The 75th Edition of the Identity Jedi Newsletter

WHAT’S HAPPENING THIS WEEK

Another week, another acquisition..

BeyondTrust jumps into the IGA game, and the Platform Wars continue. With this recent purchase of Entitle, BeyondTrust now stands to build out their version of an Identity Security platform. Combining Entitle’s CIEM, IGA ,and Just-In-TIme access features with BT’s Privileged Management capabilities and, once again, the potential is exciting.

BUT

They still have to deliver on this. Integrating products isn’t trivial, folks. Engineering teams, product teams, support teams, current customers, all these things have to be managed it takes time.

It’s going to be an exciting two years as now every major Identity company has transformed themselves into a platform play.

Let the games begin!

Bad day for Delinea

So Delinea had a day last week, and it’s not the type of day you want to have. The article below does a FANTASTIC job of breaking down the exploit that caused Delinea to have a SaaS outage.

But I want to talk about the bigger picture here. Every company has made acquisitions in the Identity space in the last year and a half. They are all in the throes of merging teams and technologies and attempting to deliver integrated use cases to their customers. With that, their product security groups have now doubled, if not tripled, the work they have on their plates ( That’s assuming they had product security groups in place..)

Becoming an “Identity Security” platform is now much more than a buzzword. It’s a significant shift in who you are as a company. You’re no longer just a tiny piece of security architecture. You are a central cog. Your attack surface just increased, and therefore, so did your customers.

It’s a brave new world for all of us in identity.

Let’s talk about Identity “Security.”

Gather round friends…grab your marshmallows, graham crackers, and chocolate. It’s fireside chat time..

Identity is changing. Fact. The consolidation of all these companies into building one platform means more than just integrated use cases. It also means integrated skill sets for the people who make them and the people who use them.

Let’s start with the people that use them. Identity has slowly been moving its way out of the IT department and into the security purview. Becoming less about tickets and more about creating services and processes around identity. Identity project leaders have had to learn how to show business value and how to deliver that value consistently. All while trying to train, ad then retain talent and keep ahead of the identity sprawl. “One platform to rule them all” does add some value to those users. They have one place to implement their functionality, one platform to learn and train on, and should allow customers to deliver integrated functionality faster.

HOWEVER

What’s also coming with this “Security” movement is the responsibility not just to provision and govern access but to actually defend it. 90% of the time identity is involved in a breach. Yes, exploits are how they get in, but once they are in: lateral movement or privileged escalation is what they do next. Being able to detect and respond to identity events is a natural extension for IAM products and teams. But it also means responsibility and work that has never been asked of identity teams before, and most of them have more than enough on their plate today.

But, I think it’s necessary. It’s time for us to get in the fight.

Now for those that MAKE the platforms. You are can no longer hide behind the shield of “Best of breed”. You are building THE platform where organizations will manage and maintain their access. It will become the ultimate kings to the kingdom play, and the bade guys will be looking for every single exploit they can. If you aren’t investing in product security now, you’d better start soon.

Brave New World, folks.