The 29th Edition the Identity Jedi Newsletter

Living like it's golden, IAM market heating up, hungover writing is the best

Wednesday, 3/29/23 - Identity Jedi Newsletter - Subscribe

Hey Jedi welcome to the 29th (GOLDEN) edition of the Identity Jedi Newsletter!

The 29th Edition on the 29th day of March. The day after the greatest day in US History. I mean, it can’t get much better than this!

My apologies to for the late edition today, but I did warn you. Also this gives me a chance to include some news that is breaking today, so that’s always awesome!

Our question for world dominance continues Jedi! Our ranks are growing, and soon, we will fill conferences worldwide with Identity Jedi T-shirts and swag! You don’t want to miss out on this right Jedi. I don’t want you to have FOMO, so hit the link below, share the newsletter let’s get you some referrals, and get you free swag! The Identity Jedi Order is growing!

Events, Announcements, Speaking Gigs

RSA Conference - April 24-27th, San Francisco, CA, Moscone Center - Paving A Path to Identity First

Identiverse - May 29th - June 2nd, Las Vegas, NV ( Aria) - Web3 The Identity Prince That Was Promised. Discount Code: IDV23-SPKR25 ( expires 3/31)

Comments is now LIVE on the Newsletter! Like what you read? Disagree? Gotta a good joke? Drop it in the comments.

Let’s Get to the Good Stuff!

  • IAM Market Heating Up 🥇 

  • Let’s take a trip to the keys..not those keys 🥇 

  • Okta’s back in the news….(I’m sorry) 🥇 

🥇 IAM isn't cutting it 🥇 

I couldn’t have said it better myself. Actually, yes I could, and I have. But alas, we are not here to pontificate on the musings I have made. We are here to talk about the $10 Million dollars that Spera recently raised as seed funding for their IAM platform. But not your traditional IAM platform, no..the new hotness is all about ITDR. ( Identity Threat Detection and Response). In this last year alone, we’ve seen several entrants into this growing space. The message is clear; the current platforms aren’t enough. They are administration tools and not operational tools. I would say I told you so, but I mean, that’s just rubbing it in

Plus, it’s too early to tell how the market will react to this. What does customer growth look like? What are implementation timelines? What measurable impact will customers get from these tools? All questions I’m sure each of these companies feels they have answers too, we just need to seem them in action

🥇 Let’s take a trip to the keys 🥇 

Jedi! READ THIS LINKED ARTICLE!

Seriously, this article does a magnificent job of breaking down why proper IAM controls and usage of those controls are so important and has a direct impact on protecting resources.

This is a breakdown from a red teamer about how we went about gaining access to an AWS environment by hijacking AWS access keys.

For the past two years, I’ve had the idea of hosting an event similar to what’s outlined in the article to bridge security teams and identity teams. Might be time to dust off the mothballs on that one.

🥇 Guess who’s back…back again….Okta’s back..tell a friend.🥇 

I promise you I don’t have a vendetta against the good folks at Okta. ( Also, the title above is a reference to an Eminem song. I’ll leave you the exercise of googling to find out which one).

In keeping with the red teaming theme from the previous article, it’s a good look for identity teams to understand how attackers will try to compromise the system they use. In this case, users accidentally type their password into the username field. This can happen to any system to be 1000% fair to Okta. And as organizations look to use more systems and have centralized tools like SIEM products collecting logs, those logs can become a honeypot for would-be attackers to access credentials. The article addresses some ways to prevent this.

The more you know Jedi…

The Last Word

Writing while hungover sucks. Although I powered through it, because it’s Wednesday, it’s the newsletter, and it brings me joy to write about what’s happening in the identity world.

Let's pay attention to the ITDR landscape this year. This niche is the tip of the spear for how identity will evolve into its next iteration. Moving closer to security and having a more security-like feel isn’t a fluke; it’s necessary.

What comes with that is identity practitioners having an understanding of what the broader security landscape looks like. What does it take to investigate a security incident, defend against one, and recover from one? How can IAM systems play a bigger role in that? If you aren’t having these conversations with your identity team today, you 100% need to be. It’s not enough to just say “Hey we provisioned the access the right way”, if you're going say you’re apart of security, then it’s time to be a part of security.

Be Good to each other, Be Kind to each other, Love each other

-Identity Jedi

What did you think of this weeks newsletter?

Login or Subscribe to participate in polls.

The JEDI COUNCIL

The Secret

I will let you in on the MASSIVE secret experienced IAM professionals have kept from you. If you’re a customer, you’re going to be pissed; if you’re a vendor, you might be pissed; and if you’re an implementer, you will absolutely hate me, but nod your head.

Subscribe to Premium to read the rest.

Become a paying subscriber of Premium to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

A subscription gets you:

  • • Blogs
  • • Expert Interviews
  • • Expanded Commentary
  • • Early Access to Identity Show content

Reply

or to participate.