SaaS is eating the world even more than we think. Companies are dealing with SaaS sprawl: hundreds of apps distributed across different owners that store sensitive data and which are used to orchestrate critical business workflows. Security-minded teams are turning to external compliance frameworks to help protect their customers and data.
However, traditional identity governance controls have fallen short of delivering real security outcomes in this digital-first world. They’re missing a critical piece: automation. In this episode, ConductorOne’s CEO and Co-Founder, Alex Bovee joins Lisa Cook, the Governance and Practice lead at ISACA, on the ISACA HQ Podcast to discuss why we need to change the way we think about compliance and risk and what a security-led governance program could look like.
- A quick history of governance controls and why checking the boxes of compliance has been the priority
- How identity centric attacks and account takeovers are security issues, not compliance ones
- What the biggest challenges with modern governance and identity security are today
- The relationship between security and compliance
- What User Access Reviews are and why they are critical to security best practices
- Achieving both security and compliance goals through automation