- Identity Jedi Newsletter
- Posts
- Identity Jedi Newsletter 3
Wednesday 9/21/22 - Identity Jedi Newsletter - Subscribe
Hey Jedi! Welcome to the third edition of the Identity Jedi Newsletter. ( For real this time!) Adding something a little different as this newsletter and all editions going forward will be sent via email, and also posted to the newsletter website.
This Edition
Some interesting news form our friends over at Okta. ( No their stock price didn't drop again...I don't think).
How identity and Web3 can solve the Netlflix account sharing problem
The importance of PAM, not your Aunt PAM, and not the stuff you use to cook with either.
Product News: Okta IGA
An interesting conversation in slack regarding Identity
Conferences are Back!!!
Ok so I know they've been back for a while, but SailPoint's Navigate and Okta's Oktane events are both back in person since ( The years that will not be named). Great event's to attend if you can, the knowledge and networking is fantastic. I'll be honest I'm partial to Navigate. Austin in the fall, with the SailPoint Crew...it's hard to beat. ( Plus I'll be there so, come say hi!)
Anyways...signups at the links below. Sorry I don't have discount codes, but hopefully we can grow this newsletter, and by next year I can convince both companies to give me some discounts for y'all.
What's happening this week
The answer to Netflix's password sharing problem: Identity
I found this article quite intriguing, granted it's written by the CEO of company trying to pitch his wares, but he might be on to something. The reality is we are entering an age where we can rewrite how you handle authentication. Web3, 5.0, whatever you want to call it, you can't escape that fact that at the Web3 is the concept of decentralized identity. Do I think it's a magic bullet for all of our issues, no. However I do think it gives us the ability to re-think and rearchitect how we handle the authentication process, and indirectly how we build applications.
The importance of PAM
Privileged Access Management. It's been the dirty secret of the identity world forever. The last ten years has seen a much needed rise in the awareness of if, and it's become a much needed area of coverage and investment by organizations.
But ( cmon, you knew there was a but coming). Is it effective? Are we thinking of it the right way? I'm all about challenging the status quo. After all we are in the tech space, our goal is to be innovative. How much are we innovating in the aspect of PAM? The root of this architecture comes down to the theory of least privilege access. You should have just the right amount of access you need for the task you need to do and now more. Much easier said than done, right? Let me your thoughts in the poll below, I'm thinking of doing a mini series on this and reaching our to some PAM buddies of mine.
Are you confident in your current PAM strategy? |
Okta launches IGA
In one of the quietest launches ever for Okta, they finally GA's their IGA product. I was shocked that I stumbled across this. Okta is known for their marketing, and I'm surprised there wasn't a bigger press push around this. But I digress. The "Platform Games" are officially underway and I for one am VERY interested to see how this all shakes out.
Product News
Surprise, surprise, this section is all about Okta IGA. ( They should pay me for this..lol. No seriously, the probably should. So if you're an Okta employee reading this, let's talk. )
(DISCLAIMER: I've not used or seen the actual Okta IGA product, my review is based on what they have publicly available, and use cases I think they should cover. Definitely reach out to an Okta representative to get the marketing bullshi...err I mean actual answers)
But in all seriousness this is pretty big move for Okta, but more importantly I think it fills a gap for customers. One of the things that has been missing from IGA is the ability to have insights in to the actual usage of the access that it's provisioning. Yeah you could import activity data into your IGA tool, or put together an integration with a SIEM product, but that solution would still lack the truly integrated feel to it.
Okta should be able to remedy this fairly easily. Especially for those customers that have already invested in using the big O for their Single Sign On Product. Because now you have access to a very critical piece of data. Do you wanna guess what that is?
I'll wait...
.........
............
If you guessed" Last Accessed" Congratulations!! You're today's winner! Please contact [email protected] for your door prize.
The screenshot below is taken from Okta's youtube video walking through their IGA product. You can check that out here
The ability to have actual usage data for an access review changes the game when it comes to certifications. Because now users can make informed decisions on why someone should or should not have that access. Additionally, I would expect that it allows you to create more dynamic certification campaigns. For example: Run a campaign for all contractors who haven't accessed Application A in the last 30 days.
With a combined IGA and IAM solution you not only have the context for what somebody should have. ( This is setup by your IGA provisioning policies/rules) But you can actively compare that against what they actually have, and are actually using. ( What's active on thier SSO dashboard). Going one step further, sprinkle in some intelligence using peer group analysis and now you can provide your reviewers content into which groups use what access, and how often. Yeah, I know, sexy right?
Now how much of this you'll get with the Okta IGA product day one, I'm not sure. But that's the power that they have to give to customers, and quite frankly what I would expect Okta to deliver, because why else even enter this market if you aren't going to challenge the status quo. Ladies and gentlemen, welcome to the Platform Games
Good Reads
Podcasts
Have a podcast you wanna recommend? Let me know!
Last Word
I was involved in very interesting thread in the IDPRO slack channel recently. ( Shameless plug: If you aren't apart of IDPRO, you are really missing out! It's the place where all the cool identity people hang out. You can sign up here. Seriously I should get paid for this..I digress..)
The conversation was broadly around how to get the most out of your IAM tools, specifically IGA. And it hit on the exact pain points that customers have around trying to provide a wholistic and accurate view of who has access to what, and how to effectively manage it. Which is why we have entered the Platform Wars. You have to have your IAM products integrated in order to answer questions like: Does this user still need this access?
Right now we're asking our business users to answer that question, with absolutely no context around that access. So what we get is a rubber stamped effort of grant all, or revoke all, and it's rarely ever revoke. We can't expect user's to make the right choices, when we don't give them the best data to make that choice.
I'm optimistic about what we will see from product vendors going forward, but it's up to us ( practitioners, customers, and people who just give a shit) to push these vendors to create the products that not only solve the problem, but make it easier. Isn't that the point of technology?
Time will tell.
Be Good to each other, be Kind to each other, and Love each other. I'll see you next week Jedi
-Identity Jedi
Join the conversation