Gartner IAM Summit 2019 Recap: 4 Things That Everyone Was Talking About
It was busy in Vegas during this week’s Gartner IAM Summit. With every casino decked out for the holidays, the National Rodeo Finals (and the Cowboy Christmas Convention), and 2,000 Identity and Security superfans running around Caesar’s Palace, it was certainly an interesting (and lively) crowd.
In my new role as OneLogin’s CMO, I had the rare opportunity to actually attend sessions to learn and absorb all that I could about the Identity and Access Management space. And there is no better show than Gartner to get the unbiased POV on the market.
So, what were the top topics/themes at this year’s Summit? Let’s dive in!
1. We need better communication between technical teams and their line-of-business stakeholders.
Kicking off the conference was a keynote from Jeffrey Wheatman on how to be a better communicator, particularly when it comes to dialoguing with a non-technical audience. The session had great energy and the presenters even created their own skits (CISO v CMO, CISO v CFO, CISO v CEO) so you knew exactly how to approach a particular topic.
What were Jeffrey’s top four tips for better communication?
- Learn to speak business
- Create and tell powerful stories
- Focus on emotions and not on details
- Understand your business’ risk appetite
An important key takeaway was to stop speaking in acronyms that the business doesn’t understand, instead, talk about what your stakeholders care about—business outcomes.
Personally, I kind of wanted a session that touched on communication the other way—from business stakeholders to technical teams—but…that’s probably a different conference.
2. CARTA is King. And Queen.
Every session I attended talked about the importance of CARTA (Continuous Adaptive Risk and Trust Assessment). As Erik Wahlstrom showed in his session on evaluation criteria for Access Management solutions, CARTA sits across the buckets of Authentication, Authorization and Adaptive Access, Session Management, and Continuous Access.
CARTA is Gartner’s framework for a security and identity strategy that embraces the ever-changing dynamic of today’s digital users that are accessing information from multiple locations on multiple devices. Today’s organizations need to be smarter (because you better believe that your attackers are constantly looking for new in-roads) by leveraging technology like machine learning capabilities to make context-aware decisions based on the perceived risk of a given situation. AI models take into account user behavior, location, IP blacklisting, third-party data, and risk scores so companies can make more automated, on-demand decisions around security protocols.
3. End-User experience must be seamless—especially for CIAM
CIAM (Customer Identity and Access Management) was a hot topic at the Gartner event this year. Identity and Access Management vendors need to have capabilities in B2B, B2E, and B2C—and in B2C, the user experience is paramount to success. When you choose an IAM vendor, how do you balance the need for security and MFA with the user experience? If you ask for too many factors when a user logs in, how do you avoid irritating them? Because in the consumer world, more than in B2B, your customers are fleeting, and they are more than happy to use a competitor if your user experience at login is simply too hard.
The talk-track here was around leveraging more machine learning capabilities that can learn and automatically adapt based on user behavior and continuous session management (another hot popular talk track) for visibility.
4. Developers are becoming key buyers of IAM, so your chosen platform should fit their needs.
More and more developers are becoming either the key buyers of IAM or significant influencers in the purchase process. And developers want the flexibility to deploy IAM solutions in an agile environment close to the applications that they use every day.
In Erik Wahlstrom’s session, he mentioned the importance of delivering IAM solutions in containers for added flexibility. With containers, developer teams can deploy software in a modular, customized way that fits into their already developed workflows. Also critical to developers are API access, command-line access, and enhanced admin interfaces.
The conference is winding down and I have certainly learned a lot but I am definitely ready to leave Las Vegas and get back to (probably rainy) San Francisco!