By Stephen Cox
It is raining this week in San Francisco at the RSA Conference. Attendees have been running, armed with umbrellas, from Ubers and taxis to get to the show floor and the sessions they’ve registered to attend. To some, rain is a wonderful gift from nature, while to others it is a nuisance resulting in wet clothes and matted hair. As I’ve spent time with analysts and other attendees at this year’s event, I’ve picked up on several themes in the identity security space – and I can’t help but link the rainy weather to those themes.
Raining on the Other 20 Percent
As I conversed with these analysts and attendees, I came to the understanding that the reality of hybrid IT infrastructure and legacy systems is raining on the parade of the cloud-only IDAAS vendors. These vendors have focused on the easy 80 percent of installations, but have ignored that enterprise organizations have cloud, on-premises and hybrid environments. One analyst shared with me that these large players in the space are struggling to address this need – as they haven’t figured out a viable solution that can fit all of these models. What is needed – and what we offer – is flexibility of deployment with a single, easy to use interface. Whether you need cloud, on-premises, or a hybrid of both, we’ve got you covered.
Zero Trust: A Lightning Strike Moment
Zero Trust is experiencing a bit of a resurgence, coming dangerously close to reaching buzzword status. The reality is that it is a viable model that can be applied today. It has pros and cons, of course. A major pro is that as an IAM practitioner you get a shot at analyzing the vast majority of authentications that are happening within your environment. The major con is that you may be introducing too much friction to the environment, and you live with the fear that your users may revolt. It’s important to remember that we live in a different world today than we did when Zero Trust first hit the scene. The use of adaptive authentication, to only prompt users for additional factors if their risk profile is high, enhances the Zero Trust model very well. By applying adaptive, you have the ability to evaluate every user while not introducing a huge amount of friction to the end user. It is a match made in heaven and can help protect against the lightning strikes of breaches sparked by the misuse of credentials.
Passwordless is a Drizzle but a Flood will Come
It’s been my experience in recent months that some in the industry are resigned to the fact that passwords will never go away. There has been pervasive hesitancy and a growing skepticism regarding the adoption of passwordless technology. This should not be our mindset. The truth of the matter is that I spoke to several prospects that are actively seeking passwordless solutions and that the user experience involved with passwordless rings true with their users. Very few inventions in the information security world have had the unique quality of improving both security posture and user experience at the same time – but passwordless is one of them. It’s a technology that is possible today, and as more and more organizations adopt it, we’ll see the drizzle become a downpour. Eventually passwordless will flood the market and realize the promises of a passwordless future.
Join Us and Get Out of the Rain!
I’m excited to talk to more users, analysts and attendees here at RSA. As rain is expected both today and tomorrow, stop by the SecureAuth Lounge at TableTop Tap House on the corner of 4th and Howard to get out of the rain. Get some coffee (avoid the line at Starbucks) and speak with us about these trends and others on your mind. RSVP now!