Yesterday was the final day of CyberArk Impact 2022. The event ended on a high note—with insightful conversations and panel discussions from experts and individuals focused on identity security.
Life happens and that can have a ripple effect on an agenda like this—but thanks to technology the program was well received by the more than 1,500 attendees participating in-person and virtually. Robert Herjavec, one of the investors from the TV show “Shark Tank” and founder and CEO of Cyderes (a new brand formed by the merger of Herjavec Group and Fishtech Group) was unable to make it yesterday, so the fireside chat between him and Udi Mokady, founder, chairman, and CEO of CyberArk was bumped to today—with Herjavec streaming in from offsite.
Herjavec shared that he had recognized the importance and value of the identity protection space—and wanted his equity firm to invest in the space, but the team pushed back. Now, they are looking back at the past couple of years and regretting that they did not invest earlier. “Identity is and will continue to be the core of an online cloud-based strategy. Full stop. It is the underpinning of everything that will come later. Will there be better technology? Will there be better ways to authenticate? Yes. Maybe. Who knows? But identity is the underpinning of that,” declared Herjavec.
Mokady brought up the drive to digital transformation–and the issue of cyber debt that follows in its wake—and asked Herjavec for his perspective. Herjavec noted that there is a rush to enterprise migration and digital transformation, but that many organizations are failing to ensure identity and access management is addressed as part of that initiative. Herjavec stressed the importance of building a strong foundation before you can start forming the habits that will exist on top of it.
The exponential proliferation of privilege makes the issue more complex. Mokady pointed out that privileged access used to be easier to manage, but today that access might be for a DevOps engineer, for a cloud workload, or possibly for a machine identity. The rapid expansion of the technology landscape has vastly expanded the identity attack surface.
Identity Security in a New Threat Landscape
Following the Fireside Chat session, CyberArk Chief Strategy Officer Clarence Hinton took the stage to deliver his keynote, as well as lead a panel discussion with an esteemed group of experts. Hinton was joined by Rich Kneeley, managing director of cyber, risk, and regulatory, PwC, Damon McDougald, global digital identity lead, Accenture, and Andrew Morrison, principal at Deloitte & Touche LLP.
Hinton introduced the session, “We are talking about security. But we’re not just talking about national security—we’re talking about global security. We have adversaries everywhere attacking aggressively. That’s the context.”
He also highlighted that as organizations go through digital transformation there are more and more services and infrastructure available in the cloud, and there’s more power in the hands of developers. As Mokady and Herjavec discussed, though, the rush to digital transformation often comes at the expense of security—particularly Identity Security.
The panel discussed how defense has to shift over time as offensive tools and tactics change. One panelist described how a castle and moat were essentially impervious once upon a time, but the advent of gunpowder and cannonballs changed the equation and rendered castles essentially useless.
There were a lot of numbers mentioned related to the expanding attack surface. They said that users at an average employer have 30 accounts (which one panelist claimed seemed grossly low). They also talked about how there are currently about 45 machine or non-human identities to manage for every one human identity and noted that Gartner predicts we are on pace to reach 75 billion connected devices. All of that adds up to a vast and complex web of identities that need to be managed securely.
The panelists stressed, though, that everyone has to take responsibility for their own security. It gets a little complicated when you’re dealing with a multi or hybrid cloud environment, and navigating the roles within a shared responsibility model, but they all agreed that nobody is going to protect your data as well as you will.
How Cybersecurity Trends are Driving Today’s Organizations
The final session of the event was a discussion with a panel of CISOs and security leaders, led by Matt Cohen, chief operating officer for CyberArk. The panel consisted of John Iatonna, CISO, Spencer Stuart, Brian Miller, CISO, Healthfirst, and Laura Lang, senior director, Santander Bank.
Matt began by posing a question to Brian about the issue of identity sprawl and some of the challenges he is facing at Healthfirst when it comes to identity. He states that they are focused on looking at how they control identities—and what are the key components of the daily sprawl of privileged accounts.
“We started with that. We saw that as a choke point on the network. Everybody has to go through and escalate privilege to be able to do something bad on our network, so we started down that road,” explained Brian.
Laura noted the added challenge she faces because Santander is a bank. They need to secure customer financial and other sensitive data, while also meeting regulatory and compliance requirements. They also have to secure assets and protect identities with individuals accessing the environment from different regions around the world. “So it really becomes about strategizing. Do the right people have the right access for the right reasons at the right time. And do we have the audit trail to prove it to the regulators?”
Wrapping Up Impact 2022
The sessions today were all very informative and insightful. All in all, CyberArk packed a lot into the event. Between the announcements yesterday, and the conversations today, attendees gained insight into the importance of identity security, along with practical guidance for how to manage it more effectively. It was clear in listening to CyberArk’s customers, that its Identity Security Platform is a critical piece to securing their security infrastructure today and through the next ten years.
This statement from Cohen seems like a fitting summary of the CyberArk perspective for Impact 2022: “It’s our job to turn potential value into realized value. It’s our job to make sure that you get the first value as quickly as possible. It’s our job to actually create the relationship based upon recurring value. And ultimately, it’s our job to help you get to transformative value so that you can transform your enterprises without fear and move forward at the speed you need. Our commitment to you is an investment equally not just in technology, but also in customer success.”