Wilcox and Adams are speaking at the CSO Cybersecurity Awards & Conference, May 1113. Reserve your place.As a result, Adams says CISOs will increasingly need to adopt an identity-centric security architecture and there are several key tenets to consider.Build a strong foundation before layering on complexity. The instinct when modernizing an identity program, says Adams, is to reach for sophisticated tooling. Instead, his advice is to get the fundamentals in place, clean directories, enforced least privilege, and reliable offboarding processes.”Organizations that jump to continuous verification without establishing basic identity hygiene may find themselves building on an unstable foundation,” he says.Design for the new class of identities. When designing role models and access policies, the temptation is to mirror existing structures.”That often carries years of permission creep into a new architecture. Starting from least privilege rather than from legacy helps ensure users receive only the access required for their job functions,” he says. “It’s important to challenge ‘it’s always been done this way’ where appropriate.”Get your non-human identity inventory in order. Build a full inventory of non-human identities and include who is responsible for each identity, and what each one is authorized to do. Do this before any more agents are operating.”This is as much a governance challenge as a technology one,” he notes.Treat MFA as a starting point, not a destination. The identity roadmap needs to include phishing-resistant alternatives to SMS or push-based MFA. Least privilege, micro-segmentation, and continuous monitoring are part of the playbook.”Assume credentials may be compromised and architect accordingly,” Adams advises.
AI and the shifting security balance: Identity systems have long been targets for attack. But as identity becomes the primary control plane, the risk becomes more concentrated and requires a different approach.”I’d encourage every CISO to think deeply about the intersection of identity and AI,” says Adams, adding that systems need to be redesigned around the principle of intent instead of actual behavior to ensure agents operate within appropriate boundaries.”That requires behavioral monitoring and real-time access evaluation, capabilities many organizations are still building toward,” he notes. “That’s the work ahead.”Wilcox is ultimately optimistic that AI offers security practitioners more tools to combat malicious actors. If CISOs can get this right, it’s a way to level the playing field with the attackers in a way not previously available.”We’ve had this asymmetric playing field where they’ve had the advantage for as long as I can remember. Now we can use AI both strategically and tactically to improve our defenses,” he says.Agentic AI is rewriting the identity security playbook in real-time, and your peers are already adapting. Hear Dustin Wilcox, Michael Adams, Renee Guttmann, and other leading CISOs share what’s actually working at the CSO Cybersecurity Awards & Conference, May 1113. Secure your seat before it fills up.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4163365/what-cisos-need-to-get-right-as-identity-enters-the-agentic-era.html
