Skip to content
Advertisements

Posts from the ‘Cloud Computing’ Category

10 Charts That Will Change Your Perspective Of AI In Marketing

  • Top-performing companies are more than twice as likely to be using AI for marketing (28% vs. 12%) according to Adobe’s latest Digital Intelligence Briefing.
  • Retailers are investing $5.9B this year in AI-based marketing and customer service solutions to improve shoppers’ buying experiences according to IDC.
  • Financial Services marketers lead all other industries in AI application adoption, with 37% currently using them today.
  • Sales and Marketing teams most often collaborate using Configure-Price-Quote (CPQ) and Marketing Automation AI-based applications, with sales leaders predicting AI adoption will increase 155% across sales teams in two years.

Artificial Intelligence enables marketers to understand sales cycles better, correlating their strategies and spending to sales results. AI-driven insights are also helping to break down data silos so marketing and sales can collaborate more on deals. Marketing is more analytics and quant-driven than ever before with the best CMOs knowing which metrics and KPIs to track and why they fluctuate.

The bottom line is that machine learning and AI are the technologies CMOs and their teams need to excel today. The best CMOs balance the quant-intensive nature of running marketing with qualitative factors that make a company’s brand and customer experience unique. With greater insight into how prospects make decisions when, where, and how to buy, CMOs are bringing a new level of intensity into driving outcomes. An example of this can be seen from the recent Forbes Insights and Quantcast research, Lessons of 21st-Century Brands Modern Brands & AI Report (17 pp., PDF, free, opt-in). The study found that AI enables marketers to increase sales (52%), increase in customer retention (51%), and succeed at new product launches (49%). AI is making solid contributions to improving lead quality, persona development, segmentation, pricing, and service.

The following ten charts provide insights into how AI is transforming marketing:

  • 21% of sales leaders rely on AI-based applications today, with the majority collaborating with marketing teams sharing these applications. Sales leaders predict that their use of AI will increase 155% in the next two years. Sales leaders predict AI will reach critical mass by 2020 when 54% expect to be using these technologies. Marketing and sales are relying on AI-based marketing automation, configure-price-quote (CPQ), and intelligent selling systems to increase revenue and profit growth significantly in the next two years. Source: Salesforce Research, State of Sales, 3rd edition. (58 pp., PDF, free, opt-in).

  • AI sees the most significant adoption by marketers working in $500M to $1B companies, with conversational AI for customer service is the most dominant. Businesses with between $500M to $1B lead all other revenue categories in the number and depth of AI adoption use cases. Just over 52% of small businesses with sales of $25M or less are using AI for predictive analytics for customer insights. It’s interesting to note that small companies are the leaders in AI spending, at 38.1%, to improve marketing ROI by optimizing marketing content and timing. Source: The CMO Survey: Highlights and Insights Report, February 2019. Duke University, Deloitte and American Marketing Association. (71 pp., PDF, free, no opt-in).

  • 22% of marketers currently are using AI-based applications with an additional 57% planning to use in the next two years. There are nine dominant use cases marketers are concentrating on today, ranging from personalized channel experiences to programmatic advertising and media buying to predictive customer journeys and real-time next best offers. Source: Salesforce’s State of Marketing Study, 5th edition

  • Content personalization and predictive analytics from customer insights are the two areas CMOs most prioritize AI spending today. The CMO study found that B2B service companies are the top user of AI for content personalization (62.2%) and B2B product companies use AI for augmented and virtual reality, facial recognition and visual search more than any other business types. Source: CMOs’ Top Uses For AI: Personalization and Predictive Analytics. Marketing Charts. March 14, 2019

  • Personalizing the overall customer journey and driving next-best offers in real-time are the two most common ways marketing leaders are using AI today, according to Salesforce. Improving customer segmentation, improving advertising and media buying, and personalizing channel experiences are the next fastest-growing areas of AI adoption in marketing today. Source: Salesforce’s State of Marketing Study, 5th edition

  • 81% of marketers are either planning to or are using AI in audience targeting this year. 80% are currently using or planning to use AI for audience segmentation. EConsultancy’s study found marketers are enthusiastic about AI’s potential to increase marketing effectiveness and track progress. 88% of marketers interviewed say AI will enable them t be more effective in getting to their goals. Source: Dream vs. Reality: The State of Consumer First and Omnichannel Marketing. EConsultancy (36 pp., PDF, free, no opt-in).

  • Over 41% of marketers say AI is enabling them to generate higher revenues from e-mail marketing. They also see an over 13% improvement in click-thru rates and 7.64% improvement in open rates. Source: 4 Positive Effects of AI Use in Email Marketing, Statista (infographic), March 1, 2019.

Additional data sources on AI’s use in Marketing:

15 examples of artificial intelligence in marketing, eConsultancy, February 28, 2019

4 Positive Effects of AI Use in Email Marketing, Statista, March 1, 2019

4 Ways Artificial Intelligence Can Improve Your Marketing (Plus 10 Provider Suggestions), Forbes, Kate Harrison, January 20, 2019

AI: The Next Generation Of Marketing Driving Competitive Advantage Throughout The Customer Life Cycle, Forrester Consulting. February 2017 (10 pp., PDF, free, no opt-in).

Artificial Intelligence for Marketing (complete book) (361 pp., PDF, free, no opt-in)

Artificial Intelligence Roundup, eMarketer, May 2018 (15 pp., PDF, free, no opt-in)

Digital Intelligence Briefing, Adobe, 2018 (43 pp., PDF, free, no opt-in).

How 28 Brands Are Using AI to Enhance Their Marketing [Infographic], Impact Blog

How AI Is Changing Sales, Harvard Business Review, July 30, 2018

How Top Marketers Use Artificial Intelligence On-Demand Webinar with Vala Afshar, Chief Digital Evangelist, Salesforce and Meghann York, Director, Product Marketing, Salesforce

How To Win Tomorrow’s Car Buyers – Artificial Intelligence in Marketing & Sales, McKinsey Center for Future Mobility, McKinsey & Company. February 2019. (44 pp., PDF, free, no opt-in)

IDC MarketScape: Worldwide Artificial Intelligence in Enterprise Marketing Clouds 2017 Vendor Assessment, (11 pp., PDF, free, no opt-in.)

In-depth: Artificial Intelligence 2019, Statista Digital Market Outlook, February 2019 (client access reqd).

Leading reasons to use artificial intelligence (AI) for marketing personalization according to industry professionals worldwide in 2018, Statista.

Lessons of 21st-Century Brands Modern Brands & AI Report, Forbes Insights and Quantcast Study (17 pp., PDF, free, opt-in),

Powerful pricing: The next frontier in apparel and fashion advanced analytics, McKinsey & Company, December 2018

Share of marketing and agency professionals who are comfortable with AI-enabled technology automated handling of their campaigns in the United States as of June 2018, Statista.  

