Over the last few months, our CEO interacted with many CISOs and industry leaders who lead multiple identity management initiatives. Here are a few key lessons from their journey to building enterprise wide Identity Management programs.
- Machine Identity is Important:As organizations move to the cloud,machine identity becomes critical and should be managed with least privileges. Successful CISOs evaluate risk across different attributes before ascribing roles to machine identities
- Process Trounces Technology:We often hear people, process and technology need to work in unison for any transformation. CISO who took time to clearly define their identity management processes achieved greater success than those who went into the implementation.
- Don’t Boil the Ocean: A typical enterprise will have hundreds of assets spread between cloud and on-premise. Successful CISOs draws a line in evaluating tools against the business impact. Successful CISOs don’t want a product with a long tail of features that only impacts 20% of the business.
- Lifecycle Management Comes Second: Entitlement Management and Lifecycle management requires definition of roles and permission across the entire workforce. It is complicated and takes time. Progressive enterprises are automating access reviews before working on identity lifecycle management.
- Customization versus ConfigurationTrap:Many of the CISOs during implementation discover that the product does not have all the functions or features they need. Security professionals need rapid on-boarding through simple configurations changes, not customizations.
- User Adoption:Success of any identity management software requires user adoption. CISOs are recognizing the value of having an enterprise software that is easy to use and inherently less complicated.
