Interview with Director of Information Security at Royal Caribbean Cruises: Adopting an Identity Centric Approach to Security

In preparation for the SINC Southeast IT Leaders Forum taking place on February 3 – 5 at Amelia Island, FL, we caught up with Prentis Brooks, Director of Information Security at Royal Caribbean Cruises and speaker at the event to discuss adopting an identity centric approach to security and gain some insight in to his scheduled presentation on the topic. 

At the SINC Southeast IT Leaders Forum, you will be hosting a session around adopting an identity centric approach to security. Why is this an important layer in an organization’s line of defense?

At its core, security is the application of trust. From our earliest days, trust is based on our experience and knowledge of someone or something, or to put it another way, our understanding of their identity. Similarly, as we now live in a world where physical presence is no longer required for interaction, our ability to trust in one’s identity is a challenge.  Technologies that provide some level of trust in identity are a critical layer to ensure that authorization is granted to those intended.

What are some of the common mistakes organizations make when attempting to implement this approach and how can they be avoided?

The biggest mistake made is conferring more trust in technology than is appropriate. Virtually every technological means of validating identity can be circumvented with the right level of skill and incentive. The goal of security controls is to raise the requirement of skills to circumvent greater than the incentive. Understanding this and recognizing that risk still exists is key to avoiding this pitfall.  Similarly, many deploy the technology without addressing the underlying processes. Technology provides great automation and routine control, but without integration with a properly defined process, it fails. Focusing on the business processes first and foremost allows organizations to avoid this mistake.

What advice would you give to business and IT leaders as they embark on this journey?

Don’t rush. Be purposeful and methodical. Take the time to truly evaluate your business and associated processes. Focus first on people and process, then implement the right technologies to automate and enhance those processes and support your people.

How do you see the IAM space evolving in the near future?

I anticipate that we will continue to see improvements in authentication and identity validation technologies with integrations in cryptography technologies to provide trusted validators. This will minimize the number of times a user must validate who they say they are. These improvements will allow users greater efficiency and provide a higher level of trust in the core infrastructure so that our user base will have greater access to what they need to perform their work from a greater range of locations.

Following your session at the SINC Southeast IT Leaders Forum, what do you ultimately want the participants to take away with them?

I hope participants will take away an optimistic perspective of how the future will allow for a more mobile workforce, providing greater work/life balance and allow for attracting talent from greater distances. Along with that, I hope that they also take away the knowledge that their ability to benefit from these technologies will require greater understanding of their own business and how their people create success within their markets.Prentis Brooks will be speaking at the forthcoming SINC IT Leaders Forum taking place on February 3 – 5 at Amelia Island, FL. For information on the event and details on how to participate go to https://sincusa.com/events/secio2019/