NTT Communications and IDSA develop global platform for cross-field data utilization

NTT Communications announced that beginning October 1 it will collaborate with the International Data Spaces Association (IDSA) in a demonstration test as the first phase of contributing to the development of a secure, global data-management platform that assures interoperability between data platforms built and managed in countries worldwide.

The test environment for sharing highly confidential data securely will include IDS Connectors, the core technology of GAIA-X, a federated data infrastructure for Europe, and NTT Com’s Things Cloud IoT platform and Smart Data Platform (SDPF)5, the later incorporating Data Trust policies.

The demonstration, in addition to assessing the practicality and operability of a new structure for appropriately controlling the access rights of each data based on related laws and contracts, will shed new light on the requirements, etc. of platforms designed for international data management.

The results are expected to lead to the establishment of global data management platforms that smoothly link local data platforms in countries across the globe.

In the demonstration, a test environment will be built to test various cases of international data sharing, such as remote monitoring of machines overseas, etc., to verify the practicality and operability of data sharing.

Initially, in collaboration with the NTT Software Innovation Center, IDS Connector and SDPF will be deployed in a test environment in Japan to test system interoperability and the management of specific data-usage rights.

The test environment in Japan will then be connected to IDSA’s test environment in Germany and a separate test environment at the Swiss nonprofit Switzerland Innovation Park Biel/Bienne to test the system’s practicality and operability in controlling data access rights internationally via NTT Com’s networks.

Thereafter, NTT Com will proceed with further verification and testing by applying the current test’s findings in a test operation environment (test bed), aiming to verify the interoperability of various hardware and software using the IDS Connector.

The new global data management platform will be jointly developed by Japanese and overseas companies and organizations. At the same time, NTT Com will determine concrete requirements for the platform together with various organizations and companies active in Japan and overseas, including the Robot Revolution & Industrial IoT Initiative.

Going forward, NTT Com hopes to support the formulation of basic specifications through public-private-academic collaboration. Ultimately, NTT Com aims to contribute to the realization of a smart world by developing and providing a platform for broad sharing and usage of data in wide-ranging fields worldwide.

Technologies for IoT, artificial intelligence and data utilization are increasingly being applied in diverse fields, including manufacturing, logistics, transportation, medical care, energy, cities and government.

To facilitate advanced, multipurposed data use, systems are needed to ensure the safe, reliable exchange of data among industries, businesses and countries. Simultaneously, the rights of data providers and users must be protected and observed by managing when, where, who, why and under what conditions specific data can be used.

Currently, legal systems and technologies are being developed worldwide to create such data infrastructure. Eventually, data exchange in international business may require compliance with data-infrastructure specifications according to the laws and regulations of relevant countries.

Identity-related breaches on the rise, prevention still a work in progress

The number of workforce identities in the enterprise is growing dramatically, largely driven by DevOps, automation, and an increase in enterprise connected devices, which will only continue to accelerate identity growth, an IDSA survey of 502 IT security and identity decision makers reveals.

identity-related breaches

At the same time, compromised identities remain one of the leading causes of a data breach. According to the study, the vast majority of IT security and identity professionals have experienced an identity-related breach at their company within the past two years, with nearly all of them reporting that they believe these breaches were preventable.

“When approaching identity security, professionals must first consider a range of desired outcomes, or results they want to achieve, and then chart their paths accordingly,” said Julie Smith, executive director of the IDSA.

“According to security and identity professionals, these outcomes are still a work in progress, with less than half reporting that they have fully implemented any of the identity-related security outcomes that the IDSA has initially identified as critical to reducing the risk of a breach. In fact, the research shows a clear correlation between a focus on identity-centric security outcomes and lower breach levels.”

Identity-related breaches are ubiquitous

  • 94% have had an identity-related breach at some point
  • 79% have had an identity-related breach within the past two years
  • 66% say phishing is the most common cause of identity-related breaches
  • 99% believe their identity-related breaches were preventable

Identity security is a work in progress

  • Most identity-related security outcomes are still in progress or planning stages
  • Less than half have fully implemented key identity-related security outcomes
  • 71% have made organizational changes to the ownership of identity management

Forward-thinking companies are showing results

  • Forward-thinking companies are much more likely to have fully implemented key identity-related security outcomes
  • Only 34% of companies with a “forward-thinking” security culture have had an identity-related breach in the past year — far fewer than the 59% of companies with a “reactive” security culture

Saviynt joins the IDSA, helps orgs mitigate risk and achieve regulatory and compliance goals

Saviynt, ranked in the top third of Inc. Magazine’s 5000 fastest growing US companies and a thought leader in converging Identity Governance and Cloud Privileged Access Management solutions, is pleased to announce it has joined the Identity Defined Security Alliance (IDSA) and will participate in forums and events in 2020.