The CMO Survey: Highlights and Insights Report, February 2019. Duke University, Deloitte and American Marketing Association. (71 pp., PDF, free, no opt-in).

Visualizing the uses and potential impact of AI and other analytics, McKinsey Global Institute, April 2018.  Interactive page based on Tableau data set can be found here.

What really matters in B2B dynamic pricing, McKinsey & Company, October 2018

Winning tomorrow’s car buyers using artificial intelligence in marketing and sales, McKinsey & Company, February 2019

Worldwide Spending on Artificial Intelligence Systems Will Grow to Nearly $35.8 Billion in 2019, According to New IDC Spending Guide, IDC; March 11, 2019

Advertisements

What’s Next For You? How AI Is Transforming Talent Management

Bottom Line: Taking on the talent crisis with greater intelligence and insight, delivering a consistently excellent candidate experience, and making diversity and inclusion a part of their DNA differentiates growing businesses who are attracting and retaining employees. The book What’s Next For You? by Ashutosh Garg, CEO and Co-Founder and Kamal Ahluwalia, President of eightfold.ai provide valuable insights and a data-driven roadmap of how AI is helping to solve the talent crisis for any business.

The Talent Crisis Is Real

  • 78% of CEOs and Chief Human Resource Officers (CHROs) say talent programs are important, with 56% say their current programs are ineffective.
  • 83% of employees want a new job yet only 53% want to leave for a new company.
  • 57% of employees say diversity and inclusion initiatives aren’t working, and 40% say their companies lack qualified diverse talent.
  • Nearly 50% of an organizations’ top talent will leave their jobs in the first two years of being hired.
  • 28% of open positions today won’t be filled in the next 12 months.

The above findings are just a sample of the depth of data-driven content and roadmap the book What’s Next For You? delivers. Co-authors Ashutosh Garg’s and Kamal Ahluwalia’s expertise in applying AI and machine learning to talent management problems with a strong data-first mindset is evident throughout the book. What makes the book noteworthy is how the authors write from the heart first with empathy for applicants and hiring managers, supporting key points with data. The empathetic, data-driven tone of the book makes the talent crisis relatable while also illustrating how AI can help any business make better talent management decisions.

“Businesses are having to adapt to technology changes and changes in customer expectations roughly every 10 years – a timeframe that is continuing to shrink. As a result, business leaders need to really focus on rethinking their business strategy and the associated talent strategy, so they have the organizational capability to transform and capitalize on the inevitable technology shifts,” writes John Thompson, Venture Partner, Lightspeed Venture Partners and Chairman of the Board at Microsoft in the forward.

The book cites talent management researchers and experts who say “our current knowledge base has a half-life of about two years, and the speed of technology is outperforming us as humans because of what it can do quickly and effectively“ (p.64). John Thompson’s observations in the forward that the time available for adapting to change is shrinking is a unifying thread that ties this book together. One of the most convincing is the fact that using today’s Applicant Tracking Systems (ATS) and hiring processes prone to biases, there’s a 30% chance a new hire will not make it through their first year. If the new hire is a cloud computing professional, this equates to a median salary of $146,350 and taking best-case 46 days to find their replacement. The cost and time loss of losing just one recruited cloud computing professional can derail a project for months. It will cost at least $219,000 or more to replace just that one engineer. Any manager who has lost a new hire within a year can relate to how real the talent crisis is and how urgent it is to solve it.

The Half-Life Of Skills Is Shrinking Fast

The most compelling chapter of the book illustrates how today’s talent crisis can be solved by taking an AI-enabled approach to every aspect of talent management. Chapter 4, The Half-Life Of Skills Is Shrinking Fast, delves into how AI can find candidates who can unlearn old concepts, and quickly master new ones. The book calls out this attribute of any potential new hire as being essential for them to adapt.  Using higher quality data than is available in traditional ATS systems, the authors illustrate how AI-based systems can be used for evaluating both the potential and experiences of applicants to match them with positions they will excel in. The authors make a convincing argument that AI can increase the probability of new candidate success. They cite a well-known Leadership IQ statistic of 46% of all new employee hires failing to adapt within 18 months, and the Harvard Business Review study finding between 40% to 60% of new upper management hires fail within 18 months. The authors contend that even Leonardo Da Vinci, one of the primary architects of the Renaissance, would have trouble finding work using a traditional resume entered into an ATS system today because his exceptional capabilities and potential would have never been discovered. When our existing process of recruiting is based on practices over 500 years old, as this copy of Leonardo Da Vinci’s resume illustrates, it’s time to put AI to work matching peoples’ potential with unique position requirements.

When Employees Achieve Their Potential, Companies Do Too   

Attracting the highest potential employees possible and retaining them is the cornerstone of any digital business’ growth strategy today and in the future. The book addresses the roadblocks companies face in attaining that goal, with bias being one of the strongest. “For example, McKinsey & Co., a top consulting agency, studied over 1,000 companies across 12 countries and found that firms in the top quartile of gender diversity were a fifth more likely to have above-average profits than those in the bottom quartile,” (p. 105). Further, “diverse executive boards generate better financial returns, and gender-diverse teams are more creative, more productive and more confident.” (p. 105).

In conclusion, consider this book a roadmap of how hiring and talent management can change for the better based on AI. The authors successfully illustrate how combining talent, personalization at scale, and machine learning can help employees achieve their potential, enabling companies to achieve theirs in the process.

Indeed’s 10 Most Popular AI & Machine Learning Jobs This Year

Indeed's 10 Most Popular AI & Machine Learning Jobs This Year

  • AI and Machine Learning job postings on Indeed rose 29.10% over the last year between May 2018 and May 2019.
  • Machine Learning and Deep Learning Engineers are the most popular jobs posted on Indeed between 2018 and 2019.
  • Machine Learning Engineers are earning an average salary of $142,858.57 in 2019 based on an analysis of all open positions on Indeed.
  • Indeed is seeing a leveling off of candidate-initiated searches for AI & Machine Learning (ML) jobs, dropping 14.5% between May 2018 and May 2019

These and many other insights are from Indeed’s recent report of the top 10 AI Jobs, and Salaries. Indeed’s analytics team completed an analysis of AI and machine learning hiring trends in 2019 to discover the top positions, highest salaries, and where the best opportunities are. The following are key insights from their latest study of AI and machine learning recruiting and hiring trends:

  • Machine Learning Engineers earn an average salary of $142,858.57 in 2019 based on an analysis of all open positions on Indeed. The Indeed analytics team found that the average annual salary for Machine Learning Engineers has grown by $8,409 in just a year, increasing 5.8%. Algorithm engineer’s average annual salary rose to $109,313 this year, an increase of $5,201, or 5%. Both salary bumps are likely a result of organizations’ spending more to attract talent to these crucial roles in a competitive AI job market

Indeed's 10 Most Popular AI & Machine Learning Jobs This Year

  • Machine Learning and Deep Learning Engineers are the most sought-after, popular jobs posted on Indeed between 2018 and 2019.  The Indeed analytics team identified the top 10 positions with the highest percentage of job descriptions that include the keywords “artificial intelligence” or “machine learning.” New jobs appearing on the list for the first time include Senior Data Scientist, Junior Data Scientist, Developer Consultant, Director of Data Science, and Lead Data Scientist. The inclusion of five new titles and the mix of skills shown in the table below reflects organizations’ growing expertise using AI, deep learning, and machine learning to drive business outcomes.

