On February 19th, 2024, identity security experts gathered at Terra in Petaling Jaya, Malaysia, to share insights with cybersecurity professionals from various Malaysian businesses. The event aimed to enhance their proficiency in safeguarding online identities in a dynamic digital landscape. Terra's stylish and contemporary ambience, reminiscent of Malaysia's coastal beaches, provided a relaxed and welcoming environment conducive to learning and collaboration.

The relaxing Terra. Eat. Explore. Escape event space at Petaling Jaya, Malaysia

The Identity Day event, supported by SailPoint, commenced with a compelling keynote address delivered by Mohd Zabri Adil Talib, the Head of Cybersecurity Responsive Services at CyberSecurity Malaysia. In his address, Mohd Zabri underscored Malaysia's bold trajectory toward digital transformation, aspiring to emerge as the "Asian Tiger" of the digital economy. His words resonated deeply, emphasising the urgency and significance of fortifying cybersecurity frameworks in tandem with Malaysia's ambitious digital endeavours.

Ts Mohd Zabri Adil Talib, Head of Cybersecurity Responsive Services, CyberSecurity Malaysia

From the MyDigital initiative propelling businesses into the online realm to the PADU Digital ID streamlining daily life, the overarching vision remains clear: Malaysia steadfastly thrives on innovation and technology. However, amidst this exhilarating ascent, one pivotal aspect demands unwavering attention: Cybersecurity.

As the digital economy emerges as a pivotal economic resource, the spectre of vulnerability looms large.

Transitioning to the digital realm amplifies preexisting threats, with cybercriminals inflicting losses exceeding RM1 billion in 2023 alone, a staggering surge from RM771.1 million the preceding year. As the stakes soar, the proliferation of cyber threats experiences a concurrent spike.

In this landscape, identity security assumes paramount importance. Mohd Zabri aptly underscored this point during his inaugural keynote speech, emphasising that "Security must be prioritised from the outset."
“Whether battling non-adversarial threats controlled by policies or adversarial attacks requiring proactive measures, robust identity security safeguards are essential,” he continued.

Initiatives like PADU, while streamlining access, rely heavily on secure user authentication. Similarly, the AI untuk Rakyat initiative, aimed at empowering citizens, hinges on secure access to AI tools. In essence, every step in Malaysia's digital transformation rests on a foundation of robust identity security.

“This journey requires collective action,” said Mohd Zabri. “Each and every one of the Malaysian citizens must be part of this journey. Businesses must implement strong identity management practices, individuals must exercise caution online, and the government must continue its commitment to cybersecurity awareness and infrastructure.”

The Need for Next-Gen Identity Security

With Malaysia charging towards its ambition of being the "Asian Tiger" within the not-so-distant digital future, Chern-Yue Boey, Senior Vice President, APAC, at SailPoint, delivered a stark but important message in his keynote: No matter how strong your walls are, security breaches are inevitable. The rapid digital transformation fuelled by the pandemic, alongside the rise of AI-powered attacks, demands a new approach: Next-generation identity security.

Chern-Yue Boey, Senior Vice President, APAC, SailPoint

Boey highlighted the soaring cybercrime costs and the critical role of identity security in Malaysia's digital journey. He emphasises that hackers are increasingly leveraging AI, just like businesses, to target vulnerabilities and exploit privileged access.

One quote from Boey really caught the attention of the attendees. He said, "Hackers don't break in, they log in." This clearly shows that rather than wasting time on building hacking codes, these threat actors simply exploit weak credentials or misuse legitimate access, further highlighting the critical need for robust identity governance and access management.

Boey mentioned that SailPoint surveyed several identity security decision-makers across the globe to clearly define the core capabilities across five distinct horizons of identity security. 

There’s a lot to dig into here but we’ll touch on just a few of the bigger takeaways, hence, we urge you to read the report in full. The data confirmed what SailPoint already largely believes:  The future of identity security will be shaped by ongoing technology shifts.

“To achieve the future vision of identity, companies we surveyed generally fall across 5 horizons of identity security,” Boey said. These are:

• At Horizon 1, the lowest maturity, companies lack the strategy and technology to enable digital identities. 

• Those at Horizon 2 have adopted some identity technology but still rely heavily on manual processes. 

• For organisations at Horizon 3, the identity program has become digitalised, scaled up, and adopted more widely across the company.  

• Those at Horizon 4 have automated at scale and use Artificial Intelligence (AI) to enable digital identities. 

• Horizon 5 is closest to the future of identity – serving as a critical control point in reducing cybersecurity risk and supporting businesses in next-gen technology innovation. 

“Interestingly, we learned that nearly half of companies fall into horizon 1, which means they’re behind on the identity journey leaving significant value to be gained on the table,” said Boey.

This is very alarming.

