Identity Automation Blog

Stay up to date with all of the latest news and events.

In the first installment of our series on security and the CEO, we discussed the dangerous disconnect between the rosy view of security held by the C-suite and the much grimmer reality seen in the trenches of IT. Today, we’re going to talk about the consequences of executive overconfidence in your information security program.

When organizations start or plan to start a new IAM initiative, one of the first steps they take is some form of requirements gathering. The idea is that the requirements represent the functional and nonfunctional (IAM) needs of an organization. Then, typically through some form of procurement, the organization attempts find a solution/service/product(s) that best aligns with those requirements.


The goal of achieving compliance is to make sure that an organization is meeting minimum standards to protect sensitive data. In order to be compliant, a business needs only to meet the outlined requirements.

However, this does not mean that its systems and data are secure. Unfortunately, there are companies that treat compliance merely as a checkbox. Even when the minimum standards are met, data and accounts with elevated access are still vulnerable. Instead, achieving compliance should be viewed as the by-product of sound security practices. This starts with protecting the attacker’s most sought-after prize: privileged accounts with elevated access across the network.