Access
management
(AM)
done
right
is
the
fuel
for
successful
digital
transformation.
Identities
and
AM
are
core
to
earning
customers’
trust
—
a
must
for
digital-first
initiatives
to
get
a
strong
start
and
deliver
revenue.
AM
and
identities
must
be
granular,
role-based
and
as
just-in-time
as
possible.
Enterprises
achieving
that
today
are
seeing
zero-trust
security
frameworks
becoming
instrumental
in
digitally-driven
revenue
growth.
CISOs
tell
VentureBeat
their
cybersecurity
budgets
are
linked
more
closely
than
ever
to
protecting
digital
transformation
revenue
gains.
And
they
see
working
to
grow
digital-first
revenue
channels
as
a
career
growth
opportunity.
Security
and
risk
management
professionals
must
turn
AM
into
cybersecurity
strength,
and
show
that
zero-trust
frameworks
are
adaptive
and
flexible
in
protecting
new
digital
customer
identities.
Zero
trust contributes
to
securing
every
identity
and
validating
that
everyone
using
a
system
is
who
they
say
they
are. Earning
and
growing
customer
trust
in
a
zero-trust
world
starts
with
a
strong
AM
strategy
that
scales
as
a
business
grows.
Authorization,
adaptive
access
and
getting
directory
and
identity
synchronization
right
also
become
significant
challenges
as
an
organization
gets
larger.
Securing
identities
is
core
to
digital
transformation
“Adding
security
should
be
a
business
enabler.
It
should
be
something
that
adds
to
your
business
resiliency,
and
it
should
be
something
that
helps
protect
the
productivity
gains
of
digital
transformation,”
said
George
Kurtz,
cofounder
and
CEO
of CrowdStrike,
during
his
company’s
annual
event
last
year.
Boards
of
directors
and
the
CEOs
who
report
to
them
are
starting
to
look
at
zero
trust
not
purely
as
a
risk-reduction
strategy.
CIOs
and
CISOs
tell
VentureBeat
that
they
are
now
including
zero
trust
in
the
first
phases
of
digital
transformation
projects.
And
getting
AM
right
is
essential
for
delivering
excellent
customer
experiences
that
scale
safely
in
a
zero-trust
world.
“While
CISOs
need
to
continue
working
on
translating
technology
and
technical
risk
into
business
risk
and
…
better
deliver
that
risk
story
to
their
board,
on
the
other
side
of
the
aisle,
we
need
the
board
to
be
able
to
understand
the
true
implication
of
cyber
risk
on
the
ultimate
shareholder
value
and
business
goals,”
said
Lucia
Milica,
global
resident
CISO
at
Proofpoint.
Excel
at
protecting
identities
to
make
your
brand
more
trusted
It
doesn’t
take
much
to
lose
a
customer’s
trust
forever.
One
thing
most
can’t
look
past
is
being
personally
victimized
by
having
their
identities
compromised
during
a
breach.
Sixty-nine
percent
will
stop
buying
from
brands
that
use
their
data
without
permission.
Sixty-eight
percent
leave
if
their
data-handling
preferences
are
violated,
and
66%
leave
a
brand
forever
if
a
breach
puts
their
identity
data
at
risk.
Gen
Z
is
by
far
the
least
forgiving
of
all
customer
segments,
with
60%
saying
they’ll
never
buy
again
from
a
brand
that
breaches
their
trust.
Over
time,
it
takes
a
series
of
consistent
experiences
to
earn
customers’
trust,
and
just
one
breach
to
lose
it.
Joe
Burton,
CEO
of
identity
verification
company
Telesign,
has
a
customer-centric
perspective
on
how
access
management
must
be
strengthened
in
a
zero-trust
environment.
In
a
recent
interview,
Burton
told
VentureBeat
that
while
his
company’s
customers’
experiences
vary
significantly
depending
on
their
digital
transformation
goals,
it
is
essential
to
design
cybersecurity and
zero
trust
into
their
workflows.
Enza
Iannopollo,
principal
analyst
at
Forrester,
told
VentureBeat
that
privacy
and
trust
have
never
depended
more
on
each
other,
reinforcing
the
importance
of
getting
AM
right
in
a
zero-trust
world.
As
Iannopollo
wrote
in
a
recent
blog
post,
“Companies
understand
that
trust
will
be
critical
in
the
next
12
months — and
more
so
than
ever.
Companies
must
develop
a
deliberate
strategy
to
ensure
they
gain
and
safeguard
trust
with
their
customers,
employees
and
partners.”
How
access
management
needs
to
become
stronger
For
64%
of
enterprises,
digital
transformation
is
essential
for
survival.
And
one
in
five
(21%)
say
embedding
digital
technologies
into
their
current
business
model
is
necessary
if
they
are
to
stay
in
business.
It’s
innovate-or-die
time
for
businesses
that
rely
on
digitally
driven
revenue.
Nine
out
of
10
enterprises
believe
their
business
models
must
evolve
faster
than
they
are
evolving
today,
and
just
11%
believe
their
models
are
economically
viable
through
2023.
