The conversation began by discussing what “identity is the new perimeter” actually means from a practical standpoint, and the group very quickly agreed that managing access for various persons is key. For example, some noted that many members of the organization have administrative access—but perhaps some additional controls and security steps to go alongside that access could strengthen it. Beyond that, notion, the discussion evolved into one about culture. We have to find a way to explain to the members of our organizations that we are not punishing people or hindering their work—we simply need better ways of understanding who has access to which assets, and that the access is appropriate to their level and position.
The participants then transitioned the discussion to one about the digital transformation journey occurring across the world today in all organizations, no matter the industry. Companies are moving away from an on-premises data model with a “crunchy perimeter and soft interior,” to one in the digital realm and in the cloud, where hard perimeters no longer exist. It is now even more important to ensure access rules and controls are strong, consistent, and effective when critical data can be accessed in realms outside of physical control. Some of the participants were concerned that moving to strict and more regulated controls would be difficult and questioned the success of a Zero Trust model. However, a few of the discussion participants had successfully completed a transition to this model, which is encouraging not only to those at the table but to any of us who have not fully journeyed down that path yet.