The 28th Edition of the Identity Jedi Newsletter

Ramadan Mubarak!,Multi-cloud madness, ChatGPT friend or foe

Author

David Lee
March 22, 2023

Wednesday 3/22/23 - Identity Jedi Newsletter - Subscribe

Hey Jedi welcome to the 28th edition of the Identity Jedi Newsletter!

Ramadan Mubarak!!

If you know, you know.

Gartner IAM kicked off this week in wonderful Grapevine,TX ( Yes, that last part was sarcasm, lots of sarcasm) I was not in attendance this year due to budget constraints, as in mine. Travel is very different when you have to cover all the expenses..lol. Nevertheless, I’m vicariously living through all my friends there and will be looking to get a breakdown to you next week. Stay tuned

Don’t forget to refer a friend, co-worker, boss, neighbor, or Lyft driver to the Identity Jedi Newsletter. All are welcome 😀 

Events, Announcements, Speaking Gigs

RSA Conference - April 24-27th, San Francisco, CA, Moscone Center - Paving A Path to Identity First

Identiverse - May 29th - June 2nd, Las Vegas, NV ( Aria) - Web3 The Identity Prince That Was Promised. Discount Code: IDV23-SPKR25 ( expires 3/31)

Let’s Get to the Good Stuff!

  • Major moves from MajorKey

  • Chat-GPT dangerous?

  • Multi-cloud Madness

  • Product Spotlight: Elevate Security

Major moves from MajorKey

MajorKey Technologies has announced a strategic pivot to focus on information security technology and services backed by The Acacia Group. This move builds upon their existing expertise in the identity management field and will involve expanding application, cloud, and data security capabilities with targeted acquisitions. The goal is to create one of America's largest and most capable information security businesses. MajorKey provides advisory, architectural, integration, and managed services covering identity and access management to public and private sector clients. It holds top tier partnerships with some of the world's leading identity and security innovators.

MajorKey Announces Strategic Pivot to Focus on Pureplay Information Security Technology and Services

www.digitaljournal.com/pr/news/majorkey-announces-strategic-pivot-to-focus-on-pureplay-information-security-technology-and-services

ChatGPT a threat to identity and access?

The article by Nancy Liu discusses the concerns surrounding the security risks posed by generative artificial intelligence (AI) solutions such as ChatGPT, with a particular focus on identity and access threats. Security experts warn of the potential privacy concerns, exposure of sensitive data, data misuse, phishing attacks, and natural language processing (NLP) bias that comes with using ChatGPT. From an attacker's standpoint, they can use ChatGPT to steal sensitive data, conduct phishing attacks, and access unauthorized information. Additionally, NLP systems can produce biased, discriminatory, or unfair results leading to identity verification and access control issues.

Is ChatGPT a Friend or Foe to Identity and Access Management?

As the race between attackers and defenders heats up, AI tools like ChatGPT are emerging as essential weapons in the battle.

www.sdxcentral.com/articles/analysis/is-chatgpt-a-friend-or-foe-to-identity-and-access-management-chatgpt-weighs-in/2023/03

Multi-cloud madness

Multi-cloud governance is an emergent problem, with identity and authentication becoming increasingly crucial for any company’s cybersecurity strategy. Kevin Bocek, VP of Ecosystem and Community at Venafi discussed how identity in cloud-native environments is where it all starts because it establishes what is good or bad. Machine identity management forms the basis of a control plane to manage different cloud-native environments. We’ve said for years that identity sprawl is a major weakness in organizations, and it’s been a weakness in the industry’s ability to manage it. This feels a lot like how we started with PAM. We know we need to address it, but it doesn’t seem to make the priority list for organizations.

Multi-cloud governance, identity, and authentication - TechHQMuA multi-cloud environment demands a new standard when it comes to machine identity, authentication and governance.lttechhq.com/2023/03/governance-identity-and-authentication-in-the-multi-cloud-worldi-cloud governance, identity, and authentication - TechHQ

A multi-cloud environment demands a new standard when it comes to machine identity, authentication and governance.

techhq.com/2023/03/governance-identity-and-authentication-in-the-multi-cloud-world

Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface

One researcher thinks trust is broken in AD. Microsoft disagrees that there's a security vulnerability. But enterprise IT environments should be aware of an authentication gap either way.

www.darkreading.com/risk/access-control-gap-microsoft-active-directory-enterprise-attack-surface

