10 Takeaways from the 2024 Gartner IAM Summit UK

Insights from Roy Akerman, CEO of Rezonate

I had the privilege of attending the Gartner IAM Summit in London. The conference focused on one of the most critical aspects of our digital world: identity-first security. 

After having some time to reflect, I’d like to share ten key takeaways from the event. Let’s dive in!

Top 10 Takeaways from Gartner IAM Summit

  1. Focus on Prevention: Organizations are focusing on the preventative, “left-of-the-attack” side for good posture management. While identity governance solutions have made great strides in automating the management of access across the user lifecycle and in streamlining compliance efforts, the security problems for identity are still very much unsolved. Identity security posture management is coming into the spotlight as a way to prevent attacks and was repeatedly discussed in analyst sessions and by vendors in the Expo Hall.
  2. Assume a Breach: Organizations must be able to monitor external and privileged identities across all of their access journey (authentication, authorization, activities signals). They must also enable the SOC to receive the right alerts in the right context in order to assess, investigate, and respond to an identity-based attack. Having an end-to-end view across all access privileges, controls, and activities of an identity is critical to better security and resiliency. 
  3. Integrate ISPM and ITDR: In Henrique Bernardes B Teixeira’s insightful talk, “Improve Enterprise Resilience With Identity Hygiene, Security Posture Management, and ITDR,” he acknowledged the convergence of Identity Threat Detection and Response (ITDR) and Identity Security Posture Management (ISPM). The fusion of prevention strategies such as identity hygiene and ISPM (see takeaway #1) with proactive ITDR capabilities (see takeaway #2) exemplifies the merging of two critical domains in the fight against identity-based attacks. Learn how Rezonate handles both Identity Security Posture Management and Identity Threat Detection and Response.
  4. Access Management ≠Security: Organizations must move security from the IAM backlog to a well-defined program that goes beyond MFA. MFA will not save you from a breach; it’s just another hurdle we are adding to the stack. Conditional access with risk-based metrics is ideal. And until you get there, you need a way to harden privileged access, maintain least privilege, and monitor the identity and access infrastructure. See how Rezonate can help with secure access.
  5. Leverage ML and AI for Automation: Automation and AI are available to tackle identity hygiene efforts and to enforce adaptive access policies. Self-correcting IGA and machine learning can really play a much bigger role now in offloading the overburdened IAM teams. Machine learning will be the first to help, while generative AI will take a bit more time for teams to embrace it in the flow of identity security, but it’s coming!
  6. Prove Business Value: To make identity security a priority and to secure budget, IAM teams must align the outcomes of a strong identity-first security strategy to core business metrics. According to Rebecca Archambault, Sr Director Analyst, Gartner, organizations must “Identify your highest priority outcomes beyond ‘keeping the lights on’ by using outcome-driven metrics to elevate the IAM discussion.” Vendors must help customers with this and surface metrics in dashboards and reporting around key outcome-driven metrics such as overall risk reduction and threat coverage.
  7. Come Together and Consolidate Your IAM Security Play: There were many teams from both Security and Identity in attendance this year, proving that identity is not just its own bubble and has become a critical focus for CISOs. They want a better way to effectively protect identity, the #1 attack vector, and the attacker’s path of least resistance. By integrating Security and IAM perspectives and teams, organizations can achieve a balance between operational efficiency and security, effectively managing identities while safeguarding the identity attack surface against threats.
  8. Reduce IAM Debt: IAM debt results from neglecting identity and access management responsibilities over time, which can have devastating consequences. In a Technical Insights session by Nat Krishnan, Sr Director Analyst, he shared ways to reduce IAM technical debt. He warned, “Left unchecked, IAM technical debt will ensure that most of the work IAM teams do is unplanned.” One way to discover IAM debt is with an identity risk assessment. We offer this if you are curious, and it’s free. (Request one today!)
  9. Unify Your Identity Fabric: The identity fabric is an integrated and cohesive framework for managing digital identities across various systems, applications, and platforms within an organization. In “Identity Fabric—The Definition and Its Architecture,” Felix Gaehtgens, VP Analyst, offered guidance on this crucial concept. Although it’s more theoretical and conceptual in our minds, the fabric is being assembled by many teams across an enterprise. It’s about getting a holistic data model of all the identity data, policies, and controls into a single, comprehensive view, facilitating consistent, secure IAM.  
  10. Get Resilient: The account recovery process is the Achilles heel of every organization (i.e., MGM attack). With 75% of attacks being malware-less, emphasizing identity resilience and bolstering proactive security measures are imperative to safeguarding organizational assets. When Henrique polled the audience in one of his sessions: “Do You Believe Your IAM Infrastructure Is Prepared to Be Resilient?” Only 37% answered Yes. Identity and access management tools typically do not handle the “right of boom” side of identity security. The fusion of prevention strategies such as identity hygiene and security posture management with proactive threat detection and response exemplifies the merging of two critical domains in the fight against identity-based attacks. 

Get a Handle on Identity Security 

The Gartner IAM Summit 2024 provided invaluable insights and actionable strategies to navigate the evolving landscape of cybersecurity. As we embrace the convergence of prevention and detection/response strategies, let’s remain vigilant in safeguarding organizational assets and identities and adapt to prevent and mitigate emerging identity risks and threats in real time.

Whether you need help preventing and protecting yourself from identity risks or improving your ability to detect and respond to identity attacks, Rezonate is here to assist you. 

Request a demo, and let’s build a robust identity and access security strategy together.

Rezonate was recognized as a 2023 Gartner® Cool Vendor™ in Identity-First Security.  Learn More.