The 55th Edition of the Identity Jedi Newsletter

Let's talk cyber insurance, conferences and cybersecurity awareness month

Author

David Lee
October 04, 2023

Wednesday 10/4/23 - Identity Jedi Newsletter - Subscribe

Sponsored By

Bullet-proof your cloud IAM and ensure rapid recovery with Acsense.

Hey Jedi welcome to the 55th edition of the Identity Jedi Newsletter.

We are officially in October! Break out the pumpkin spice lattes! ( Or not, for all you non-coffee fans like me). It’s also Cybersecurity Awareness Month, and we kick off this month with a heavy conference schedule.

  • Oktane San Francisco Oct. 3-5

  • Identity Week, Washington DC, Oct 3-4

  • Navigate, Austin, TX, October 9-12

  • Authenticate, Carlsbad, Ca, October 16 -18.

  • Identity Jedi Podcast, Austin, Tx, October 11th. 😀 

I’ll be at Oktane and Navigate this year, so if you’re in the area, let’s try and connect!

Let’s Get to the Good Stuff!

  • Cyber Insurance: What’s the deal?

  • Unleashing Identity Data

Let’s talk about insurance.

Five years ago, I decided to get my life insurance license. I saw how much of a valuable tool it was to one’s financial portfolio, especially for lower-income families. I was conflicted because at my core I’m against insurance companies. Well, not the companies themselves, just the fact that i think it’s inherently wrong to monetize a service or product that deals with the well-being of people’s lives. At some point you’re going to be given a choice. Protect the bottom line or a life.

Yeah..deep right.

Well, let’s look at cyber insurance. Not quite the same level of gravity in the choices, but the premise is s the same. A company want’s to shift the risk of a cyber incident to another company. ( That’s the basis of any insurance). But with cyber attacks seemingly happening all the time it makes it hard for a insurance company to calculate the level of risk they are willing to take on. And in the world of insurance, not calculating risk is just as bad as having high risk.

So what’s an insurance company to do? Raise the premiums. And also raise the standard for obtaining the policy itself. After all a win for the insurance company is a business pays the premiums, and they ( the insurance company) never pay out a claim.

The result is companies are put through a rigorous process in order to get and maintain their policy. A majority of the steps they take are the steps they SHOULD be taking anyway.

But how do we measure risk in this regard? Really how do we measure risk in any regard, but I digress.

We’ve never been able to break it down to simple equation of Do this, stop that. If you implement a PAM solution and proper process you reduce your risk of a breach to 23%. (If I’m wrong on this please share! I’d love to see this).

That’s because it’s not one thing, or two things, or N things that you can do to reduce risk. It’s N things, plus X process, times Y shit changes every day. So, as insurance companies seek to make sure they don’t pay, companies either spend more effort to get the policy or forgo the policy altogether.

This seems ripe for innovation and disruption. If someone could create a standardized assessment framework that assigns a level of risk to an organization, with controls and procedures that reduce levels of risk, insurance companies would be licking their chops, and so would consulting companies.

Food for thought.

Council Post: New Changes Are Altering Cyber Insurance That Once Paradoxically Benefitted Cybercriminals

Give and take, good and bad have always been part of our human nature. As it relates to taking, or in the case of cybercrime, stealing, there have always been people who try to appropriate things that don’t belong to them.

www.forbes.com/sites/forbestechcouncil/2023/04/18/new-changes-are-altering-cyber-insurance-that-once-paradoxically-benefitted-cybercriminals/?sh=71a13bc52d95

Time to get nerdy

We’ve ignored the data problem in identity for far too long now. It’s not an easy problem to solve, but I think it’s one worth solving. It’s the key to automation. Application onboarding, role management, access certification, and access requests can be automated. Imagine the user experience the deployment times if these things are just done.

I’m not saying that Radiant Logic is doing these things, but I think what they are building will lead to the capability to accomplish some of this. Before we can fix anything with data, we have to be able to collect and analyze it, and that’s what Radiant is doing. Their Virtual Directory offering has been the hidden gem for a lot of identity deployments for decades.

