I’ve been writing about the enterprise for a long time, and back in the day when I was covering content management, there was forever talk about busting down content silos and putting the content to work across the company. It was a nice idea, but in practice it rarely happens.
What I learned this week, as I attended the Cloud Identity Summit in San Diego, was that identity was also stuck in a silo, separated and isolated, even from its close cousin security.
We still have a long way to go to get departments and disciplines within companies moving in the same direction.
Trying To Make A Cultural Shift
Certainly, Ping Identity CEO Andre Durand who has been at this for over a decade understands, security and identity have to find their way together and he is at least talking the talk. “Security and identity have been different worlds, different groups of people, but with the same mission,” he said.
“We are trying to drive security through identity.” It was his way of saying, we need to bring this together into a common quest, but it wasn’t clear we are anywhere close to making that happen.
It’s a worthy goal of course, and Durand is on the right track, but as one attendee pointed out to me: “Where are the security guys? They’re not here.” He was right too. The entire conference was dominated by people who are deeply immersed in identity, and that could be a problem because none of this exists in isolation.
It’s the expert silo problem. People have their areas of expertise and they talk to folks who have a similar way of thinking. It tends to make for self-fulfilling prophecies. We all talk the same language and believe the same things, so we must be right.
Yet it’s also hard to miss that here we are in 2015 with breach after breach. Not every one of them is driven by identity theft, but hackers often work with malware, social engineering and other techniques to steal credentials, then simply walk through the front door of the network and wreak havoc. Security and identity are clearly closely linked problems, yet the groups tend to work separately inside large companies — and the network folks are a separate group altogether.
Resource Allocation Problems
The problem of course of having a single view of the universe as people tend to have at conferences like this, is that after listening for several days, you would think that, this is the center of the enterprise world. Everything will go much more smoothly if we just take care of identity or content management or whatever the topic happens to be, but that’s not the way companies work of course.
What you have in reality is a political budgetary process where everyone is vying for a finite pool of resources. When we set departments off against one another, I suppose we shouldn’t be surprised when they aren’t working together for the common company good.
Executives like the CEO, CIO and CISO are supposed to pull this together into a set of company goals and define the enterprise common good, but in reality, it tends to be much more fragmented and it’s tough to convince the C suite that in fact identity and security are worthy of significant investment, more so than say marketing, sales or product development.
As one participant told me, if you suggest that the identity system needs fixing, you are risking the wrath of the CEO who might be wondering what he or she has been spending money on all these years. You would like to think that executives understand that the security and identity are two sides of the same coin, and they are a forever shifting target in a game of security chess between white hats and black hats, good and ill, but executives with lots of constituencies to satisfy might not be so magnanimous.
That unfortunately leaves us with political wrangling and that means siloed behavior. I would like to think that every executive knows that the problems and solutions are linked across multiple disciplines. You cannot look at the organizational chart as a set of individual departments operating separately, but as an interwoven and linked group of people all working for the good of the company.
I would like to think that, but in reality the silo problem persists and it’s up to forward-thinking executives (and vendors) to find ways to tear them down and get everyone pushing in the same direction — whether we are talking identity, security or any piece that’s intertwined in the company mission.
Regrettably, we aren’t anywhere close to that vision yet.