The 33rd Edition of the Identity Jedi Newsletter!

RSA EDITION!!!!

Author

David Lee
April 26, 2023

Wednesday 4/26/23 - Identity Jedi Newsletter - Subscribe

Hey Jedi welcome to the 33rd edition of the Identity Jedi Newsletter.

Sponsored by: 

Hence known as the RSA Edition, as I’m typing this LIVE from sunny ( sometimes) San Francisco as I kick off day two of the largest security conference in the world! Luckily for me, my session was on Day one, so now I can enjoy the rest of the conference. I’m looking forward to catching a couple of sessions, mostly networking and discussing the future of identity and security.

Don’t forget to share the newsletter to unlock your free stuff! Want some stickers? Hit the referral button. How about a mug? Hit the referral button. Your own Identity Jedi Notebook..I think you get the point..

Let’s Get to the Good Stuff!

  • Updates to the Zero Trust Maturity Model

  • Frictionless Access

  • NIST Release IAM Roadmap

Updates to the Zero Trust Maturity Model

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Zero-Trust Maturity Model, making it easier to launch zero-trust security capabilities across different organizations. This new model provides IT professionals and security experts with a deeper understanding of the implementation strategies, benefits, and potential risks associated with zero-trust architectures. Specifically, this update added an “Initial” phase to the maturity model, which consists of organizations just starting the automation of attribute assignment and configuration of lifecycles, policy decisions, etc. Hopefully this gives organizations a starting point to start to move to a ZT architecture

CISA updates zero trust maturity model to provide an easier launch

The Cybersecurity and Infrastructure Security Agency updated its Zero Trust Maturity Model to include a new stage that could make it easier for organizations to transition to a zero-trust architecture.

www.csoonline.com/article/3693250/cisa-updates-zero-trust-maturity-model-to-provide-an-easier-launch.html

New term who dis? ( Frictionless Access)

Because we don’t have enough buzzwords in this industry, we’ve decided to create another one. I agree with this one because friction doesn’t equal security. Most of the friction we’ve injected into the user journey can be automated. We just have to ask the right questions and challenge the status quo. Can we scale a user’s access based on activity behavior and profiling? Do we need to advanced authentication flows for every application a user interacts with? What’s the business reason for an application and the use case behind how the user interacts with it? In short, we need to understand our business and not be afraid to be creative.

Frictionless Access: The next buzzword and why it matters

Security pros have talked about reducing friction for several years, but now it’s more important than ever for practitioners to balance security with the business needs of users.

www.scmagazine.com/perspective/identity-and-access/frictionless-access-the-next-buzzword-and-why-it-matters

New Roadmap from NIST

Our friends at NIST dropped a draft version of their IAM roadmap and have opened it up for comments until June 1st. Full disclosure I haven’t had a chance to review the entire roadmap in detail ( 9 pages, so not a super long read), but I LOVED what I read in the Purpose, Scope, and Program Overview sections. This is a fantastic outline for anyone looking to give their IAM program clarity. I encourage you to check out the roadmap, leave comments if you have questions, and also compare it against your organization’s plan. I’m NOT SAYING that this document is the end-all-be-all perfect solution; I AM saying that it’s a good way to approach your program and make changes as needed for your organization

DRAFT - NIST Identity and Access Management Roadmap: Principles, Objectives, and Activities

www.nist.gov/system/files/documents/2023/04/24/NIST%20IAM%20Roadmap_FINAL_For%20Publicaiton_04212023.pdf

Making Assessments Great Again

Assessments don’t have to suck. Instead, they can be insightful and give you the clarity you need to get your IAM program on the right track. And dare I say it….they could even be fun.

GASP

I know. Can you believe that something that provides value to your organization can ALSO bring you a good time while doing it!?

It’s too good to be true?

Right?

Only one way to find out.

Hit the link; let’s talk about what we can do for you and your organization

Identity Intervention

Get real change for you identity and access management program

theidentityjedi.myclickfunnels.com/identity-intervention

Twitter's 2FA Policy Is a Call for Passkey Disruption

Overcoming the limitations of consumer MFA with a new flavor of passwordless.

www.darkreading.com/endpoint/twitter-s-2fa-policy-should-be-a-call-for-passkey-disruption

How to Prevent 2 Common Attacks on MFA

MFA isn't immune from the tug of war between attackers and defenders.

www.darkreading.com/endpoint/how-to-prevent-2-common-attacks-on-mfa

The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioral AI

As email attackers move to more targeted and sophisticated attacks, email security needs to understand the organization, not past attacks, to keep up with attacker innovation and stop novel threats on the first encounter.

www.darkreading.com/application-security/the-new-frontier-in-email-security-goodbye-gateways-hello-behavioral-ai

‎Identity at the Center: #209 - The Fusion of Identity and Cybersecurity with David Mahdi on Apple Podcasts

‎Show Identity at the Center, Ep #209 - The Fusion of Identity and Cybersecurity with David Mahdi - Apr 24, 2023

podcasts.apple.com/us/podcast/209-the-fusion-of-identity-and/id1471899975?i=1000610390763

‎Let's Talk About Digital Identity: Privacy by Design: The Road to ISO with Ann Cavoukian and Katryna Dow on Apple Podcasts

‎Show Let's Talk About Digital Identity, Ep Privacy by Design: The Road to ISO with Ann Cavoukian and Katryna Dow - Apr 19, 2023

podcasts.apple.com/us/podcast/privacy-by-design-the-road-to-iso-with-ann/id1470049409?i=1000609606327

The Last Word

Do we have gatekeepers in identity? Like seriously? Are we trying to have an elitist group of people who believe that only their opinions and way of thinking matter and define what this industry is? I sure as hell hope not. We are living right now, this very second in the age of revolutionary technology. Think about what we have right now. Cars that drive themselves, AI that passes Turing tests, immense processing power that we carry around with us like binkys. THIS IS NOT THE TIME to be closed-minded. THIS IS THE TIME to question EVERYTHING. Challenge every decision we’ve ever made and ask ourselves whether we can do this better. It’s the very reason we got into tech in the first place. The awe of things we could do with just a little imagination. Have we lost that?

I haven’t, and I don’t think I ever will. But the day I do is the day I step aside because it’s far too important a responsibility to mishandle. Our decisions and actions in these next two to three years will change an entire generation. And if our answers to questions are “It’s because we’ve always done it that way,” we’re fucked.

Wisdom is gained to guide and accelerate, not to reprimand and discourage.

Be Good to each other, Be Kind to each other, Love each other, DON’T GATEKEEP

-Identity Jedi

The JEDI COUNCIL

Web3 and Identity

So apparently, this Web3 thing is a pretty spicy topic. Lots of opinions and lots of feelings about what it means.

Subscribe to Premium to read the rest.

Become a paying subscriber of Premium to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

A subscription gets you:

  • • Blogs
  • • Expert Interviews
  • • Expanded Commentary
  • • Early Access to Identity Show content

Reply

or to participate.