What security pros can learn from space travel

NASA astronauts Bob Behnken (right) and Doug Hurley walk to the SpaceX Falcon 9 rocket at the Kennedy Space Center on May 30 in Cape Canaveral, Florida. The inaugural flight was the first manned mission for the U.S. since the end of the Space Shuttle program in 2011. Today’s columnist, Grady Summers of SailPoint, says security pros can learn a lot ...

Humans have always been fascinated with space travel, and that’s why more than 10 million people tuned in earlier this year via livestream to watch NASA and SpaceX launch astronauts Robert Behnken and Douglas Hurley to the International Space Station (ISS).

These two astronauts followed in the footsteps of others who have had the honor of traveling to the ISS, such as U.S. astronaut Scott Kelly, who writes about his experiences living in space for one year in his memoir, Endurance: My Year in Space, A Lifetime of Discovery.

Kelly mentions the word trust in his book more than a dozen times – and for good reason. When they're propelled into space at 25,000 miles-per-hour, the astronauts must have unwavering trust in their team. These astronauts place tremendous trust in their teammates, laying their lives on the line alongside one another to complete the mission.

The tech industry could learn a lot from these brave men and women. Astronauts put trust in their teammates, just as customers put their trust in cybersecurity tools to protect the critical data of their organization, customers, employees and other stakeholders. It may seem like a stretch relating a cosmic expedition to a cybersecurity product, but the tenants of trust in our industry: security, productivity and cost, are just as important for a company launching an identity software system that the business depends on to run more efficiently and securely.

A successful identity governance program helps organizations answer some critical questions: Who has access to what data? Who should have access? How are they using that access? The impact of a strong program happens instantaneously, and the benefits are threefold: security, productivity and cost:

  • Security. Many security incidents occur -- or their impact becomes worse -- because roles have been set up improperly. I've seen cases where the compromised identities belonged to employees who had been terminated months before the breach -- yet the accounts were never disabled. Or an employee's credentials were stolen, then used to access information that they never needed in their role, but they'd been granted overly generous permissions because it was easier at the time. In a well-run identity program, these risks are mitigated with automated access provisioning, role optimization and MI-aided access reviews. This way, the identity team knows at all times who throughout the organization has access to what, and whether that access is appropriate.
  • Productivity. When a new person starts a new role at a company, the company needs for them to hit the ground running. Good identity governance ensures this new person gets provisioned with all the correct assets and resources that they need to do their job from the start.  And, as they move within the organization, IT can tune and optimize access as their role at the company changes.
  • Cost. Organizations don’t want to pay for unnecessary assets, which is why they need to have the right people have access to the right resources at the right time. When entitlements (access request workflows, access assignments and reviews) are optimized for excess resources that are not utilized it lets companies reallocate budgets to growing the business.

The trifecta of security, productivity and cost are the basis for a strong identity program that businesses can put trust in. It’s the cornerstone of any security program, and crucial to mitigating risk from within to deter any malicious attacks from hackers.

When it’s time for Robert Behnken and Douglas Hurley to make their returns home, they’ll put trust in the technology that got them into space in the first place to get them home safely. They’ll trust that the engineering of their shuttle will protect them from the various elements of landing. When headed into space, trust rules over all else. The same for identity – users have to trust in the team and the technology that their business and personal data are secure.

Grady Summers, executive vice president of solutions and technology, SailPoint

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.