hourglass-2912968_1280

 

RSA Conference 2018 - Now Matters

As I sit here towards the end of the week-long RSA Conference 2018 in sunny San Francisco, I think about the theme of the conference: Now Matters. It’s about driving forward what matters, the future of security, and doing it now.

One of the things I run into constantly as a consultant are organizations that are waiting for something to happen: funding, politics, resources, etc. They get paralyzed into holding off on doing something to improve security that causes their overall security posture to stagnate. Even small business process changes can sometimes get stuck in the political mud and impede progress.

Newsflash - There are no silver bullets that are going to solve all your problems. Your security posture is going to be in a constant state of flux as you adapt to the changes in your environment, technology, and attack techniques. Even small changes to your people, process, and technology can have a chain reaction of incremental improvement to the overall security of your organization. This aggregation of multiple small gains – no matter how small – can really add up over time and have a significant reduction in risk. Of course that only happens if, you know, you actually do something.

From an identity perspective, this strategy of incremental gains is a key component of IAM program roadmaps and is how we construct them at Identropy. If you are not delivering people, process, or technology improvements with a routine and frequent cadence as part of your IAM program, you are taking too long to demonstrate value. Take too long to demonstrate value and the business starts to question the investment, security posture does not improve, and risk to the organization rises as new attack methods are not countered. This is typically where programs grind to a halt, hit reset, or even die.

Case in point: 81% of the hacking related breaches used stolen and/or weak passwords.

  • What are you doing to counter and mitigate this attack vector?
  • Do you have strong passwords and easy to use multi-factor authentication in place for all users?
  • Are you securing your privileged entitlements to make sure only the appropriate people have that access?
  • How are you protecting your social media accounts?
  • Do you know what people are doing with their access and is it appropriate?
  • Are you offering multi-factor options to your customers?

If the answer to any of these is no or you are not sure, get going. Don’t wait to improve security, do it now.

Another theme that was plain throughout the conference, and especially the expo floor, was artificial intelligence (AI) permeating everything. In my unofficial review of the show floor, I estimate about half of the security products pitched some sort of “AI” capability as part of their product. Machine learning has really taken hold in the security space.

The basic idea for any of these “AI” products is that you can use them as force multipliers for your security team. This sort of capability can be a real boon for security operations teams that are typically already struggling to keep up with the number of events they have to investigate. Leveraging a machine to conduct a first pass analysis and triage of events can help the people in the organization be more effective and work on things that matter. I’ve been a big fan of using these types of technologies in the IAM space to identify potential identity events and integrate them with your other IAM tools to automatically do something. This is data that gets acted on instead of it getting lost in a SIEM somewhere under a pile of other work.

Sense a theme in this blog post? If not, I will make it clear: NOW MATTERS – DO SOMETHING.

 

Jeff Steadman

Jeff Steadman

As part of our advisory practice, I partner with our clients to help plan their IAM strategies. Prior to joining Identropy, I spent over a dozen years managing, building, and running Identity & Access Management programs, projects, and teams for SC Johnson and Walgreens.