What CISOs Are Saying: Identity & Access Management
Published On: May 1, 2020
Through our extensive research via our Feats of Strength publication and our Internal Research Department, K logix has successfully collected trends from over 150 distinguished security leaders in a variety of verticals in the security space. When it comes to identity and access management (IAM), here's what CISOs are saying:
A strong IAM strategy is key to addressing foundational security.
In the December 2019 Issue of Feats of Strength we interviewed Flexport CISO Kevin Paige. He explains that in order to build a solid security foundation, it is important to have a risk-based approach, strong security culture, motivated team, and robust identity and access management program.
On page 19 in the Feats of Strength December 2019 magazine, Paige states that "Security begins with strong identity and access management capabilities. Across the company [Flexport], I took a strong look at making sure that we’ve got great identity when it comes to accessing IT systems, when it comes to accessing our product capabilities, and when it comes to accessing our infrastructure. Holistically, I wanted to look at how we were doing it, what our gaps were, and then make solid plans to make sure that we’re doing the right things. Strong identity and access management capabilities are critical to having a solid security foundation."
Physical identity is just as important to secure as digital identity.
On page 8 in the September 2017 Feats of Strength issue, Nick Nedostup (Former CISO, Johnson Controls), said that "there is a lot of focus in the information security industry on digital identities...we also must consider physical identities, such as when someone enters a building, and which system controls - like lights or heating systems - they access. In the future, we must combine physical identity with digital footprints to track a person’s complete identity as it relates to the enterprise."
Identity is a key element to securing digital transformation.
Cyber is an ever-evolving space, and with all the innovation, efficiency and advancement that new products and services bring, they also expose new security risks. According to our own data from K logix interviews of CISOs, 79 percent of organizations are in the process, or plan to undergo digital transformation.
A key piece to securing the digital transformation is identity. As identities proliferate within cloud computing, securing those identities and limiting access to only appropriate users is a high priority.
When asked how identity protection programs are evolving, Tony Meholic, CISO at The Bancorp Bank, explains in our September 2017 Issue on page 6 that "User access is a huge priority for us. Now we know everyone’s system access automatically and systems that interact with PCI data are flagged. The participation from management is much better, largely because the systems is web-based and simple to use."
For many organizations, identity and access management is considered a top priority for executives and the board.
Tony Meholic, CISO at The Bancorp Bank, stated on page 23 of our September 2017 Issue that "the one issue that gets the most attention from the Board of Directors is user access. Incidents like Heartbleed made the Board extremely interested in understanding our preparations around access management controls and limiting our exposure.”
Boards and executives are increasingly aware of the need for a strong IAM program within their organizations. Many CISOs proactively educate their leaders on continuing to invest in strengthening all facets of defining and managing roles and access privileges of users.
Addressing the need for identity and access management goes beyond investing in technology solutions, it should encompass a program-mentality with strong processes, methodologies, and roadmaps.
K logix leverages our deep network of CISO leaders, and broad experience working with customers in all verticals, to deliver relevant, analysis-backed consulting services to our customers. K logix helps organizations develop IAM frameworks, assess IAM program maturity, determine the best-fit IAM technology, deliver comprehensive IAM program plans, and much more. Drop us a line for more information on how we can work together to strengthen your program.