The Alignment and Significance of Identity

More cyberattacks are happening today than ever before. Security can no longer be an afterthought; it must be shifted left and made an intrinsic part of your applications and infrastructure. But it can be hard to align your security initiatives with your business objectives. How do you enhance your security posture without compromising user experience and productivity? What is the importance of identity in this regard?

Are your security initiatives conflicting with business goals?

At the start of the discussion, attendees were asked if their business goals were at odds with their security initiatives. Everyone responded in the affirmative. A CISO remarked that several companies don’t have the money or resources or both to implement security projects. Moreover, it can be hard to get budget approvals when your CFO doesn’t understand security risks. Or if they think that security objectives don’t translate into business goals. An InfoSec specialist added that security initiatives don’t always align with the speed at which the business wants to operate.  

Identity will become the new frontier for security

A participant mentioned that it’s hard to control and define your security perimeter in today's digitally connected world. The internet is now the corporate network. Resources are spread across private and public clouds, employees access internal systems from different remote locations, and customers log in from multiple digital touchpoints. The traditional methods of using endpoint-centric controls, firewalls, and VPNs are no longer effective. The modern way of securing your systems and users is via identity. It allows you to enforce fine-grained access control across your infrastructure. It enables your users to log in to most SAAS applications, directly from the browser, in a frictionless manner. We can expect identity and the browser to be the new frontier for security, replacing the static controls of the past.

An attendee shared that forward-thinking companies are using IAM solutions to implement advanced authentication techniques, like password-less authentication, continuous authentication, and adaptive authentication based on behavioral analytics. Identity is also at the heart of most zero-trust implementations. It allows you to define granular policies for controlling who has access to which resources and under what circumstances.  

Aligning security with business goals

A speaker told the audience that you shouldn’t sacrifice user experience for security. Security controls shouldn’t create more hoops or roadblocks for your users to jump through. Improving your security posture shouldn’t increase your time to market. Your identity strategy should enable your business strategy. Use frictionless authentication to achieve easier workflows, and increase productivity. Implementing SaaS-like seamless login experiences for your legacy apps is also important.  

Building a security-first culture

A contributor said it’s important to take a value-centric approach to change culture. Most organizations fail to change the culture because they take a control-centric approach, e.g., asking people to reset their passwords fortnightly because it’s considered a best practice. Control-centric approaches typically face a lot of opposition. In a value-centric approach, you identify business problems and solve them under the guise of security. You encourage people to change because it will generate more value and make their lives easier. In addition to the what, you also talk about the why.  

‍