“Saviynt is excited to join the IDSA, helping organizations mitigate risk and achieve their regulatory and compliance goals,” stated Nabeel Nizar, Saviynt’s Senior Vice-President of Products and Solutions.

“Our Identity 3.0 vision drives innovation to help organizations attain greater visibility and near real-time security responsiveness through the holistic convergence of identity governance, application GRC, and privileged access management.

“Using automation and consistent enforcement of security and compliance objectives across multi-cloud, multi-channel and critical hybrid IT assets, we evolve Identity to support cloud-first and digital transformation initiatives.”

The IDSA, a group of identity and security vendors, solution providers, and practitioners, acts as an independent source of education and information on identity-centric security strategies.

Saviynt brings to IDSA its expertise in developing a cloud-native industry-leading Identity Governance and Administration platform and the in-depth, user-centric understanding of Identity which helps organizations pro-actively address compliance and reduce risk through visibility and intelligent analytics.

“Our involvement with IDSA allows Saviynt to collaborate with alliance members to build smarter security, maximize identity, and drive great results for customers,” said Chris Gregory, Vice President of Channel Operations and Development, Saviynt. “IDSA is a perfect avenue for us to continue educating and building awareness for our converged IGA platform.”

“As our latest survey validates, organizations are dealing with an explosion of identities. Concern abounds that without strong IAM practices they face significant risk,” said Julie Smith, executive director of the Identity Defined Security Alliance.

“I’m glad to welcome Saviynt to the Alliance, bringing a new voice to our efforts to help organizations not only with identity-centric technology strategies but also with closing the gap between identity and security teams.”

How identity is addressed by enterprise IT security teams

The majority of companies have experienced a five-fold increase in the number of workforce identities, which are being driven primarily by mobile and cloud technology. Encouragingly, one-hundred percent of IT security stakeholders report that a lack of strong IAM practices introduces security risk, an IDSA survey reveals.

IAM practices

Strong IAM practices

Security leadership also cares “much more” about IAM now than ever before, with importance anticipated to continue to increase over the next five years. Despite growth, and an apparent understanding of risk, only half of IT security professionals state that the security team has any level of ownership for workforce IAM. What’s more, less than one in four IT security professionals say their teams have “excellent” awareness of their company’s identity strategy.

“With the majority of today’s breaches tied to compromised credentials and the number of credentials skyrocketing, IAM is a critical and complex issue that spans many organizational teams, requiring a strategy around people, processes and technology,” said Julie Smith, executive director of the IDSA.

“The findings highlight that addressing identity security through integrated technologies is only one piece of the puzzle. Without collaboration amongst all stakeholders and a clear understanding of responsibilities and handoff points, identity incurs greater risk.”

“As businesses embrace new technologies and expand their workforce, the reality of managing identities is seemingly growing more complex by the day. Awareness of the impact IAM has on security posture has grown as well, as an increasing number of data breaches are tied to stolen identities,” said Den Jones, director of enterprise security for Adobe.

“However, as the data shows, IAM efforts face several organizational challenges as companies grapple with who should take the lead. With the number of identities growing, organizations of all sizes should examine how identity management fits into their security strategy, and eliminate any silos between teams that increase risk or slow the pace of the digital transformation of the business.”

Modern technologies are driving explosive growth of identities

  • 52% say that identities have grown more than five-fold in the past 10 years
  • The increase in identities is driven primarily by technology changes, such as mobile devices (76%)
  • Other identity growth factors include a mix of more employees (57%), connected employees (66%), enterprise connected devices (60%), and cloud applications (59%)

Identities are increasingly important to corporate security

  • 100% report a lack of strong IAM practices introduces security risk
  • 92% say security leadership cares more about identity management now than in the past
  • Security teams are worried about a range of potential identity-related security incidents, including phishing (83%), social engineering (70%), compromised privileged identities (64%), and more

IAM practices

Identity security efforts lack alignment

  • While security is involved in IAM activities (99%), only 24% say their security team has “excellent” awareness of IAM
  • A wide range of organizational issues prevent security from engaging with workforce IAM, including lack of alignment of goals (33%), reporting structure (30%), history of security not being involved (30%), and resistance from existing teams (24%)
  • Budget ownership issues (40%) are cited as the top reason for not spending more on workforce IAM

Incomplete security ownership for identities has consequences

  • Only half (53%) report that security has any level of ownership for workforce IAM
  • When security teams have ownership of IAM they have better understanding of identities, are more likely to view IAM leadership as a career opportunity, and face fewer barriers to IAM involvement