The 28th Edition of the Identity Jedi Newsletter

Wednesday 3/22/23 - Identity Jedi Newsletter - Subscribe

Hey Jedi welcome to the 28th edition of the Identity Jedi Newsletter!

Ramadan Mubarak!!

If you know, you know.

Gartner IAM kicked off this week in wonderful Grapevine,TX ( Yes, that last part was sarcasm, lots of sarcasm) I was not in attendance this year due to budget constraints, as in mine. Travel is very different when you have to cover all the expenses..lol. Nevertheless, I’m vicariously living through all my friends there and will be looking to get a breakdown to you next week. Stay tuned

Don’t forget to refer a friend, co-worker, boss, neighbor, or Lyft driver to the Identity Jedi Newsletter. All are welcome 😀 

Let’s Get to the Good Stuff!

• Major moves from MajorKey

• Chat-GPT dangerous?

• Multi-cloud Madness

• Product Spotlight: Elevate Security

Major moves from MajorKey

MajorKey Technologies has announced a strategic pivot to focus on information security technology and services backed by The Acacia Group. This move builds upon their existing expertise in the identity management field and will involve expanding application, cloud, and data security capabilities with targeted acquisitions. The goal is to create one of America's largest and most capable information security businesses. MajorKey provides advisory, architectural, integration, and managed services covering identity and access management to public and private sector clients. It holds top tier partnerships with some of the world's leading identity and security innovators.

ChatGPT a threat to identity and access?

The article by Nancy Liu discusses the concerns surrounding the security risks posed by generative artificial intelligence (AI) solutions such as ChatGPT, with a particular focus on identity and access threats. Security experts warn of the potential privacy concerns, exposure of sensitive data, data misuse, phishing attacks, and natural language processing (NLP) bias that comes with using ChatGPT. From an attacker's standpoint, they can use ChatGPT to steal sensitive data, conduct phishing attacks, and access unauthorized information. Additionally, NLP systems can produce biased, discriminatory, or unfair results leading to identity verification and access control issues.

Multi-cloud madness

Multi-cloud governance is an emergent problem, with identity and authentication becoming increasingly crucial for any company’s cybersecurity strategy. Kevin Bocek, VP of Ecosystem and Community at Venafi discussed how identity in cloud-native environments is where it all starts because it establishes what is good or bad. Machine identity management forms the basis of a control plane to manage different cloud-native environments. We’ve said for years that identity sprawl is a major weakness in organizations, and it’s been a weakness in the industry’s ability to manage it. This feels a lot like how we started with PAM. We know we need to address it, but it doesn’t seem to make the priority list for organizations.

The Last Word

Two things, dear Jedi.

1) We need to have serious conversations about machine identity, and it’s management in today’s organizations. None of the big identity vendors ( Ping, Okta, SailPoint, Cyberark, etc) have good solutions for this. They talk about it and market it, but in reality, there’s not much there. (Happy to be wrong about this, I think the only vendor in this list that may have something real is CyberArk) Identity has moved past the concept of carbon-based lifeform. It’s anything or anyone that has network access to your organization. Period. We can’t expect to track these like we track employees and contractors. Machines are different in that their access patterns are both elastic and long-lasting. ( Perhaps that second one shouldn't be the case, but it is). I’ll dive deep into this in later editions, but the takeaway is that this is a gap in the current market that few are addressing. Both vendors and customers.

2) I’m coming up with a new term.

Operational Identity.

What does it mean? Finally, making IAM tools an active part of the cybersecurity fight. Instead of being a reporting or administration tool, it needs to be active in defending an organization’s assets. I’m not the only one that thinks this by the way. Oort, Authomize, IdentitySecurity, Axiom, Elevate all companies that are singing this tune of making identity tools look and feel a lot more like security tools. We’ve witnessed the birth of ITDR ( Identity Threat Detection and Response), and I bet we will continue to see more of this in the future.

Lastly, a quick word of appreciation to you Jedi. I would not have imagined that this newsletter would grow to this size so quickly. I’ll be honest I thought it would be like 10 of you for the first year, lol. But here we are, 300 strong and growing, and it means the world to me that you are here. From the bottom of my heart. Thank You!

Be Good to each other, Be Kind to each other ,Love each other

-Identity Jedi

The JEDI COUNCIL

Making Identity a part of Security

Earlier I coined the term Operational Identity. Now because there’s never anything new under the sun, I’m pretty sure someone, somewhere has used that term before, but much like the founders of this country, I’m just going to stake claim to, because I can.

Last week I spoke of a revolution, and this Jedi is apart of that revolution

Subscribe to Premium to read the rest.