By Sean Martin
During RSA Conference 2019 in San Francisco, Sean Martin sat down with Rod Simmons, Vice President of Product Strategy for Active Directory at STEALTHbits Technologies, to get his thoughts and insights into the current state of the Identity and Access Management space through the lens of both the conference sessions and sprawling expo hall(s).
These are some of the topics discussed:
The conversations that InfoSec practitioners are having are very insightful. There’s a lot of thought going into cybersecurity, but Rod — and their guest presenter in their booth, Paula Januszkiewicz, CEO of CQURE — finds that while some people understand what’s going on, others still find it hard to grasp the challenges and methods required to address those problems at the technical level. There’s work to do here.
Third-party risk management seemed to be a hot topic discussed by both vendors and practitioners. It’s becoming more and more clear that third-party partners are a threat conduit into an organization — even if the organization itself seems to have their own act in order.
The cloud continues to be a topic of discussion, but Rod doesn’t see mass migrations of workloads to the cloud. A common mantra “we can still do it cheaper on prem” is one that Rod has heard on many occasions. In the cases where some small workloads are being moved, it’s because of the operational security benefits they get from the move, and not the finance end of things.
User behavior analytics is also a topic of interest for many in this space. It seems that the industry has done a good job raising awareness for the need to move beyond static rule sets though “UBA and Machine Learning” checkboxes included in pretty much every RFI (request for information). However, customers are becoming more savvy and are now looking beyond the checkbox to put vendors on the spot, asking questions such as “How does your ML work?”, “Can you describe the models you’ve built?” and “How did you build those models?”