Indeed's 10 Most Popular AI & Machine Learning Jobs This Year

  • AI and Machine Learning job postings on Indeed rose 29.10% over the last year between May 2018 and May 2019.  Indeed found the increase is significantly less than it was for the previous two years. During the same period, May 2017 to May 2018 AI job postings on Indeed rose 57.91%, and a whopping 136.29% between May 2016 and May 2017.
  • Indeed is seeing a leveling off of candidate-initiated searches for AI & Machine Learning (ML) jobs, dropping 14.5% between May 2018 and May 2019. In comparison, searches increased 32% between May 2017 and May 2018 and 49.1% between May 2016 and May 2017. There are demand-and supply-side explanations for the 14.5% drop. From the demand side, the effects of AI and machine learning reaching broader adoption and maturing in organizations is leading to a greater variety of skills being recruited for. The 14.5% reduction reflects the broadening base of skills enterprises need to get the most out of AI and machine learning. From a supply side, potential job candidates are seeing the broadening base of skills they need to get hired, which are quickly making job descriptions from two years ago or longer obsolete. Finding candidates who have capabilities and potential to excel in AI and machine learning positions needs to get beyond just relying on job descriptions. Eightfold is doing just that by relying on machine learning algorithms to match candidates who have the optimal set of capabilities and potential for every open position an organization has.
  • New York, San Francisco, and Washington D.C. are the top three cities for AI and machine learning jobs in 2019. Indeed’s 2018 study also found New York and San Francisco leading all other metropolitan areas in open positions. New York’s diverse industries that range from banking, financial services, institutional investing, insurance to a growing AI startup community all contribute to its ranking first in the U.S. for AI positions.

Indeed's 10 Most Popular AI & Machine Learning Jobs This Year

Salesforce Now Has Over 19% Of The CRM Market

 

  • Salesforce dominated the worldwide CRM market with a 19.5% market share in 2018, over double its nearest rival, SAP, at 8.3% share.
  • Worldwide spending on customer experience and relationship management (CRM) software grew 15.6% to reach $48.2B in 2018.
  • 72.9% of CRM spending was on software as a service (SaaS) in 2018, which is expected to grow to 75% of total CRM software spending in 2019.
  • Worldwide enterprise application software revenue totaled more than $193.6B in 2018, a 12.5% increase from 2017 revenue of $172.1B. CRM made up nearly 25% of the entire enterprise software revenue market.

CRM remains the largest and fastest growing enterprise software category today according to the latest market sizing, and market share research Gartner published this weekGartner defines CRM as providing the functionality to companies across the four segments of customer service and support, digital commerce, marketing, and sales. All four subsegments of the CRM market grew by more than 13.7%, with marketing emerging as the fastest growing segment, increasing by 18.8% and representing more than 25% of the entire CRM market. Customer service and support retain its No. 1 position, contributing 35.7% of CRM market revenue, attaining $17.1B in revenues in 2018.

Key insights include the following:

  • With 19.5% market share, Salesforce has over 2X the CRM sales SAP has and over 3X of Oracle. Salesforce continues to dominate CRM globally, increasing its market share from 18.3% in 2017 to 19.5% in 2018. Adobe is the only other vendor to grow its market share in 2018. Microsoft and SAP successfully held onto to market share while Oracle lost share.

  • Adobe and Salesforce grew faster than the overall market, increasing CRM revenues 21.7% and 23.2% respectively. Adobe’s CRM sales jumped from $2B in 2017 to $2.4B in 2018. Salesforce CRM revenues increased from $7.6B in 2017 to $9.4B in 2018, growing the fastest of all competitors in this market. SAP grew 15.5% between 2017 and 2018, just below the overall market growth of 15.6%. Microsoft (15%) and Oracle (7.1%) grew slower than the market. The following graphic compares growth rates between 2017 and 2018.

  • Adobe dominates the marketing subsegment of CRM with 19% market share in 2018. Salesforce has 11.7% of the marketing subsegment, followed by IBM (5.7%), SAP (4%), Oracle (3.6%) and HubSpot (3.4%). Gartner estimates the marketing subsegment was a $12.2B market in 2018, increasing from $10.3B in 2017, achieving 18.8% growth in just a year.
  • Eastern and Western Europe were the fastest growing regions at 19.7% and 17.5% respectively. North America and Western Europe were the largest two regions with North America growing at 15.2% to reach $28.1B in revenue.

Sources:

Gartner Says Worldwide Customer Experience and Relationship Management Software Market Grew 15.6% in 2018

Market Share: Customer Experience and Relationship Management, Worldwide, 2018 (client access required)

Customer Experiences Define Success In A Digital-First World

Customer Experiences Define Success In A Digital-First World

  • 91% of enterprises have adopted or have plans to adopt a digital-first strategy. Of these enterprises, 48% already have a digital-first approach in place.
  • Creating better customer experiences (67%), improving process efficiency through automation (53%), and driving new revenue (48%) are the top three digital business strategies enterprises are investing in today.
  • 35% of enterprises have experienced revenue growth due to digital business initiatives over the past 12 months.
  • 5G, Artificial Intelligence, and Machine Learning are the top technologies being researched by enterprises who are defining digital business strategies.
  • Enterprises are planning to spend $15.3M on digital initiatives over the next 12 months. 59% will be allocated to technology, and 41% will be dedicated to people and skills.

These and many other fascinating insights are from the second annual IDG Digital Business study, The State of Digital Business Transformation 2019. You can download a summary of the slides here (7 pp., PDF, opt-in). The survey’s methodology is based on 702 interviews across nine industries with technology, financial services, and business services (consulting, legal and real estate) comprising 43% of all respondents. IDG relied on CIO, Computerworld, CSO, InfoWorld, and Network World visitors as their primary respondent base. For additional details regarding the methodology, please see page 2 of the study.

