Welcome everyone thank you for joining us for today’s webinar thinking about security and compliance thank identity I’m Shay Mann and I will be your moderator today today’s webinar is in listen-only mode so if you have any questions throughout the event go ahead and submit those in the Q&A panel and we will answer them during the Q&A session at.
The presentation this session will be recorded and we will email you a.
Link to the recorded version tomorrow joining us today is Dave Hendricks senior vice president of fast solutions and armor Rama senior product manager of identity now well we have got a lot to cover today so Dave I will pass it over to you to get us started thanks Jay and good morning everyone so we’ve got an interesting 60 minutes.
For you today we’re going to begin with a summary of really the new reality of.
Enterprise with increased speed and breadth of opportunities and risks and then we’re going to move into a discussion of how to address that risk while managing the digital transformation all of our organizations are.
Currently undergoing and then we’ll wrap that wrap that up with some practical ideas that you can take with you as you go through this journey.
We’ll be covering a lot of ground today so let’s go ahead and get started so enterprises today are different than they were just a decade ago there’s been an.
Explosion of new applications devices user types all accessing your corporate environment from anywhere anytime the complexity that you deal with on a daily basis can sometimes be a little bit overwhelming so adding to this complexity is the ongoing digital.
Transformation propelling adoption of cloud services and SAS applications across the enterprise a recent survey by netskope.
Suggested that many enterprises have more than a thousand SAS applications in use today you know most of us can probably think of 20 to.
30 SAS applications off the top of our heads but but that may just be in one part of the business and another part of the business there could be another 10 to 20 applications and so on and so on I just spoke to a mid-sized organization the other day had well over a hundred active active SAS applications and they were struggling to figure out.
How to minam is the risk that’s associated with that situation obviously this can create a fairly serious security gap and although proliferation proliferation of staffed applications is a reality.
So is the existence of legacy on-premise systems most businesses are somewhere in the middle of their organizational transformation and will have to have to deal with the complexity of hybrid IT environments for the foreseeable future our surveys show that over ninety percent of organizations are going.
To be in this situation over the next few years so that means not only do you have SATs but now you have an increasingly complex and difficult to manage environment with its share of associated risks so one of those big risks is the is the risk of a data breach the general feeling today seems to be not if but when your organization will.
Experience a breach at some level in our recent market pulse survey we found that three out of five global enterprises expect to be breached in the near future and those that have been breached.
Reported an average of over four million in financial loss due to the security breach just in the last year alone and that doesn’t even include the impact on their brand’s customer loyalty and all of the other non direct financial impacts that would be included and unfortunately that’s really not the end of the complexity that you’re dealing with on a daily basis because in order to control and.
Combat things like data breaches and other risks there’s now an alphabet soup of regulations that you have to comply with we all know about gdpr that went into effect in May but now we’re starting to.
See individual states individual regions and individual industries implementing similar regulations and the more global or diversified you are as an organization the more regulations you have to be compliant with so sometimes it seems like these new compliance standards are coming out of the woodwork and this has a real impact to your organization not only are compliance costs increasing but the cost of being found to be non-compliant is rising.
As well it’s the classic case of pay me now or pay me later but in today’s environment it does seem that you have to pay unless you can find a streamlined streamlined way to meet these compliance standards so I’m sorry to paint such a bleak picture and the in the beginning of.
This presentation you know we organizations with increasing complexity increasing risk and increasing compliance requirements and it’s not exactly the world we envisioned when we started thinking about digital transformation for our organizations but unfortunately this is the world we’re living.
In and although there are some great opportunities associated with this we have to learn how to deal with and manage the risk that this presents in our organizations so now I’m going to hand it off the.
Armor and he’s going to present a framework to you for dealing with this new world and to provide some suggestions for how you can move forward to turn this adversity into more of a competitive advantage for your organization um thanks Dave and good morning everyone yes there’s so transformation can be risky but let’s not forget why this is valuable and worth our time and.
Effort digital transformation is about enabling people making you more competitive and agile by helping your users be more productive at the heart of it this digital transformation is about.
Your people empowering your people to do more from anywhere at any time that is the promise people were the biggest source of risk or also the greatest driver of growth well let’s talk about your people they’re not all the same who’s here on this webinar does not on a weekly basis work with a consultant or a contractor or a partner.
Not to mention people who are not even people ie BOTS so employees to come in different flavors you’ve got floor workers front desk employees back office.
