- Identity Jedi Newsletter
- Posts
- The 81st edition of the Identity Jedi Newsletter
The 81st edition of the Identity Jedi Newsletter
David Lee
July 03, 2024
In partnership with
Hey Jedi welcome to the 81st edition of the Identity Jedi Newsletter! Shout out to our sponsor of this week’s edition, Zilla Security, and shout out to you Jedi. Because of you, we’ve got sponsors willing to partner with us to Make Identity Great Again…( I couldn’t resist). Make sure to give our partner Zilla some love.
Coming up in this week’s edition: Some interesting stats around acquisitions in the Cybersecurity market, a word about non-human identity, and what’s up with customer identity access management.
Transform Your Identity Security with Zilla Security
Ready to make access control simple and efficient? Zilla Security has you covered. Our automated identity governance solution ensures your organization stays secure while enhancing productivity. With Zilla’s SaaS platform, your security and IT teams can easily monitor, assign, review, and manage access across your entire enterprise.
Zilla stands out by integrating with all SaaS applications, cloud infrastructure, and on-premises systems, providing a complete system of record for user, machine, and API identities and permissions.
Want to see Zilla in action? Learn more and discover how we can help you secure your enterprise and boost productivity.
This week's edition
What’s up with Customer Identity Access Management?
Ok, seriously, why isn’t CIAM more of a thing? As practitioners, this was our golden ticket, our way to finally talk to the business about their favorite subject: MONEY! Specifically, how we can help them make more of it by doing things we love ( Securing identities). Yet, it feels like we don’t hear about this market at all. As someone who spends hours crawling the internet for relevant news articles around identity, this area is one that I rarely see.
Looking at it from a different perspective, when I talk to customers this is usually not on their list of priorities.
Privileged accounts, absolutely.
Service accounts, check.
Employees, vendors, suppliers, just about every other type of digital identity account is talked about, except the most important one.
THEIR CUSTOMERS.
In the words of Vince Lombardi..
Some guesses:
1) CIAM does not have a real owner. We can’t definitively say that one position or organization owns customer identity. Can we? It’s seen as an afterthought on the customer side of the world. Something that has to be done in order to get to what the business really wants to do.
2) No plan for customer identity. It’s just “authentication”. No real plan around how to implement it or use it as part of a security strategy, or business strategy.
Are we missing out on a huge opportunity here? This should absolutely be at the forefront of security strategies. One of the biggest risk a business has is leading customer data, so why isn’t it talked about more?
Food for thought..
Let’s talk about non-human identity
Here's a fun fact, albeit a bit terrifying: 83 percent of web traffic is generated via APIs. Yes, you read that right—83%. This statistic highlights a significant shift in how the web operates and underscores the growing influence of APIs in our digital world. What does this mean for us? Essentially, just about everything you see as web traffic is conducted through APIs. And here's another startling revelation: it's not humans generating this traffic. Instead, non-human accounts are the primary contributors. These non-human accounts aren't just passive data collectors. They're actively connecting to other apps and services, exchanging data at an unprecedented rate. Many of these connections are facilitated by long-lasting tokens—some created years ago—that remain active and continuously connecting.
If you think non-human identities aren't an issue for your organization, think again. This phenomenon is one of the next significant challenges we must tackle as both identity practitioners and security professionals. We need to devise strategies to manage and govern these non-human entities effectively. Historically, identity and security measures were centered around human users. However, with non-human accounts now dominating web traffic, we must expand these practices. The same identity and security protocols we’ve applied to human accounts must now encompass all entities in our digital ecosystems.
The sheer volume of API-generated web traffic underscores the need for a paradigm shift in how we handle digital identities and security. As we move forward, addressing these challenges will be crucial in maintaining the integrity and security of our digital infrastructure.
Let's not treat this like we did privileged access management and sweep it under the rug. This problem moves too fast, and the scale will be too big before you know it. Instead, let's dive into the details and explore how we can address this rising trend in API web traffic.
The Rise of APIs: From Nice-To-Have to Need-To-Have
In the early days of the internet, APIs were primarily used for data exchange between a few trusted applications. But with the advent of cloud computing and mobile devices, APIs have become ubiquitous and essential for modern businesses. In today's digital landscape, organizations rely heavily on APIs to connect their systems, facilitate communication with customers, and drive innovation. This widespread adoption has led to an exponential rise in API usage and subsequently generated web traffic.But here's where things get interesting. APIs are not a one-way street. They also consume data from other sources, creating a web of interconnected services and applications. This interdependence has led to a surge in API traffic, with organizations using APIs as the primary means of communication between systems and applications. As APIs continue to become more prevalent, their impact on web traffic will only increase. And with non-human accounts generating the majority of this traffic, it's crucial for organizations to have measures in place to manage and secure these identities
The Challenges of Non-Human Identities
Non-human identities present unique challenges that go beyond traditional identity management practices. Unlike human users who can authenticate themselves, non-human accounts require different methods of identification and authentication.For example, APIs often use long-lasting tokens for authentication, which can remain active for extended periods. These tokens can be easily compromised if not properly managed or secured. Additionally, many organizations struggle with tracking and monitoring the activities of non-human accounts, leading to potential security breaches and data leaks.Incorporating these challenges into our existing identity and security protocols is essential to ensure the integrity and protection of our digital ecosystems.
To effectively manage non-human identities, organizations should take a multi-faceted approach that addresses identity governance, access control, and monitoring.
Sound familiar?
It should. It's the same strategy organizations are applying for their human accounts. Well they should anyway. While the execution will be slightly different when it comes to non-human accounts, the main strategy remains the same. Visibility, Accountability, Response.
The larger takeway here is that we've reached the point where organizations must create a Digital Identity strategy. Not a workforce strategy, or non-employee strategy, no ALL digital identities. You have to understand what identity has what access at all times.
I know, I know..even more things you have to manage but I don't think we can ignore this one any longer.
Identity Jedi Show Podcast
 |  |
The Last Word
Not much in way of news in thise weeks edition, because honestly most of the stuff that’s out there is the SAME THING over and over again. Planning some deep dive editions for the rest of this summer. The first one will definitely be nonhuman identity as I just find this to be a fascinating area of study with the IAM space. The second one I think I'm gonna do is a deep dive on IAM operations. You know we talk a lot about high level strategies and what you're supposed to do , tools you're supposed to use and how you're supposed to approach this, but I really wanna dive deep into exactly what it takes to operate identity programs and be successful, so be on the lookout for those additions come in later this summer.
On another note, I just found out that there's a dictation mode on MacOS… and yes please… where has this been all my life! This last word was brought to you by MacOS dictation and now I can just speak the newsletter which means these things are definitely going to get wordier….. be prepared.
Finally Jedi leave you with some updates. I identity Jedi university is coming soon and the expected launch is later this month. The first course is currently in beta so we're getting some beta test going through that making sure that we get this right. Second, we are planning some live podcast events this summer. We're gonna be hitting up a different areas across the US and holding a podcast event and some other fun stuff that we've got planned.
Another update the IAM gamer series kicked off last week. It was such a blast hanging out. Talking identity and playing HellDivers 2 with all of you that signed up. Thank you so much. We had such a good time. Unfortunately nothing ever goes off without a hitch right I forgot to set up the audio for the stream so although it was streamed to LinkedIn live and twitch. There was no audio, womp womp, so have that fixed so for the next one.
All right with that we call this a wrap. Enjoy the fourth coming up this week until next time you guys know what it is.
Be Good to each other, Be Kind to each other, Love each other
-Identity Jedi
What did you think of this weeks newsletter? |
Reply