One of the most fun things I get to do as the CISO at Ping is help organize Ping’s CISO Advisory Council. Earlier this year, Ping Identity assembled a CISO Advisory Council made up of 12 CISOs from a variety of industries (healthcare, financial services, technology, retail and more) designed to stay in tune with the challenges and opportunities impacting the modern CISO.
Our roster of members is impressive, and offers a broad range of industries and perspectives. A sampling of the participants includes:
- Frank Aiello, CISO for American Red Cross
- Diane Ball, CISO for BCBS Tennessee
- Chris Gullett, VP of Information Security for Allegiant Air
- Steve Martino, CISO for Cisco
- Sam Masiello, CISO for Gates Corporation
- Adrian Mayers, CISO for Vertafore
- Ben Mayrides, CISO for Cvent
- Stanton Meyer, CSO for CoBank
- Michael Strong, CISO for GCI
- Larry Whiteside, CISO for Greenway Health
In addition to advising on Ping’s product priorities and go-to-market strategy, council members helped created two papers to provide back out to concerned parties, to solve a couple of outstanding problems. This week I had the chance to sit down with Dave Bittner on the CyberWire Podcast to discuss these papers, and what’s next in identity security.
The first paper is 8 Things Your C-Suite Should Know About Identity. This paper is written for C-suite leaders outside of security and identity and access management (IAM), and is a tool for identity and security leaders to use to communicate the importance of IAM to larger business success. It speaks to the priorities of the C-suite. Some key takeaways include:
- Regardless of where identity reports (IT or security), to avoid security breaches, get your identity and security teams talking. They need to be working together closely to protect your organization.
- Identity is essential to digital transformation. Digital transformation is all about customer experience—knowing your customer is the core of what identity provides. It’s critical that marketing and business leaders are engaged with the identity strategy.
- When you’re thinking about identity, you should be thinking about your employees, customers AND partners. To compete globally, you need a plan for all three of these areas, and the plans are probably quite different.
The second paper is 7 Trends That Will Shape the Future of Identity, and is written for identity and security professionals. This paper is focused on the trends that will shape identity over the next few years and is meant to answer the question: What should we be learning about now to be relevant over the next decade?
- Passwordless Authentication, otherwise known as Zero Login. We are ingesting and creating signals that help us recognize when a user’s behavior is trustworthy, and additional authentication is unnecessary, versus when an action is high risk, or context has changed, and we need to see step-ups. Very soon, for the vast majority of everyday interactions, a password will never need to be entered.
- Behavioral Analytics and Machine Learning. We at Ping summarize this as intelligence. Intelligence can allow us to make better security, access, marketing, sales and other decisions. It can help organizations improve the user experience while maintaining a strong security posture, all while enabling companies to better accomplish their goals.
- Consent and Privacy. These are the other side of the intelligence coin. As we use customer data to make smarter choices, we need to adapt to the changing regulatory landscape, and provide customers the ability to opt in/opt out, and truly own data about themselves. This will be a difficult balance for years to come. Organizations that can best figure out how to give consumers real consent options while still providing high-quality services will be the winners in the next decade.
These papers are just the beginning for Ping’s CISO Advisory Council. I look forward to sharing more from this group in 2019 and working with these great security leaders to forge the new generation of identity security strategies and solutions.
To learn more about what’s next in identity security and hear my full interview with CyberWire’s Dave Bittner, listen to episode 696 of the The CyberWire Daily Podcast.