But now they are looking to become a lot more than just a directory. Seems to me they are looking to become THE hub of identity information. But just raw data isn’t enough. You have to be able to refine the data, and you’ll need more than just typical application connection data. ( User and object schemas.) You’ll need audit and activity data, and then tools to refine and correlate that data to drive actions.

Keep an eye out for this crew, they might be on to something.

Radiant Logic Announces Expanded Identity Analytics And Data Management Platform Capabilities

Radiant Logic, the longtime leader in Identity Data Management, enters the field of Identity Analytics with unprecedented capabilities including Observability, Governance, and Compliance.

www.radiantlogic.com/news/expanded-identity-analytics-and-data-managemen-platform-capabilities

Shared Responsibility

A word from our friends at Acsence

Let’s talk about the Shared Responsibility Model. (SRM) If you’re building architecture for cloud-based applications it’s a term you’re probably all too familiar with, and if not, its definitely something you should. Here’s a blog from our friends over at Acsense that breaks it down.

The Shared Responsibility Model & Why it Matters - acsense

What is the cloud shared responsibility model and how does it relate to IAM resilience? acsense has the details!

acsense.com/blog/the-shared-responsibility-model-the-critical-role-of-iam-resilience-in-cloud-security

Keeping the 'patient' at the centre in the age of interoperability

Exciting times recently as we welcomed the release of the long-awaited National Healthcare Interoperability Plan from the Australian Digital Health Agency.

www.hospitalhealth.com.au/content/technology/sponsored/keeping-the-patient-at-the-centre-in-the-age-of-interoperability-1419792562

Discover insights from more than 900 CISOs on their top priorities for 2023.

2023 CISO Leadership Perspectives

www.evanta.com/resources/ciso/infographic/2023-ciso-leadership-perspectives

Understanding How and Where Cybersecurity Works?

In an era dominated by technology and interconnectedness, the term “cybersecurity” has become a household buzzword. It’s the digital guardian that stands between our sensitive inf…

techverseguruji.wordpress.com/2023/09/30/understanding-how-and-where-cybersecurity-works/#

E37 - MGM Cyber Attack / Part II on ForgeRock and Ping by The Week in Identity

This week Simon and David return to discuss a recent cyber attack against the hospitality chain MGM resorts - that leveraged social engineering, credential theft and more. Are attacks against complex digital entities now standard practice? They also return for part II of the ForgeRock and Ping Identity integration and discuss a recent article by David and a market choice poll by The Cyber Hut.

podcasters.spotify.com/pod/show/the-cyber-hut/episodes/E37---MGM-Cyber-Attack--Part-II-on-ForgeRock-and-Ping-e29f0pn

‎Identity at the Center: #233 - Another Garbage Plate of IAM on Apple Podcasts

‎Show Identity at the Center, Ep #233 - Another Garbage Plate of IAM - Oct 2, 2023

podcasts.apple.com/us/podcast/identity-at-the-center/id1471899975?i=1000629886923

Identity Jedi Show Podcast

We are one week out! ( WHADD)

It’s going down in Austin, Texas. ( WHADD)

Open Bar, Special guests, and talking identity. ( WHADD)

LET’S GO!!!

Identity Jedi Podcast Show LIVE

Join us for the live kick-off of Season Two of the Identity Jedi Podcast with a special guest expert in security and identity. Register now!

www.eventbrite.com/e/identity-jedi-podcast-show-live-tickets-715740899297?aff=oddtdtcreator

The Last Word

Had a blast wrapping up recording my first-ever LinkedIn Course! The process has been eye-opening, and I’m excited for everyone to check it out. I am still waiting for some details to be finalized before I can announce the official title and date, but you will be the first to know!

I want to leave you with this: GO BE GREAT!

You need no one’s permission to be the best you that you can be. Think big, act small, kick-ass!

Be Good to each other, Be Kind to each other, Love each other

-Identity Jedi

What did you think of this weeks newsletter?

Login or Subscribe to participate in polls.

The JEDI COUNCIL

Embracing Automation in IAM: Breaking Through the Fear Barrier

Subscribe to Identity Jedi Newsletter to read the rest.

Become a paying subscriber of Identity Jedi Newsletter to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In

A subscription gets you:
Blogs
Expert Interviews
Expanded Commentary
Early Access to Identity Show content

Join the conversation

or to participate.