The study’s primary goal was to gain a better understanding of where organizations are in their approaches to becoming digital-first businesses. The study captures the strategies and technologies businesses are adopting to ensure digitally-driven growth with customer experience improvements being proven as a growth catalyst. Key insights from the survey include the following:

  • 52% of enterprises define digital business as meeting customer experience expectations, jumping to 65% for financial services enterprises. Customer expectations rule all other categories of how an enterprise defines a digital business. 49% define digital business as enabling worker productivity with mobile apps, data access, and AI-assisted automation. The following graphic compares how enterprises define their digital business. Please click on the graphic to expand for easier reading.

Customer Experiences Define Success In A Digital-First World

  • Mobile devices and apps are enterprises’ platform of choice for launching digital-first strategies in 2019. Mobile apps and the platforms supporting them provide the needed scale, speed-to-market, and performance gains through application-level improvements that all businesses need to gain initial adoption and growth with their digital-first strategies. IDG found that private cloud and business process management are the second- and third-most used technologies to drive digital-first initiatives. Enterprises also have a considerable lead when it comes to mobile app availability: 74% have mobile apps today compared to 51% of SMBs.

  • Internet of Things (IoT), Artificial Intelligence (AI) and machine learning are the leading three initiatives enterprises have in pilot today as part of their digital-first initiatives. 21% of all organizations surveyed are in one or more IoT pilots, and 20% of organizations are piloting AI and machine learning projects today. Nearly a third of all organizations (29%) have multi-cloud configurations in production today, and 25% have software-defined Wide Area Networks (WANs).

  • 57% of enterprises (companies with over 1K employees) say improving new product and service offerings by digitally enabling operations is the single greatest source of revenue growth. Digitally enabling or streamlining new product and development processes and the systems supporting them also improve the ability to innovate and size new opportunities (49%). It makes sense that once the new product development process is more digitally enabled, an organization will be able to more efficiently launch new capabilities (47% in enterprises) and improve sales capacity including upsell and cross-sell (41% overall).

  • Creating better customer experiences (67%), improving process efficiency through automation (53%), and driving new revenue (48%) are the top three digital business strategies enterprises are investing in today. Business Management, including General Managers with P&L responsibility, are placing a high priority on creating a better customer experience, far above all else. They’re the revenue drivers of businesses adopting a digital-first strategy today as well, over 10% higher than IT Management and 12% higher than IT executives.

  • In the most successful digital-first businesses, the CIO the most visible, vocal, and successful in leading change management initiatives. Six of the nine core dimensions of a successful digital enablement strategy are dominated by CIOs. Technology Needs Assessment (48%), IT Skills Assessment (48%) and Change Management (33%) are the three areas CIOs are making the greatest contribution to digital-first strategies on the part of their businesses. It’s important to note that CIOs are far and away, the champion and leader of data management strategies as well.

  • Enterprises are placing a high priority on data security and protection as part of the digital-first initiatives, with 27% having cybersecurity systems in place. It’s encouraging to see business and IT leaders making data and system security their highest priority, getting results quickly in this area. Technology needs assessment, and IT skills assessment (both 24%) are also areas where enterprises are making strong progress. As the CIO owns these areas and is also the person most likely to be owning change management, it’s understandable how advanced digital-first businesses are on these two dimensions. The following graphic compares the progress enterprises are making in becoming a digitally-driven business.

Top 10 Cybersecurity Companies To Watch In 2019

Today’s Threatscape Has Made “Trust But Verify” Obsolete 

The threatscape every business operates in today is proving the old model of “trust but verify” obsolete and in need of a complete overhaul. To compete and grow in the increasingly complex and lethal threatscape of today, businesses need more adaptive, contextually intelligent security solutions based on the Zero Trust Security framework. Zero Trust takes a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. John Kindervag was the first to see how urgent the need was for enterprises to change their approach to cybersecurity, so he created the Zero Trust Security framework in 2010 while at Forrester. Chase Cunningham, Principal Analyst at Forrester, is a mentor to many worldwide wanting to expand their knowledge of Zero Trust and frequently speaks and writes on the topic. If you are interested in cybersecurity in general and Zero Trust specifically, be sure to follow his blog.

AI and machine learning applied to cybersecurity’s most significant challenges is creating a proliferation of commercially successful, innovative platforms. The size and scale of deals in cybersecurity continue to accelerate with BlackBerry’s acquisition of Cylance for $1.4B in cash closing in February of this year being the largest. TD Ameritrade’s annual survey of registered investment advisors (RIA) showed nearly a 6X jump in cybersecurity investments this year compared to 2018.

The top ten cybersecurity companies reflect the speed and scale of innovation happening today that are driving the highest levels of investment this industry has ever seen. The following are the top ten cybersecurity companies to watch in 2019:

Absolute (ABT.TO)  – One of the world’s leading commercial enterprise security solutions, serving as the industry benchmark for endpoint resilience, visibility, and control. The company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications whether endpoints are on or off the network, and the ultimate level of control and confidence required for the modern enterprise. Embedded in over one billion endpoint devices, Absolute delivers intelligence and real-time remediation capabilities that equip enterprises to stop data breaches at the source.

To thwart attackers, organizations continue to layer on security controls — Gartner estimates that more than $124B will be spent on security in 2019 aloneAbsolute’s 2019 Endpoint Security Trends Report finds that much of that spend is in vain, however, revealing that 70% of all breaches still originate on the endpoint. The problem is complexity at the endpoint – it causes security agents to fail invariably, reliably, and predictably.

Absolute’s research found that 42% of all endpoints are unprotected at any given time, and 100% of endpoint security tools eventually fail. As a result, IT leaders see a negative ROI on their security spend. What makes Absolute one of the top 10 security companies to watch in 2019 is their purpose-driven design to mitigate this universal law of security decay.

Enterprises rely on Absolute to cut through the complexity to identify failures, model control options, and refocus security intent. Rather than perpetuating organizations’ false sense of security, Absolute enables uncompromised endpoint persistence, builds resilience and delivers the intelligence needed to ensure security agents, applications, and controls continue functioning and deliver value as intended. Absolute has proven very effective in validating safeguards, fortifying endpoints, and stopping data security compliance failures. The following is an example of the Absolute platform at work:

BlackBerry Artifical Intelligence and Predictive Security  –  BlackBerry is noteworthy for how quickly they are reinventing themselves into an enterprise-ready cybersecurity company independent of the Cylance acquisition. Paying $1.4B in cash for Cylance brings much-needed AI and machine learning expertise to their platform portfolio, an acquisition that BlackBerry is moving quickly to integrate into their product and service strategies. BlackBerry Cylance uses AI and machine learning to protect the entire attack surface of an enterprise with automated threat prevention, detection, and response capabilities. Cylance is also the first company to apply artificial intelligence, algorithmic science, and machine learning to cyber security and improve the way companies, governments, and end users proactively solve the world’s most challenging security problems. Using a breakthrough mathematical process, BlackBerry Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, BlackBerry Cylance provides the technology and services to be truly predictive and preventive against advanced threats. The following screen from CylancePROTECT provides an executive summary of CylancePROTECT usage, from the number of zones and devices to the percentage of devices covered by Auto-Quarantine and Memory Protection, Threat Events, Memory Violations, Agent Versions, and Offline Days for devices.

