Trends (and other things) Learned at the Gartner IAM Summit

Last week’s #GartnerIAM Summit was a great event – and has scaled up to 1200 attendees and 37 analysts this year. I personally took away a couple of key – and inter-related – trends from the multiple sessions I attended.  They were:

  1. The “death” of #LeastPrivilege over the next 5-6 years (more on that to come, with some important clarification), and
  2. The growth of “people-centric #IAM

These two trends are quite correlated, and both have to do with giving employees more default access to core company or organizational information, accompanied by a core level of trust that they respect that information and data and will do the right thing(s) with it.

Let’s look at the “death of least privilege.”  I have to say several colleagues and I were a little confused at first…not surprising given that Centrify is one of the leading vendors that supplies #PrivilegedIdentity management solutions.

Source: Gartner IAM Summit 2014
Source: Gartner IAM Summit 2014

But after talking with multiple analysts, as well as carefully listening to their explanations during the sessions, this trend + analysis became clear to me and gave me a strong and positive feeling that IT teams and organizations should move in this direction going forward.

In short, they are talking about *end users* – i.e. employees overall – not privileged IT users. And that organizations should, by default, provide employees with access to the wide majority of general information, data, etc., that’s available to enable them to do their daily jobs as impactfully as possible. This is in strong contrast to the thinking around employee access and privileges from 20+ years ago, when large quantities of business documents and processes could first be shared with all employees via early file sharing and intranet systems. This new direction and guidance aligns well with another trend discussed several times last week – people-centric IAM, which is a perspective around leveraging IAM to enable employees.

Source: Gartner IAM Summit 2014
Source: Gartner IAM Summit 2014

The net benefits? Several. Including much less cost and time needed to manage multiple privilege levels across wide groups of employees (i.e. basic end users). And broader empowerment of that general employee population…which will no doubt result in more rapid execution, broader innovation and generally higher job satisfaction.

But will *all* least privilege die that slow death by 2020? After asking that question to several analysts, the clear answer is “of course not.” When it comes to privileged users – e.g. server or database admins – the need for privileged user [or account, per #Gartner] management (PAM) has never been greater.

Source: Gartner IAM Summit 2014
Source: Gartner IAM Summit 2014

Drilling down on this, in one of their sessions two Gartner analysts described in detail both the need for deploying and using PAM solutions, as well as the best practices for doing so.

The session on managing privileged accounts drilled deeply into when and how to best use super user account management (SUPM), shared account password management (SAPM), and privileged session monitoring (PSM).

Top-level recommendations included minimizing the number of shared accounts regularly used, not allowing the sharing of passwords, and clearly demonstrating that your overall set of PAM tools makes things better in your IT and business environment.

In short – the Gartner IAM Summit was a very good investment of time (and ticket costs), whether you’re a relative newcomer to identity management and security, or a seasoned IT pro looking for solid futures and industry trends.