Security Implications of Digital vs Physical Onboarding

Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Rohan Pinto of 1Kosmos warns that while the time for…

solutionsreview.com/identity-management/security-implications-of-digital-vs-physical-onboarding

Report: Sift Finds Fraudsters are Targeting Fintech, Digital Goods & Services—and Recruiting Consumers

Sift’s Q1 2023 Digital Trust & Safety Index exposes rising payment fraud, most-targeted industries, and the growing democratization of fraud...

www.globenewswire.com/news-release/2023/03/16/2628996/0/en/Report-Sift-Finds-Fraudsters-are-Targeting-Fintech-Digital-Goods-Services-and-Recruiting-Consumers.html

FICO Identity Matters Podcast

Listen to FICO Identity Matters Podcast on Spotify. Are people worried about identity theft? Do people have the skills to apply for financial accounts using apps? And who are the digital natives, Boomers or Gen Z? All these questions and a wealth of others are answered in the FICO Identity Matters Podcast.

open.spotify.com/show/2q81LCiGX8OuUmVkyMf9jR

‎Hello, User on Apple Podcasts

‎Technology · 2022

podcasts.apple.com/us/podcast/hello-user/id1541385551

‎Hybrid Identity Protection Podcast on Apple Podcasts

‎Technology · 2023

podcasts.apple.com/us/podcast/hybrid-identity-protection-podcast/id1508253256

Product Spotlight

Elevate Security

Workforce Risk Management - Enterprise Cybersecurity - Elevate Security

Elevate Security is an all-in-one Workforce Risk Management solution designed to identify your riskiest users and prevent security incidents.

elevatesecurity.com

Elevate Security released Elevate Identity, its SaaS offering for Identity and Access Management Professionals, integrating with leading IAM tools and Identity Governance solutions.

Elevate’s user risk model uses billions of data points to create detailed, transparent, high-confidence metrics for authentication and authorization processes. With this data in hand, security teams can automate the customization of conditional access policies to protect high-risk users while allowing other users greater productivity and satisfaction with easier policies.

This is yet another entrant into the space to “Operationalize Identity”. IAM tools have long been reactive tools filled with rich identity data siloed from the broader security teams. Times they are a changing….

The Last Word

Two things, dear Jedi.

1) We need to have serious conversations about machine identity, and it’s management in today’s organizations. None of the big identity vendors ( Ping, Okta, SailPoint, Cyberark, etc) have good solutions for this. They talk about it and market it, but in reality, there’s not much there. (Happy to be wrong about this, I think the only vendor in this list that may have something real is CyberArk) Identity has moved past the concept of carbon-based lifeform. It’s anything or anyone that has network access to your organization. Period. We can’t expect to track these like we track employees and contractors. Machines are different in that their access patterns are both elastic and long-lasting. ( Perhaps that second one shouldn't be the case, but it is). I’ll dive deep into this in later editions, but the takeaway is that this is a gap in the current market that few are addressing. Both vendors and customers.

2) I’m coming up with a new term.

Operational Identity.

What does it mean? Finally, making IAM tools an active part of the cybersecurity fight. Instead of being a reporting or administration tool, it needs to be active in defending an organization’s assets. I’m not the only one that thinks this by the way. Oort, Authomize, IdentitySecurity, Axiom, Elevate all companies that are singing this tune of making identity tools look and feel a lot more like security tools. We’ve witnessed the birth of ITDR ( Identity Threat Detection and Response), and I bet we will continue to see more of this in the future.

Lastly, a quick word of appreciation to you Jedi. I would not have imagined that this newsletter would grow to this size so quickly. I’ll be honest I thought it would be like 10 of you for the first year, lol. But here we are, 300 strong and growing, and it means the world to me that you are here. From the bottom of my heart. Thank You!

Be Good to each other, Be Kind to each other ,Love each other

-Identity Jedi

What did you think of this weeks newsletter?

Login or Subscribe to participate in polls.

The JEDI COUNCIL

Making Identity a part of Security

Earlier I coined the term Operational Identity. Now because there’s never anything new under the sun, I’m pretty sure someone, somewhere has used that term before, but much like the founders of this country, I’m just going to stake claim to, because I can.

Last week I spoke of a revolution, and this Jedi is apart of that revolution

Subscribe to Identity Jedi Newsletter to read the rest.

Become a paying subscriber of Identity Jedi Newsletter to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Blogs
Expert Interviews
Expanded Commentary
Early Access to Identity Show content

Join the conversation

or to participate.