Experts have been saying it for years: With so many workers now outside the corporate firewall, identity is the new perimeter.
But actually doing something about it? That is no small feat. Identities and permissions form a highly complex system, and the pitfalls are abundant.
Among the solution providers working on the front lines with customers on the issue is Johanna Baum, founder and CEO of S3 (Strategic Security Solutions). The consultancy focuses on identity and access management (IAM), identity governance and related areas, such as risk and compliance.
Far too often, Baum said, the tools that customers acquire to try to get a handle on identity issues just end up “doing bad things faster” for them.
When asked why they bought a certain tool, customers often reply that they did so to fix a certain problem, she recalled. “And we say, ‘Well, that’s not even your problem. You’ve got a completely different problem.’”
Other customers will tell S3, “‘We deployed this tool, but it doesn’t work,’” Baum said. “No, it works. It’s just not doing what you thought it was going to do because it’s the wrong problem.”
With the growth of hybrid and distributed workforces in recent years, hackers have increasingly been targeting identity credentials as the means to access a company‘s sensitive data. Misuse of identity credentials is by far the largest source of breaches, according to data from Verizon.
That’s where “identity as the new perimeter” enters in. Research firm MarketsandMarkets forecasts that the IAM market will grow by 91 percent by 2027 to $25.6 billion, while the firm predicts the identity governance and administration (IGA) market will reach $7.7 billion this year, more than doubling in size since 2018.
A Long, Lucrative Journey
Opportunities for solution providers in the space are surging, with customers increasingly recognizing the complexity of their identity issues, according to Mark McClain, founder and CEO of SailPoint, a widely used provider of IGA and other identity security tools that counts S3 among its partners.
“Identity is not a project, it’s a program. This isn’t something you finish and then you’re done,” McClain said in a recent interview with CRN. “You’re just going to continue to make progress and add and deepen.”
In that scenario, customers are seeking consulting and integration partners to assist them over the long term, he said.
“The attractiveness to us and our partners is when you get in with SailPoint, and you win that position of a consultant/ integrator, you have a long journey ahead with that customer that’s pretty lucrative,” McClain said. “You’re going to do a lot of work for a long time.”
The bottom line is that in identity security, customers “need a partner to help them make it work,” he said.
A Holistic View
At Alpharetta, Ga.-based S3, the predominant service that customers end up needing in identity security is help around crafting the right strategy, Baum said.
“The hardest thing for them to put together is, ‘How can I do this long term? What is my first step? What’s the second step? What does my one to three to five years look like?’” she said. “‘What should that security landscape evolution look like—for me—not just what I’ve read about in my new zero trust manual?’”
Ultimately, “we can come in and holistically look at the organization and what their operational goals are and then say, ‘Here’s how you protect [yourself],’” Baum said. “‘Here’s how we’re going to protect the most critical thing for you.’”