The IAM Imperative: Lessons From the Gartner Identity & Access Management Summit 2021

Gartner, the global leader in research and advisory services for businesses worldwide, has held many identity and access management (IAM) summits—but never quite like this. In 2021, the virtual gathering carried a unique sense of momentum.

That’s because, after a year of unprecedented digital transformation, IT and security decision-makers understand that modernizing identity has become critical. They no longer need convincing. Now, they’re doing the work to find the solutions that will best serve their business and implementing them—immediately.

Okta has already been having these conversations with our customers, and we were delighted to discover like minds at the Gartner summit. During the event, we hosted a virtual booth and roundtable, where the discussion focused on the need for unification in identity and access management.

In fact, unification came up everywhere: it’s relevant enterprise- and customer-focused solutions, and across identity technologies—particularly identity governance and administration (IGA) and privileged access management (PAM). Here’s a look at what else we learned.

Integrating identity governance with yesterday’s tech stack—and tomorrow’s

Leaders have come to terms with the fact that they should have invested in identity yesterday, and are now facing the challenge of finding solutions that are both backward-compatible and future-proof. Many are looking to build identity governance and administration systems that will protect their information and their people—before, during, and after migration to the cloud and the modernization of their technology stack.

This isn’t surprising. IGA solutions ensure the right people get access to the right tools at the right time, which is what organizations require to stay secure. But decision-makers face the challenge of managing security in the midst of ongoing modernization initiatives. As they balance a mix of on-premises and cloud resources, they need solutions that cover the spectrum now—as well as what comes next. To serve the needs of transforming businesses, IGA must look ahead.

Gartner considers IGA one of the greatest investments organizations will make for their identity programs in the near future—but cautions it can be a risky deployment. IGA is complex, and when it involves too many different technologies, security gaps can arise. That’s why it pays to have a consistent, coordinated approach to identity, with a single cloud-based provider.

Granting access to resources without weakening security

Privileged access management (PAM) makes a valuable addition to a coordinated approach. Summit participants looking to reduce their attack surface and increase security within their organization recognized the central role of identity in this work.    

Traditionally, PAM solutions are known to be time-consuming, costly, and cumbersome, but that’s changing. Modern PAM takes an identity-centric approach, offering just-in-time, least-privileged access controls and assigning ephemeral credentials that are tied to specific identities. This mitigates the risk of credential sprawl, helping to ensure compliance; it also makes it a lot easier to audit user activity and apply security policies based on specific roles. As organizations continue to prioritize identity as a foundational element to security, PAM will be central to that work.

Consolidating customer identity for the better

The challenges of identity conflicts and fragmented identities were also top of mind for participants—particularly as they impact customer experiences. To clarify: identity conflicts are when multiple users are associated with the same digital identity. Meanwhile, fragmented identities occur when individual users have multiple digital identities scattered across numerous platforms and directories. Both pose risks—including the risk of customer dissatisfaction.

As part of a broader customer identity and access management strategy, identity proofing is no longer limited to onboarding processes. It should also factor into the way organizations assess risk and detect fraud. It’s increasingly necessary to establish and reestablish identity through dynamic risk and trust assessment. So how can organizations get a single view of all their customers?

Creating a single identity per customer enables the high-assurance continuous authentication necessary to protect against fraud. It also makes authentication much less intrusive, for a smoother customer experience.

“Identity is the ultimate attack surface, and thus the new control plane.”—Gartner

At Gartner’s identity summit, consolidation was something everyone could agree on. When organizations can share information across their IAM, IGA, and PAM technologies, they enable seamless end-to-end user experiences and enhance security. This is critical at a time when remote work and cloud migration are on the rise, along with spikes in credential-based attacks.

That’s why Okta recently announced new IGA and PAM offerings, set to roll out in early 2022. With a single, unified platform, organizations can bring together core identity issues and use cases in one centralized experience. This also grants them access to a wealth of data and insight to inform access decisions and strengthen compliance initiatives.

In a world of global workforces and distributed customers, all of whom demand seamless access to applications and information on their personal devices, identity has become tantamount to security. Okta is proud to provide solutions that bring them together.

Want to continue the conversation? Let’s talk about how we can connect the pieces of your identity and security strategy today, so you can strengthen your organization now and pave a foundation for future growth.