Rex Booth is the Chief Information Security Officer at SailPoint. His leadership in Congress continues to mold identity security into the connective tissue within today’s dynamic digital ecosystem. He focuses on operational technology (OT) and the IoT. His mission is to protect the devices attached to these now invisible systems. As organizations continue to face more sophisticated threats, Booth’s predictions offer important foresight into the trajectory of identity management and security.
Booth is quick to say that strong security practices are essential as businesses and organizations continue to adopt IoT devices and OT systems. Harnessing these technologies to improve operational efficiencies brings in major vulnerabilities that need to be addressed as a priority. His background and knowledge are especially timely, as the security landscape is changing quickly, thanks to new technologies and threats.
Trends in Identity Security
His work at SailPoint is focused on making organizations ready for a future where identity security is the priority. In fact, he’s committed to developing granular, zero-trust policies. Together, these controls userly prevent unauthorized devices from getting in and sending commands on behalf of the organization’s network. This forward-looking strategy is intended to counter risks from an ever-growing attack surface.
Perhaps the biggest trend underscored by Booth is the increasing sophistication of cyber threats, especially the advent of savvy deepfakes. He worries that these new technologies may make old biometric indicators no longer useful, making it much harder to verify identities. This change requires a complete reconsideration of security measures we have in place, to make sure they can hold up to this type of challenge.
Booth is expecting a major change in how we secure identity by 2026. Nothing would propel this change more than the removal of passwords we all know is coming. He’s convinced companies will soon begin implementing AI-driven identity governance and administration (IGA) systems in droves. By then, these systems should be the norm. These innovations will make it easier to verify someone’s identity and improve security overall.
The Quantum Computing Threat
Along with responding to today’s challenges, Booth understands the risks that future technology, especially quantum computing, will present. Other systems that are heavily relied on could just as easily be compromised, he cautions. In particular, RSA and elliptic curve cryptography (ECC) are extremely susceptible to this threat. This emerging existential threat poses a significant and direct risk to identity security — particularly for federal, state, and local governments, non-governmental organizations, and critical infrastructure entities.
Booth anticipates a continuation of movement toward post-quantum cryptography (PQC), which protects sensitive data from potential quantum attacks. Those predictions are indicative of an industry beginning to understand the risks associated with legacy forms of encryption. Consequently, they’ll be champions for and much more quickly implement PQC solutions! This collaborative effort will serve as a critical first step in taking a proactive approach to strengthening identity systems against future threats.
The possibility of “harvest now, decrypt later” attacks are another area of concern for Booth. Unfortunately, he anticipates that malicious actors will begin hoovering up data in encrypted form today. Their hope is to use this data when quantum computing starts to become more widely available. This foresight underscores the urgency for organizations to begin implementing PQC measures to ensure their data remains secure in an uncertain future.
Preparing for the Future
In his new role as Executive Chairman at SailPoint, Booth provides key perspective on how to chart a course through the changing identity security landscape. His leadership at the intersection of identity security and emerging technologies is equipping organizations to meet the future with greater resilience. Booth aims at the prevailing wind and incoming storm. Their mission is to help organizations develop effective security models that anticipate and adapt to shifting realities.
As public and private organizations take strides toward the future, Booth’s focus on zero-trust architectures will remain pivotal to developing identity management best practices. By using device and user authentication to verify their identity before allowing access, organizations can tighten their risk surface considerably. This approach will be important going forward, as the digital online landscape continues to grow.