With
the
economic
viability
of
many
businesses
on
the
line
even
before
the
economy’s
unpredictable
turbulence
is
factored
in,
it’s
encouraging
to
see
boards
of
directors
looking
at
how
they
can
make
zero-trust
security
frameworks
stronger,
starting
with
identity.
Credit
CISOs
when
they
educate
their
boards
that
cybersecurity
is
a
business
decision
because
it
touches
every
aspect
of
a
business
today.
Gartner
provides
a
helpful
framework
for
taking
a
comprehensive,
strategic
view
of
the
broad
scope
of
identity
access
management
(IAM)
in
large-scale
enterprises.
One
of
its
most
valuable
aspects
is
its
graphical
representation
that
explains
how
IAM-adjacent
technologies
are
related
to
four
core
areas.
Gartner
writes
in
the
Gartner
IAM
Leaders’
Guide
to
Access
Management
(provided
courtesy
of
Ping
Identity)
that
“the
bigger
picture
of
an
IAM
program
scope
includes
four
main
functional
areas:
Administration,
authorization,
assurance,
and
analytics.
The
AM
discipline
provides
authorization,
assurance,
analytics,
and
administrative
capabilities.
It
is
responsible
for
establishing
and
coordinating
runtime
access
decisions
on
target
applications
and
services.”
Gartner’s
structural
diagram
is
helpful
for
enterprises
that
need
to
sync
their
zero-trust
frameworks,
zero-trust
network
access
(ZTNA)
infrastructure
and
tech
stack
decisions
with
their
organization’s
digital
transformation
initiatives.
AM
in
a
zero-trust
world
to
protect
new
digitally
driven
revenue
is
a
multifaceted
challenge
that
will
take
a
unique
form
in
every
enterprise.
Source:
Optimal
IdM
blog
post,
IAM
Leader’s
Guide
to
Access
Management
CISOs
tell
VentureBeat
that
AM
and
its
core
components,
including
multi-factor
authentication
(MFA),
identity
and
access
management
(IAM)
and
privileged
access
management,
are
quick
zero-trust
wins
when
implemented
well.
The
key
to
strengthening
AM
in
a
zero-trust
world
is
tailoring
each
of
the
following
areas
to
best
reduce
the
threat
surfaces
of
an
enterprise’s
core
business
model.
Strengthen
user
authentication
to
be
continuous
MFA
and
single
sign-on
(SSO)
are
the
two
most
popular
forms
of
identity
management
and
authentication,
dominating
the
SaaS
application
and
platform
landscape.
CISOs
tell
VentureBeat
MFA
is
a
quick
win
on
zero-trust
roadmaps,
as
they
can
point
to
measurable
results
to
defend
budgets.
Making
sure
MFA
and
SSO
techniques
are
designed
into
workflows
for
minimal
disruption
to
workers’
productivity
is
critical.
The
most
effective
implementations
combine
what-you-know
(password
or
PIN
code)
authentication
routines
with
what-you-are
(biometric),
what-you-do
(behavioral
biometric)
or
what-you-have
(token)
factors.
MFA
and
SSO
are
the
baselines
that
every
CISO
VentureBeat
interviewed
about
their
zero-trust
initiatives
is
aiming
at
today
—
or
has
already
accomplished.
A
crucial
part
of
strengthening
user
authentication
is
auditing
and
tracking
every
access
permission
and
set
of
credentials.
Every
enterprise
is
dealing
with
increased
threats
from
outside
network
traffic,
necessitating
better
continuous
authentication,
a
core
tenet
of
zero
trust.
ZTNA
frameworks
are
being
augmented
with
IAM
and
AM
systems
that
can
verify
every
user’s
identity
as
they
access
any
resource,
and
alert
teams
to
revoke
access
if
suspicious
activity
is
detected.
Capitalize
on
improved
CIEM
from
PAM
platform
vendors
PAM
platform
providers
must
deliver
a
platform
capable
of
discovering
privileged
access
accounts
across
multiple
systems
and
applications
in
a
corporate
infrastructure.
Other
must-haves
are
credential
management
for
privileged
accounts,
credential
valuation
and
control
of
access
to
each
account,
session
management,
monitoring
and
recording.
Those
factors
are
table
stakes
for
a
cloud-based
PAM
platform
that
will
strengthen
AM
in
a
ZTNA
framework.
Cloud-based
PAM
platform
vendors
are
also
stepping
up
their
support
for
cloud
infrastructure
entitlement
management
(CIEM).
Security
teams
and
the
CISOs
running
them
can
get
CIEM
bundling
included
on
a
cloud
PAM
renewal
by
negotiating
a
multiyear
license,
VentureBeat
has
learned.
The
PAM
market
is
projected
to
grow
at
a
compound
annual
growth
rate
of
10.7%
from
2020
to
2024,
reaching
a
market
value
of
$2.9
billion.
“Insurance
underwriters
look
for
PAM
controls
when
pricing
cyber
policies.
They
look
for
ways
the
organization
is
discovering
and
securely
managing
privileged
credentials,
how
they
are
monitoring
privileged
accounts,
and
the
means
they
have
to
isolate
and
audit
privileged
sessions,”
writes
Larry
Chinksi
in
CPO
Magazine.
