The Modern Realities Of Identity And Risk Demand A Modern Approach

October 10, 2017

The time has come for new ways to manage, fund, and source expertise in the digital age

This morning, we announced that Gartner has listed Edgile as a representative vendor of IAM consulting services in its 2017 Market Guide for Identity and Access Management (IAM) Professional Services, North America.

It’s the second year in a row that we have been bestowed this honor, the result of our growing challenge to the older Big Four consulting firms for both mindshare and marketshare in the world of IAM.

As we note in our press release, this latest recognition comes on the heels of SailPoint naming Edgile their 2017 Partner of the Year for the Americas, and it further highlights our commitment to provide deep expertise and technology innovation in an era of increasing demand for modern security services.

To fully appreciate the moment, however, it helps to look at the biggest challenges that the enterprise is facing today and that are likely tomorrow continue in the future.

The accelerating pace and size of security breaches.

As Edgile founder and CEO Don Elledge noted in his inaugural column for the Forbes Technology Council  data breaches in the enterprise increased at a rate of more than 40% from 2015 to 2016 (according to a Bloomberg report).

That alone is a problem, but consider this: according to a survey commissioned by Gartner, businesses are increasing their cybersecurity budgets only at a rate of 18%.

What does this mean for IAM? Because identity increasingly has come to be regarded as “the virtual perimeter of the enterprise,” IAM increasingly will need to become a strategic focus for CISOs as they move to close the funding gap.

The move to the Cloud has forced organizations to rebuild security.

There was a time not long ago when CISOs were reluctant to security to the public Cloud for fear that it was less secure than the private enterprise network.

Today, more and more businesses are beginning to agree with what Gartner concluded in 2015 that “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries and instead apply their imagination and energy to developing new approaches to cloud control.”

Here’s one reason why: for modern enterprises, the Cloud represents one of several transformational, technological shifts they must embrace in order to remain competitive.

Another reason: security is moving more and more to the model of “least privilege,” and the Cloud can vastly limit the surface area of risk because securing access is done independent of the network and secures the users directly to the application.

In a word, IAM systems are getting “old.”

That said, rebuilding in the Cloud introduces new complexities for CISOs, and they will need to hire or outsource for new capabilities.

Also, they will need to rethink the components of IAM systems themselves. Here’s one trend worth watching: the shift from systems that are built on multiple, redundant, point solutions to systems that integrate technologies and processes that enable layers and depth.

More and more, CISOs will be called upon to enable enterprises to design a more strategic modern approach to funding and harnessing the technologies and best practices available to them, and sorting which need to be managed inside the enterprise and which are often better managed externally.

In that last sentence lie the clues for what CISOs might do differently today.

They could begin with strategy, one of Edgile’s key differentiators in the marketplace. Without strategy – an alignment between risk and the core objectives of the enterprise – no IAM program can succeed.

They could also implement a more modern model to funding, one that recognizes – as Elledge observes –- the need to invest today for capabilities required tomorrow.

Finally, they could implement a more modern model to sourcing expertise, intelligently leveraging the talent that is fast fading in the marketplace, as Gartner’s recent IAM dramatically illustrates.

According to the guide, “the availability of experienced people continues to be the most significant constraint facing both IAM professional services firms and their customers in North America.” With the talent that Edgile is rapidly acquiring – and with technology-driven solutions and managed services that enable CISOs to manage modern IAM at scale – our firm is well poised to close the expertise gap that has become a risk for the modern enterprise as great as cyber risk itself.