Delinea, a leading provider of solutions that extend Privileged Access Management, acquires Authomize. Learn More

Authomize Blog

3 Trends to Look for at Gartner IAM 2022

The countdown to one of the biggest Identity events of the year has already begun. With just 10 days to go before the doors open at Gartner IAM in Las Vegas, Identity and Security folks recovering…

11/08/2022 • Gabriel Avner

Read more

3 Trends from Identiverse 2022

Following a year of event rescheduling and uncertainty, we are thrilled to report that Identiverse 2022 not only took place in person, but was a resounding success. 

03/07/2022 • Gabriel Avner

Read more

Download
Solution Brief

Learn how Authomize's solution is changing the way companies are managing authorizations

Download

Following a year of event rescheduling and uncertainty, we are thrilled to report that Identiverse 2022 not only took place in person, but was a resounding success. 

Beyond relishing the opportunity to show off Authomize to the identity industry and meet with customers (current and future) face-to-face, we had the opportunity to tap into the firehose of the identity conversation, and hear what practitioners are excited about and where they see the industry moving. 

Here are a few of the trends that we picked up on in our chats from our booth, meetings, happy hour with partners Delinea and Identity and Access Solutions, and basically just from walking the floor at the event.    

  1. Entitlements Aren’t Enough — Demands for Deeper Visibility

The devil is in the details when it comes to securing access for your organization. 

The deeper down that you can drill to understand who has access to your assets and what exactly they are able to do with that access, the more equipped you are to make smarter decisions. 

One key point that we heard from many a frustrated identity pro was that the tools they were using were only showing them part of their identity and access picture. A common refrain was that they were able to see in their dashboard who was a member of which group or had direct access to a given resource, which was a nice start, but the flow of information would stop there.

They were left hanging, not knowing what that identity has to the asset — which is arguably a rather big deal. 

Gaining full visibility over the privilege level like we have in Authomize’s graph visualizations impacts both their ability to make more secure, data-driven decisions, but also on the efficiency of their compliance-related Access Reviews. 

This is because it saves the reviewer time on finding out exactly what the identity’s privileges are, providing them with all the details in context, all on one centralized platform. 

Access Explorer graph

  1. Activity Tells the Story

Knowing who has access to what is a great start, but the next question is what are they doing with said privileges? 

In speaking with the good folks at the conference, it was clear that everyone was hungry for more information on their identities’ activities. What were they accessing? How were they accessing those assets? How often did they access them? Is an access privilege inactive and can be revoked? Are there users who are holding onto privileges from their old role that they do not need anymore? Are they using those privileges and does that present a security risk? Are assets being accessed by unauthorized identities from either inside or outside the organization?

A million questions that activity logs on access privilege usage can fill in those knowledge gaps. 

However, if these identity pros are only looking at data from their Identity Providers or other IAM tooling that show entitlements or even to the privileges level, then they are not getting the whole story. 

And from the sound of it, IAM teams know what they are missing out on and want better.

  1. Identity is Security in the Cloud

In the old days of on-prem, identity and security people could more or less stick to their own lanes in the sense that identity was primarily focused on provisioning the right access to the right people, and security wanted to ensure that everything was well, secure.

Now the cloud has come along and led to a convergence of the two lanes into a four lane autobahn that requires much better collaboration between the different professionals. 

With identity being the key to all access in the cloud, security teams are seeking IAM expertise to protect from identity-based threats, to an embrace of what Gartner has termed, Identity Threat Detection and Response (ITDR).

While ITDR is still a very young concept, our conversations with the identity pros at the conference reflected a strong understanding that their IAM systems are being targeted as a vector, and that they have to defend them as they are now an integral part of their organization’s security strategy. 

They report that their security teams are reaching out to them to better understand how they manage identity configurations, monitor and detect changes to their privileges, track activities, achieve visibility, and other standard practices that have been commonplace in security and are converging with identity.

One of the best summations of this trend was when a security person at the show told us that, “Just as we had EDR for endpoints, NDR for network, now we have ITDR for our identity plane.”   

Looking Ahead to Gartner IAM and Beyond

In August, our crew will be heading to Las Vegas for the Gartner IAM conference to meet with more identity and security professionals, so if we missed you in Denver, then hopefully we can catch you in Vegas.

While it’s still a bit early to be sure, we will not be surprised if we hear many of the same conversations and trends in August that we heard last week. 

As identity solidifies as a security concern in the cloud era, we are likely to see greater pushes for visibility, context, and a greater merging of paths with the interests and practices of the security team.