With industries deep into their digital transformation journeys, identity security is undergoing its own evolution — making it a fitting theme for this year's Navigate user conference. The role of professionals managing human and non-human identities within complex IT environments continues to expand in both scope and strategic importance. Over 3.5 days, SailPoint equipped cybersecurity professionals with tools and insights to operate more effectively in organizations that depend on them to prevent breaches.
Identity professionals face mounting challenges. One of the most frequently cited statistics throughout the keynotes, breakout sessions, expo discussions, and networking events was that 90% of organizations experienced an identity-related incident in the recent year. This sobering fact led to one of the conference's prominent catchphrases: "Why break in when you can just log in?"
The Growing Sophistication of Cyber Threats
The challenge highlights the formidable task identity security teams face in protecting enterprises from organized crime and adversarial nation-states. These threat actors appear to maintain an advantage, even two decades after their early schemes of luring victims to malicious sites with Viagra spam.
"The escalation in both the attacks and sophistication is growing dramatically, and these are the same people" behind those Viagra ads, said keynote speaker Dmitri Alperovitch, a Crowdstrike co-founder who now runs the Silverado Policy Accelerator think tank. "It's really remarkable because they were never arrested, they were never prosecuted, they were just allowed to grow, build relationships, build networks, and build technological expertise."
Alperovitch, author of World on the Brink: How America Can Beat China in the Race for the 21st Century, detailed how sophisticated cyber operations within Russia, Iran, China, and North Korea employ cyber gangs, government staff, and even U.S. citizens to gather intelligence, steal intellectual property, and finance military operations by exploiting vulnerabilities and bypass security controls in the identity chain.
These nation-states, facing difficulties recruiting adults who risk severe penalties for cybercrimes against the West, now target juveniles within their target countries to conduct social engineering attacks, sometimes through simple helpdesk calls. This underscores Alperovitch's key point: Nation-states no longer need sophisticated tactics like zero-day exploits; they just need to manipulate an unsuspecting human to gain coveted access.
Fortifying Enterprises Through Automation, Visibility, and Training
Beyond addressing malicious human agents, organizations must also minimize human errors. Market leaders like SailPoint continuously enhance their platforms and solutions with new features to prevent unauthorized access through phishing and other malicious tactics. Many of these capabilities leverage artificial intelligence (AI) to augment human efforts where they reach their limits.
During the conference, SailPoint announced several major product releases, including:
- A solution to manage the proliferation of machine identities that now outnumber human IDs
- Tools to improve productivity and accuracy by automating privilege assignment tasks
- A new system for analyzing available data to create snapshots of an organization's identity posture in real-time
These tools not only serve those on the frontlines of enterprise security but also demonstrate identity's business value across different departments. That also was a key theme among the many speakers, often in regulated industries, who’ve successfully implemented identity security programs.
Gartner Senior Director Analyst Rebecca Archambault emphasized in her keynote that to secure desired resources for identity and access management programs, identity leaders must communicate in business terms about organizational benefits. She noted that while executives may not care about technical features, they do care about a solution’s impact on the bottom line.
Major brands including ExxonMobil and Blue Cross Blue Shield shared how they leverage SailPoint solutions to prevent breaches and strengthen relationships with the C-suite. Each admitted it was not easy and instant and required a team of experts to guide the process. Each also emphasized how critical it is to maintain a strong cyber posture through identity hygiene — particularly following best practices around identity and access control — while connecting identity to business objectives to gain crucial executive support.
Scaling for Future Growth
Scalability emerged as a crucial theme for identity solutions. Beyond keeping pace with current business needs, solutions must prepare for exponential growth.
To help quantify this challenge, SailPoint partners with McKinsey on the Horizons of Identity Security report to assess identity maturity within organizations worldwide. Chief Marketing Officer Wendy Wu revealed key findings from the latest report, highlighting impressive progress among organizations that have advanced in their programs.
Building the Future Workforce
Navigate 2024 offered extensive training opportunities, including more than 80 breakout sessions and a full day of hands-on education. The all-day Developer Lab strengthened practical skills for hands-on problem-solving, while Identity University focused on on-premises, cloud, and hybrid solutions. These sessions allowed users to see concepts in action and maximize their ROI.
Addressing the global talent shortage, SailPoint prior to the conference announced a new credential program: a free, 4.5-hour online course for those interested in or new to identity security, aiming to attract more talent to the industry.
Lessons in Focus and Achievement
Navigate 2024 concluded with a fireside chat between SailPoint CEO and founder Mark McClain and Cole Hocker, who won gold in the 1500-Meter event at the Paris Summer Olympics through an impressive come-from-behind victory.
Hocker, 23, described his approach to goal-setting: documenting his intentions annually and maintaining focus on present efforts rather than the end result. He acknowledged that such dedication required sacrificing a conventional lifestyle for someone his age — and some selfishness with his time.
"You can be a jack-of-all-trades but a master of none," he said. "Of course, that has value, but if you truly want to be great at something, you have to give that 100%. That's easy to say, but 100% comes with sacrifices."
For managing the stress of intense competition, whether in athletics or cybersecurity, Hocker advised setting clear goals, breaking them into actionable items, and focusing on daily tasks — a strategy he credits for achieving major long-term success.
