The Week in Identity
By The Cyber Hut
For more information on The Cyber Hut visit www.thecyberhut.com/
The Week in IdentityMar 10, 2023
E51 - Microsoft Entra External IDs / Cisco and StrongDM / CEO view on Cyber
This week Simon and David return with a weekly dose of industry analysis on the global identity and access management space. First up a discussion on Microsoft announcing the GA of their Entra for External IDs - who is it aimed at? Is it ground breaking? Next up is Cisco who announced an investment round into next-gen PAM provider StrongDM. Finally they discuss a great interview by Standard Chartered CEO Bill Winters and his view of cyber in the board and its strategic value.
E50 - BeyondTrust and Entitle / Cisco Duo breach and Hypershield launch / CSPM+NHI / SecureAuth new CEO
This week hosts Simon and David review a range of topical news events in the global identity and access management space. First up BeyondTrust have a definitive agreement with Entitle to combine up PAM and IGA. Cisco appear twice..once regarding a breach on Duo MFA service and another regarding their new solution launch - the Hypershield. A discussion on definitions before a quick comment on the new CEO at SecureAuth.
E49 - The IAM and Fraud Episode
After a small spring break, Simon and David return with a special episode focused on the convergence of identity and access management and fraud. Why the convergence? How to measure success? What are the three 'V's' as they relate to fraud? How should people and process adapt to keep up with technology changes? And how to thwart the asymmetric advantage of the fraudster?
E48 - NIST CSF 2.0 / Nightdragon CISO Spend Report / PAM + IGA Convergence
This week Simon and David tackle several topics in the governance space - how NIST Cyber Security Framework got a rev to v2.0, with the addition of a governance stage, are Privileged Access Management and Identity Governance & Administration convergence and a review of some CISO spending habits by investment firm Nightdragon.
E47 - The Data Security Episode
This week Simon and David have a mini-deep dive on data security. Data storage locations are changing. Organisations are harvesting PII, transaction and payment data continually being collected. And what about disinformation and misinformation? What role does identity have here? What about data and deepfakes for onboarding and biometrics? What does data access governance meanin 2024? Is data integrity protection the biggest issue within cyber today? How should we handle fine grained and contextual access and how do the CISO and Chief Data Officer relate?
E46 - SecureAuth acquire Cloudentity / Entrust to acquire OnFido / Cisco announces Identity Intelligence / Mastercard Emerging Trends
This week Simon and David focus on a new raft of pending acquisitions. They discuss the impact of SecureAuth and Cloudentity joining forces as well as news that Entrust are in talks to buy OnFido. They also cover the announcement that Cisco has launched a new Identity Intelligence offering hot on the back of acquiring ITDR vendor Oort in 2023. They finish up by taking a look at an emerging technology trends report released by Mastercard. Is Data security the next big IAM integration story?
E45 - Okta Layoffs / Tech Downturn / Market Consolidation
This week Simon and David take a look at the recent announcement that Okta are laying off 400 staff globally. Is this part of a broader tech slow down? They discuss some of the trends from 2023 with respect to staff attrition and the impact that has had. With funding still high for IAM and cyber what does 2024 have in store?
E44 - World Economic Forum Cybersecurity 2024 Outlook Report Review
This week Simon and David review the 40 page Global Cybersecurity Outlook 2024 report released by the World Economic Forum.
This report covered 49 countries with over 200 respondents from a range of organisations. The report covered cyber resilience, inequity, emerging technologies such as generative AI, the role of cyber regulations, how to engage strategic leaders with respect to cyber risk and strategy and the role of changing geopolitical tensions and the impact on private sector cyber risk.
E43 - 2024 Predictions / ITDR Acquisition Discussion / IAM and Cyber Mashup
The first episode of 2024 sees Simon and David analyse the recent spate of IDTR and ISPM acquisitions including:
Cisco's 2023 purchase of Oort;
Okta's acquisition of Spera Security;
Delinea's acquisition of Authomize.
What do those acquisitions have in common? Will there be more? Is cyber and IAM now becoming one thing? Other predictions include consolidation within passwordless authentication, the rise of workload identity.
E42 - Blackhat 2023 London Review / Is the CISO role too tough? / Imprivata new CEO
This week Simon and David review the recent Blackhat EMEA 2023 event that was held in London. They discuss the recent CEO change at Imprivata - and what means for their plans going forward. With respect to Blackhat they discuss the role of the CISO - is it becoming difficult to hire and be successful? Other Blackhat topics included a keynote by the UK's NCSC CTO discussing the asymmetric adversarial threat, password managers on mobile and how they "Autospill" credentials, the tampering of patient records and is data integrity now more important than confidentiality?
