How to Create an Identity Strategy - Part 3Assessing the Business Benefits of an Identity Strategy
In Part 3 of a three-part video series, CyberEdBoard member Andrew Abel, a cybersecurity and zero trust consultant, and Chase Cunningham, CSO at Ericom Software, describe the operational and business benefits of creating an identity strategy.
One of the key tenants of zero trust - a least-privilege approach to security that ensures that users, devices, applications and transactions are continually verified - is operational simplicity. Abel recommends that organizations build identity strategies around a standard operational life cycle of provisioning, access and controls, modification of existing roles, governance and suspension and offboarding of employees.
"Security should always be transparent and contextual," Abel says. "The user shouldn't even know they're being assessed continually or having security controls applied because it should never get in the way of doing what they were hired to do."
Proper planning is key to getting the most out of identity tools and will create numerous business benefits for the organization, he says.
"Find me a business that doesn’t want to reduce their risk or have more productivity or have more enabled users and be able to know what's going on and where it's going on within the organization," Cunningham says. "The value proposition for the approach is clearly evident."
In this video interview with Information Security Media Group, Abel and Cunningham discuss:
- Visualizing what human and nonhuman identities look like in an organizational context;
- The main operational benefits of an identity strategy to the organization;
- How to justify identity management projects by demonstrating the underlying business benefits.
Abel has over 25 years of experience in IT across a range of industries including finance, services, retail, resources and consulting. He has worked as a vendor and a customer in both Europe and Australia. Over the course of his career, he served in a variety of roles from support to administration, consulting and enterprise architecture, and IT and security strategy. He has deep expertise in zero trust planning and adoption with an emphasis on identity, devices and network controls.
Cunningham, aka the "Doctor of Zero Trust," shapes the strategic vision, road map and key partnerships at Ericom. He previously served as vice president and principal analyst at Forrester Research, providing strategic guidance on zero trust, artificial intelligence, machine learning and security architecture design for security leaders worldwide. Prior to Forrester, he was chief of cryptologic technologies at the U.S. National Security Agency, where he directed research and development of cyber entities to assess threat vectors, network forensics and methodologies of nefarious cyber actors across the intelligence enterprise.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.