In this blog series, we’ll be providing the perspective of our Customer Advisory Board members on topics that are important to the identity and security vendor and practitioner community as we create frameworks and build products to help organizations successfully implement identity-centric security. If you have topics or questions that you would like us to address, please submit them via our on-line community.
Den Jones is the Director of Enterprise Security at Adobe and an IDSA Customer Advisory Board Member. Den and his team are driving innovation at Adobe through their Zero-Trust Enterprise Network (ZEN) initiative. ZEN leverages existing identity and security technologies to achieve stronger security with a more pleasant user experience.
What advice would you give identity and security vendors who are helping customers achieve identity-centric security?
Let me start with where I think some security vendors are missing the mark, because it builds on where I think the security industry needs to move toward. A lot of security vendors have a portfolio, or a suite of products. They’ll walk in pitching as if I’m going to buy all their products because they’re all interconnected in their world. The problem with that mindset is that as identity and security executives, we run organizations, build products and services, and there are years and years of technology investment. So, you can’t suddenly say, “I’m going to swap these five different products and bring in one new vendor and consolidate.” It’s not as easy as it seems on paper.
Every time I speak with security technology vendors about a problem we’re trying to solve, they will always try and get me to go to the big picture – looking beyond my immediate problem and then attempt to oversell with all of their products, in addition to the one that I really need. While I understand the need to do this from the perspective of the security vendor, it may not always be possible for me to step up to that level. It could be because I don’t have the investment, or I don’t have the resources to buy the full suite – but I do have a problem right in front of me that needs to be solved.
When we were doing our zero-trust initiative one of our big observations is that there was not one vendor that could enable everything we need. For this particular project, there were five vendors that could enable it, four of which we already had investment in. Thus, this project became mostly about plugging these technologies together. While some organizations might try and build from the ground up, approaching the problem this way made getting started with our zero-trust initiative relatively quick – it was about a three-month effort to get our vendors to integrate and be up and running.
I think the opportunity for these vendors is to build with the mindset of integrating with other vendors from the start. If they architect their solutions that way, then it’ll be easier for consumers to purchase their technologies and get some value quickly. Then, if the vendor is doing a really good job, maybe there is an opportunity at some point, such as when the next renewal comes up, to swap out for more components from that vendor. Vendors need to realize they won’t ever be able to swap out the entire stack at once.
That is the reality of the situation. Security technology vendors may have a suite of products, but these components still need to be modular so they can be dropped in and integrated with other vendors’ products from the start. This is why I’m attracted to the work of the IDSA.