The Cyber Hut Blackhat review is here.
E41 - Okta Breach Part II / Okta Q3 Results / Bookings.com Attack
This week Simon and David return to Okta - to uncover more about details on their recent breach. They also discuss their recent Q3 results and are Microsoft their only competitor? They also discuss a recent complex attack involving customers of Booking.com - and cover push payment fraud, ATO, complex supply chains and protecting trust boundaries.
E40 - Forrester SRM Washington / Ping Youniverse London / Okta Breach
After a couple of weeks off, Simon and David return for an hour long special. They review the recent Security and Risk Management event in Washington DC hosted by Forrester where the topic of identity and cyber convergence appeared. They comment on the recent Okta breach and what that means for the world of complex software supply chain attacks and the rise of identity security, ITDR and identit security posture management. They also review the London version of the Ping Identity Youniverse series of events.
E39 - The FIDO Authenticate 2023 Lookback Episode
This week Simon and David were in sunny Carlsbad, San Diego for the latest Authenticate conference hosted by the FIDO Alliance. In this episode they review the main topics of the event, taking a look at passkey deployment maturity, KPIs, biometrics, threat models, adoption patterns as well as orthogonal topics such as machine identity, crypto agility, IDV + converged identity assurance.
E38 - The NSA + CISA Top 10 Cyber Security Misconfigurations Episode
This week Simon and David take a deep dive look at a recent cyber security advisory that was released by the NSA and CISA recently. This top 10 list covers a range of issues from default credentials, excessive permissions, a lack of networking monitoring and segmentation as well a lack of MFA and poor credential management. Simon and David apply their identity lens to the top 10 and what it may mean for your organisation.
E37 - MGM Cyber Attack / Part II on ForgeRock and Ping
This week Simon and David return to discuss a recent cyber attack against the hospitality chain MGM resorts - that leveraged social engineering, credential theft and more. Are attacks against complex digital entities now standard practice? They also return for part II of the ForgeRock and Ping Identity integration and discuss a recent article by David and a market choice poll by The Cyber Hut.
E36 - Tenable acquires Ermetic / Cisco acquires Oort / ForgeRock and Ping to combine / Okta attack
After the summer recess, Simon and David return for another Week in Identity catch-up. This week...heavily influenced by some recent acquisition activity...they discuss Tenable buying CNAPP/CIEM provider Ermetic, a rewind to Cisco buying ITDR vendor Oort and a detailed discussion on the uncertainties surrounding Thoma Bravo adding ForgeRock to their stable. They also discuss the further rise of Identity Security and a recent release by Okta's Defensive Cyber Operations team on a recent attack.
E35 - The SEC Cyber Risk Management Rules Episode
This week the US Security and Exchanges Commission announced rules requiring organisations to handle cyber breach notifications, risk management and expert cyber personnel in a different way. Simon and David delve into the implications of this. Why have organisations been reluctant to notify on breaches historically? A lack of detection? A lack of incident response playbooks? A lack of expert personnel? What is the end goal of such regulation? What will success look like in the short and long terms? Clearly a move towards a more risk based approach is the ideal outcome but why has the market failed for cyber security? What are the three V's of threats?
E34 - Thoughts on Kevin Mitnick / Cisco buying Oort / ITDR problem space / Are Microsoft en-route to monopolising IAM?
This week Simon and David discuss the recent acquisition of Oort by Cisco, which finds them discussing the entire ITDR space - who is the buying persona and what problems will it solve? As always technology isn't always the answer and we mustn't forget the human element. They answer an audience question focused on Microsoft - and will they start to dominate the IAM space? They also remember the passing of hacking pioneer Kevin Mitnick.
E33 - An interview with Eric Olden from Strata.io
This week there is a special guest on the podcast. Eric Olden CEO at Strata joins Simon for a discussion. They cover a broad and meandering set of topics focused on Eric's journey to being a multi-company founder (his first startup was at age 23..), contributing to the SAML specification and how he is now focused on identity orchestration at Strata. What is orchestration? Why is it needed and how the rise of the hybrid cloud landscape is here to stay. They deep dive into IDQL, identity integration recipes and how the rise of the AI co-pilot may save us all.