Centrify –  Centrify is redefining the legacy approach to Privileged Access Management by delivering cloud-ready Zero Trust Privilege to secure modern enterprise attack surfaces. Centrify Zero Trust Privilege helps customers grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. Industry research firm Gartner predicted Privileged Access Management (PAM) to be the second-fastest growing segment for information security and risk management spending worldwide in 2019 in their recent Forecast Analysis: Information Security and Risk Management, Worldwide, 3Q18 Update (client access required). By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse. PAM was also named a Top 10 security project for 2019 in Gartner’s Top 10 Security Projects for 2019 (client access required).
CloudFlare –  Cloudflare is a web performance and security company that provides online services to protect and accelerate websites online. Its online platforms include Cloudflare CDN that distributes content around the world to speed up websites, Cloudflare Optimizer that enables web pages with ad servers and third-party widgets to download Snappy software on mobiles and computers, CloudFlare Security that protects websites from a range of online threats including spam, SQL injection, and DDOS, Cloudflare Analytics that gives insight into website’s traffic including threats and search engine crawlers, Keyless SSL that allows organizations to keep secure sockets layer (SSL) keys private, and Cloudflare applications that help its users install web applications on their websites.

CrowdStrike – Applying machine learning to endpoint detection of IT network threats is how CrowdStrike is differentiating itself in the rapidly growing cybersecurity market today. It’s also one of the top 25 machine learning startups to watch in 2019. Crowdstrike is credited with uncovering Russian hackers inside the servers of the US Democratic National Committee. The company’s IPO was last Tuesday night, with an initial $34/per share price. Their IPO generated $610M at a valuation at one point reaching nearly $7B. Their Falcon platform stops breaches by detecting all attacks types, even malware-free intrusions, providing five-second visibility across all current and past endpoint activity while reducing cost and complexity for customers. CrowdStrike’s Threat Graph provides real-time analysis of data from endpoint events across the global crowdsourcing community, allowing detection and prevention of attacks based on patented behavioral pattern recognition technology.

Hunters.AI – Hunters.AI excels at autonomous threat hunting by capitalizing on its autonomous system that connects to multiple channels within an organization and detects the signs of potential cyber-attacks. They are one of the top 25 machine learning startups to watch in 2019. What makes this startup one of the top ten cybersecurity companies to watch in 2019 is their innovative approach to creating AI- and machine learning-based algorithms that continually learn from an enterprise’s existing security data. Hunters.AI generates and delivers visualized attack stories allowing organizations to more quickly and effectively identify, understand, and respond to attacks. Early customers, including Snowflake Computing, whose VP of Security recently said, “Hunters.AI identified the attack in minutes. In my 20 years in security, I have not seen anything as effective, fast, and with high fidelity as what Hunters can do.”  The following is a graphic overview of how their system works:

Idaptive – Idaptive is noteworthy for the Zero Trust approach they are taking to protecting organizations across every threat surface they rely on operate their businesses dally. Idaptive secures access to applications and endpoints by verifying every user, validating their devices, and intelligently limiting their access. Their product and services strategy reflects a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. The Idaptive Next-Gen Access platform combines single single-on (SSO), adaptive multifactor authentication (MFA), enterprise mobility management (EMM) and user behavior analytics (UBA). They have over 2,000 organizations using their platform today. Idaptive was spun out from Centrify on January 1st of this year.

Kount – Kount has successfully differentiated itself in an increasingly crowded cybersecurity marketplace by providing fraud management, identity verification and online authentication technologies that enable digital businesses, online merchants and payment service providers to identify and thwart a wide spectrum of threats in real-time. Kount has been able to show through customer references that their customers can approve more orders, uncover new revenue streams, and dramatically improve their bottom line all while minimizing fraud management cost and losses. Through Kount’s global network and proprietary technologies in AI and machine learning, combined with policy and rules management, their customers thwart online criminals and bad actors driving them away from their site, their marketplace and off their network. Kount’s continuously adaptive platform learns of new threats and continuously updates risk scores to further thwart breach and fraud attempts. Kount’s advances in both proprietary techniques and patented technology include: Superior mobile fraud detection, Advanced artificial intelligence, Multi-layer device fingerprinting, IP proxy detection and geo-location, Transaction and custom scoring, Global order linking, Business intelligence reporting, Comprehensive order management, Professional and managed services. Kount protects over 6,500 brands today.

MobileIron –  The acknowledged leader in Mobile Device Management software, MobileIron’s latest series of developments make them noteworthy and one of the top ten cybersecurity companies to watch in 2019.   MobileIron was the first to deliver key innovations such as multi-OS mobile device management (MDM), mobile application management (MAM), and BYOD privacy controls. Last month MobileIron introduced zero sign-on (ZSO), built on the company’s unified endpoint management (UEM) platform and powered by the MobileIron Access solution. “By making mobile devices your identity, we create a world free from the constant pains of password recovery and the threat of data breaches due to easily compromised credentials,” wrote Simon Biddiscombe, MobileIron’s President and Chief Executive Officer in his recent blog post, Single sign-on is still one sign-on too many. Simon’s latest post, MobileIron: We’re making history by making passwords history, provides the company’s vision going forward with ZSO. Zero sign-on eliminates passwords as the primary method for user authentication, unlike single sign-on, which still requires at least one username and password. MobileIron paved the way for a zero sign-on enterprise with its Access product in 2017, which enabled zero sign-on to cloud services on managed devices. Enterprise security teams no longer have to trade off security for better user experience, thanks to the MobileIron Zero Sign-On.

