We recently sat down with Adam Bosnian, Identity Defined Security Alliance (IDSA) executive advisory board member and EVP of global business development at CyberArk, to discuss the importance of collaborative, identity-centric security and the evolving role of the CISO in the digital transformation age. Here’s a summary of what he had to say:
Can you describe how the threat landscape has changed and why a more holistic, identity-centric approach to security is necessary?
Today’s workplace looks nothing like it did 10, five, even two years ago. The rise of BYOD, cloud services and DevOps, coupled with an increasingly distributed workforce, has caused the network perimeter to essentially disappear. While threats posed by credential theft, privileged access misuse and identity compromise continue to surge, employees, remote vendors, customers and partners must all be able to access data and applications in real time to keep business moving. No longer can firewalls, anti-virus solutions or passwords be used in isolation to protect these highly dynamic enterprise environments. This new reality requires a shift in approach and more holistic strategies for protecting the new “identity perimeter” that focus on unifying and optimizing identity and security investments to strengthen visibility, detection and control. That’s where Identity Defined Security comes in.
A true identity-centric approach to security is grounded in three foundational components:
- Business disruption begins with privileged access, which is tied to human identities, application identities or machine identities. To protect your business, you must protect privilege.
- All aspects of cybersecurity must fundamentally work together if they are to achieve meaningful effectiveness.
- When integrated, security investments must create greater value for an organization than they do on their own.
There’s no one “silver bullet” solution or vendor that can fully address every cybersecurity challenge today and protecting against evolving cyber threats requires collaboration. The IDSA is playing a critical role in bringing the industry’s best resources and minds together as a unified team to help organizations accelerate their identity-first approaches and mitigate the risk of cyber attacks.
You talk a lot about cybersecurity as a team game. How can security and identity practitioners within organizations come together to drive down enterprise risk in the year ahead?
As organizations’ transformation efforts expand, there’s an acute need for stronger cross-team collaboration to effectively protect workforce identities. Never has a “team game approach” been so important.
The good news is that we’re already starting to see this shift. The IDSA’s most recent research shows that 92 percent of IT security leadership cares more about identity management now than in the past. And nearly all (99 percent) of security teams are currently involved in IAM activities. While this is encouraging, there is an opportunity to further align security teams with their IAM counterparts. For example, the same IDSA research reveals only 24 percent of IT security professionals characterize their teams’ awareness of their company’s identity strategy as “excellent.”
Collaboration requires strong, decisive leadership to bring security and IAM stakeholders on to the same page. It also means taking a hard look at existing processes and practices and clearly outlining who is in control of securing identities and responsible for creating, establishing and enforcing all aspects related to workforce IAM. It means involving the security from the start and working closely together on initiatives involving new identities. And further, it means leveraging tools that easily integrate with others, enable information sharing and can scale to meet future identity-centric security requirements.
Why should security practitioners consider joining the IDSA in 2020?
It has been energizing to watch IDSA membership grow over the past few years. We’ve welcomed a lot of new vendor members with their own fresh perspectives on today’s cybersecurity challenges. We’re also seeing a lot of excitement from security practitioners, which is great since their insights from the front lines are invaluable for building up the knowledge base we need to help organizations reduce risk and take on transformative technologies.
As the IDSA continues to grow, we need more practitioners to join our ranks and become evangelists for holistic, Identity Defined Security by sharing best practices and use cases, pinpointing areas that require simplified integrations and approaches and, ultimately, driving more collaborative innovation across our industry. It’s going to be an exciting year – now is the time to get involved!
How can Identity Defined Security approaches help practitioners advance their own careers?
Industry collaboration is absolutely essential – but it doesn’t end there. Understanding and implementing Identity Defined Security can help practitioners differentiate themselves. This is particularly true of those on the CISO career path.
Just as the modern, digital enterprise is quickly evolving, so too is the role of the CISO. Once relegated to analyzing organizational risk with a technical, myopic lens, CISOs were traditionally the “tool guys,” leaving identity-focused initiatives to the operations team. But, as debilitating cyber attacks made headline after headline and data protection became paramount, the role of the CISO was elevated. Instead of reporting to the CIO, many CISOs started reporting directly to the CEO. While technical foundations were still critical, many CISOs began getting business degrees and acquiring the skills needed to better communicate with their C-suite and board so that they could step up and take on a more strategic role in the business. Today, as organizations accelerate their digital transformation projects – migrating to the cloud, adopting SaaS and evolving their solutions with robotic process automation and DevOps – the role of the CISO continues to transform.
Tomorrow’s CISOs will not only need to speak the language of the business, but also align security with development and operations teams while maintaining velocity. They will need to become enablers – not disablers – of artificial intelligence, machine learning, blockchain, the IoT and more, while ensuring security and data privacy. This will require a holistic approach to security that places identity at the core. The CISOs of tomorrow are engaging with the IDSA today for guidance, implementation best practices and security controls to help chart their course. They’re learning from trailblazers like Adobe and LogRhythm who are validating this approach in their journeys toward digital transformation and zero trust. And the IDSA is here to help them. After all, empowering the next generation of CISOs and security leaders is really what Identity Defined Security is all about.
About the Author: Adam Bosnian, CyberArk EVP of Global Business Development and IDSA Executive Board Member. He has more than 20 years experience in early-mid stage software and hardware companies, with multiple venture rounds raised and direct involvement in successful IPO/M&A exits. At CyberArk, Bosnian is responsible for managing and expanding global strategic relationships with technology partners and brings a strong sales, marketing and strategy success track record to his business development role, having served in a range of sales and marketing executive roles with the company over the past 10 years. He holds a Bachelor of Science degree in Electrical Engineering from Worcester Polytechnic Institute where he graduated with Highest Honors.