Scott
Fanning,
senior
director
of
product
management,
cloud
security
at
CrowdStrike,
told
VentureBeat
that
the
company’s
approach
to
CIEM
provides
enterprises
with
the
insights
they
need
to
prevent
identity-based
threats
from
turning
into
breaches
because
of
improperly
configured
cloud
entitlements
across
public
cloud
service
providers.
Scott
told
VentureBeat
that
the
most
important
design
goals
are
to
enforce
least
privileged
access
to
clouds
and
provide
continuous
detection
and
remediation
of
identity
threats.
“We’re
having
more
discussions
about
identity
governance
and
identity
deployment
in
boardrooms,”
Scott
said.
CIEM
dashboard
delivers
insights
into
which
indicators
of
attack
(IoAs)
are
trending,
alerts
about
policy
violations,
and
configuration
assessments
by
policy
for
identities,
lateral
movement
and
least
privileged
violations
to
the
credential
policy
level.
Source:
CrowdStrike
Strengthen
unified
endpoint
management
(UEM)
with
a
consolidation
strategy
IT
and
cybersecurity
teams
are
leaning
on
their
UEM
vendors
to
improve
integration
between
endpoint
security,
endpoint
protection
platforms,
analytics,
and
UEM
platforms.
Leading
UEM
vendors,
including
IBM,
Ivanti,
ManageEngine,
Matrix42,
Microsoft
and
VMWare,
have
made
product,
service
and
selling
improvements
in
response
to
CISOs’
requests
for
a
more
streamlined,
consolidated
tech
stack.
Of
the
many
vendors
competing,
IBM,
Ivanti
and
VMWare
lead
the
UEM
market
with
improvements
in
intelligence
and
automation
over
the
last
year.
Gartner,
in
its
latest
Magic
Quadrant
for
UEM
Tools,
found
that
“security
intelligence
and
automation
remains
a
strength
as
IBM
continues
to
build
upon
rich
integration
with
QRadar
and
other
identity
and
security
tools
to
adjust
policies
to
reduce
risk
dynamically.
In
addition,
recent
development
extends
beyond
security
use
cases
into
endpoint
analytics
and
automation
to
improve
DEX.”
Gartner
praised
Ivanti’s
UEM
solution:
“Ivanti
Neurons
for
Unified
Endpoint
Management
is
the
only
solution
in
this
research
that
provides
active
and
passive
discovery
of
all
devices
on
the
network,
using
multiple
advanced
techniques
to
uncover
and
inventory
unmanaged
devices.
It
also
applies
machine
learning
(ML)
to
the
collected
data
and
produces
actionable
insights
that
can
inform
or
be
used
to
automate
the
remediation
of
anomalies.”
Gartner
continued,
“Ivanti
continues
to
add
intelligence
and
automation
to
improve
discovery,
automation,
self-healing,
patching,
zero-trust
security,
and
DEX
via
the
Ivanti
Neurons
platform.
Ivanti
Neurons
also
bolsters
integration
with
IT
service,
asset,
and
cost
management
tools.”
What’s
on
CISOs’
IAM
roadmaps
for
2023
and
beyond
Internal
and
external
use
cases
are
creating
a
more
complex
threatscape
for
CISOs
to
manage
in
2023
and
beyond.
Their
roadmaps
reflect
the
challenges
of
managing
multiple
priorities
on
tech
stacks
they
are
trying
to
consolidate
to
gain
speed,
scale
and
improved
visibility.
The
roadmaps
VentureBeat
has
seen
(on
condition
of
anonymity)
are
tailored
to
the
distinct
challenges
of
the
financial
services,
insurance
and
manufacturing
industries.
But
they
share
a
few
common
components.
One
is
the
goal
of
achieving
continuous
authentication
as
quickly
as
possible.
Second,
credential
hygiene
and
rotation
policies
are
standard
across
industries
and
dominate
AM
roadmaps
today.
Third,
every
CISO,
regardless
of
industry,
is
tightening
which
apps
users
can
load
independently,
opting
for
only
an
approved
list
of
verified
apps
and
publishers.
The
most
challenging
internal
use
cases
are
authorization
and
adaptive
access
at
scale;
rolling
out
advanced
user
authentication
methods
corporate-wide;
and
doing
a
more
thorough
job
of
handling
standard
and
nonstandard
application
enablement.
External
use
cases
on
nearly
all
AM
roadmaps
for
2023
to
2025
include
improving
user
self-service
capabilities,
bring-your-own-identity
(BYOI),
and
nonstandard
application
enablement.
The
greater
the
number
of
constituencies
or
groups
a
CISOs’
team
has
to
serve,
the
more
critical
these
areas
of
AM
become.
CISOs
tell
VentureBeat
that
administering
internal
and
external
identities
is
core
to
handling
multiple
types
of
users
inside
and
outside
their
organizations.
VentureBeat’s
mission
is
to
be
a
digital
town
square
for
technical
decision-makers
to
gain
knowledge
about
transformative
enterprise
technology
and
transact.
Discover
our
Briefings.
About Author