Sumo Logic – Sumo Logic is a fascinating cybersecurity company to track because it shows the ability to take on large-scale enterprise security challenges and turn them into a competitive advantage. An example of this is how quickly the company achieved FedRAMP Ready Designation, getting listed in the FedRAMP Marketplace. Sumo Logic is a secure, cloud-native, machine data analytics service, delivering real-time, continuous intelligence from structured, semi-structured, and unstructured data across the entire application lifecycle and stack. More than 2,000 customers around the globe rely on Sumo Logic for the analytics and insights to build, run, and secure their modern applications and cloud infrastructures. With Sumo Logic, customers gain a multi-tenant, service-model advantage to accelerate their shift to continuous innovation, increasing competitive advantage, business value, and growth. Founded in 2010, Sumo Logic is a privately held company based in Redwood City, Calif. and is backed by Accel Partners, Battery Ventures, DFJ, Franklin Templeton, Greylock Partners, IVP, Sapphire Ventures, Sequoia Capital, Sutter Hill Ventures and Tiger Global Management.

Machine Learning Is Helping To Stop Security Breaches With Threat Analytics

Bottom Line: Machine learning is enabling threat analytics to deliver greater precision regarding the risk context of privileged users’ behavior, creating notifications of risky activity in real time, while also being able to actively respond to incidents by cutting off sessions, adding additional monitoring, or flagging for forensic follow-up.

Separating Security Hacks Fact from Fiction

It’s time to demystify the scale and severity of breaches happening globally today. A commonly-held misconception or fiction is that millions of hackers have gone to the dark side and are orchestrating massive attacks on any and every business that is vulnerable. The facts are far different and reflect a much more brutal truth, which is that businesses make themselves easy to hack into by not protecting their privileged access credentials. Cybercriminals aren’t expending the time and effort to hack into systems; they’re looking for ingenious ways to steal privileged access credentials and walk in the front door. According to Verizon’s 2019 Data Breach Investigations Report, ‘Phishing’ (as a pre-cursor to credential misuse), ‘Stolen Credentials’, and ‘Privilege Abuse’ account for the majority of threat actions in breaches (see page 9 of the report).

It only really takes one compromised credential to potentially impact millions — whether it’s millions of individuals or millions of dollars. Undeniably, identities and the trust we place in them are being used against us. They have become the Achilles heel of our cybersecurity practices. According to a recent study by Centrify among 1,000 IT decision makers, 74% of respondents whose organizations have been breached acknowledged that it involved access to a privileged account. This number closely aligns with Forrester Research’s estimate “that at least 80% of data breaches . . . [involved] compromised privileged credentials, such as passwords, tokens, keys, and certificates.”

While the threat actors might vary according to Verizon’s 2019 Data Breach Investigations Report, the cyber adversaries’ tactics, techniques, and procedures are the same across the board. Verizon found that the fastest growing source of threats are from internal actors, as the graphic from the study illustrates below:


Internal actors are the fastest growing source of breaches because they’re able to obtain privileged access credentials with minimal effort, often obtaining them through legitimate access requests to internal systems or harvesting their co-workers’ credentials by going through the sticky notes in their cubicles. Privileged credential abuse is a challenge to detect as legacy approaches to cybersecurity trust the identity of the person using the privileged credentials. In effect, the hacker is camouflaged by the trust assigned to the privileged credentials they have and can roam internal systems undetected, exfiltrating sensitive data in the process.

The reality is that many breaches can be prevented by some of the most basic Privileged Access Management (PAM) tactics and solutions, coupled with a Zero Trust approach. Most organizations are investing the largest chunk of their security budget on protecting their network perimeter rather than focusing on security controls, which can affect positive change to protect against the leading attack vector: privileged access abuse.

The bottom line is that investing in securing perimeters leaves the most popular attack vector of all unprotected, which are privileged credentials. Making PAM a top priority is crucial to protect any business’ most valuable asset; it’s systems, data, and the intelligence they provide. Gartner has listed PAM on its Top 10 Security Projects for the past two years for a good reason.

Part of a cohesive PAM strategy should include machine learning-based threat analytics to provide an extra layer of security that goes beyond a password vault, multi-factor authentication (MFA), or privilege elevation.

How Machine Learning and Threat Analytics Stop Privileged Credential Abuse 

Machine learning algorithms enable threat analytics to immediately detect anomalies and non-normal behavior by tracking login behavioral patterns, geolocation, and time of login, and many more variables to calculate a risk score. Risk scores are calculated in real-time and define if access is approved, if additional authentication is needed, or if the request is blocked entirely.

Machine learning-based threat analytics also provide the following benefits:

  • New insights into privileged user access activity based on real-time data related to unusual recent privilege change, the command runs, target accessed, and privilege elevation.
  • Gain greater understanding and insights into the specific risk nature of specific events, computing a risk score in real time for every event expressed as high, medium, or low level for any anomalous activity.
  •  Isolate, identify, and track which security factors triggered an anomaly alert.
  • Capture, play, and analyze video sessions of anomalous events within the same dashboard used for tracking overall security activity.
  • Create customizable alerts that provide context-relevant visibility and session recording and can also deliver notifications of anomalies, all leading to quicker, more informed investigative action.

What to Look for In Threat Analytics 
Threat analytics providers are capitalizing on machine learning to improve the predictive accuracy and usability of their applications continually. What’s most important is for any threat analytics application or solution you’re considering to provide context-aware access decisions in real time. The best threat analytics applications on the market today are using machine learning as the foundation of their threat analytics engine. These machine learning-based engines are very effective at profiling the normal behavior pattern for any user on any login attempt, or any privileged activity including commands, identifying anomalies in real time to enable risk-based access control. High-risk events are immediately flagged, alerted, notified, and elevated to IT’s attention, speeding analysis, and greatly minimizing the effort required to assess risk across today’s hybrid IT environments.

The following is the minimum set of features to look for in any privilege threat analytics solution:

  • Immediate visibility with a flexible, holistic view of access activity across an enterprise-wide IT network and extended partner ecosystem. Look for threat analytics applications that provide dashboards and interactive widgets to better understand the context of IT risk and access patterns across your IT infrastructure. Threat analytics applications that give you the flexibility of tailoring security policies to every user’s behavior and automatically flagging risky actions or access attempts, so that you’ll gain immediate visibility into account risk, eliminating the overhead of sifting through millions of log files and massive amounts of historical data.
  • They have intuitively designed and customizable threat monitoring and investigation screens, workflows, and modules. Machine learning is enabling threat analytics applications to deliver more contextually-relevant and data-rich insights than has ever been possible in the past. Look for threat analytics vendors who offer intuitively designed and customizable threat monitoring features that provide insights into anomalous activity with a detailed timeline view. The best threat analytics vendors can identify the specific factors contributing to an anomaly for a comprehensive understanding of a potential threat, all from a single console. Security teams can then view system access, anomaly detection in high resolutions with analytics tools such as dashboards, explorer views, and investigation tools.
  • Must provide support for easy integration to Security Information and Event Management (SIEM) tools. Privileged access data is captured and stored to enable querying by log management and SIEM reporting tools. Make sure any threat analytics application you’re considering has installed, and working integrations with SIEM tools and platforms such as Micro Focus® ArcSight™, IBM® QRadar™, and Splunk® to identify risks or suspicious activity quickly.
  • Must Support Alert Notification by Integration with Webhook-Enabled Endpoints. Businesses getting the most value out of their threat analytics applications are integrating with Slack or existing onboard incident response systems such as PagerDuty to enable real-time alert delivery, eliminating the need for multiple alert touch points and improving time to respond. When an alert event occurs, the threat analytics engine allows the user to send alerts into third-party applications via Webhook. This capability enables the user to respond to a threat alert and contain the impact of a breach attempt.