E32 - N0Auth Vulnerability / Infosec 2023 London - Data Integrity / Cyber + IAM Mashups / The Rise of Fraud / Generative AI (good and bad)
This week Simon and David took a meandering look at the last weeks most eye catching events in the world of identity. They had a quick recap of Infosec 2023 held at the eXcel in London, where the topic of data level encryption, data origin authentication and integrity caught Simon's eye. They discussed a recent vulnerability found in deployments on OIDC in the Microsoft world as uncovered by Descope called NOAuth - which essentially was caused by poor verificaiton of OIDC id token claims. They finished off by discussing the world of generative AI and how that is impacting the world of fraud, content, biometrics, misinformation and more...
E31 - An interview with HYPR CEO Bojan Simic
This episode, sees The Week in Identity have another specialist guest: Bojan Simic, Co founder and CEO of passwordless specialists HYPR. Simon and Bojan delve into Bojan's story from being a computer science graduate to entering the security world pen-testing in New York and working with some of the world's largest financial services institutions. From there the inspiration to rid the world of passwords started to take hold...and ten years later, seeing HYPR as a leading passwordless authentication provider. The topic covers a range of fascinating subjects, from the perfect storm of FIDO, mobile biometrics and secure hardware storage, through to how to create strategies for mass passwordless adoption based on nudge-theory, gamification and stakeholder buy-in. They also cover success criteria, AI and what the future may hold for IAM...
E30 - Identiverse 2023 / Gartner Security & Risk Management USA / Passkeys / Minimum Effective Models...
This week Simon and David discuss the recent Identiverse conference as well the Gartner Security Risk Management summit that happened shortly afterwards. They delve into the world of passkeys (again), verifiable credentials and modern architectures and how we're moving to an industry education maturity model, where organisations are going beyond knowing what a technology is, to how to get started and derive value. They also discuss the concept of "minimum effectiveness" as it pertains to technology, expertise, friction and insights and that essentially having too much identity and access management "stuff" is often a precursor to complexity and failure.
E29 - Identity Mesh and Identity Fabric / Heliview IAM Conference Review / Cyber + Identity Mashup / People, Process and Technology / IAM Threat Reports
This week Simon and David review the recent Heliview IAM Conference that took place in the Netherlands. The main topic for the day was the rise of the identity fabric (or mesh) and how this can enable the modern organisation with a range of agile IAM components that supports both business and security use cases. Simon presented a keynote on the future of IAM - using some research from The Cyber Hut focusing on where IAM may look like in 2028 and beyond...
They also discussed the need for people, process and technology integration, in order to map the existing IAM landscape to future investment and metrics.
They finish off by discussing the rise in cyber threat reports that have emerged in the past month that all have a very strong reliance on IAM - and why ITDR is a process not a product.
Cyber Threat Reports:
- Joint Cyber Advisory: People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
- CISA Advisory: Hunting Russian Intelligence “Snake” Malware
- Permiso Security: Unmasking GUI-Vil - Financially Motivated Cloud Threat Actor
E28 - The RSA 2023 Episode - Passkeys / MFA / Adversary in the Middle / Collaboration / Standards
This week Simon and David review the recent RSA Conference that occurred at the end of April over in San Francisco. From the generic meta-patterns at the conference covering themes such as collaboration, standards, multi-cloud and technology integration, through to more IAM focused conversations covering MFA, passkeys and authentication attacks. Are passkeys now here to stay? What will help adoption? Will attacks on passkeys start to increase along with usage rates? Will attacks against existing MFA forms including SIM swap, MFA fatigue and social engineering be a compelling event to improve adoption?
E27 - RadiantLogic & Brainwave / New Styra CEO / Auth0 OpenFGA project / Chief Identity Officers / AuthZ as part of ZT
This week Simon and David tackle a range of news items including: Radiant Logic completing the acquisition of IGA vendor Brainwave; Authorization vendor Styra getting a new CEO and Auth0 (by Okta) releasing v1.0 of a new open source authorization project called OpenFGA. They also tackle the question of whether we need to see Chief Identity Officers in the board room and how zero trust is essentially driving the demand for authorization platforms.
E26 - Interview with Alex Bovee from ConductorOne
In this week's episode, Simon and David are joined by Alex Bovee the CEO of https://www.conductorone.com/ - a next generation identity security and IGA provider. They cover a range of topics including the adoption of cloud services and the impact on security, the cloud shared security model, the left shifting of identity risk from being detection focused to preventative, reducing access reviews to focus on exceptions only, how the security world is taking on more IAM capabilities and knowledge and the introduction of a new open source project called Baton - to extract and manage identity data.
