20th Edition of the Identity Jedi Newsletter

T-Mobile, SNAFU's, and Identity Orchestration.

Wednesday 1/25/22 - Identity Jedi Newsletter - Subscribe

Hey Jedi! Welcome to the 20th edition of the Identity Jedi Newsletter!

BIG THINGS are coming to the IDJ universe Jedi. I can't talk about all the things that are coming, but I will fill you in in the coming weeks. So definitely stay tuned, and of course, spread the word about the newsletter! Let's get everyone some T-shirts to start rocking them across social media!

FIRST ANNOUNCEMENT

The Identity Jedi is coming to a LinkedIn Course near you. That's right y'all. I'm happy to announce that I've been approved as a LinkedIn instructor and will be developing awesome content for learning identity on the LinkedIn platform. Now still a ways to go as I have to work with the team from LinkedIN to choose a topic and then get the contract signed, but that is underway as we speak! Or, as we read, write, not really sure how that saying works in the written format, but you get the point. Would love to hear from you? What courses would you want to see? Let me know!

SECOND ANNOUNCEMENT

The IDJ content is officially expanding it's content to include blogs. I'll be rolling out two types:

  1. Short educational blogs about different subjects in identity. I'll try to keep these under a 5-minute read.

  2. Longer deep-dive blogs on various topics of the industry. ( These will be for premium users only)

All content can be found on the IDJ website:

Let's Get to the Good Stuff

  • Cloud Governance...again..I'll explain a bit more.

  • Quantum Computing?

  • T-Mobile and API Security..or lack thereof

  • Orchestration is the new hotness ( 26 Million!!!)

Quantum Computing a reality?

QuSecure, Inc., this week launched QuEverywhere, its most recent breakthrough in quantum-safe cryptography orchestration. QuEverywhere is the industry’s “first” quantum-safe orchestration solution protecting encrypted private data on any website or mobile application with quantum-resilient connections and sessions, all with no end-user installation required. Now, organizations can provide end-to-end protection for their customers’ sensitive information—right where they need it—with no additional work on the part of their users. While not specifically identity-related

T-Mobile's lack of API Security

Not a great start to 2023 for T-Mobile. The personal information of 37 million customers was accessed via an exposed API that wasn't secured. Here's the interesting quote from T-Mobile on the breach:

The company said the API abused in this security breach did not allow the attacker to gain access to affected customers' driver's licenses or other government ID numbers, social security numbers/tax IDs, passwords/PINs, payment card information (PCI) or other financial account info.

"Rather, the impacted API is only able to provide a limited set of customer account data, including name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features," T-Mobile said.

A limited set of customer account data, they said, and then rattles off 6 pieces of personal information that, put together, can lead to building a pretty decent synthetic identity. Now I'll give the representative the benefit of the doubt and say maybe the quote wasn't quite the way it was written. But if it was, it's this level of thinking around data protection that leads to this level of breaches.

Cloud Governance...again..I'll explain a bit more

Ok..soooo I messed up. In last week's newsletter, I forgot to write about the Cloud governance topic. Look, nobody's perfect. Thanks to Jake for hitting me up and letting me know about it. So this week I wrote up a nice blog post addressing some of the issues I see with cloud governance. I'll be coming back to this topic in the coming weeks to dive into detail about some solutions that are out there. In the meantime, enjoy!

Orchestration is the new hotness

Clearly, I'm in the wrong line of work...lol. Big news from the team over at Strata.io as they announce today a whopping 26 MIIIIIIILLLION dollar raise in Series B financing. You can check out the press release below, and also stay tuned as next week, we've got an IDJ exclusive interview with CEO Eric Olden as we talk about Strata and their place in the identity ecosystem. There may also be a chance for you to win a prize, only one way to find out, though. Premium subscribers, I've got something special for you in the JEDI Council this week!

Last Word

Identity has been siloed for too long. I would love 2023 to be the year that we take identity to the edge and work more with our security brothers and sisters. Just looking at the T-Mobile breach and the OWASP Top 10 for Web Application security and two of the 10 are identity-related, and I could probably argue another two more. We have the tools to stop these things from happening, we just aren't having the right conversations wit the right folks. Let's change that this year.

Until then

Be Kind to each other, Be Good to each other, Love each other.

-Identity Jedi

JEDI COUNCIL

Subscribe to Premium to read the rest.

Become a paying subscriber of Premium to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

A subscription gets you:

  • • Blogs
  • • Expert Interviews
  • • Expanded Commentary
  • • Early Access to Identity Show content

Reply

or to participate.