- Identity Jedi Newsletter
- Posts
- The 48th Edition of the Identity Jedi Newsletter
The 48th Edition of the Identity Jedi Newsletter
Spicy Corner, 125 Miiiiillion Dollars, and dragons...yup...dragons
David Lee
August 16, 2023
Wednesday 8/16/23 - Identity Jedi Newsletter - Subscribe
Hey Jedi welcome to the 48th edition of the Identity Jedi Newsletter! Summer is dwindling down, kids are returning to school and somewhere, someone is dreaming of pumpkin spice. The smell of fresh cut grass, and the sound helmets and pads colliding.
Fall is coming.
Doesn’t quite have the same ominous tone as “Winter is coming” but I digress. We’ve hit the 600 subscriber mark and growing! Let’s keep this party going! Share the love, contribute to the blog section, let’s take this thing TO THE MOOOOONNN!!!
 | Where all the cool Identity Nerds Hang Out.So many good conversations in the IDPro slack channel. The only thing that’s missing IS YOU! Sign up today, and come join in on the conversations. |
Let’s Get to the Good Stuff!
CISA Guidelines
VEZA 125 Million Dollar Baby
SPICY CORNER
CISA Guidelines and SCUBA
Ok so the Cybersecurity and Infrastrcuture Security Agency ( CISA ) is finalizing a set of guidelines known as the Secure Cloud User Baseline Assemement ( SCuBA)….oh the acronyms.
The gist: So managing identity and security in the cloud is a tad bit different than on-prem and we maybe, kinda, wanna put some guidelines out of exactly how to do that. I like this for one reason: Regulations,standards, etc drive behavior.
CISA has already published some resources on their way to finalizing SCuBa - A Microsft 365 Baseline Assesment Tool , The SCUBA Technical Reference Architecture ( ← that’s a PDF Doc Link BTW)
Maybe..just maybe we are starting to figure this thing out.
VEZA gett 125 Million
Veza announces strategic investments from Capital One Ventures and Service Now Ventrues raising their total financing to 125 MIIILLION Dollars.
(That sound you heard was me typing to see if they are hiring…)
This all feels a little weird for me considering just a couple of months ago I had never heard of Veza, and now it seems like I seem them mentioned everywhere. It’s like the weird car phenomena where you never see a certain car on the streets unitl you decide to get one.
I digress.
What fascinates me about Veza is their use of graphs and relationships. Understanding the how and why someone has access goes a long way in applying proper controls, and it’s something that vendors just haven’t gotten into unitl recently.
What I found most interesting thought is this statement:
“Veza is designed to give organizations insight into who has access to what and why,” said Jaidev Shergill, managing partner, Capital One Ventures. “Governance policies and right-sized authorizations are fundamental as enterprises shift to the cloud. Veza’s Authorization Graph pulls from a range of deep integrations for a more complete access picture and shows early evidence that it can scale.”
Here’s what I pick up from that. A more complete access picture. For DECADES we’ve been giving customers an incomplete picture of access. Why? How? We didn’t give enough clarity into WHAT the entitlements where actually giving access to. Or how the entitlments granted that access. Said more succinctly.
Context.
We were not giving customers context in to what access really meant. That’s changing, and its about damn time.
Congrats to the team at Veza, now can they keep it up?
🌶️ SPICY CORNER 🌶️
WELCOME TO SPICY CORNER
Where we list and grade the spiciest commentary from around the world of identity security.
Disclaimer: The following section is just hilarious to me. I advocate for no particular company, I just like seeing the petty and the spicy.
“CIOs and CISOs are struggling with traditional and legacy tools like IAM, IGA and PAM that have not kept pace with the modern era of multi-identity, multi-cloud, and hybrid cloud
Unlike legacy identity solutions that use a relational architecture, Veza's unique approach to identity security leverages a revolutionary graph-based architecture, the Veza Authorization Graph. By creating a normalized data model for identities to access permissions to any system, Veza provides a 360-degree view of access across an organization. This enables customers to address key business challenges such as identity governance (IGA), privilege access monitoring, cloud access management, data lake governance, and SaaS access security.
This next piece is an ENTIRE page dedicated to one company. This is just a whole different level of petty…. I love it! But wait it’s get’s better. Check out the query links that you can add to get to certain sections of the page:
Don’t Compromise Get Sayvint
Sayvint is Better
Who knew it was getting so SPICY in these IAM internet streets! Look while this is all in good fun, the reality is the tides are shifting, evolution is coming and everyone is on notice. I’m just waiting for the Apple vs PC like Youtube shorts.
Please let this happen!!
NEW COMMUNITY BLOG POST!!
Big shout to new guest author Michelle Fallon of PlainID. Thanks for adding to the community!
Identity Jedi Show Podcast
 |  |
The Last Word
Let’s be real for a second. Everything in technology changes. As soon as you build an application, your architecture is most likely outdated by the time you hit commit. So the pure fact is that if an identity company is over ten years old, the tech stack they are building on is at least 12 years old. Maybe, maybe they’ve rearchitected, but most likely, they haven’t Tech debt is a real thing, and it’s rare that a company actually spends the investment to fix it. So what happens when you combine old technology, industry leaders, and new modern companies?
DISRUPTION
The identity world is in for a massive shakeup, and it’s coming quicker than you think.
In the wise words of Samuel L. Jackson
Be Good to each other, Be Kind to each other, Love each other
-Identity Jedi
What did you think of this weeks newsletter? |
Reply