determine access based on policies, rather than roles, determining whether access should be granted, to what degree it should be granted, and how long it should be granted for based on real-time needs. Unlike static, role-based identity management solutions, this system is context-aware – armed with the intelligence it needs to grant access only when it is needed and revoke it when it is not. The result is a next-gen identity management system that can mold itself to meet the unique business needs of each organization, evolving and scaling alongside the business to keep identities secure within the modern threat landscape.
Next-gen identity security creates peace of mind
Perhaps the best part of next-gen identity security is the fact that it doesn’t just keep businesses better protected—it provides much-needed peace of mind, allowing businesses to grow and evolve with confidence. By implementing an automated, intelligent, and dynamic approach to identity, modern businesses can keep their systems secure while ensuring that their employees will continue to have access to the data they need with as little friction as possible. “Next-gen” identity security isn’t a marketing buzzword – it’s a necessity for businesses that want to work safely and efficiently in today’s constantly evolving enterprise security landscape.