Security threats are everywhere — so what is the appropriate response, given that you can’t block everything? One approach: Focus on user identity. According to Mike Denning, General Manager of the Security Customer Solutions Unit at CA Technology, enterprises need to understand who their users are if they want to provide real security.
Denning delivered a keynote address yesterday at the RSA security conference in San Francisco, which he later discussed in an interview with InternetNews.com. Denning’s view is that IT security professionals need to move to a proactive user-centric approach that enables businesses to do more, rather than block more.
“I talk to a lot of CISOs and they tell me that identity has become the final audit and control point,” Denning told InternetNews.com. “Data doesn’t live inside the firewall anymore, it lives out there in the cloud.”
Given that data that can exist in places where an enterprise doesn’t directly control access, it is more essential then ever to provide authoritative security. According to Denning, the best way to do that is by controlling access to information through secure authentication of each individual that is accessing the data.
The idea of a world in which identity is federated across disparate heterogeneous systems is one that still has a few challenges though.
“It is a possibility, but it’s clearly not the reality today, but we are definitely chasing it,” Denning said.