E25 - Gartner IAM USA Review / ITDR / Identity Orchestration / Identity First Security
In this episode Simon and David review the recent Gartner IAM conference held in Grapevine Texas. Is Identity Orchestration on the rise and how will that impact the complex identity infrastructure of the modern enterprise? What role does security now play within IAM and how will that impact metrics, persona and integration? Is this the year of Identity Threat Detection and Response? And what is becoming of Zero Trust and how it relates to identity?
E24 - Interview with 1Kosmos CEO Hemen Vimadalal
This week we hear from a special guest as Simon has a great conversation with 1Kosmos CEO Hemen Vimadalal. They start off at the beginning...going back to 2003/4 when Hemen helped setup identity certification and role management startup Vaau - which later became Sun Role Manager, then Oracle Identity Analytics. From there Hemen continued on the entrepreneurial journey to setup Simeio Solutions - a 1000 strong identity advisory and managed services player, before moving on to setup 1Kosmos - a software vendor aiming to tackle the usability and security dilemma by linking identity proofing to passwordless authentication. An insightful discussion that covered identity governance and administration, trust boundaries, the rise of different identity personas, data breaches, privacy and identity based authentication.
E23 - UK eCrime Review ChatGPT / Authomize OpenITDR / Identity Threat Assessment Framework / Identity Visibility - Radiant Logic & Ermetic
This week Simon and David review the recent eCrime summit that happened in London, where the topic of ChatGPT was discussed. Is it just for the bad guys? Can the good guys benefit too? Where is that heading? Identity Threat Detection and Response vendor Authomize released a new project called OpenITDR - what is it and what is the benefit? Identity visibility seems to be in vogue this month too..with both Radiant Logic and Ermetic making product releases that focus on joining up data in the identity ecosystem.
E22 - CyberArk 2022 Results / PAM-lite / Microsoft Entra / Workload Identities / Okta + Plaid
This week Simon and David take a look at two of the giants in the IAM space - CyberArk and Microsoft. Are Microsoft emerging as the dominant cloud service provider in the identity space? What were CyberArk's latest results telling us? Who are Plaid and why have they partnered with Okta? What is becoming of the workload identity space?
E21 - Saviynt Raise $205M / Radiant Logic to acquire Brainwave GRC / SiberX Toronto / Future of Cyber Manchester
This week Simon and David review some interesting moves in the identity governance and administration space. First up Saviynt raised $205 million (along with founding CEO Sachin Nayyar returning as CEO after a stint at Securonix) to bolster their Enterprise Identity Cloud offering. Next up they discuss Radiant Logic entering into a definitive agreement to acquire French IGA specialist Brainwave GRC. What does this tell us about the global IAM and IGA space? Where will they head to? Will more funding and acquisitions happen in 2023? They also review SiberX CISO Forum in Canada and the Future of Cyber conference held in the UK.
E20 - Strata.io Series B $26M / Home Depot Consent Breach / Fave Biometric Poll Result / Identity Based Authentication / IAM Maturity Assessments
This week Simon and David discuss a $26 million series B round for identity orchestration vendor Strata.io. What is identity orchestration, why is it a problem today and how can it be handled within the enterprise? What is IDQL and what are recipes? A discussion on a recent consent breach at Home Depot in Canada saw the Canadian Privacy Commissioner got involved. They also review a recent poll covering our favourite biometric, which spawned a discussion around identity based authentication (see 1Kosmos and keyless.io for more on that). They also delved into the world of IAM maturity assessments...
E19 - The Regulation Episode / Guest interview with Kristian Alsing / NIS-D / NIST 800-63-4 / PSD2-SCA / GDPR
Welcome to the first episode of 2023! After a short festive break, Simon and David are back to bring you the latest industry analyst views on a range of different identity and access management topics. This week, they have a special guest: Kristian Alsing - a Senior Cyber Security and Business Resilience Executive - with 20 years experience working for the likes of Accenture and Deloitte. Kristian recently wrote a great guest article for The Cyber Hut on NIS-2. In this episode the guys cover a range of topics relating to regulation and the role of IAM - covering critical infrastructure, the ever increasing supply chain and the rise of destructive attacks in waiting!
E18 - 2022 Year in Review Quiz
As the end of 2022 is on the horizon, Simon and David run through a festive quiz roulette, hitting some of the key topics of interest from the past 12 months including..
