The 39th Edition of the Identity Jedi Newsletter

The journey from identity to security, Cloud Security Awards, who's the real identity security company

Wednesday 6/14/23 - Identity Jedi Newsletter - Subscribe

Hey Jedi welcome to the 39th edition of the Identity Jedi Newsletter! Summer is here, the days are getting warmer and the Denver Nuggets are NBA World Champions. đźŤľ đźŹ€ 

Apparently, there are cool things in Denver.

Now the countdown begins until football season!!

Got some good stuff this week! New podcast drops this week on the Identity Jedi Show ( link below), and a primer on privileged access management thanks to the good folks over at Integral Partners, and we’re going to talk about the tagline “Identity Security”….I got thoughts….

Quick plug for one of our sponsors, aaaand don’t forget to share the newsletter! We are skyrocketing towards another BIG month!

Sponsored By

Fast and Secure Cloud-Based Identity Auditing

No one WANTS to do User Access Reviews, but that doesn’t mean they have to be hard to do. So why not do them easier? If you’re looking for a different take on access reviews. Check out YouAttest. Tell them them the Identity Jedi sent you.

Let’s Get to the Good Stuff!

  • Perfect PAM Primer

  • The journey from identity to security

  • Cloud Security Awards

Perfect PAM Primer

Don’t you love literations? 🤓 As we continue to mature the identity industry into an active player in the security world, we can’t forget the fundamentals. In fact, we have to master them. It’s the basis for which we can build everything else. Just ask Nikola Jokic ( sorry, another basketball reference). This article from the folks over at Integral Partners does a fantastic job of breaking down the complexities of PAM, from the definition to the implementation to the nuances of this niche.

The Journey from Identity to Security

While researching this week’s newsletter and I saw the phrase “ Identity Security” A LOT. It’s the new shiny marketing buzzword. So much, in fact, everyone is clamoring to be “The Identity Security” company. But I question whether or not we ( the industry) have stopped to really consider what that means. ( Queue Ian Malcolm)

What does it mean to be an identity security company? What does it mean to be an identity security practitioner? Are we just slapping a label on something because we want to sell more things? ( Probably)

Don’t get me wrong; I’m all for the new labeling. I’ve always believed that identity is a central part of security. However, we haven’t treated it that way in practice. Is current identity personnel ready to be active in an organization’s defense? To date, most identity practitioners are either on the dev or administration sides. What does the process look like when they are now in the security “workflow”? We’ve talked about how having identity in the kill chain of security incidents will make it tougher for the “bad guys” to be successful, but what does that look like for identity practitioners? It’s more than catchphrases and technology. It’s a process…a journey….a way.

Agree? Disagree? Let me know

Cloud Security Awards

Ok, this was just interesting to me. Never heard of this organization, nor half of these companies, but hey doesn’t mean they aren’t legit. Buuuut I’ve got questions..lol.

Mostly where did this company come from and what are the criteria for some of these awards? Seems kinda pay to playish but….who knows

Besides that, though, I did find an interesting company among these. (Full disclosure I’ve yet to dig into each of these companies, I may come back in the following weeks a do a deeper dive on them). The specific company that won “Best IAM/SSO”.

Three guesses who the winner was….Ready…

Set….

GO!!!

Give up?

Ok, it was VEZA

An “Identity Security” company focusing on Privileged Access Monitoring, Access Reviews, and Authorization. ( According to their website)

Speaking my language so far…

The thing I find most interesting is their approach to understanding access. Specifically diving into the relationship of identity to resource and all the many pathways in between. ( Check out this video here showcasing their product view).

THIS is golden and very much on the path I think we should be on as an industry. The biggest gap with last-generation IAM tools is that they have no concept of what entitlements actually touch in an organization.

Kudos VEZA team, I see the vision. Not sure if that warrants the best IAM/SSO product. ( Their website mentions nothing about SSO) but I like the foundation.

 

RSA Conference Talk

The talks from RSA are live and floating around YouTube. Here is my now infamous and apparently controversial Web3 talk from RSA.

Enjoy!

Or hate, I guess.

Identity Jedi Show Podcast

The Last Word

Here are some updates on the progress of my book. First, thank you all for the love and support around the upcoming launch of the book ❣️ All of you continue to strengthen my faith in humanity. I received the sample copy this week, and I’m going through the final edits. The official release date will be June 19th, 2023. ( IYKYK).

If you would like a signed copy, you can order one at the link below.

DISCLAIMER: I will be making the bulk purchase order sometime next week for the signed copies, so if you order today expect delivery in about 3 weeks. 

Okay, now let’s talk about this Identity Security thing. Look I get it, vendors need to market their products. And the role of a good marketer is to create just that, a market. Not only create one, but prime one to be a fertile ground for vendors to sell their products. So when companies first started using the “Identity security” phrase, I was all for it. Because I believe it’s truly where we need to be, but slapping it on your company website does NOT make you an Identity Security company. Identity and Security is more than just products. It’s process, people, and a way of doing things. I think this is an opportunity for us ( the practitioners) to OWN and DEFINE this phrase. Educate our customers about what this actually means. You WILL NOT HAVE IDENTITY SECURITY by buying a product. I don’t care how many they sell you, and what new browser they build. ( Small shot fired….lol)

This is not a shot a marketers. I love you, keep doing your job. And your job is to be two or three years ahead of product. You paint the vision, and light the way. This is a call to action on the rest of the ecosystem. Integrators, Strategic Advisors, Thought Leaders. Now is the time to make sure the vision that these companies outline: 1) Is accurate. 2) Is obtainable. 3) Is explained.

Let’s do some good in the world Jedi.

Be Good to each other, Be Kind to each other, Love each other

-Identity Jedi

The JEDI COUNCIL

The Identity Secret Weapon

This morning, I had a great conversation with a fellow practitioner about what it takes to have a successful identity program.  In a nutshell, it boiled down to this

Subscribe to Premium to read the rest.

Become a paying subscriber of Premium to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

A subscription gets you:

  • • Blogs
  • • Expert Interviews
  • • Expanded Commentary
  • • Early Access to Identity Show content

Reply

or to participate.