The cybersecurity industry is going mainstream. Shows like CSI: Cyber, Mr. Robot, The Girl with the Dragon Tattoo, IT crowd and NCIS to name a few focus solely on cybersecurity or are using it as an exciting new investigative resource. The television and film industry have long been a tool to launch public popularity and awareness. Hollywood is portraying cybersecurity as an action packed, engaging and provocative industry. It’s also the battle between good and evil, which is a tried and true storytelling and hit making methodology. Now, whether they portray it accurately is up for discussion.
A guest speaker from Gartner’s IAM Summit in London, Misha Glenny, discussed this exact topic. What can the cybersecurity industry learn from cybercriminals? He raises a good question. Cybersecurity professionals need to understand their opponents when developing the technology to combat the dark side. Mr. Glenny has interviewed numerous hackers to understand what makes them tick, what they target and how they do it. It isn’t about fearmongering, but a valuable reminder that as people do more online (bank, shop, work…etc.) security must adapt. It’s also rings true for enterprise security. You might be thinking, how does that relate to an identity and access management summit? Professional and personal digital interactions are bleeding together. While it brings more convenience, it also means greater threats and responsibility. This crossroads is where identity and access management (IAM) can play an extensive role in the narrative.
Consumer and enterprise security are converging in part due to the growth of the Internet of Things (IoT). According to Gartner, to address security compromises in the IoT associated costs will increase to 20% of all annual security budgets by 2020. This is also spurring another major trend discussed at the conference coined as the ‘consumerization of IT.’ IAM technologies are poised to enable much of the security behind IoT, therefore impacting enterprises and users. But how does it need to evolve to meet the market growth?
The principles of user experience (UX) are a good starting point. “If you build it they will come” does not apply here. Security by design must be user-centric to ensure it’s used. Analyzing and incorporating current digital behavior of both enterprise and personal users will be imperative. People (and CSOs) don’t want to think about complex security solutions. Instead, they want something that is simple, fun and easy to use, intuitive and can be done in just a few clicks. Putting the user experience at the forefront of the security journey avoids issues like user fatigue and/or risky behavior.
Education is also important and Hollywood, as Micha Glenny mentions, is helping acclimate people to what is at risk and how to be ‘cyber-lly’ responsible. Mobile authentication, biometrics, blockchain and behavioral analytics will become big players in the IAM space. Empowering the user to manage their security and privacy across all their digital transactions is a strategic move in the cyber-battle of good versus evil.
A digital native and cybersecurity professional myself, I understand the benefits mainstream media and Hollywood offer in educating the public on security and privacy. Again, especially crucial as the Internet of Things (IoT) becomes more of a reality and a larger part of our daily lives.
When you are ready to learn more about how other CSOs are looking at the IAM market, check out this Identity Access Management survey of IT professionals.