- Favourite conference of 2022
- Favourite identity buzz word
- IAM acronym / topic that will die in 2023
- Biggest IAM surprise in 2022
- Most interesting IAM startup / category
- IAM acronym / topic that will come alive in 2023
Huge shout out to a range of vendors including...HYPR, Aserto, 1Kosmos, Indykite, PlainID, Axiomatics, Styra, Sonrai, Ermetic, Strata, SecureKey, SDO, Gen, ForgeRock, Ping, Okta, Cyberark, Sailpoint, Auth0, tru.id, SGNL, 3Edges, Keyfactor and many more.
Have a great festive period and we'll see you in 2023!!
E17 - Poll Results - Where does IAM report in your org? / Cyber & identity security hiring and firing / Microsoft Entra review
In this week's cold and snowy episode, Simon and David review a recent The Cyber Hut poll asking the question around where does IAM report into within your organisation? What about consumer identity and privacy? Also...do we need a new role - the Chief Identity Officer? How can the reporting lines impact the hiring and firing of IAM and cyber security personnel? And a brief look at the re-branded Microsoft identity capabilities known as Entra.
E16 - HYPR $25M Series C / US DoD Zero Trust Reference Architecture / Would You Pay for Privacy?
This week Simon and David bring you another dose of analyst insight and opinion on the world of identity and access management. This week they discuss how HYPR received a $25 million funding round to rid the world of passwords; a discussion around how identity is now foundational for zero trust - and how the US DoD released a reference architecture for zero trust and what that means for identity - and an interesting poll result, on the question "Would you pay for privacy?".
E15 - AKeyless $65 million funding / ForgeRock launch cloud IGA / Future Identity in London / Mobile Authentication - biometrics & privacy
This week Simon and David discuss a funding round for secrets management startup Akeyless who this week announced a $65 million funding round. The need for secrets, machine identities and service credential management is on the rise and Akeyless are aiming to securely automate this area. IAM platform player ForgeRock also announced this week, they were launching a cloud based identity governance and administration (IGA) service. The world of IGA has been dominated by on-prem solutions. Can ForgeRock make a difference? They round out this weeks chat, with a review of the Future Identity two day festival that happened in London this week. Simon hosted a panel on mobile authentication - launching a riff on biometrics, privacy, identity based authentication and more...
E14 - Whitehall IDM London / AI+ML & Automation / IGA / Machine Identity / Identity Business Cases / Identity for Zero Trust
This week Simon and David met up face to face at the Whitehall IDM Conference in London. This one day event covered a host of topics, case studies and vendor pitches. Simon and David pick out the best and most interesting aspects focused on the rise of AI+ML in authentication and IGA - asking the question is identity becoming a big data problem? They discuss the emergence of machine and service identities - what it is, who will own it and how it works. They cover cyber insurance the ever growing need to articulate the business case for IAM and how identity for zero trust architectures is for small and large organisations alike.
E13 - ForgeRock acquisition by Thoma Bravo / Authenticate 2022 Review / Twitter Verified
After a short break, Simon and David return to discuss the recent $2.3 billion acquisition of ForgeRock by Thoma Bravo and the effect that may have on the broader IAM market - with Thoma Bravo already recently completing the acquisition of Ping Identity. They also cover the recent Authenticate 2022 conference and how can we improve MFA adoption? An emerging vulnerability in asymmetric challenge response authentication and passkeys also make an appearance...
E12 - IAM Deployment Models Continued... / Oort.io receives $15M Series A ITDR / ICConsult acquires Kapstone consultancy
This week Simon and David continue the conversation around identity and access management deployment patterns. Identity is broad and can be deployed in many different ways - yet buy side decision makers and vendors alike often misunderstand the nuances seen in the difference between SaaS, PaaS, IaaS, Managed Services and the classic on-premises. The Cyber Hut released a free open source article this week outlining the definitions. Identity Threat Detection and Response startup Oort received a $15M round this week - Simon and David weigh in on identity funding and the rise of ITDR in general. And finally German based identity consultancy IC-Consult acquired fellow specialists Kapstone to make an 800 strong private consultancy practice.
E11 - Identity Deployment Model Definitions: OnPrem - IaaS - PaaS - SaaS - Managed Service / Definitions & Assessment / CIAM Signals / AI-ML in Identity Poll
This week Simon and David discussed the ever growing question around identity and access management deployment models that arose from Simon's recent trip to the Identit.eu consumer identity event in Belguim. What are the options? How do practitioners decide between the vast array of choices from private cloud and on-prem through to SaaS. Do they really just need a managed service if a SaaS offering becomes too hard to customize or perhaps can't connect to on-premises data? They also check in at the mid-point of the latest The Cyber Hut poll that is running - seeing where AI/ML will have the biggest benefit in the IAM industry...
