Everything is bigger in Texas and that was apparent when walking into the grandiose Gaylord Texan Resort and Convention Center for last week’s Gartner IAM Conference 2023. The new location and the size of the venue was needed for the 2,000+ attendees, which represented the largest Gartner IAM event to date. As an attendee and exhibitor, it was a very good conference for AppViewX and I would like to share some observations with you.
It’s always nice when you exhibit at a conference and you don’t have to deeply explain the problem or challenges that your solution solves. Identity and access management (IAM) professionals know PKI and the many use cases supported by digital certificates. We chose messaging for our booth that described exactly what we do and the strategy worked. Many attendees saw “Simplify Enterprise-Wide Certificate Lifecycle Management” in bold on our booth and immediately engaged in conversations starting with how do you do it.
Attendees from all sorts of vertical markets from healthcare to finance, government, manufacturing and others are all facing challenges with managing both public and private trust certificates in their environments. Additionally, as we talked about Google’s latest proposal for 90-day TLS certificate validity, many of the attendees engaging with us at our booth shared their concerns that there would be no way that they could effectively manage TLS certificates with how they are doing it today. The need for automation was an easy conversation in this case with many requesting post-event demos to see how AppViewX can help.
But, this wasn’t the only reason attendees were stopping by to talk with us. Gartner analysts have been talking about an identity-first security approach for Zero-Trust and this was one of the main themes throughout the conference sessions. There was a lot of discussion around identity convergence between human and machine identities which was a big part of the Identity Governance and Administration (IGA) presentations. In one IGA focused session, the leading Gartner analyst posed this question to a packed room of about 400 attendees. “Who in the audience believes they have a good handle on how you are managing machine identities?” A whopping dozen people (if that many) raised their hands.
It became obvious over the course of the conference that machine identity management is a major blind spot for most organizations. In many of the sessions I attended, machine identity management was front and center as an area that organizations need to get a handle on if they want to get to a true Zero-Trust security model. The recent Biden-Harris Administration’s National Cybersecurity Strategy also highlighted identity as the main driver for Zero-Trust. And, it was certainly not a coincidence that the Cybersecurity and Infrastructure Security Agency (CISA) together with the National Security Agency (NSA) chose to release its Identity and Access Management Recommended Best Practices Guide for Administrators during the Gartner IAM Conference.
As a result, myself and the AppViewX staff in attendance had many productive conversations about machine identity management with both attendees and Gartner analysts. PKI, digital certificates and SSH certificates and keys are a foundational element to providing strong machine identities for authentication, authorization and encryption. With machine identities greatly outnumbering human identities, the management challenge is real, especially in complex hybrid multi-cloud environments. On top of that, the scale and ephemeral nature of certificates for DevOps, Kubernetes and IoT amplify the problem as just getting visibility into where certificates are located is a task that most attendees stated is a real struggle. Once again, automating certificate lifecycle management is a must for discovering, inventorying and managing machine identities at scale to strengthen and ensure an organization’s security and risk posture.
For those of you who attended Gartner IAM and didn’t have a chance to talk to us or those reading this blog and interested in learning more about AppViewX and our solutions, we welcome you to reach out to set up a personal demo. Our AppViewX CERT+, automated certificate lifecycle management and PKI+, private PKI-as-a-Services (PKIaaS), products can get you on the path to machine identity management as part of your Identity Governance and Administration program.