The 47th Edition of the Identity Jedi Newsletter

ConductorOne gets spicy, chasing shadows, and new blog posts

Wednesday 8/9/23 - Identity Jedi Newsletter - Subscribe

Hey Jedi welcome to the 47th edition of the Identity Jedi Newsletter! Coming live from…..

My house in Atlanta..because I decided to forgo Black Hat this year and instead attend the Black in Tech Conference.

Also, it’s hot as shit in Vegas, and I just didn’t wanna.

Also, we had a new edition to the Community Blogs this week. Shout to Jordan Burris from Socure for dropping this gem on us.

If you’re interesting in writing a blog for the community section, fill out this form, and let’s talk!

Don’t forget the to SHARE THE LOVE! Send that special person in your life the best thing they will read all week.

This NEWSLETTER!

Where all the identity nerds hang out

I often tell people that the Slack channel on IDpro is well worth the cost of admission. Come hang out and talk identity, connect with other passionate individuals, and be apart of a growing and pretty cool community, if I do say so myself.

Let’s Get to the Good Stuff!

  • Beyond Trust launches new Product

  • ConductorOne gets spicy

  • Shadow Access

BeyondTrust

It’s getting real in these IAM streets. I like this move from BeyondTrust, and integrated platform built around a PAM solution gives a distinct advantage of already being familiar with things like discovery, and light threat detection. It will be interesting to see how well the product works with others, and how well they work with modern architectures and cloud apps.

TLDR of the article:

BeyondTrust has released its Identity Security Insights solution, which aims to provide unparalleled levels of identity and access security. The solution offers a unified view of identities, accounts, and privileged access across multiple environments, with analytics and intelligence providing real-time visualization of potential threats and attack paths. Early adopters have been able to detect and remediate security risks quickly, such as unauthorized access to sensitive systems, over-privileged accounts, and undetectable vulnerabilities. The solution's key features include comprehensive identity and access visibility, identity threat detection, reduced identity attack surface, an integrated ecosystem, and a quick start with instant value.

ConductorOne Raises and takes some shots

Ok, so what I love about this is the following quote from the press release about ConductorOne’s raise.

The traditional IGA and PAM solutions have failed to adequately address the needs of modern organizations because they were not built for the cloud era. And there is slow time to value, clunky implementation, and poor user experiences across siloed products have made IT and security teams struggle to remain compliant and secure. Plus, IT teams are consumed with access request tickets and manual provisioning, while security teams deal with an increasing attack surface of standing permissions. The implementation of least privilege, considered a best practice, has remained out of reach without a modernized approach. ConductorOne has positioned itself as the solution to these challenges by guiding, automating, and orchestrating access controls to enforce least privilege.

I love it! Probably the closest thing we will see to trash talk in the corporate world..lol. But, being serious for a second. I don’t see the lie in anything they’ve written here. IF I'M BEING NICE, traditional IGA and PAM platforms were built ten years ago. And I can count on zero hands and fingers how many of them have rebuilt their entire stack from the ground up since then. How many companies had ONE cloud infrastructure setup ten years ago, let along the 6 or 7 they have today. The industry is definitely ripe for newcomers to come and and disrupt, but are they just building a better mousetrap or are they truly innovating?

Taking a look at their team and they are led by two former Okta employees. So, that would lead me to believe that they have core beliefs around:

  • Cloud first solutions

  • Making solutions simpler. ( Point and Click, first build and script)

  • Aggressive marketing

27 Million is no small number, and they have a good customer base. Could be a company to watch.

Stack Identity and the Shadow Access Report

Very interesting report coming from the folks over at Stack Identity. We had the term “Shadow IT”, and now I think we’ve renamed it “Shadow Access,” but marketing names aside, the stats coming from this report are chilling.

  • Only 4% of identities are human, while the remaining are non-human identities (automatically generated by APIs, cloud workloads, data stores, microservices, and other multi-cloud services)

  • 5% of identities in the cloud have admin permissions

  • 28% of policies in the cloud have some level of permission management

  • 75% of policies used in cloud environments include write permissions

The gist. Cloud accounts are overprivileged, and, a majority of the time, automated.

YIKES.

Gaslighting the Industry

TOMORROW! You don’t want to miss this webinar as I join Aidan Parisian, (FastPath) and Johanna Baum ( S3) and discuss the ins and outs of identity projects. Do they really need to take as long, is there better ways to approach them?

Will the 49ers start Brock Purdy over Trey Lance!?!?!

Only one way to get the answers.

Identity Jedi Show Podcast

NEW YOUTUBE CHANNEL!

The IdentityJedi is now it’s own Youtube channel and this Friday, I’m releasing my keynote from Identiverse. Subscribe, and don’t forget to hit the bell to get all the notifications of the AMAZING content coming to the new channel!

The Last Word

For those of you attending BlackHat/DefCon this week, I salute you. Enjoy, hydrate, and always bet on black. ( Ask Jeremy Rohrs)

I decided to attend a different conference this year, the Black is Tech Conference. One because it’s in my hometown of Atlanta, and driving is a lot cheaper than a flight, but also because I’m excited to connect and talk with other Black tech community members. I would have loved to have an event like this when I was first getting into tech; seeing this field get more and more diverse is beautiful. We still have a long way to go, like a LONG WAY. But we are getting there. The world isn’t all 1 and 0’s, in order to create solutions for all of us, we have to make sure that all of us are represented. Whether that’s cybersecurity or identity, it doesn’t matter. Technology connected us in ways we never imagined, lets make sure it keeps connecting us.

Be Good to each other, Be Kind to each other, Love each other

-Identity Jedi

What did you think of this weeks newsletter?

Login or Subscribe to participate in polls.

The JEDI COUNCIL

Back to the future?

Two very different but interesting trends I’ve seen lately. 1) New vendors are coming into the IAM space, offering bundled platforms with a heavy cloud focus. 2) Customers migrating from the cloud back to on-premises.

Subscribe to Premium to read the rest.

Become a paying subscriber of Premium to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

A subscription gets you:

  • • Blogs
  • • Expert Interviews
  • • Expanded Commentary
  • • Early Access to Identity Show content

Reply

or to participate.