The rise of AI-powered identity security for modern enterprises
Senior Vice President, APAC of SailPoint, Chern-Yue Boey has a talk with EITN about identity security.
EITN:What is your outlook on the cybersecurity landscape in Malaysia and how is the pandemic changing the way cybersecurity is being handled?
Boey: Malaysia recognizes cybersecurity as a national priority and has been investing in stepping up the national cybersecurity preparedness and measures.
With the pandemic, we saw the rapid shift to a virtual workforce, which placed more emphasis on cybersecurity practices as companies not only in Malaysia, but in the region, continue to face cyber threats like hacking, phishing and data breaches caused by information security loopholes.
A hybrid, remote workplace also meant that enterprises needed to provide access to their employees no matter where they were, while protecting the entire workforce. Therefore, organisations have had to re-evaluate their security strategy to ensure identity security is at the foundation.
To a cyber attacker, the right identity is extremely valuable. It can be used to break into a network, move laterally once inside, and facilitate all manner of fraud and identity theft.
Whether it is by phishing or some other means, obtaining stolen credentials is often a critical part of a threat actor’s agenda. For this reason, protecting identities must be a crucial part of any security strategy.
In today’s modern enterprise, a strong identity security solution is essential to protect against threats effectively. An intelligent identity platform that can easily identify risks, monitor behaviours and refine roles across hybrid and multi-cloud environments, remote work, and multiple devices, is fundamental to protect the business at scale and ensure compliance.
To a cyber attacker, the right identity is extremely valuable. It can be used to break into a network, move laterally once inside, and facilitate all manner of fraud and identity theft.
EITN: What is the key difference of the newly launched Security Cloud suites compared to the other security providers in the market?
Boey: With today’s hybrid workforce, a traditional security perimeter is no longer a viable option. Enterprises need a robust identity security solution that integrates with existing systems and workflows which as a result, saves costs, provides extensive visibility, and supports a solid security strategy.
The SailPoint Identity Security Cloud is a bundle of SaaS capabilities that make it easy to build the right identity security program wherever an enterprise is, in its identity journey.
There are three key differentiating components in the SailPoint Identity Security Cloud suites, namely:
Unmatched Intelligence – Artificial intelligence and machine learning automate the discovery, management, and control of all user access throughout their digital lifecycle, ensuring each identity has the right access to do their job.
Frictionless Automation – The automation streamlines identity processes and decisions, such as access requests, role modelling, and access certifications. It frees employees to focus on innovation, collaboration, and productivity as it continuously analyses the organisation’s identity program to spot risky behaviour and easily connect and control access to every system holistically.
Comprehensive Integration – The product allows integration of a company’s entire digital ecosystem to centrally control access to all data, applications, systems, and cloud infrastructure – no matter how complex the business environment or where it operates.
EITN: Why would you say your solutions are AI-powered and what are the key differences between solutions that are AI-powered and solutions without AI?
Boey: The SailPoint Identity Security Cloud combines identity data with the power of artificial intelligence and machine learning to drive stronger security and compliance across the entire organisation.
With AI and ML as its foundation, SailPoint’s Identity Security automates the discovery, management, and control of all user access, and seamlessly integrates with existing systems and workflows, providing the critical, singular view into all identities and their access rights. This allows enterprises to not only control access ensuring users have the access they need when they need it, but also to spot potential threats. Our AI driven platform also gives enterprises the ability to automate IT tasks and keep policies up to date as the organisation evolves.
With a focus on the core of identity security, the solutions enable enterprises to meet the challenge of ensuring secure access to resources without compromising productivity or innovation, delivering only the right amount of access at exactly the right time.
The SailPoint Identity Security Cloud is designed to deliver the flexibility, ease-of-deployment, and user centricity needed in today’s complex IT environment.
Identity security processes and decisions that are manually done can also take years, and that is no longer feasible as IT teams today are seeing an increase in the number of users, apps and data in a variety of operating environments.
In a traditional security approach, human intervention and manual processes are still required. However, with the amount of verification and the volume of identity data, it is beyond human capacity to sort through all information timely and accurately.
Identity security processes and decisions that are manually done can also take years, and that is no longer feasible as IT teams today are seeing an increase in the number of users, apps and data in a variety of operating environments.
EITN: What is the importance of modernisation of identity governance and administration for enterprises?
Boey: Managing identities effectively with modern identity governance and administration (IGA) capabilities is critical for organisations to remain competitive, compliant, and secure.
Identity governance and administration can help organisations address today’s complex business challenges, balancing four critical objectives; namely, reduce operational costs, reduce risk and strengthen security, improve compliance and audit performance, and deliver fast, efficient access to the business.
Identity governance and administration can help organisations address today’s complex business challenges, balancing four critical objectives; namely, reduce operational costs, reduce risk and strengthen security, improve compliance and audit performance, and deliver fast, efficient access to the business.
EITN: How does identity security play a role in the cloud environment for enterprises? Is what you offer, actually identity access management?
Boey: A strong identity security solution helps organisations to enable access while securing business everywhere, which includes hybrid and multi-cloud environments, remote work, multiple devices, and more.
Many organisations have found that identity security provides multiple layers of business value such as reducing risk, automating IT processes, as well as enhancing the employee experience. These results are achieved by properly provisioning access, protecting the business at scale, and ensuring compliance.
Organisations may associate identity only with access management practices such as SSO (Single Sign-On) or MFA (Multi-factor Authentication). However, this view of identity security is only one aspect of it.
Identity security helps solve the bigger picture. The concept allows for granting, securing, and managing access based on the principle of least privilege (PoLP). This is the idea that every single identity in a company’s network only has the minimum amount of access they need to do their job.
Authentication helps to verify the identity of who they say they are, but this practice does not include cross checks to determine if access to resources is allowed and adheres to access policies. SSO and MFA cannot be used to manage or govern which information within a resource a user can see or touch, and this is becoming increasingly important as stricter data privacy regulations require organisations to safeguard sensitive data.
Identity security helps solve the bigger picture. The concept allows for granting, securing, and managing access based on the principle of least privilege (PoLP). This is the idea that every single identity in a company’s network only has the minimum amount of access they need to do their job.
By restricting permissions based on job function and user role, enterprises will reduce the risk of users having access to information they should not have access to, and inadvertently or maliciously doing something with that information.Identity security puts an emphasis on both enablement and security—providing access but properly controlling that access. It involves setting up and defining user roles and creating policies used to govern access throughout the digital identity’s lifecycle.