Mark Diodati

Vice President, Gartner Research

Q: What’s the biggest challenge IAM leaders are facing as we head into a new decade?

It’s to keep up with the acceleration of change. We transitioned from the Industrial Age to the Information Age to the Transformational Age. The Transformational Age represents a velocity of change unseen in human history. For the IAM professional, the acceleration moves in three dimensions: the move to hybrid, multicloud architectures; the opening of business IT to customers; and movement of IAM tools toward artificial intelligence (AI) and machine learning. This is exponential change. IAM practitioners and leaders are fundamentally struggling with how to pursue IAM in an era where change is a constant in a way it’s never been before.

The movement toward multidiscipline platforms like Azure, ServiceNow, Workday, Salesforce or AWS represents a re-engineering of traditional IT. How do you actually begin to thrive and succeed in this era of change? How do you simultaneously protect the business from an ever-dynamic set of threats while broadening customer access? IAM leaders need new, innovative ways to stay on top of these challenges.

IAM is now at the very core of the business. Everything you do in the business is governed by who you are. We can’t enable the business to function without IAM, and we also have to secure its assets with IAM. Every aspect of your business depends on being successful with IAM.

Q: What specific technology changes are rocking IAM right now?

The explosion of machine learning and AI has had a significant impact on how we authenticate users, determine their access, and how we detect fraud. When you can use AI and ML to reduce user friction while reducing management complexity, that’s a big win.

Organizations moving toward IaaS is another big change, because providing IAM in this environment is so complex and proprietary. And all of the IaaS platforms are evolving rapidly as we speak. And they don’t have all the IAM pieces in place yet. Far from it. Some providers are good in one area, others good in another, but none of them cover all the aspects of IAM that need to be covered. These gaps in IAM and the radical changes in the products make it very complicated to move forward.

Then there’s the almost ubiquitous adoption of Office 365 — about 80% of our clients are using it — which has hit the organization in two different waves. The first wave was the movement to Exchange Online for cost reduction and administrative simplification. And that wave is still in play. The current wave is the adoption of Microsoft Teams, which changes the way many organizations collaborate.

The rise of DevOps is another change. IAM has to become much more flexible to function under this paradigm, and that’s very different than traditional IAM. And then there’s blockchain and its impact on sovereign identity or self-defined identity, which will change the IAM landscape significantly.

Finally, we are seeing the rapid advancement of multifactor authentication (MFA) technologies. For most organizations, MFA is required to protect against information breaches and denial of service attacks. The combination of AI/ML and passwordless authentication are changing the way organizations are protecting themselves.

Q: What issues should senior IT leaders and those crafting enterprise-wide IAM strategies be thinking about these days?

Four strategic topics come to mind. Merger and acquisition (M&A) activities pose a large challenge. How do you quickly and effectively integrate a completely new organization into your business? How do you do that at scale and the velocity that the business demands? There is also the inevitable movement to hybrid, multicloud architectures, which is transforming the way that IAM must work. For most organizations, Office 365 (specifically Teams) requires at least some decentralization of data protection.

Privileged access management (PAM) is another aspect of IAM that takes on new dimensions every year. Users who have high privilege can breach all of your data, delete data or orchestrate a DOS attack. How do you deliver IAM that lets your organization be agile while still protecting against PAM vulnerabilities? IAM is changing so quickly, it’s critical that IAM leaders stay as current as possible on new tools, threats and strategies.

Q: You say IAM is at the core of the business. Why is it so critical to business success now?

If you don’t have a sound IAM strategy, you aren’t keeping up with the speed of the business, and you are exposing it breaches and denial of service attacks. It’s absolutely core and fundamental to business success today, especially as consumers begin to demand deeper access into the organization for customization and other interactions. IAM is critical in building the trust relationships that drive business growth and success in a digital world. It’s also essential to driving employee engagement, giving employees the freedom to do their jobs with ease.

We’ll be covering the breadth of today’s IAM challenges with recommended new best practices, effective new strategies, new technologies and new case studies in leading-edge IAM at Gartner Identity & Access Management Summit 2019, December 10 – 12, in Las Vegas, NV, where this year’s theme is “IAM: The Core of Your Business in the Transformative Age.” If IAM is your business, this conference is well worth your time. I look forward to seeing you there.