Conclusion 
CentrifyForresterGartner, and Verizon each have used different methodologies and reached the same conclusion from their research: privileged access abuse is the most commonly used tactic for hackers to exfiltrate sensitive data. Breaches based on privileged credential abuse are extremely difficult to stop, as these credentials often have the greatest levels of trust and access rights associated with them. Leveraging threat analytics applications using machine learning that is adept at finding anomalies in behavioral data and thwarting a breach by denying access is proving very effective against privileged credential abuse.

Companies, including Centrify, use risk scoring combined with adaptive MFA to empower a least-privilege access approach based on Zero Trust. This Zero Trust Privilege approach verifies who or what is requesting privileged access, the context behind the request, and the risk of the access environment to enforce least privilege. These are the foundations of Zero Trust Privilege and are reflected in how threat analytics apps are being created and improved today.

Smart Machines Are The Future Of Manufacturing

Smart Machines Are The Future Of Manufacturing

  • Industrial Internet of Things (IIoT) presents integration architecture challenges that once solved can enable use cases that deliver fast-growing revenue opportunities.
  • ISA-95 addressed the rise of global production and distributed supply chains yet are still deficient on the issue of data and security, specifically the proliferation of IIoT sensors, which are the real security perimeter of any manufacturing business.
  • Finding new ways to excel at predictive maintenance, and cross-vendor shop floor integration are the most promising applications.
  • IIoT manufacturing systems are quickly becoming digital manufacturing platforms that integrate ERP, MES, PLM and CRM systems to provide a single unified view of product configurations.

These and many other fascinating insights are from an article McKinsey published titled IIoT platforms: The technology stack as value driver in industrial equipment and machinery which explores how the Industrial Internet of things (IIoT) is redefining industrial equipment and machinery manufacturing. It’s based on a thorough study also published this month, Leveraging Industrial Software Stack Advancement For Digital TransformationA copy of the study is downloadable here (PDF, 50 pp., no opt-in). The study shows how smart machines are the future of manufacturing, exploring how IIoT platforms are enabling greater machine-level autonomy and intelligence.

The following are the key takeaways from the study:

  • Capturing IIoT’s full value potential will require more sophisticated integrated approaches than current automation protocols provide. IIoT manufacturing systems are quickly becoming digital manufacturing platforms that integrate ERP, MES, PLM and CRM systems to provide a single unified view of product configurations and support the design-to-manufacturing process. Digital manufacturing platforms are already enabling real-time monitoring to the machine and shop floor level. The data streams real-time monitoring is delivering today is the catalyst leading to greater real-time analytics accuracy, machine learning adoption and precision and a broader integration strategy to the PLC level on legacy machinery. Please click on the graphic to expand for easier reading.

  • Inconsistent data structures at the machine, line, factory and company levels are slowing down data flows and making full transparency difficult to attain today in many manufacturers. Smart machines with their own operating systems that orchestrate IIoT data and ensure data structure accuracy are being developed and sold now, making this growth constraint less of an issue. The millions of legacy industrial manufacturing systems will continue to impede IIoT realizing its full potential, however. The following graphic reflects the complexities of making an IIoT platform consistent across a manufacturing operation. Please click on the graphic to expand for easier reading.

  • Driven by price wars and commoditized products, manufacturers have no choice but to pursue smart, connected machinery that enables IIoT technology stacks across shop floors. The era of the smart, connected machines is here, bringing with it the need to grow services and software revenue faster than transaction-based machinery sales. Machinery manufacturers are having to rethink their business models and redefine product strategies to concentrate on operating system-like functionality at the machine level that can scale and provide a greater level of autonomy, real-time data streams that power more accurate predictive maintenance, and cross-vendor shop floor integration. Please click on the graphic for easier reading.

  • Machines are being re-engineered starting with software and services as the primary design goals to support new business models. Machinery manufacturers are redefining existing product lines to be more software- and services-centric. A few are attempting to launch subscription-based business models that enable them to sell advanced analytics of machinery performance to customers. The resulting IIoT revenue growth will be driven by platforms as well as software and application development and is expected to be in the range of 20 to 35%. Please click on the graphic to expand for easier reading.

What Matters Most In Business Intelligence, 2019

  • Improving revenues using BI is now the most popular objective enterprises are pursuing in 2019.
  • Reporting, dashboards, data integration, advanced visualization, and end-user self-service are the most strategic BI initiatives underway in enterprises today.
  • Operations, Executive Management, Finance, and Sales are primarily driving Business Intelligence (BI) adoption throughout enterprises today.
  • Tech companies’ Operations & Sales teams are the most effective at driving BI adoption across industries surveyed, with Advertising driving BI adoption across Marketing.

These and many other fascinating insights are from Dresner Advisory Associates’ 10th edition of its popular Wisdom of Crowds® Business Intelligence Market Study. The study is noteworthy in that it provides insights into how enterprises are expanding their adoption of Business Intelligence (BI) from centralized strategies to tactical ones that seek to improve daily operations. The Dresner research teams’ broad assessment of the BI market makes this report unique, including their use visualizations that provide a strategic view of market trends. The study is based on interviews with respondents from the firms’ research community of over 5,000 organizations as well as vendors’ customers and qualified crowdsourced respondents recruited over social media. Please see pages 13 – 16 for the methodology.

Key insights from the study include the following:

  • Operations, Executive Management, Finance, and Sales are primarily driving Business Intelligence (BI) adoption throughout their enterprises today. More than half of the enterprises surveyed see these four departments as the primary initiators or drivers of BI initiatives. Over the last seven years, Operations departments have most increased their influence over BI adoption, more than any other department included in the current and previous survey. Marketing and Strategic Planning are also the most likely to be sponsoring BI pilots and looking for new ways to introduce BI applications and platforms into use daily.

  • Tech companies’ Operations & Sales teams are the most effective at driving BI adoption across industries surveyed, with Advertising driving BI adoption across Marketing. Retail/Wholesale and Tech companies’ sales leadership is primarily driving BI adoption in their respective industries. It’s not surprising to see the leading influencer among Healthcare respondents is resource-intensive HR. The study found that Executive Management is most likely to drive business intelligence in consulting practices most often.

