For decades, identity management has played a major role in enterprise security.But SoMoClo changes it all: as cloud computing, mobile device access and social networking redefine the network boundary, identity is taking center stageThe walled fortress is done:The perimeter is no longer defined by your network and your definition of secure, non-secure, internal or external is irrelevant. With a fluid enterprise, users and the devices used to access your critical data are multiplying. Add virtualization, public, private and hybrid cloud environments to the mix, and you get a Volatile, Uncertain, Complex and Ambiguous (VUCA) network. With less physical control, it's not about securing what's behind your firewall, but securing what's beyond.Status quo not an option:Get identity right and you'll harness the power of these disruptive mega-trends for a competitive advantage. Get it wrong and entering this new world order will be painful, costly and potentially impossible.IDC shows 2010 IAM revenue at $3.7 billion and forecasts that the market will reach $5.5 billion by 2014. This is license and maintenance revenue only and is exclusive of managed service provider revenue (e.g., Accenture and Deloitte). Centrify also plays in the privileged identity management market; IDC sees this is a competitive market within IAM. PIM is critical to companies today as implementation drives the ability to monitor, track, and evaluate how access rights are being used deeper by focusing on the privileged user environment within an organization. PIM is projected to reach $425 million in software revenue by 2015.
Information risk management moves form the data center to the board room - Board room risk profiling will focus on information risk management and ways to connect strategy, risk management and policy directly to system level protection. - Most organization will be looking to implement guidelines similar to NIST SP 800-39 (Managing Information Security Risk Organization, Mission, and Information System View which provides framework for considering/implementing corpinforrmation security governance)Congress will enact more regulations to require enhanced controls - Bottom line: Threats will increase and regulation at State and Federal levels will become more stringent especially in the area of fines.Organizations will be required to tighten baseline controls and implement active monitoring - Outsourcing, the move to the cloud and shared environments will require locking down and tracking access to sensitive systems regardless of where they reside… - Some service providers are accepting risks that their clients are not fully aware of… organziations will need to have their own controls to secure access and track activity to manage their risk appetite while taking advantage of outsourcing, shared infrastructure economies of scale