As cloud and SaaS application usage increases, organizations face ongoing challenges to manage the proliferation of identities from the rise in adoption. To gain a deeper understanding of how Identity and Access Management (IAM), IT, and security leaders are managing the influx of identities and how identity management is evolving, Amir Ofek, CEO of AxoniusX, attended the Gartner Identity and Access Management Summit in London to learn more about the most notable market trends.
As an extension of our 'Solving the Identity Management Challenge' series, we sat down with Amir to discuss his key takeaways from the 2024 Gartner Identity and Access Management Summit gathered below.
Q&A:
Allie Byers: Why did you attend the Gartner Identity and Access Management Summit this year?
Amir Ofek: There has been a lot of growing interest around identity in the SaaS management and SaaS security space, so I knew it would be beneficial to dive deeper into identity management and learn more about the trends, challenges, and new approaches organizations are taking to tackle identity management at this year’s Gartner IAM Summit.
Byers: It looks like a lot was going on there. What are some of the key takeaways you gathered from the Summit?
Ofek: There was a strong focus on how security is becoming a major factor in Identity Access Management (IAM). Several conversations referred to the “Identity-First Security” approach, which is an effort that points to the significance of protecting and putting limits on identities, and why identity security should be the first step in securing an established environment. The concept of The 3 C’s of Identity-First Security: Consistent, Context-Aware, and Continuous, helped round that message and demonstrate why constant contextual awareness of identities and their behaviors in your environment is crucial to improving identity security posture.
Overall, while identity used to be considered the “last frontier” for CISOs and CIOs to protect, it’s clear to see that security is now an imminent identity threat, and that we’ll see it becoming a much bigger factor when it comes to IAM.
Byers: You mentioned how identity used to be considered the “last frontier” to protect. Is that an indication that identity is being linked to more business-oriented results within organizations?
Ofek: Based on several sessions at the Summit, IAM will become a much bigger component in business continuity and impact. We saw this discussed in a couple of emerging trends:
- IAM needs to be tied with business outcomes and continuity: Gartner is championing this with what it refers to as, “Protection Level Agreements” (PLAs), a concept that shows why we need to focus on measuring, reporting, and investing in security outcomes and protection delivered versus only the existences of a security tool or capability. There are several ways identity can enable business continuity, including enabling single sign-on capabilities to reduce user friction to defining birthright roles for joiner processes.
- The emergence of “Chief Identity Officers”: A trend that was mentioned was the rise of “Chief Identity Officers” which is a strong indication that IAM is getting a lot more attention from a business perspective. It won’t be long until Heads of IAM are elevated in the organizational structure; no longer will they be reporting to a CIO or a CISO, but rather they will likely be equivalent with or transitioning titles to “Chief Identity Officers.
Byers: Were there any challenges security and IT professionals discussed at the Summit?
Ofek: Several analysts and customers spoke about the need for faster time-to-value for Identity Governance and Access (IGA) programs. Currently, IGA programs take too long to realize value – from deployment to the challenges of introducing new capabilities – so a lot of them end up failing, falling at risk, or simply not providing business confidence. Anyone coming in to help shorten IGA’s time-to-value will need to address this very critical gap that exists today.
Another challenge mentioned is how grueling IAM is, which is something not talked about often. IAM is a major factor in “keeping the lights on” in an organization and has a significant business impact. Whether that’s ensuring people have the right permissions to do their job, or people who don’t have the right permissions aren’t granted them – it’s manual and tedious work but keeps the business running, and affects identity threat prevention – or identity hygiene.
Byers: Okay, so we’ve discussed some key takeaways and challenges observed at the Summit. What were some of the notable market trends that you recognized?
Ofek: Identity Threat Detection and Response (ITDR) was a big theme throughout, and one thing that stuck with me during Henrique Teixeira’s session was around how IGA can leverage ITDR. While ITDR is aligned with detection and roque authorization, combining them could add some real flavor to the identity detection and response space and how identities are governed in the future. It will be interesting to see that idea unfold.
Finally, “non-human” identities were also largely discussed, and I agree with the Gartner message that while “non-human” is essentially a new title of identity that has emerged, these types of identities should not be treated any differently than what we understand today as an “identity.”
More and more, we’re seeing the rise of non-human identity service accounts, like those from the Internet of Things (IoT) or machines – so, those that are not human identities like employees. Instead of addressing these types of identities in silos, we should rather understand that an "identity is an identity" so to speak; whether it’s human-like that from an employee or non-human from a machine – they should all be viewed in a centralized way. Otherwise, disparities and inconsistencies can occur, which I believe can create more harm than good.
It was great to see first-hand how the identity management space is evolving, and I’m grateful to Gartner for bringing together so many experts to share their perspectives on how to approach identity management.
To learn more about our 'Solving the Identity Management Challenge' series, explore our blogs on Identity Access Management (IAM) and Identity Governance and Administration (IGA) and Identity Threat Detection and Response (ITDR).
