Pondering Identity in Las Vegas
The annual Gartner IAM show is a one-stop shop for anyone interested in understanding identity, access, authentication, and authorization issues, not to mention ancillary topics such as privacy, regulatory compliance, and user experience. While the 2018 event is still fresh in my mind, I share my 5 takeaways.
1. Password-less Ubiquity
Many sessions talked less about the technical feasibility, but rather about how password-less authentication is being deployed, the adoption of standards, the role of industry bodies (e.g. FIDO), and the uptick in enterprise adoption. In one session, Jason Malo (Gartner) was explicitly asked to argue against password-less as a concept, while Mark Diodati (Gartner) encouraged the audience to think about assurance levels in their broadest sense and how password-less authentication fit into the overall way of thinking.
I myself participated in a fun and lively panel about the impact of password-less on user experiences — moderated by Mark Ruchie, the CISO at Entrust Datacard with co-panelists Chris Brown, the Lead Cybersecurity Engineer at the National Cybersecurity Federally Funded Research and Development Center (NCF) and Sonia Arista, the National Healthcare Lead at Fortinet.
2. Back to Basics
Critical issues like data governance, data stewardship, and having an identity strategy are topics that often go under-represented at industry events. While “basic”, many practitioners are new to the field and even seasoned professionals can benefit greatly from a refresher.
3. Identity Strategy Ownership
Who owns the overall identity strategy for an enterprise? Different points of view were presented across several sessions; the only consensus is that there is no single owner. Organizations must expand requirements gathering to as many groups and functions as possible, while avoiding the tendency to smash together a hodgepodge of requirements without a holistic vision.
4. Cloud Adoption
To no one’s surprise, the cloud is here to stay. Every session and Q&A operated on the assumption that cloud adoption is taking place in every business, even in regulated industries.
5. Machine Learning & AI
There was surprisingly little mention of these topics. Perhaps in 2019?
