Where to put your focus on in 2019
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Where to put your focus on in 2019
Where to put your focus on in 2019
Hello, and welcome to Casey plus today, I will talk about top five IM topics for 2019, where to put your focus on in 2019, there are a lot of topics which we have to look at when we, when being responsible for identity and access management. But I believe there are some specific areas which will be of primary relevance in 2019. The one I'd like to start with this comprehensive privilege, access, privileged access management, something we need everywhere for every application.
Cetera, the questions you need to look at for my point of view are, do you already have that type of solution in place? If not it's latest time to start, is it a solution which really looks at all types of privileged access from the technical or functional user accounts to the roots, to the business user? So it's nothing which is only whatever the units route or the windows admin or a local admin account on a windows machine. It's really something we should cover every type of privileged account.
And it should go beyond shared account password management, looking at session session monitoring, session recording session, a analysis up to detecting anomalies. So privileged threat analytics are privileged. Behavior analytics is becoming more and more important, and that should be a hot topic for you in 2019. It also should work for every type of service for cloud and it should be fully integrated. And it also should cover your DevOps environment across the entire CI CT life cycle. That is my topic.
Number one, my topic number two is look at getting a group on access from everyone to everywhere. So can every of your users be an employee, a consumer customer access all your services, regardless of where they are running. As long as he's entitled to used services across cloud, and on-premises using all kinds of devices and services.
And do you have the ability to manage all the access centrally based on central policies on a central approach, that is another topic you should address in 2019 built an environment which allows you to have a centralized management of all types of access, which enables all types of users, sort of your central identity service, your access service, your identity broker, whichever name you want to use. My topic.
Number three, and this is closely related to that as sync outside in, not inside out, still a lot of organizations are taking an approach where they say, okay, I have whatever I need a stronger security. So all my users have to use that type of token or that type of Authentication, whichever ever you want to use, but they are mandating the users to do what they want. I think we need to change it. So we need to look at enabling everyone, the employeed partner, customer, consumer, to use the authentication they prefer.
We need to enable that they can rely on their IDP, their identity provider of choice. They can bring their own identity. And we also need to look at what to do with all these public IDPs. So we see a massive growth in the public IDPs. So in Germany, we have very many, we have net ID. We have many Analyst, we have ID for me. We have N bank ID. We have so many initiatives there not to not even to mention the blockchain IDs I stuff, which is going on.
We need to be able to work with external identity providers and all this needs to be ready for privacy by design to allow the customer control about his data because GDPR, et cetera, they are here to stay and we need to serve this. My item, number five, recent access management, access reviews.
I think, I don't know a single organization worldwide, which is really happy with the way access reviews are done today. We need to do better, and that should be a key initiative for 2019. So first thing is run this thing regular. So if you don't do it yet, start enabling doing consistent access management. So one tool, one place to get a, to, to, to request access, to approve access for all your systems and access reviews, minimize the efforts, use automation and policy ever applicable. So build on the attributes, build on the information you have about users to automatic access entitlements.
And then you also reduce access review effort because what comes into a policy you only need to verify to review the policy, not the resulting. Excellent. Also look at risk based approach, focus on the things which are really the high risk items and look at how you can leverage the potential of AI for IM. And this is particularly interesting for the area of access review, because here AI can help you in identifying really the concrete risks, the high risk items in focusing in your review on the really critical aspects. That is what really helps you.
And finally, my topic number five for 2019 is add identity and access management for analytics and business intelligence. This is a widely unserved area. So few organizations really have a crib on what happens with all the big data and what happens with the combination that can take place In your analytics solutions. So how do you control that? Are you granular enough to really control which combinations are allowed, which access is allowed, which results are maybe more critical than the data that they are derived from has been, you need an identity and access management for that field.
This is still a relatively new area, not many solutions, but it's, there are things are happening. There are things going forward and you should really take this as a key initiative because sooner or later, this will become a major topic for the auditors as well. So having an O D in first, across these environments, having access reviews in place is super important. These were my recommendations, my perspectives on what are the key topics to five top items in identity and access management for 2019 delivered by copy call and KC, plus the future of information security today. Thank you.