  • Reporting, dashboards, data integration, advanced visualization, and end-user self-service are the most strategic BI initiatives underway in enterprises today. Second-tier initiatives include data discovery, data warehousing, data discovery, data mining/advanced algorithms, and data storytelling. Comparing the last four years of survey data, Dresner’s research team found reporting retains all-time high scores as the top priority, and data storytelling, governance, and data catalog hold momentum. Please click on the graphic to expand for easier reading.

  • BI software providers most commonly rely on executive-level personas to design their applications and add new features. Dresner’s research team found all vertical industries except Business Services target business executives first in their product design and messaging. Given the customer-centric nature of advertising and consulting services business models, it is understandable why the primary focus BI vendors rely on in selling to them are customer personas. The following graphic compares targeted users for BI by industry.

  • Improving revenues using BI is now the most popular objective in 2019, despite BI initially being positioned as a solution for compliance and risk management. Executive Management, Marketing/Sales, and Operations are driving the focus on improving revenues this year. Nearly 50% of enterprises now expect BI to deliver better decision making, making the areas of reporting, and dashboards must-have features. Interestingly, enterprises aren’t looking to BI as much for improving operational efficiencies and cost reductions or competitive advantages. Over the last 12 to 18 months, more tech manufacturing companies have initiated new business models that require their operations teams to support a shift from products to services revenues. An example of this shift is the introduction of smart, connected products that provide real-time data that serves as the foundation for future services strategies. Please click on the graphic to expand for easier reading.

  • In aggregate, BI is achieving its highest levels of adoption in R&D, Executive Management, and Operations departments today. The growing complexity of products and business models in tech companies, increasing reliance on analytics and BI in retail/wholesale to streamline supply chains and improve buying experiences are contributing factors to the increasing levels of BI adoption in these three departments. The following graphic compares BI’s level of adoption by function today.

  • Enterprises with the largest BI budgets this year are investing more heavily into dashboards, reporting, and data integration. Conversely, those with smaller budgets are placing a higher priority on open source-based big data projects, end-user data preparation, collaborative support for group-based decision-making, and enterprise planning. The following graphic provides insights into technologies and initiatives strategic to BI at an enterprise level by budget plans.

  • Marketing/Sales and Operations are using the greatest variety of BI tools today. The survey shows how conversant Operations professionals are with the BI tools in use throughout their departments. Every one of them knows how many and most likely which types of BI tools are deployed in their departments. Across all industries, Research & Development (R&D), Business Intelligence Competency Center (BICC), and IT respondents are most likely to report they have multiple tools in use.

How The Top 21% Of PAM-Mature Enterprises Are Thwarting Privileged Credential Breaches

  • Energy, Technology & Finance are the most mature industries when it comes to Privileged Access Management (PAM) adoption and uses, outscoring peer industries by a wide margin.
  • 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure exposed to hacking attempts, including unchallenged privileged access abuse.
  • 52% of organizations are using shared accounts for controlling privileged access, increasing the probability of privileged credential abuse.

These and many other fascinating insights are from the recently published Centrify 2019 Zero Trust Privilege Maturity Model Report created in partnership with Techvangelism. You can download a copy of the study here (PDF, 22 pp., no opt-in). Over 1,300 organizations participated in the survey from 11 industries with Technology, Finance, and Healthcare, comprising 50% of all organizations participating. Please see page 4 of the study for additional details regarding the methodology.

What makes this study noteworthy is that it’s the first of its kind to create a Zero Trust Privilege Maturity Model designed to help organizations better understand and define their ability to discover, protect, secure, manage, and provide privileged access. Also, this model can be used to help mature existing security implementations towards one that provides the greatest level of protection of identity, privileged access, and its use.

Key takeaways from the study include the following:

  • The top 21% of enterprises who excel at thwarting privileged credential breaches share a common set of attributes that differentiate them from their peers. Enterprises who most succeed at stopping security breaches have progressed beyond vault- and identity-centric techniques by hardening their environments through the use of centralized management of service and application accounts and enforcing host-based session, file, and process auditing. In short, the most secure organizations globally have reached a level of Privileged Access Management (PAM) maturity that reduces the probability of a breach successfully occurring due to privileged credential abuse.

  • Energy, Technology & Finance are the most mature industries adopting Privileged Access Management (PAM), outscoring peer industries by a wide margin. Government, Education, and Manufacturing are the industries most lagging in their adoption of Zero Trust Privilege (ZTP), making them the most vulnerable to breaches caused by privileged credential abuse. Education and Manufacturing are the most vulnerable industries of all, where it’s common for multiple manufacturing sites to use shared accounts for controlling privileged access. The study found shared accounts for controlling privileged access is commonplace, with 52% of all organizations reporting this occurring often. Presented below are the relative levels of Zero Trust Privilege Maturity by demographics, with the largest organizations having the most mature approaches to ZTP, which is expected given the size and scale of their IT and cybersecurity departments.

  • 51% of organizations do not control access to transformational technologies with privileged access, including modern attack surfaces such as cloud workloads (38%), Big Data projects (65%), and containers (50%). Artificial Intelligence (AI)/Bots and Internet of Things (IoT) are two of the most vulnerable threat surfaces according to the 1,300 organizations surveyed. Just 16% of organizations have implemented a ZTP strategy to protect their AI/Bots technologies, and just 25% have implemented them for IoT. The graphic below compares usage or plans by transformational technologies.

  • 58% of organizations aren’t using MFA for server login, and 25% have no plans for a password vault, two areas that are the first steps to defining a Privileged Access Management (PAM) strategy. Surprisingly, 26% do not use and do not plan to use MFA for server login, while approximately 32% do plan to use MFA for server logins. Organizations are missing out on opportunities to significantly harden their security posture by adopting password vaults and implementing MFA across all server logins. These two areas are essential for implementing a ZTP framework.

Conclusion

To minimize threats – both external and internal – Privileged Access Management needs to go beyond the fundamental gateway-based model and look to encompass host-enforced privileged access that addresses every means by which the organization leverages privileged credentials. With just 21% of organizations succeeding with mature Zero Trust Privilege deployments, 79% are vulnerable to privileged credential abuse-based breaches that are challenging to stop. Privileged credentials are the most trusted in an organization, allowing internal and external hackers the freedom to move throughout networks undetected. That’s why understanding where an organization is on the spectrum of ZTP maturity is so important, and why the findings from the Centrify and Techvangelism 2019 Zero Trust Privilege Maturity Model Report are worth noting and taking action on.

%d bloggers like this: