The accelerated digitalisation of business processes arising from the pandemic of 2020-2022 has proven that humans are resilient, responsive, and creative when the situation calls for it. In ASEAN, 8 out of 10 members are in some stage of implementing a national ID program.
How will these developments, on top of developments around identity security and artificial intelligence (AI) in security, among other things, affect security?
In recognition of Identity Management Day, FutureCISO spoke to Chern-Yue Boey, senior vice president of Asia-Pacific at SailPoint, about the latest trends impacting identity management strategies in 2024.
Evolution of identity management
Cybersecurity professionals have tried to create a perimeter-based approach to strengthen security posture. According to Technopedia, this approach, called Perimeter Security, leverages systems like firewalls, browser isolation systems, threat recognition, surveillance detection, and pattern analysis.
"With the rise of remote work and widespread digital transformation, the traditional notion of safety, assuming that once inside the environment, one is secure, no longer holds," said Boey.
For Boey, such an approach represents an outward-in perspective and is deemed ineffective as breaches often originate from the inside out.
"90% of organisations experienced an identity-related incident in the last year. This underscores the significance of identity management, ensuring that individuals have only the necessary access and privileges to perform their tasks," Boey said.
Factors in adopting identity management
Boey cites three key factors that propel the progress of identity management adoption. One of which is digital transformation.
"Digital transformation is driving an increase in digital identity and distributed IT ecosystems, expanding the attack surface. Many overlook the need for security transformation to support digital transformation, but this realisation is growing as vulnerabilities become evident," Boey said.
Aside from that, Boey believes that there are now regulations to address data privacy concerns in the market.
"For example, markets such as Australia and Singapore have enacted regulations to address data privacy. The less mature markets like India are also rolling out new regulations, prompting organisations to enhance their security measures. Identity is also critical in the overall security architecture transformation," Boey said.
The high cost and reputational damage of breaches also drive the shift towards prioritising identity security, according to Boey, citing a report from IBM that the average price of a data breach globally in 2023 was USD 4.45 million, increasing 15% over three years.
Challenges
Asked about the challenges organisations face in keeping their identity management strategies and practices in step with changing regulations, practices, and technologies, Boey said the primary challenge is addressing data privacy regulations and sovereignty.
He cited their Horizons of Identity report, which revealed that 44% of enterprises have yet to prioritise security, rising to 60% in APAC. This number highlights the need for risk mitigation and cost avoidance.
"With only 70% of the workforce covered from an identity perspective, scaling beyond human capacity is essential, especially with the inclusion of non-human and third-party identities," said Boey.
He added that it is vital to incorporate AI into an organisation's overall identity management strategy, adding that a "unified platform with AI-driven capabilities is key, ensuring scalability and streamlining access management at scale."
For Boey, comprehensive reporting functions are also vital in shaping the future of identity security.
Cybersecurity practices
With AI now making its influence felt across many parts of the organisation, security professionals are being pushed to revisit their identity management strategies to reflect its growing influence.
For the SailPoint executive, AI is double-edged. It "offers productivity improvements and workflow automation, but also introduces considerable risks as malicious actors leverage AI for attacks and breaches."Â
AI offers productivity improvements and workflow automation, but also introduces considerable risks as malicious actors leverage AI for attacks and breaches.
Chern-Yue Boey
He said the current trend is streamlining and fortifying defences in identity security, which includes shifting towards AI-driven solutions for enhanced protection. He also highlighted the importance of utilising a single data model and standard services.
He also believes that Identity Threat Detection and Response (ITDR) is significant, despite its limited deployment, saying that "integrating ITDR into a unified platform requires access to identity context data for effective operation."
"Data governance is also gaining traction; ensuring appropriate data access is vital. With unstructured data making up 80% of the data in any organisation, being able to govern is very complex. Even seemingly harmless access can pose risks when combined with other privileges. Leveraging AI, a single data model, and a unified platform addresses this. This strategic approach is pivotal for forward-thinking security," Boey explained.
Bringing AI into cybersecurity practices
"Identity security isn't a one-off project; it's an ongoing process that requires continuous effort and investment for success. It's more akin to a lifelong commitment, given the depth of data and relationships involved," Boey reminds security professionals in bringing AI into their cybersecurity practices.
He highlighted the importance of having a unified platform that allows building a single, consistent data model across the entire environment.
"This enables deployment of identity security solutions meeting current needs while preparing for future ones," he added.
Boey also reminded CISOs and CIOs to consider the transition towards adaptive identity, which involves progressing through the five horizons of maturity and optimising time to value.
"AI is vital, not only for data management but also for expediting processes like smart onboarding, ensuring comprehensive identity coverage efficiently. These considerations guide security professionals, and we're here to support their journey," Boey concluded.
Identity management, a new firewall
Gartner summarises the purpose of identity and access management in a simple phrase: "to help the right people or machines access the right assets at the right time for the right reasons."
As security leaders explore multiple technologies and business processes to protect organisations from unauthorised access, harnessing the power of AI-powered technologies includes managing its considerable risks to strengthen security posture.
Click the PodChat Player to listen to Boey's take on identity management strategies in 2024 and beyond:
- What is identity management? (identity security)
- Why is identity management important to organisations, and to security professionals?
- In recent years, how have organisations evolved in their adoption of identity management?
- In your opinion, what factors influenced how organisations adopt identity management?
- Speaking of looking back, what were the three most important challenges organisations faced in keeping their identity management strategies/practices in step with changing regulations, practices, and technologies?
- (Speaking of what we don't know or know little of) With AI now making its influence felt across many parts of the organisation, how should security professionals revisit identity management strategies to reflect its growing influence?
- What is your advice/view on how security professionals should bring AI into the cybersecurity practice in 2024 (and beyond)?
