Andrew Harris

The world is evolving fast. The iPhone first came out in 2007, starting what many call the mobile device movement. The Chrome browser from Google was introduced in 2008, reigniting browser wars. Cloud service providers have emerged as one of the largest growing markets in technology, changing how developers meet the needs of their end users and how enterprises across the globe meet their business requirements. Data is no longer purely “on-premises,” requiring virtual private network (VPN) connections; end users expect to be productive anywhere at any time.

This just scratches the surface on major changes cybersecurity professionals have had to wrap their minds around. How do security experts react as fast as their business needs, without blindly trying to slow everyone down?

What I have found tremendously helpful is breaking things down into three major planes or buckets. They are:

• Data

• Identity

• Privileges

Understanding these three planes, at their fundamental level, we can define higher-level abstractions, including what others call the “control plane” and “access plane.” Unfortunately, there are three major flaws we see even experienced professionals make when facing challenges, preventing them from seeing the fundamental challenges: ...