primer domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/ikq167bdy5z8/public_html/propertyresourceholdingsgroup.com/wp-includes/functions.php on line 6114Now is the time to start thinking about the next generation of strategies for identity and access management (IAM).
Not surprisingly, this was one of the main ideas at the 2022 IAM Summit that Gartner held in Las Vegas. The event promised to share useful information about privileged access management (PAM), IAM programmes and strategy, single sign-on, multi-factor authentication (MFA), passwordless methods, and more, and it did all of that and more.
1) Adding machine identities to identity management.
Many companies are in the process of changing how they handle identity management, and one of the biggest changes they’re focusing on is adding machine identities to their overall IAM strategy.
This is a big change in how we think about machine identities. Conversations about machine identities are moving away from the technical and security-focused domains and into the broader IAM context (think: provisioning, de-provisioning, moving, changing, and so on).
Overall, adding machine identities is a big part of the “next generation IAM strategy.” Gartner’s change from the IAM hype cycle to the Digital Identity hype cycle is also a reflection of this.
Putting identity-first security into place
Everyone knows that identity is the foundation of security, but the Gartner IAM Summit made it clear that identity has moved to the centre of security infrastructure in the world after COVID.
Erik Wahlstrom, Senior Director Analyst at Gartner, says that the next step in identity strategy isn’t just to give out identities, but also to protect those identities and the infrastructure behind them from attacks.
In the future, this means that even more attention will be paid to the whole identity lifecycle, including machine identities, to make sure that security is in place at every step.
3) We’re getting closer to combining IAM.
As the IAM market changes, teams no longer have to choose between “best of breed” and “all in one” solutions. Instead, they can take a “best in suite” approach. This change is caused by the fact that the capabilities of different IAM tools are becoming more similar, and IAM vendors’ services are becoming more similar to each other.
Even so, we still have a long way to go. Many organisations have had to create their own tools to keep their secret managers, PAM tools, and IaaS tools in sync. This shows how important it is for platforms to be able to talk to each other and continue to converge.
4) Support for both centralised and decentralised security
Centralized decentralised security (CeDeSec) is the idea that security and IAM teams need to accept the idea of centralised control and decentralised enforcement. When this is done right, a Cybersecurity Mesh Architecture at security and IAM teams need to accept the idea of centralised control and decentralised enforcement. When this is done right, a Cybersecurity Mesh Architecture (CSMA) is created.
CeDeSec came about because IT is becoming more decentralised, and teams need a way to keep a single point of control while still letting different teams use the tools and workflows that work best for them.
CeDeSec is easy to achieve, though. This approach works well for PKI and machine identity management, two areas where security teams already know how to keep centralised visibility and control over a wide range of tools.
Consider Just-in-Time (JIT) access brokering.
Access brokering for Just in Time (JIT) is becoming more popular. Enterprises still use certificates as a way to verify users, but each time a user logs in to a system, they get a new certificate.
In this way, JIT access brokering makes it much less likely that stolen or lost credentials will be used more than once, since the credentials are only good for a short time. Of course, for JIT access brokering to work, especially without causing problems for users, it needs a way to issue and remove identities that is both fast and scalable.
6) Forming a team to work on machine identification.
Lastly, many companies are getting rid of their crypto centres of excellence and starting machine identity working groups instead.
Gartner points out two problems with the traditional CCoE model: 1) Crypto has lost its meaning as an IT security term because it is now a currency, and 2) it is not realistic to think that one team (usually security or IAM) could handle all things crypto for the whole organisation.
Instead, organisations would be better off creating a cross-functional working group with key stakeholders from IAM, Security, DevOps, Infrastructure & Operations, and Cloud teams. This group would meet regularly to establish ownership, make policy and tooling decisions, and create guidance. By putting together this group of people from different departments, machine identities are taken care of by more teams in the organisation, and all of their points of view are taken into account in strategy.
IAM is getting ready for the next generation.
Gartner’s 2022 IAM Summit made it clear that the next generation of IAM is here, and that now is the time to rethink strategies, solutions, and management.
Organizations can keep up with the next generation and avoid falling behind by following trends like adding machine identities to IAM strategies, putting identity-first security in place, and setting up a machine identity working group.
Are the people on your team ready for these changes? Now is the time to talk about these things.