E10 - Uber MFA Breach Discussion / Authentication / Why Are We Not Using Passwordless?
This week Simon and David do a deep dive riff on that old age chestnut...authentication! Uber has recently been in the news regarding a data breach...one seemingly executed by using an MFA Bombing attack technique. Could it have been stopped? What options are available? They then discuss a recent LinkedIn poll run by The Cyber Hut asking why are we not using passwordless authentication....tune into hear the midweek poll results.
E9 - Gartner Security & Risk Management London / Outcome Driven Metrics for Cyber & Identity / International Identity Day
In episode 9, Simon and David briefly discuss the International Identity Day that is being promoted on Sept 16 - that aims to include, protect and empower citizens globally in the pursuit for having government issued identities for all. Simon attended the Gartner SRM conference this week in London, where there was a left-shifting of identity into the app-sec and network-sec worlds, as well as a detailed discussion on outcome driven metrics - and making sure the business know how their cyber and IAM investments are doing.
E8 - Gartner Identity & Access Management Las Vegas 2022 Review / Cloud / CIEM / ITDR / Identity Security / Trust / Hype Cycle
This week Simon and David reviewed the recent Gartner IAM event held in Las Vegas. One of the larger annual industry events dedicated purely to the identity and access management space, it is of course, broad and varied, covering a range of established and emerging trends and technologies within the identity space. In this episode they covered the role of the identity hype cycle, how cloud identity is big, complex and here to stay, the importance of outcome related communications and management of IAM and how we're all gravitating towards identity centric security.
E7 - A Breaches Episode - covering Twilio, Cloudflare and Cisco
This week Simon and David take a look at three large recent data breaches - that had some interesting meta-characteristics. Firstly...all are key suppliers of technology to organisations outsourcing key components of their business infrastructure. Is it that hackers are getting more bang-for-their-buck by attacking suppliers? Secondly the attack characteristics all focused on identity - with phishing based attacks based on SMS and Push MFA the main entry point. Details of the breaches discussed on the podcast can be found here: Twilio, Cloudflare and Cisco.
E6 - The Privacy Play by Samsung and Apple / Ping Identity acquisition by Thoma Bravo
This week Simon and David briefly discuss the emergence of the legal profession into the world of cyber and identity and how privacy is making advertising waves by the likes of Samsung and Apple. They also review the latest acquisition of Ping Identity by Thoma Bravo and what that may mean to both Ping (and Sailpoint!) and perhaps the rest of the IAM market.
E5 - OneWelcome acquisition by Thales / Transmit partnership with Microsoft
This week Simon and David discuss the recent acquisition of European identity and access management for B2E and B2C OneWelcome by French giants Thales. This week also saw an interesting partnership between passwordless authentication startup Transmit Security and global heavy weights Microsoft - with Transmit bolting into their Azure AD B2C offering.
E4 - Blog review: 1Kosmos, Ubisecure, Trulioo / Palo Alto Unit 42 Cloud Threats / Ping + Microsoft + Workday / Cyolo.io Series B funding
This week Simon (David's on holiday!) took a quick peek at some interesting blog entries that appeared. Ubisecure provided some insight into hybrid cloud deployments, 1Kosmos told us more about "Identity Based Authentication" as a pillar of zero trust and Trulioo discussed how risk assessment should be a part of identity onboarding. In other news Ping Identity announced a partnership with Microsoft and Workday to work on a profile for verifiable credentials and JWT and identity based access control startup Cyolo.io announced a $60 million series B round. Finally an April article by Palo Alto's Unit 42 on cloud based threats also caught Simon's eye.
E3 - Identiverse 2022 / Infosec Europe 2022 / Identity for the Hybrid Cloud / Immutable Who & What / Behaviour Management / Proofing + Authentication become One?
In this episode, Simon and David review the recent Identiverse conference from Denver and the Infosec Europe event that happened simultaneously in London. They cover the rise of identity for the hybrid cloud, how authentication and proofing are becoming one, the use of blockchain technology to provide an immutable record of the who and the what and how employees are our first firewall of defence.
E2 - RSA 2022 Review / Machine Identities / Cloud Native Security / Cyber Insurance / Business Outcomes
This week Simon and David discuss the recent RSA 2022 conference in San Francisco, and how the topics of identity and access management filtered into areas such as Machine Identity, the rise of Cloud Native Security solutions, how the world of Cyber Insurance is evolving and how vendors, providers and conferences...must start to align security solutions back to business outcomes if they are to provide real long term value.