Terra's relaxing beach theme extends to the entire venue

An Echo for AI-Driven Identity Security

The Malaysian financial landscape is also hurtling towards a digital future. While this rapid evolution unlocks immense potential, it also throws open a critical security door: Cybercriminals are wielding increasingly sophisticated AI-powered tools to exploit vulnerabilities in our digital identities. Traditional security measures, once sturdy fortresses, are crumbling under this relentless assault.

Two enlightening fireside chats held during Identity Day provided invaluable insights. PayNet, the national payment network, and GXS Bank, a leading regional digital bank, shared their journeys towards securing their digital identities. Their experiences paint a clear picture: Traditional approaches are no longer enough.

For GXS Bank, identity security is not just a technical hurdle; it's the cornerstone of trust, compliance, and data governance. They tackled this challenge by implementing an Identity and Access Management (IAM) program, automating access provisioning and certification. This resulted in a streamlined Identity Access Governance (IAG) platform, reduced access risks, and improved efficiency.

Joo Wee Teo, Head of Identity and Access Management, GXS Bank

Joo Wee Teo, the Head of Identity and Access Management for GXS Bank, touched on the limitations of "basic automation. "He stressed that the true value lies in "deeply defining process automation integration" tailored to the organisation's unique risk profile. This highlights the need for solutions that go beyond pre-packaged tools and adapt to individual needs.

PayNet echoed the call for a more intelligent approach. They understand the critical need for robust cybersecurity and aim to "elevate cybersecurity capabilities" by streamlining solutions and simplifying processes. Meiling Mudin, Chief Information Security Officer at PayNet, pondered this endeavour with pertinent questions: "How do we simplify cybersecurity? How do we find the gaps? Do existing solutions truly address our needs?"

Meling Mudin, Chief Information Security Officer, PayNet

During both fireside chats, the two SailPoint customers identified a singular solution: Combating AI-related threats (and all other cyber threats) by turning their own tactics against them. Drawing an analogy to fighting fire with fire, they advocated for AI-driven identity security. Essentially, by harnessing AI's capacity to identify anomalies and execute tasks automatically while remaining vigilant against potential risks.

However, it's crucial to remember that AI is a tool, not a magic solution. Implementing and managing AI-powered security requires expertise and careful planning. Additionally, ethical considerations and potential biases in AI algorithms must be addressed to ensure responsible and secure implementation.

The Promise of Autonomous Identity

Autonomous identity, powered by AI and machine learning, offers a compelling alternative. This vision seeks to achieve continuous threat prediction, detection, and response, ultimately enhancing security posture and mitigating risks.

SailPoint's approach leverages AI and machine learning specifically tailored for identity data. As Ku explains, "We have actually gotten quite a few patterns in terms of machine learning and AI technologies specifically for the identity data network.” This allows for advanced anomaly detection and a deeper understanding of the complex relationships within identity data.

Chih-Feng Ku, Director of Solution Engineering APJ, SailPoint

The autonomous identity security process operates as a continuous cycle, encompassing application onboarding, ongoing monitoring, access modelling, and optimisation. This ensures constant vigilance and adaptability.

Key capabilities include:

• Discovering and maintaining roles: Automatically identifying and managing new roles, preventing overaccumulation and ensuring accuracy.

• Identifying outliers: Flagging high-risk users with unusual access patterns for further investigation.

• Actionable insights and recommendations: Providing practical suggestions for access certification, removal, or investigation.

• Recommending access requests: Intelligently suggesting access based on user roles, location, and business needs.

• Optimising utilisation and saving costs: Ensuring efficient software license usage by granting access to the right people.

• Converting data into information: Leveraging AI and machine learning to analyse vast amounts of identity data and generate actionable insights.

While increased security is a major perk, autonomous identity offers a treasure trove of additional benefits. Users can rejoice at faster access to essential resources, streamlining their workflows and boosting productivity.

Data-driven insights empower informed decision-making around access management, leading to smarter choices. And let's not forget the financial advantages: Optimised license utilisation and reduced manual effort translate directly to cost savings, putting a smile on any budget manager's face.

Attendees are able to relax on bean bag chairs during the event's break time

Invest in AI-Powered Identity Security Today

The current state of identity security needs AI to step in. Traditional, reactive solutions are just too slow and keep on struggling to be at pace with the ever-adapting threats, leaving organisations vulnerable to catastrophic breaches.

But here's the good news: Proactive solutions powered by AI and automation are available now.

Take, for instance, SailPoint Atlas and similar solutions. They meticulously analyse data to pinpoint risks and propose remedial actions, thereby liberating your team to concentrate on strategic initiatives. Embracing such a solution can amplify your effectiveness, culminating in a more secure and easily manageable environment. Furthermore, as your needs evolve, the right platform will seamlessly adapt and expand alongside your organisation.

Don't settle for reactive methods – invest in a future-proof solution that leverages the power of AI to ensure your organisation takes a confident leap into the digital world.