Identity Jedi Newsletter - 9th Edition

Wednesday 11/2/22 - Identity Jedi Newsletter - Subscribe

Hey Jedi! Welcome to the 9th Edition of the Identity Jedi Newsletter. Here's a fun fact about the number nine:

A recent study found that the number nine is a hacker's favorite number. The study, which was conducted by cybersecurity firm McAfee, analyzed data from more than two million websites and found that websites with nine in the URL were twice as likely to be infected with malware as those without it. While this may seem like bad news for anyone with a website, there is a bright side: the more common numbers are even worse. The second most popular URL among hacked websites is six, followed by four and five.

I'll let you decide whether or not that tidbit of information is true, but for now, let's get to the good stuff!

One of the things I've enjoyed about the content creator life is the community of creators you get a chance to connect with. In browsing around the Beehiiv content creator community, I've come across some great content, so I figured I'd share.

First up is The Split: A good rundown of business and tech news, with a sprinkling of snark here and there. 

Next up is Thirdweb Weekly. Some good general information on Web3, which is becoming one of my favorite rabbit holes to do down. 

Alright, here's what we've got coming up in this weeks edition: 

• Passwordless..Hurray!

• Why MFA isn't enough

• There can only be one....

• 2022 Trends in Securing Digital Identities ( Yaaay,maths)

• Who does the identity team work for?

Let's get to it!

Don't forget about the referral program. I mean who passes up on free stuff?

What's happening this week

Passwordless for the win!

Santa Barbara-based password management company, Bitwarden just announced the results of their 2023 Password Decisions Survey. The survey, which polled 800 IT decision-makers across a wide range of industries, shows that passwordless technology is here to stay, with businesses enthusiastic about its perceived security benefits and improved user experience (UX). I LOOOVE numbers! ( Gonna be a theme for this newsletter). But especially ones that we can use to measure the effectiveness of what we do as practitioners. Some key features to highlight in this report:

• 29% of respondents say the use pen and paper to store passwords

• 10% of respondents never reuse a password

• 47% of respondents say that FIDO2 is an "important" aspect of their passwordless adoption

So what can we take away? 1) No matter how hard we try, people still write down passwords, and reuse passwords. ( Greaaaat). 2) Standards like FIDO2 help make the implementation of controls easier for organizations to adopt. Something we've always known, but good to see some numbers supporting that claim. I encourage you to check out the report, it's linked in the article below. The best part, it's not gated!

Wait, you mean I can't just deploy MFA and go home?

In this article, Co-Founder and CEO of Blastwave, Tom Sego shares some ideas on why multi-factor authentication might not be enough to combat cybercrime. Tom also discusses why he believes enterprises should implement ZTNA with phishing-resistant passwordless multi-factor authentication that removes human decisions from the authentication loop to protect against increasingly sophisticated, persistent threat actors. 

Look, we've said it a thousand times in this industry. Security is a multi-layered game. You have to have multiple controls working together to have the best defense. Additionally, you have to have the process in place for when those controls either don't work or for the edge cases. 

There can only be one..

Identity platform that handles all of your needs ( SSO, IGA, PAM). Sound like a pipe dream? Well it may not be for long. Look, clearly the author of this article is a little biased ( he does work for One Identity) but the principles behind the article aren't wrong. The need for a more tightly integrated set of IAM tools is growing. Where there is need, someone will supply the tool to meet it. Curious to hear your thoughts though?

2022 Trends in Digital Identities

Ok, this one is gated. ( Sorry), but again, some exciting trends in identity. Here's a screenshot of the executive summary 

Good Reads

Podcasts

Identity Jedi Show

The Identity Jedi Show has a new home!!! LinkedIN Live sucks. ( Sorry if you work for LinkedIn) So I moved the show to the Ebony Ascent Youtube channel. You can check out all the past episodes and Jedi Training's there. Enjoy!

Last Word

We say that identity is at the center of security.  But for a while, identity teams reported up through IT and rarely dealt with the security teams. Recently, I've seen a shift in this setup. More teams that I talk to are now reporting to the CISO's organization and have direct contact with their security peers and also direct responsibilities to the security goals for that year. I think this shift is a good one and should be duplicated at every organization for a couple of reasons:

1) Identity and security teams should be talking to each other. The process for securing user accounts and privileged accounts should be done from a security perspective. Also, the information that is housed within identity systems is beneficial to security organizations.

2) Identity encompasses every part of the organization. From HR to the business owners, to legal, compliance, etc. Having a broad-reaching organization like that within your security team broadens the reach and importance of security overall. Sometimes corporate politics matter. ( Eewww...yeah I said it)

Curious to know how y'all are structured. Let me know in the poll below: 

That's a wrap for this edition, folks!

 Be Kind to each other, Be Good to each other, Love each other.

-Identity Jedi