It wasn’t so long ago when it was common to think of identity management as a compliance and enablement tool for large enterprises. The market was borne from a compliance standpoint. Since then, SailPoint has led the evolution of identity into what it is today: foundational to securing and enabling today’s digital cloud enterprise. Today, a large part of the world of identity management has become front and center on security and risk mitigation. Identity security has become the new perimeter or “firewall” for today’s enterprise companies. “Identity management” is now as much about identity security and risk mitigation as it is about providing access. But this story continues, and in fact, has only been accelerated by the events of the past year.
And this is where it gets interesting.
Identity security, our world, is about enabling access and protecting businesses everywhere. It’s not either/or. Access management (sometimes referred to as “IAM” or identity and access management) is simply focused on granting access. It’s about connecting workers to the apps and systems they need to do their jobs in a fast and efficient manner. But that’s where it stops: at the connecting of workers to apps. While a necessary step, enterprises are now asking “How do I secure that access?” “How do I know who is doing what and when?” “How do I protect sensitive business data from risk?”
This underscores this notion of the “dark side” of access management – the opening up of access creates many unintended risk implications. You might even think of it as a pendulum – on the identity security side, it’s about mitigating risk, and on the other side, this dark side is access management, and it invites risk with every door opened if access is left unsecured and ungoverned.
Swing Left: Access Management
Access management allows enterprises to grant workers the access they need to do their job. It sounds like a pretty necessary tool, right? And it is – today’s workforce certainly needs access to technology to be effective in their role. Today’s cloud business runs on technology. This is precisely what digital transformation is all about – the adoption of a slew of technology that drives the cloud enterprise. But in opening the door to grant workers access to all of this technology they now use to do their jobs, access management has just become a risk factor to the business, not a secure enabler.
Businesses can’t safely use technology without identity security. Put simply, no business can safely grant their workforce access to technology without putting proper security controls in place. Who should be given access? Should that access be granted? How long will that worker require that access? These are questions an organization cannot answer without identity security at the foundation.