The 55th Edition of the Identity Jedi Newsletter

Let's talk cyber insurance, conferences and cybersecurity awareness month

Wednesday 10/4/23 - Identity Jedi Newsletter - Subscribe

Sponsored By

Bullet-proof your cloud IAM and ensure rapid recovery with Acsense.

Hey Jedi welcome to the 55th edition of the Identity Jedi Newsletter.

We are officially in October! Break out the pumpkin spice lattes! ( Or not, for all you non-coffee fans like me). It’s also Cybersecurity Awareness Month, and we kick off this month with a heavy conference schedule.

  • Oktane San Francisco Oct. 3-5

  • Identity Week, Washington DC, Oct 3-4

  • Navigate, Austin, TX, October 9-12

  • Authenticate, Carlsbad, Ca, October 16 -18.

  • Identity Jedi Podcast, Austin, Tx, October 11th. 😀 

I’ll be at Oktane and Navigate this year, so if you’re in the area, let’s try and connect!

Let’s Get to the Good Stuff!

  • Cyber Insurance: What’s the deal?

  • Unleashing Identity Data

Let’s talk about insurance.

Five years ago, I decided to get my life insurance license. I saw how much of a valuable tool it was to one’s financial portfolio, especially for lower-income families. I was conflicted because at my core I’m against insurance companies. Well, not the companies themselves, just the fact that i think it’s inherently wrong to monetize a service or product that deals with the well-being of people’s lives. At some point you’re going to be given a choice. Protect the bottom line or a life.

Yeah..deep right.

Well, let’s look at cyber insurance. Not quite the same level of gravity in the choices, but the premise is s the same. A company want’s to shift the risk of a cyber incident to another company. ( That’s the basis of any insurance). But with cyber attacks seemingly happening all the time it makes it hard for a insurance company to calculate the level of risk they are willing to take on. And in the world of insurance, not calculating risk is just as bad as having high risk.

So what’s an insurance company to do? Raise the premiums. And also raise the standard for obtaining the policy itself. After all a win for the insurance company is a business pays the premiums, and they ( the insurance company) never pay out a claim.

The result is companies are put through a rigorous process in order to get and maintain their policy. A majority of the steps they take are the steps they SHOULD be taking anyway.

But how do we measure risk in this regard? Really how do we measure risk in any regard, but I digress.

We’ve never been able to break it down to simple equation of Do this, stop that. If you implement a PAM solution and proper process you reduce your risk of a breach to 23%. (If I’m wrong on this please share! I’d love to see this).

That’s because it’s not one thing, or two things, or N things that you can do to reduce risk. It’s N things, plus X process, times Y shit changes every day. So, as insurance companies seek to make sure they don’t pay, companies either spend more effort to get the policy or forgo the policy altogether.

This seems ripe for innovation and disruption. If someone could create a standardized assessment framework that assigns a level of risk to an organization, with controls and procedures that reduce levels of risk, insurance companies would be licking their chops, and so would consulting companies.

Food for thought.

Time to get nerdy

We’ve ignored the data problem in identity for far too long now. It’s not an easy problem to solve, but I think it’s one worth solving. It’s the key to automation. Application onboarding, role management, access certification, and access requests can be automated. Imagine the user experience the deployment times if these things are just done.

I’m not saying that Radiant Logic is doing these things, but I think what they are building will lead to the capability to accomplish some of this. Before we can fix anything with data, we have to be able to collect and analyze it, and that’s what Radiant is doing. Their Virtual Directory offering has been the hidden gem for a lot of identity deployments for decades.

But now they are looking to become a lot more than just a directory. Seems to me they are looking to become THE hub of identity information. But just raw data isn’t enough. You have to be able to refine the data, and you’ll need more than just typical application connection data. ( User and object schemas.) You’ll need audit and activity data, and then tools to refine and correlate that data to drive actions.

Keep an eye out for this crew, they might be on to something.

Shared Responsibility

A word from our friends at Acsence

Let’s talk about the Shared Responsibility Model. (SRM) If you’re building architecture for cloud-based applications it’s a term you’re probably all too familiar with, and if not, its definitely something you should. Here’s a blog from our friends over at Acsense that breaks it down.

Identity Jedi Show Podcast

We are one week out! ( WHADD)

It’s going down in Austin, Texas. ( WHADD)

Open Bar, Special guests, and talking identity. ( WHADD)

LET’S GO!!!

The Last Word

Had a blast wrapping up recording my first-ever LinkedIn Course! The process has been eye-opening, and I’m excited for everyone to check it out. I am still waiting for some details to be finalized before I can announce the official title and date, but you will be the first to know!

I want to leave you with this: GO BE GREAT!

You need no one’s permission to be the best you that you can be. Think big, act small, kick-ass!

Be Good to each other, Be Kind to each other, Love each other

-Identity Jedi

What did you think of this weeks newsletter?

Login or Subscribe to participate in polls.

The JEDI COUNCIL

Embracing Automation in IAM: Breaking Through the Fear Barrier

Subscribe to Premium to read the rest.

Become a paying subscriber of Premium to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

A subscription gets you:

  • • Blogs
  • • Expert Interviews
  • • Expanded Commentary
  • • Early Access to Identity Show content

Reply

or to participate.