The 51st edition of the Identity Jedi Newsletter

Social Engineering and You

Our friends at Okta warned about a social engineering attack aimed at administrators. A key piece that’s glossed over in all of this:

“The company says that before calling the IT service desk of a target organization, the attacker either had passwords for privileged accounts or were able to tamper with the authentication flow through the Active Directory (AD).”

This is less about Okta and more about general cybersecurity principles. It doesn’t matter what platform you have; if you have privileged access, the rest doesn’t matter. In this case the attackers had privileged access to AD ( already enough to do some damage). However, they wanted more. We're talking about privileged access to the system that grants privileged access, now we are getting somewhere. To me, this screams one thing: Identity practitioners have to start thinking and acting more like security practitioners. Trust…but verify…Everything.

Digital Identity and Onboarding

Evolution of technology is disruptive. We’ve seen this throughout the past 5 decades. One could say, well yeah evolution itself is the onset of change over time. But when you talk about evolution, you are considering small changes over a long span of time, with technology we see the opposite. Big changes over a short span of time. The biggest disruption is when a known fact and basis of proof changes. Imagine if I told you that down was up, and up was down. But I digress, let me get to my main point.

Rethinking identity and giving the user more control, completely changes the use cases we know today.

The below article talks about this in the case of employee onboarding and digital identity. While this article talks about the new risks, and covers different flavors of the use case. It dances around the fact that a simple change in this equation, creates a new problem entirely. In the case of employee onboarding, our known fact and basis of proof was that the employer controlled the identity. They were the authority on collecting and storing information that would become the basis of an employee’s digital identity. But in this new world, if user controls the identity….

Down is up, and up is down.

It brings up very interesting questions throughout the process, and challenges some very strong beliefs we currently have. How much information does an employer need to store about an employee? If the employee can provide said information on demand, in a verified way how does that change the current process?

Change is good, scary, disruptive, and dangerous. But above all….

It’s inevitable

The Platform Wars: Who really wins?

Oldie but goodie here. This article was originally posted back in 2021, but given last week’s newsletter topics I felt it appropriate to bring up and have this quick discussion.

What’s the end result of Platform Wars? 3 maybe 4 converged platforms offering a “complete identity security solution”? What does the rollout of these platforms look like in current organizations? What features matter the most to customers? A mash up of all the current features doesn’t quite seem like it’s the right way to go?

So, let’s talk about it. What would YOU want in a converged platform?

Drop a comment, lets get the conversation going. ( FYI..View the web portion of this newsletter to leave a comment)

It’s time to party!

Oktane 23, the Party Bus Returns!

Our friends from Acsense are back with another party bus, and this time, it’s in San Francisco during Oktane! I can’t wait to ACTUALLY hop on the bus this time. ( Last time it was the night before my Keynote!!). Of course I’m always looking out for you Jedi so click the button below to secure your seat on the bus!

Become a paying subscriber of Identity Jedi Newsletter to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In