The 80th Edition of the Identity Jedi Newsletter

Non-Human Identity is a thing, Healthcare and Cybersecurity, and Identity Jedi University

Author

David Lee
June 19, 2024

In partnership with

Scale your GRC program with Automation and AI

Spending hours gathering evidence, tracking risk, and answering security questionnaires? Move away from manual work by automating key GRC program needs with Vanta.

  • Automate evidence collection across 21+ frameworks including SOC 2 and ISO 27001 with continuous monitoring

  • Centralize risk and report on program impact to internal teams

  • Create your own Trust Center to proactively manage buyer needs

  • Leverage AI to answer security questionnaires faster

Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to build trust and prove security in real time. Connect with a team member to learn more.

Hey Jedi welcome to the 80th edition of the Identity Jedi Newsletter! Wow, big number 80, and we are zooming right along! Once again, a big shoutout to Vanta for sponsoring this week’s newsletter edition; we love their partnership! Be sure to check them out!

This week’s edition includes a word about Non-Human Identity, the state of cybersecurity in Healthcare, and some IDJ University updates. In a shocking twist, no one bought a company this week…lol

This week's edition

Still have a long way to go..

Every company is a tech company, and every company has to manage cybersecurity. Tis the way of the world.

TL;DR: The GAO made 1,610 in 2010, 567 remain unimplemented.

Yup, that sounds about right.

Urgent Action Required to Address Cybersecurity Challenges - HS Today

A new report by the Government Accountability Office (GAO) details the urgent action needed to address the critical cybersecurity challenges facing the nation.

www.hstoday.us/subject-matter-areas/cybersecurity/gao-urgent-action-required-to-address-critical-cybersecurity-challenges-facing-u-s

Healthcare needs a band-aid and a bourbon.

An eye-opening look at the state of cybersecurity in healthcare. More on this later..

Healthcare Cybersecurity: Preventing Data Breaches

Healthcare organizations find themselves today at the forefront of a disturbing trend: a seemingly unending onslaught of data breaches. These nefarious incidents, far from being isolated occurrences, have emerged as a persistent and pervasive threat, one that demands immediate and comprehensive action to safeguard patient privacy and operational integrity. Understanding the Magnitude of Healthcare Data

securityboulevard.com/2024/06/healthcare-cybersecurity-preventing-data-breaches

These ARE the droids you are looking for..


Here's a fun fact, albeit a bit terrifying: 83 percent of web traffic is generated via APIs. Yes, you read that right—83%. This statistic highlights a significant shift in how the web operates and underscores the growing influence of APIs in our digital world. What does this mean for us? Essentially, just about everything you see as web traffic is conducted through APIs. And here's another startling revelation: it's not humans generating this traffic. Instead, non-human accounts are the primary contributors. These non-human accounts aren't just passive data collectors. They're actively connecting to other apps and services, exchanging data at an unprecedented rate. Many of these connections are facilitated by long-lasting tokens—some created years ago—that remain active and continuously connecting.

If you think non-human identities aren't an issue for your organization, think again. This phenomenon is one of the next significant challenges we must tackle as both identity practitioners and security professionals. We need to devise strategies to manage and govern these non-human entities effectively.Historically, identity and security measures were centered around human users. However, with non-human accounts now dominating web traffic, we must expand these practices. The same identity and security protocols we’ve applied to human accounts must now encompass all entities in our digital ecosystems.


The sheer volume of API-generated web traffic underscores the need for a paradigm shift in how we handle digital identities and security. As we move forward, addressing these challenges will be crucial in maintaining the integrity and security of our digital infrastructure.

Let's not treat this like we did privileged access management and sweep it under the rug. This problem moves too fast, and the scale will be too big before you know it.

PURCELL: Beware increasingly sophisticated cybersecurity scams

Here’s a story that is growing bigger by the day: Cyber scams are on the rise.

www.dailycitizen.news/opinion/columns/purcell-beware-increasingly-sophisticated-cybersecurity-scams/article_00aa93cc-2cb4-11ef-b171-1349bb2d45ab.html

How to Secure Against Access Management’s Biggest Risks

Legacy security tools struggle with today's work environment, but Extended Access Management secures both approved and unauthorized devices and applications

www.infosecurity-magazine.com/blogs/how-to-secure-access-managements

Risky Business #753 – Congress and vuln researchers maul Microsoft

Listen to this episode from Risky Business on Spotify. On this week’s retreat special, the entire Risky Business team is together in a tropical paradise for the first time. The team takes a break from the infinity pool to discuss the week’s security news: Microsoft recalls Recall, but why did it have to be such a mess And a Windows kernel wifi code-exec, really? Passkeys and identity are hard Scattered Spider bigwig arrested in Spain The pentagon runs a deeply flawed info-op Is it time E2E crypto nerds accept their place in the world? And much, much more. This week’s show is brought to you by Corelight… Corelight’s CEO Brian Dye will be along in this week’s sponsor interview to make a really compelling case for something that shouldn’t exist… which is NDR in cloud environments.

open.spotify.com/episode/2iXEE9wfUqleTH3Ogi0raQ?si=b79d17bf96c84b1b

#290 - Digital Trust with Joni Brennan of DIACC

Listen to this episode from Identity at the Center on Spotify. In this engaging episode of the Identity at the Center podcast, hosts Jim McDonald and Jeff Steadman sit down with special guest Joni Brennan, President at the Digital ID and Authentication Council of Canada (DIACC). They dive deep into the intricacies of digital wallets, the evolving landscape of digital identity, and the importance of choice and trust in identity solutions. Joni shares her insights from the European Identity & Cloud Conference (EIC) and discusses the significance of the Pan-Canadian Trust Framework in de-risking digital identity adoption. The conversation covers a wide range of topics, including the challenges of standardizing digital wallets, the role of certification in building trust, and the importance of user choice in identity solutions. Joni also provides a fascinating look into her career journey and the evolution of identity standards from the days of the Liberty Alliance to the present.

open.spotify.com/episode/40ckH1UVbGd8YYBpfP0zdZ?si=2e2d3c4854a14a91

Identity Jedi Show Podcast

The Last Word

I’m concerned about our Healthcare system for various reasons, but in this specific instance, when it comes to cybersecurity. Some “fun” stats to consider:

  • 74% of ransomware attacks are targeted at hospitals

  • 88% of healthcare workers reportedly open phishing emails.

  • Less than 6% of the budget in healthcare organizations goes towards cybersecurity.

Ok so what do we do here? I know Healthcare, much like HigherEd, is its own beast when it comes to implementing things. But we have to look seriously at this and find ways to help them improve. Better open-source tools with easier implementation? With all the advancements we’ve been making with new tools in Identity, could we not open-source some of these? Food for thought, but we should talk about this more.

Identity Jedi University ( Beta)

Ok, so Identity Jedi Univesity is almost complete, and the first course is done! I’m taking everything that I’ve learned in my career and turning them into actionable courses that you can use. And of course, you know I’m planning a big launch for it. So I want to ensure you all get access to the waitlist. Be on the lookout for an email with a link for registration. Premium subscribers you’ll be getting a separate email,as you'll be getting instant early access!

I can’t wait!

Till next time folks.

Be Good to each other, Be Kind to each other, Love each other

-Identity Jedi

What did you think of this weeks newsletter?

Login or Subscribe to participate in polls.

Reply

or to participate.