25th Edition of the Identity Jedi Newsletter

Wednesday 2/1/23 - Identity Jedi Newsletter - Subscribe

Hey Jedi welcome to the 25th edition of the Identity Jedi Newsletter. A quarter of the way to 100, and going strong!

Wow..just wow. I’m happy to report.. WE DID IT!!!

200 SUBS!!!

We ended February on a high note! I’m truly thankful for each and every one of you. And to the new subscribers. Welcome! So happy to have you here. Make yourself at home, feel free to look around. Check out the blog section on the website. You can find the free blogs here and the paid ones here. And there is a referral program where you can get free swag. Stickers, notebooks, and even a T-Shirt!

This week I’m introducing the first of many guest authors to the newsletter. This week’s guest author is the man, the myth, the legend, Mr. Dana Reed. I’ve known Dana for a long time now, and I’ve always admired his take on identity and his storytelling skill. Dana wrote a fantastic piece for this week’s newsletter that opens the questions of how we should look at identity in the future—special thanks to Dana for submitting the post.

Announcements and Events and Stuff

LinkedIN Course

A few editions ago, I announced that I was working with LinkedIn to create a course. Happy to report that I’m moving to the next steps with LinkedIn and beginning the process of finalizing contracts and building the course. More updates to come

RSA Speaker

It’s official, official. I’ll be speaking at RSA in April! The talk is on Monday April 24, at 10:50 pacific time. You don’t want to miss it! And of course, I’ve got a discount code for you if you haven’t purchased your ticket yet. Hit the registration site here, and put in the code:3U3SPKRFFCD.

Events

Let’s Get to the Good Stuff!

• State of Identity Report ( by Oort.io)

• Twitter and MFA..WTF

• Insider threat is very much still a thing

• Guest Blog by Dana Reed: The Rise of User-Centric IAM: Merging Workforce & Customer Identity Management

State of Identity Report

Oort.io recently released a State of IDentity report giving us some interesting data around where we stand in the industry. It’s a very good read for any fellow data nerds out there ( you can access the report here). Some interesting stats below 👇️ 

In a nutshell, users hate MFA, admins are the most targeted, and we looove leaving inactive accounts around. The more things change, the more they stay the same. I’ll dive into this deeper in the Jedi Council this week.

Twitter and MFA..WTF

Twitter's recent decision to disable SMS-based 2FA has generated a great deal of debate among cybersecurity experts. While SMS-based 2FA has been criticized for being less secure than other forms of authentication, it remains an essential layer of security for many users. The move to disable SMS-based 2FA has left some Twitter users feeling vulnerable and frustrated, prompting cybersecurity analysts to call for developing alternative solutions. Granted, you can still use an authenticator app or security key to use 2FA for your account. So 2FA isn’t wholly being disabled and forcing users to use the paid version of Twitter to use such a service, but as with most things recently with Twitter, the messaging was just handled poorly. What else is new?

Insider threat..still a thing

Insider threats are a significant challenge for organizations, particularly in cloud environments. Detecting and preventing insider threats is an ongoing battle, made even more challenging by the increasing complexity of cloud environments. Insiders can range from accidental mistakes to malicious actors, making it essential to implement robust security measures to mitigate the risk of data breaches. Advanced monitoring tools, regular employee training, and strict access controls are just some of the ways that organizations can reduce the risk of insider threats in the cloud. As businesses continue to adopt cloud-based solutions, it is critical to prioritize security and invest in the tools and technologies needed to safeguard sensitive data.

The Rise of User-Centric IAM: Merging Workforce & Customer Identity Management

In the fall of 2020, I created the ‘Identity Value Chain’ - the result of a self-imposed effort to change the way the market saw Identity Security. Identity has always been seen as a cost center – a necessary expense required to protect the business’s assets from a breach. I, however, saw and continue to see it differently. While the former remains true, Identity also serves as a capstone core requirement capable of driving the success and differentiation of a business in its market segment.

The Identity Value Chain created that connection. After a few years of sharing, feedback, and reflection, the value chain now looks like this:

Profits are the goal of any successful business –

 And profits are maximized by better Customer Relationship Management (CRM) –

 Customer Relationship relies on optimized on thorough Service Delivery and Operations Anywhere –

Service Delivery and Operations Anywhere has been modernized by Digital Transformation (DT)–

And Digital Transformation is enabled by a framework of Zero Trust (ZT)

Zero Trust is secured by the Rule of Least Privilege (RoLP)

Which is enforced by Rule & Attribute Based Entitlement Based Policy (RBAC/ABAC) workflow and SoD Risk definition

All of this, of course, is defined, managed, and governed by Identity & Access Governance.

This value chain clearly defines the connection of identity security to one’s core business. And doing it right:

• Adopting best practices.

• Achieving executive buy-in.

• Enabling and including the entire enterprise.

• Sharing the responsibility and load of governance with them matters.

Many things make your business unique and valuable. The complexity of your identity program is not and should not be one.

Make sense, right? Easy enough.

Check out the full blog here.

Intr

The Last Word

We’ve come so far in the identity industry, and yet it seems like we are still solving the same problems we were ten years ago. I’m not sure whether it’s disheartening or encouraging. Breaking down the State of Identity report, and we are still struggling with dormant accounts, privileged account protection, and groups. Ok maybe I’ll be nice this week and say it’s complicated..But is it really? Or are we just set in our ways and refuse to accept the fact that identity isn’t just a technical implementation project. It’s a business transformation project. This means you ARE GOING TO HAVE TO CHANGE THE WAY YOU DO BUSINESS.

Short and sweet this week .Jedi.

Be Good to each other, Be Kind to each other, Love each other

-Identity Jedi

The JEDI COUNCIL

State of Identity Deep Dive

I love data. Like absolutely love it. When I say this report put out by Oort, I got really excited to dive into the details and see what trends they had found. I’m going to walk you through some of the most interesting things I found, but I would highly recommend you check out the full report

Subscribe to Identity Jedi Newsletter to read the rest.