Users and so on each of them deals with a very different part of the enterprise so you might be.
Asking us a lot at this distinction ladder well the answer is yes and also that it’s critical to understand the differences each of these people sit in.
A different circle of trust and consequently expose you to different levels of risk so our challenge here is to find the right balance between security access and productivity for all of your users you let’s talk about the how the relationship between people and their data is.
More complex than ever these days and what a lot of you here are thinking about employees and IT staff.
Different access level for contractors BOTS and suppliers and.
What many of us may not consider customers as needing access they do customers need support access to partner portals and all sorts of silly privileged data so how do we ensure these people are both equipped and protected at the same time the answer is identity governance what is identity governance simply put identity governance is how you ensure your people are productive while their digital identities are secure think of it as an enterprise discipline that provides.
Business and IT the framework tools and best practices to embrace this digital transformation securely identity governance the develop at the market because.
Not a unique problem this is a common problem across our industry in all of today’s enterprises it’s about safe smart and secure empowerment of your people to embrace the digital transformation that’s the role identity governance plays so no matter where you are in this digital transformation journey or in the cloud you do need to manage identities and digital identities and to do this well you want to be able to answer three important questions and that’s what.
You see on the screen and I think this is really important if nothing else if you walk away with remembering these three questions you are way far along this journey then most enterprises the questions are who currently has access who actually should.
Have access and finally what can people do with that access this is at the heart of what we’re trying to solve here given the extended nature of today’s enterprise both are.
We use a perspective as well.
As the applications they are accessing so you want to bring the broad perspective into these three questions by answering these three.
Questions you now have a way to address your core needs about security or reducing risk compliance.
Or making sure that you are in line and finally making sure you wrap all of this up in an efficient package if you can address these issues then you can focus on the benefits of digital transformation and not stay aboard in about the risks let’s step through a few examples that shows.
You how identity governance is a framework or discipline can in fact help us manage through these parts of the business let’s start with managing.
Risk when you think identity related risk the first question you should be asking yourself is do I have users in my company with.
More access than they need excessive access is the enemy of security and well this might be comforting because.
You might figure well maybe that’s good but I don’t have excessive access I’m here to tell you all of us do because it can occur a few different ways excessive access happens because one all of us have IT folks who are good and hardworking but they’re all stretched thin they struggling to keep up with a constant demand for changing axes and new axes and so one of the outcomes of that is you end up kind.
Of giving everyone broad access just so you can keep the lights up and stay ahead of business you can have application owners meaning people who are the.
Gatekeepers to tool such as Zendesk or box or Salesforce and their job is to make sure the right access is given to these tools but if your application owners who are not fully educated or.
Informed on excessive access they can sometimes be too generous without intending to me and finally even if you have everything under control access accrues over time and the course of an employee’s career within your company they switch roles they switch projects and so over time what happens is now they have way more access and that was intended or they.
Started with so no matter what so this to you now is the probability of a breach just got higher so let’s talk about this so securing yourself against what we now understand is a key threat to identity risk starts with disability you want to be able to talk to all.
The tools that your users talk to on a daily basis cell phone for.
Example connects to a broad range of applications everything from mainframes to modern enterprise assets like box or slack a good identity governance tool then harnesses this broad connectivity with tools such as focus search and policy engines to ensure you are always informed of this key question we started with who has access to what and what level of access does he or she have that’s how you start and that allows you to quickly respond to excessive permission situations.
That may occur let’s get more specific let’s walk through an example so you can maybe visualize what I’m talking about this is a common scenario all of us face you have hired a sales rep you want to make sure that this sales rep is going to be contributing positively to your company from day one right that’s what we hire them and so we want the sales sub to have access to say.
Three tools sales force of course the CRM tool your homegrown commissioning tool and the HR system but it’s key to remember that we want to know what level of access they have so we want to give them a healthy set up that ensure that the sales access just to those sections of.
The tool that he needs and he does not have access to the ATS he doesn’t what this does is it make sure that your sales rep now has the right tool to be productive from day one but has then contributed to the risk side of your equation it’s a.
Great example of managing the digital transformation securely while ensuring productivity a nightmare scenario for all of us here especially for the IT and security professionals amongst us if a disgruntled employee retaining access in attempting to use it after termination it’s unfortunate but this does happen more often than you would suspect a moment of weakness and frustration is all it takes an identity.