The notorious Pablo Escobar controlled 80 per cent of the global cocaine market in the early 1990s. From these illegal dalliances, in 1989 Pablo was listed as the seventh-richest man in the world, and if he was alive today, he would be worth $20B more than Jeff Bezos.
But if he was actually alive, he probably would have diversified into another underbelly of not so savoury activities – cybercrime, which is worth $1.5 trillion in profits.
The chances of being successfully investigated and prosecuted for a cyberattack, unlike being on trial for drug activities, is estimated at 0.05 per cent, and the monies earned from cybercrime can be easily laundered and are typically untraceable.
When thinking about cybercrime, as organisations embark on their digital transformation journey, the concept of identity governance – for all users, all applications, and all data – has never been more important both to support and protect any transformation from cyberattacks. They need to stop the ‘Pablo Escobars’ of the world from infiltrating their applications, data and systems.
According to the World Economic Forum Global Risk Report, the majority of respondents expect the risk of cyberattacks, leading to theft of money and data, to increase in 2019. Eighty per cent of participants believe this would disrupt business operations. The report provided further evidence that cyberattacks pose risks to critical infrastructure, prompting countries to strengthen their screening of cross-border partnerships on national security grounds
As we continue to see the collapse of the firewall, the use of mobile, and the rise of access any time and any place – security strategies need to align in securing all identities in the business, as they are becoming the new enterprise security perimeter. So, having an identity governance platform that governs all users, all data and all applications has never been more critical for organisations
In today’s economy though it’s getting harder to manage all data and who has access to that data, especially as the growth of data being generated will exceed 463 Billion Gigabytes per day by 2025. In a recent SailPoint Identity Study we found that 48 per cent of companies have limited or no visibility into who is accessing their data.
Organisations that integrate the latest in machine learning and smart technologies into their businesses are regarded as cutting-edge and primed for growth. Yet, many haven’t factored in how they will manage these new identities. For example, tech-first companies like Amazon and Netflix are excelling using their base of advanced learning algorithms to bolster their e-commerce or content production. Indeed, organisations in a wide variety of industries are now pivoting towards a tech-led strategy, meaning that automated processes and interactions with artificial intelligence (AI) will become a hallmark of the modern workplace.
Stopping wannabe Escobars
The introduction of bots and machine learning to the mix signals a new frontier in identity governance. Enterprises have historically focused their identity programmes on three primary users: employees, contractors and partners. In the new business world, non-human users have introduced a new identity type, posing an emerging challenge for modern enterprises to tackle. Bots are known time-savers, ridding staff of repetitive tasks and letting them focus on more interesting and value-adding jobs. However, how does one control bot identities to ensure they’ve not gone astray? Manging these new identities is an important new frontier in identity governance that enterprises cannot afford to leave out of their identity and security strategies today and for the future. The reality is that a ‘good’ bot and a ‘bad’ bot are only separated by how properly their access is governed.
As part of the next generation identity governance, identity platforms need to provide companies with risk-based alerting capabilities to help detect suspicious activities and stay informed of violations in real time. It will need to provide machine learning, analysis and information to help companies build in automation and make informed decisions about how best to protect their sensitive data files and applications.
The platform will need an automated integrated alert management framework, so that rules can be easily configured based on a single or threshold of multiple activities, or access to specific resources. The next generation of identity will need to provide organisations with predictive modelling, adaptive security and real-time alerting.
Taking a comprehensive approach to identity governance enables organisations to leverage insight and awareness across their applications and files to proactively reduce risks and increase security, as well as be an enabler for the adoption of Cloud.
Our vision is for identity to be the single source of truth for organisations today and the future, ensuring they have visibility and control over all of these important factors. Identity has never been so strategically important. It has absolutely become a board-level priority. As the importance of identity increases in organisations, our approach will remain the same. By continually driving innovation in identity, the industry can efficiently and securely manage digital identities and embrace digital transformation with confidence —stopping the wannabe Pablo Escobar cybercriminals in their tracks along the way.
Ben Bulpett, EMEA Identity Platform Director, SailPoint