The countdown to one of the biggest Identity events of the year has already begun.
With just 10 days to go before the doors open at Gartner IAM in Las Vegas, Identity and Security folks recovering from Black Hat are preparing to descend on the city to attend sessions, network, and of course meet with leading identity vendors.
Beyond catching up with colleagues after a year of shifting travel plans and working out when to hit up Tacos & Beer, there is a lot to look forward to at this year’s show.
In this post, we pulled together a couple of the topics that we think are going to be the talk of the show. All of course reflecting the move to secure Identity and Access in the big shift to the cloud.
Identity is the New Security Priority
Identity as a critical point of access security has taken center stage as organizations grow their cloud footprint. According to a survey published by the Identity Defined Security Alliance (IDSA) in June, 98% of the organizations surveyed experienced rapid growth in the number of their identities, significantly widening their threat surface and exposure to attacks.
That same study found that 80% had themselves suffered an Identity-related breach in the past 12 months. These stats and the others found in the IDSA’s report tell us that we are seeing what can maybe be described as a shifting of the scales towards security over say IT ops when it comes to Identity.
If the most recent Identiverse is any indicator, we can expect to see a lot more security folks mingling into the crowd of Identity professionals, understanding that Identity is the new perimeter.
Gartner itself is placing a higher emphasis on security when it comes to Identity as we see in our first topic.
The Trending Topics
1. Identity Threat Detection and Response (ITDR)
Recently introduced by Gartner analysts, Identity Threat Detection and Response (ITDR) is a developing category aimed at defining solutions that defend IAM systems.
Adversaries understand that Identity is their key to accessing their targets, and are focusing more efforts on undermining the systems that we use for managing our identities. The series of attacks like SolarWinds and the breach of Okta earlier this year that undermined IAM have served to raise the profile of this risk as a priority.
ITDR as a category falls somewhere between posture management and threat detection. It is aimed at helping organizations to identify where they have risky identity misconfigurations like over privileged identities. It also looks for potential threats such as risky access privilege usage or changes to privileges like an identity receiving admin privileges.
You can read all about Authomize’s approach to ITDR here.
ITDR represents an evolution of the Identity space and is sure to have plenty of vendors and speakers buzzing about it.
As such, expect more than a few sessions talking about ITDR, including one from our very own Director of Solutions Engineering David Bullas titled “Securing Your Identity Infrastructure Across Cloud and IAM with ITDR” that is a must-see.
2. Securing the Software Supply Chain
The software supply chain continues to get longer and longer, exposing it to more risks.
If a malicious actor can gain access to a repo or production, they can push in code that could compromise everyone downstream, like we saw in SolarWinds.
On its own, the CI/CD pipeline is comprised of dozens if not more applications and services spanning across IaaS (CSPs like AWS, Azure, GCP) and plenty of SaaS apps like GitHub and GitLab. Each with their own additional set of credentials for every identity.
And as we know, more identities equal more opportunities for credentials to be compromised. With the (un)favorable odds that someone can get phished or have their creds popped in one of a dozen other ways in your organization or someone else’s, the risk of a bad actor gaining access to some part of your supply chain is uncomfortably high.
Along with the slew of AppSec testing tools that are available to look for code tampering, Identity is taking a bigger role in preventing and mitigating illicit access in the security community as they seek out solutions.
Looking at a recent interview of NCC Group’s Viktor Gazdag ahead of Black Hat in Dark Reading, he cites the role of minimizing privileges and securing Identity and Access as key to CI/CD pipeline security.
3. Convergence of Identity Security Solutions with IAM Tools
Recognizing that they need to add additional security layers to their products, we can expect to see many of the larger IAM players including more security solutions to extend their existing offerings.
A great example of this is the recent joint offering between Authomize and leading Privileged Access Management (PAM) provider Delinea (formerly Thycotic and Centrify).
Delinea sought to expand their ability to secure their customers in their IaaS by utilizing Authomize’s Cloud Infrastructure Entitlement Management (CEIM) capabilities. By combining Authomize’s ability to help achieve Least Privilege along with Delinea’s Just in Time privilege granting, the joint offering provides for customers to attain a state of Zero Standing Privileges.
Add to this Authomize’s continuous monitoring of access privileges across all cloud environments and ITDR capabilities, and you have a much more comprehensive offering that benefits customers.
You can read our solution brief on Authomize and Delinea’s joint offering here.
PAM + CIEM is just one example of solutions coming together. Security and Identity professionals are looking for products that can work together seamlessly, bringing them more capabilities.
Vendors will be looking to highlight the progress that they have made since the last conference, so keep an eye out for some interesting team ups.
Stay Cool and Enjoy the Show
Drawing a crowd to Las Vegas in the summer heat is no easy feat. But the team at Gartner is sure to put on a great show that is worth the sweating and schlepping.
While we are pretty confident about our picks here for the top trends, there will undoubtedly be more that we did not cover.
Write us in the comments and let us know what you think we missed.
And trust us, make sure you get over to Tacos & Beer. But only after you have stopped by to meet Authomize’s crew at booth #129 to see a demo and take your shot at winning a Yeti cooler.
You can also schedule a meeting with us ahead of time using the banner below.