As a former Gartner analyst, it was surreal being back at the Gartner IAM Summit as an exhibitor. It was one of my favorite conferences as an analyst and is now my favorite as an exhibitor. The team that covers IAM are some of the best at Gartner, and the attendees are just as amazing. There were so many highlights from the three days in Grapevine, Texas, and I wanted to share a few of my favorites with you.
Great Conversations with Our Customers, Prospects, and Partners
We had so many great conversations with a ton of security and IAM leaders. The interest from a variety of insurance, banking, federal, healthcare, technology, retail and even manufacturing companies validated that Data Security Posture Management (DSPM) is a product that organizations need, whether in the hybrid cloud, on prem, or in an air-gapped environment. The primary use cases for our DSPM solution that resonated the most were:
Data Inventory and Data Flow Mapping
Whether driven by a compliance requirement or simply wanting to find out the location of your intellectual property, a lot of our discussions were focused on how DSPM can help you gain visibility into and protect your data inventory.
Cloud Identity and Entitlement Management Cleanup
Our best conversations were driven by an understanding about how hard it is to figure out the derived and, therefore, precise permissions that an account has in the cloud, how to simplify this complexity, provide insights that can allow you to cleanup dormant accounts and unused permissions, and ensure accounts with access to data are protected.
While DSPM is not a Zero Trust Network Access (ZTNA) product (even if we use the slogan Zero Trust for Data), DSPM can help you reduce the amount of implicit trust provided to your users and other accounts, including third parties by ensuring that they have the right authentication requirements to access sensitive and other classified data, and by pinpointing which permissions they don’t use and therefore need.
Forrester and Gartner Collide
There was something a little surreal about seeing former Forrester analyst, Dr. Chase Cunningham (aka Dr. Zero Trust) on a Gartner stage. It’s not often that Gartner and Forrester coalesce on a term or concept, but Zero Trust as a concept is clearly here to stay, and “Dr. Zero Trust” was a big driver behind the concept of Zero Trust.
“Identity First” Can Also Be Data Centric
You should recognize this year’s theme for the IAM summit: Identity-First Security. Those three words were literally posted everywhere from the entryway to presentations like Mary Ruddy’s “Identity-First Security as the North Star for Your IAM Reimplementation”. The great thing about the theme is that it is simple, and it gives security leaders a place to start. That’s the thing about security—you need to start. In fact, the best time to start was years ago, but the second best time is now.
If you look at Verizon DBIR or follow the news, an awful lot of data breaches happen because identity and access controls were insufficient (if in place at all). But as attendees found in the exhibition hall, even starting with identity leaves a lot to cover. Does that mean starting with privileged access management (PAM), identity, governance, and administration (IGA), or passwordless or Zero Trust? If you don’t know what you’re protecting or even where it is, then you have a lot of getting started to do. As you probably heard at our booth and at other presentations throughout the Summit, the addition of essential context, like the data classification and security, is critical.
We call this being “data centric”—that is, focusing on protecting what is most important to organizations, which I believe will amplify your IAM program. Identity First. Data Centric.
Cloud Risk = A Lot of Data Risk
I attended a wonderful presentation by Patrick Hevesi entitled theOutlook for Cloud, and it became clear to me with just this one slide that cloud risk includes a lot of data risk. Whether you’re worried about data sovereignty, other regulatory/compliance risks related to data, the threat of the data in your cloud being exfiltrated without you even knowing, or the inevitable misconfigured S3 buckets, these are data risks that DSPM helps you address.
CIEM and Security Posture Management
If you didn’t watch Henrique Teixeira’s presentation “CIEM Is Paving the Way for Identity Fabric Immunity in the Cloud. What’s Next?”, I encourage you to get a copy of the slides and see Gartner’s view of how CIEM enables Security Posture Management and, ultimately, better immunity. This may seem like a lot of buzzwords, but I think the premise that identity hygiene, understanding of permissions, and the operations being performed, are huge factors in understanding how secure an organization is. Not surprising that I agree with this sentiment, given our focus!
The Keynote Speakers
Gartner sure knows how to put on a show. I haven’t found the time to complete the quiz on what type of predator or prey you are based on the book The Wolf in CIO’s Clothing, but determining this is definitely a question worth asking. The analogy of wolves as leaders in their ecosystem is a powerful metaphor to reshape how we think about our role in an organization.
I also can’t say enough about Dr. Steve L. Robbins. He gave one of the most powerful talks on inclusion and diversity (in that order) that I’ve seen. I’ll admit that even though I’ve seen him before, he tricked me again into saying “cows drink milk!”
The importance of being a valued member of a tribe and creating that inclusive culture within any organization is important to understand for leaders of all ilks. The research on how it benefits organizations, innovation and performance is just so undeniable.