Modern field guide to security and privacy

2016: The year where identity is everything in cybersecurity

Secure digital identities hold the key to better digital security and will help drive economic growth.

|
The Chertoff Group
Joe Gottlieb, SailPoint senior vice president for corporate development, speaks on a panel about Identity as the Great Enabler at The Chertoff Group's conference on "The Three T's of the Digital Economy" in Palo Alto, Calif. on May 19, 2016.

Do you remember 2013? That was “the year of the mega breach,” thanks in large part to the world getting to know one Edward Snowden.

For really the first time, the broad general public came up close and personal with the impacts of a data breach.

While that trend of megascale data breaches continued in 2014, last year saw a slightly different turn: digital attackers targeted more personal, longer lived information than the credit card caches and troves of government documents that had been unearthed before.

Hackers cracked the Office of Personnel Management’s database, took health records from major American insurance companies, and downloaded intimate data from adults (Ashley Madison) and children (Hello Kitty) alike.

You could say 2015 was the year that data breaches got personal.

The moral of that story? No company or agency is safe from attacks; corporations that we trust with our information, our family’s information and even our kids’ information was, is, or will be targeted. We need to accept that the world has changed.

In 2016, we hope, we’ll solve the problem before we get taught a lesson.

This is the year that we learn digital identity is everything. But why is that?

The ability to determine someone’s digital identity is proving an enormous economic driver, as industry experts discussed at a recent Chertoff Group event in Palo Alto, California.

Consider how morning driving commutes will be changed when the billboards can read your car’s IP address and serve advertisements knowing the identity of the person at the wheel, as Chenxi Wang, a vice president of strategy at startup Twistlock put it at the event.

Now consider that more than two thirds of MGM Resorts International revenue now comes from non-gaming elements of the customer experience in its bevy of US and international properties, said Scott Howitt, chief information security officer (CISO) and senior vice president of MGM at the Chertoff Group event.

“It’s become an every-day conversation for me and central to everything I do.”
Mr. Howitt said.

But as with everything in digital security, these new economic opportunities bring new risks.

Companies have multiple users entering their systems and accessing their data: employees, contractors, vendors, suppliers, partners, and even customers. Considering the sheer volume of users, applications and various levels of data access, it is easy to imagine an enterprise managing over a billion points of access.

But these points of access can easily become a billion points of exposure, too. Behind all those points of access is a person – an identity.

Securing the identities of those moving in and out of our increasingly complex and economically vital systems means everything.

And that means, in 2016, identity is everything. Identities in an organization are who “hold the keys to the kingdom” and therefore will be targeted. In 2016 more than ever, securing those identities should be at the core of every enterprises' security program.

As the world evolves, so must our digital security. It used to be that network security was all we needed since intruders had to either come into the physical location or hack from outside the network. Now, hackers have turned to the weakest link in the security infrastructure: us. People. Users. Identities.

It has become clear that the notion of network-centric security is a strategy of the past. A paradigm shift happened in 2015 where a user-centric approach of security emerged as the most robust strategy to secure an organization’s assets in our distributed information technology world. Only then can we have a common understanding of who should have access, who does have access, and how they are using their access.

“It’s now become very clear that we’ve done what we can at the perimeter, we’ve done what we can on individual systems, we’re doing what we can on monitoring, we just have to get to the heart of the matter,” said Joe Gottlieb, senior vice president of corporate development at SailPoint on a panel at the Chertoff Group event. “Security is behind. Business wants to go faster. Our growth and our opportunity is helping companies be more thorough about this.”

SailPoint delivers solutions for compliance, provisioning, access management, and identity analytics. Follow SailPoint on Twitter @SailPoint.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to 2016: The year where identity is everything in cybersecurity
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0526/2016-The-year-where-identity-is-everything-in-cybersecurity
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe