The 64th Edition of the Identity Jedi Newsletter

WHAT’S HAPPENING THIS WEEK

THE List — Update

Ok, ok. I got some really good feedback about the list, and I’m excited that you all are excited! But I wanted to clear some things up and also encourage some engagement.

1) The List is meant to be a living list, and commentary from the community is WELCOMED and ENCOURAGED. Please head to the post, leave comments, and leave reviews. The vision here is that we’ll have a list of vendors that the community chooses and ranks. Also, is IT IS IN NO PARTICULAR ORDER….yet.

2) The first update will be live later on this evening ( I’ll send out an email to let you know when it’s live). There are some vendors I forgot, and I will give the list a first crack at categories.

Here’s what I’m thinking so far for categories:

• Orchestration

• Authorization

• IGA-Next ( Modern approaches to IGA)

• The OG’s

AI lands in the IGA space….again

And let the games begin. AI has been the hot topic all year, and it’s starting to make it’s way in the IGA space. ( Yes one could argue that it’s been there for a while, but I’ll argue that point later).

This generation of AI talks includes using some level of LLM’s to bring automation and ease of use to users.

Having said that, let’s dig into the recent release for ConductorOne and their Copilot feature.

On the surface, it offers nothing groundbreaking that we haven’t seen companies attempt before. ( Recommendations on access reviews, deeper context into what access is).

However, the game-changer could be their automated access request capability.

The ability of an organization to enforce proper access request processes from wherever users are is AMAZING. And the potential to add on to this capability is just as exciting.

Imagine building in the detection of new entitlements that haven’t been approved and automagically triggering an access request process to ensure proper approval, policy check, and auditing.

Taking it a step further, building Slack-style chatbots to interact with Access Copilot for users to ask questions, around access.

Things like this are truly where we start to see the impact that AI and modern approaches can have on the identity industry.

Incident Response and Identity

Have you ever wondered how security incidents are being handled in your organization? Perhaps, you have an image in your mind of security analysts sitting in front of their screens and constantly monitoring all the logs and alerts they receive. In reality, the incident response process can be a complex and time-consuming task. But what if I told you that implementing identity and access management (IAM) can significantly shorten the incident response cycle?

Stay with me.

A majority of security tools have no genuine concept of identity. They know an account name but don’t know what that account has access to, what activities it’s done lately, etc. They are more focused on finding the threat and containing it. Part of the trouble in containing is that you have to know how much to contain. If an incident happens on server A, you would want to know all identities of those with access to server A. At a minimum, while investigating, you would want that access monitored and possibly paused until you can figure out what’s going on.

Well, who guards the gates of access? Identity systems.

If we could cut incident response time by 20%, wouldn’t that be worth it?

This integration is a match made in heaven, yet we don’t see it happening, well, at least we haven’t. I think we will next year. The noise around ITDR has both sides (security and identity vendors) looking at ways to be more like each other.

However, organizations don’t need to wait on vendors to make this happen. If you’ve got a fairly modern IAM stack ( think post-2018), you should have API access to integrate into your security stack. Even something as simple as providing rich lookups of identity information would be a good start.

Food for thought.