I’d say identity needs to be a huge investment. I don’t think we thought that way 20 years ago.
I think front and center now because everyone realizes there will be risks associated with it. So it needs to be a large part of security spending. It needs to be a core part of the business.
There are two major areas of identity. The workforce identity access management and CIAM, customer identity access management. There is some overlap between them, but some very different things need to be considered.
For the workforce, you want to ensure we talked about. You want to give users the best tools to authenticate securely, give them strong multi-factor authentication solutions, get them into the applications, and you want to monitor the access to the applications and ensure that you’re checking for any anomalies.
The user experience is not that critical for the workforce. Nobody’s going to quit over a bad logging experience at their employer. Maybe they are frustrated with their job or something, but they won’t quit.
You’ll lose business if you’re making your customers create a new account, a password with X number of special characters in it, and stuff just to register for buying some products from your new website.
That must be smooth and easy to do, but it must be very secure. So, you have a very different approach, and these things are always changing, and you can’t think like, oh, I’m going just to carve it out, and then I’m going to code this, and then I’m done.
It evolves, and there are new forms of authentication, and there are new attacks.
You should be using best practice tools for this stuff and solutions that enable you to change how you’re configuring and providing the user experience to the user.
It’s not all cemented in code, but once that code is all written, what happens when those developers leave your organization, and you need to bring new people in?
They don’t know the code base. There may be bugs you’re unaware of and everything. You should use hardened tools for these things that will give your business much more agility.