From a technology standpoint, as a society the world of business has gone through two distinct stages in the evolution of its information security focus. The first addressed network-based protection and preventive controls such as firewalls and anti-virus. The second looked at data-centric and detective controls such as encryption and intrusion/extrusion monitoring. As breaches continue to occur at a record pace, what is needed today is a new evolution, one that pushes towards individual-focused security through granular user monitoring and management as provided by solutions such as Identity and Access Management. While IAM isn't a new technology field, it is one whose time has come and CISOs need to begin investing in modern-day, lightweight, easy to implement IAM solutions now to stay ahead of the curve, and to reduce enterprise threats.