A Market Guide to ISPM
The Role of Data-Centric Identity Observability
The Cyber Hut has recently written a market guide to ISPM - with a focus on data-centric observability.
Further details and download is available here.
Introduction
Our most recent market guide has been released focused on the rise of identity security posture management (ISPM) and how a more data-centric role is maturing to deliver both risk reduction and a more preventative security posture.
Many identity governance and administration programmes often fall into “distress”. A community poll conducted by The Cyber Hut last year, identified 51% of respondents articulating that changes to business process being the main cause of this distress.
Tooling and workflows being too prescriptive was not “meeting the business” where it was, resulting in technology adoption issues and in turn slower return on investment as it pertained to access request and access review management.
Deployment time and connector issues are constant thorns in the side when it comes to IGA tooling. The more recent arrival of generative-AI capabilities is seemingly providing some relief with respect to faster system connectivity, API integration and getting systems on-boarded into these IGA platforms.
But the continual evolution of the IGA sub-components, driven by compliance and regulatory needs, has seen newer approaches to the improvement of identity data management. ISPM, continual compliance, identity vulnerability scanning and a broader focus on identity risk management has seen many organisations benefit from cleaning up more systems, across different deployment landscapes - and ultimately being more preventative.
Strategic IAM and Poor Data Assumptions
As identity and access management in general moves from being a purely operational and reactive set of capabilities, to one that strategically enables the business to be more productive, secure and revenue generating, there are numerous assumptions that relying systems start to make. Data, endpoint and network security systems assume that IAM is either available for integration or is able to provide assured data relating to assertions, verification and sessions.
This is not always the case - and as we move into an era dominated by non-human and agentic-AI focused identities, the quality of that identity data can become crucially important.
The impact on compliance, security and business agility can be significant. Through increased visibility, discovery of assets and improved observability organisations can strategically move towards working on a pre-breach model of security - and ultimately preventative in nature.
The guide reviews the key capabilities in this space, use cases and their benefits and how to measure success.
Further details and download is available here.