We are living in a ‘new frontier in identity governance’ which means that organisations need to be able to identify and manage the identities of not only people, but machines.
This is according to Ben Bulpett, EMEA identity platform director at SailPoint, who was speaking at ITWeb Security Summit 2019 this week.
“Typically, organisations have managed their employers, their contractors and partners, but in this new business world, where robotic processes carry out certain functions, these identities would also need to be managed,” he said.
“Otherwise, you leave the uncontrolled, non-managed with access to applications and data. The introduction of bots to the mix signals a new frontier in identity governance. Managing these new identities will absolutely be critical to organisations as we move forward.”
Bulpett said that as organisations embark upon their digital transformation journies, new identity governance platforms will have to be able not only to scale, but also have the ability to manage all types of users including digital identities. The term ‘digital identity’ will also need to be extended to ensure that all the access to company systems is protected.
“This has never been more strategically important to both enabling transformation, but to also protect us from cyber attacks and fraud,” he added.
This is because we are not only living in the fourth industrial revolution (4IR), but in a world where cyber crime is an extremely lucrative business.
“Cyber crime is currently estimated to be worth over $1.5 trillion. However the probability of being successfully prosecuted for a cyber crime is currently estimated to be 0.05% because the monies that are laundered from cyber crime through the electronic transfer systems are often practically untraceable.”
He said that if cybercrime were a country it would be the 13th biggest GDP in the world.
“In April 2019 alone, 1.3 billion records were breached. That brings the current 2019 total to 5.6 billion records released or breached onto the dark Web at an average of 1.5 billion records per month.
“So, having an end-to-end identity governance strategy that governs all users, all data, and all applications has never been more critical. That platform will need to be able to scale to a level that we've never experienced. It will need to know where our data resides, who has got access to it and what they're doing and it will need to do all of this in real time.”
The amount of data being processed and stored each day is fundamentally changing the way we need to approach identity governance platforms, he said.
“In 2016, we were generating 44 billion gigabytes of data per day. It is estimated by IDC that by 2025 we will be generating 463 billion gigabytes of data per day. Which is equivalent to almost 213 million DVDs of data per day. So any new identity governance platform is going to have to be able to scale at a level we've never experienced and at a rate you can only imagine.”
“We are in 4IR. The blurring of physical, digital and biological is happening and the growth of artificial intelligence (AI), the promise that robotic process automation (RPA) is giving things such as global supply chains and logistics is driving the second economic growth. But this is also seen by cyber criminals as being extremely lucrative and opportunistic as it provides yet another entry point into our organisations for both exploitation and threat,” he said.
Bulpett believes that if robotic processes were to go unnoticed, unchecked, and unmanaged, “the impact on the organisations could be significant and the impact on society could to be unimaginable”.
“It's forecasted that the Internet of things (IOT) will grow from the current estimated 8.5 billion devices to over 50 billion devices by 2020. That's effectively seven IOT devices for every human being on this planet. We need to look at IOT on a continuous spectrum and at the low end of the spectrum, you have the devices that are connected to the network and as you move up the spectrum, you have robotic processes or bots that are carrying out specific tasks for organisations and then at the upper end of the spectrum you have artificial intelligence with its ability to invoke and make change as is required,” he said.
“All IOT falls somewhere on the spectrum and as they move further up the spectrum from devices to robotic processes to AI, it results in increasing access to your applications and your data and consequently an increase in risk to your organisation.
“As organisations from a wide variety of industries pivot towards a technology-led strategy, soon the interaction between robotics and AI will become the hallmark of the modern workplace.”
Bulpett said it is estimated that 80% of all data that sits in file shares and network storage is currently unstructured, not managed, and not governed.
“We are seeing the future of how identity governance will need to evolve. It will have to have the ability to manage all data, unstructured and structured; all applications, on-premise or in the cloud; and all identities: employees, partners, contractors and robotic processes,” he concluded.
• Cyber crime is currently estimated to be worth over $1.5 trillion.
• If cyber crime were a country it would be 13th biggest GDP in the world
• The likelihood and probability of being successfully prosecuted for a cyber crime is currently estimated to be 0.05%.
• In April 2019 alone, 1.3 billion records were breached.
• In 2019 already a total of 5.6 billion records have been released or breached at an average of 1.5 billion records per month.
• In 1987 the cost of 1GB of data was $437 000. The cost of one gigabyte of data today is 3c
• In 2016, we were generating 44 billion GB of data per day. It is estimated by IDC that by 2025 we will be generating 463 billion GB of data per day. Which is equivalent to 212 957 364 DVDs of data per day.
• There are currently around 8.5 billion IOT devices on the planet and this is estimated to grow to over 50 billion devices by 2020. That is seven IOT devices for every human being on the planet.