The Future of Access Management - Jeff Shiner - ESW #404
Apr 28, 2025
auto_awesome
Join Jeff Shiner, Co-CEO of 1Password and a leader in security innovation, as he tackles the evolving landscape of access management. He discusses how traditional IAM tools falter in the era of hybrid work and shadow IT, emphasizing the critical 'Access-Trust Gap.' Learn about Extended Access Management strategies that authenticate identities and secure devices. Shiner also dives into insights from the Verizon DBIR, exploring cyber threats and the need for seamless security while empowering employees in a rapidly changing digital world.
The traditional Identity and Access Management tools are insufficient in managing access for hybrid work and unmanaged devices.
Extended Access Management is essential for securing every sign-in, ensuring authentic identities and healthy devices in today's work environments.
The recent Verizon DBIR indicates a significant rise in breach incidents, urging organizations to reevaluate their data management and access protocols.
Emerging supply chain threats highlight the need for comprehensive risk management and collaboration strategies to address vulnerabilities in interconnected systems.
Deep dives
Future of Access Management
Extended access management is introduced as a solution to the challenges posed by traditional Identity and Access Management (IAM) systems. This approach allows organizations to secure every sign-in across all devices and applications, addressing concerns where typical IAM falls short. By implementing this system, companies can manage access in a way that reflects the realities of modern work environments, where employees often use personal and unmanaged devices. This strategy not only enhances security but also promotes user productivity by allowing flexibility without exposing sensitive data.
Verizon DBIR Report Release
The newly released Verizon Data Breach Investigations Report (DBIR) highlights key trends in enterprise security and breach incidents. The report indicates a significant rise in both the volume and complexity of breaches, with an emphasis on the importance of effective data management. It also notes that the majority of breaches stem from stolen credentials and exploits, underlining the necessity for robust access management solutions. The findings encourage organizations to proactively reevaluate their security protocols in an ever-evolving threat landscape.
Funding and Growth in Enterprise Security
As enterprise security increasingly prioritizes innovative solutions, funding announcements have surged, marking significant growth in the sector. Several startups have received substantial investments, paving the way for new products and services that address critical security challenges. This influx of capital is necessary to develop technologies that can keep pace with fast-evolving cyber threats and support organizations in strengthening their defenses. Industry players are encouraged to leverage this investment opportunity to differentiate themselves and drive security innovation forward.
Challenges of Supply Chain Threats
Supply chain threats have become a major focus area in the security landscape, with organizations becoming more aware of their vulnerabilities in interconnected systems. Recent discussions have emphasized the need for comprehensive risk management and innovative strategies to handle these complex threats effectively. In response to rising concerns, many companies are now looking towards enhanced collaboration to mitigate risks within their supply chains. Organizations must adopt a proactive stance, developing comprehensive threat response plans as supply chain security continues to be paramount.
Windows Recall and MCP Server Challenges
Windows Recall is reported to be revisiting its attempts to address past issues while Microsoft continues to confront challenges associated with Managed Cloud Provider (MCP) server configurations. With ever-changing technological landscapes, organizations must remain vigilant about potential security challenges posed by these environments. The complexities of MCP servers highlight the necessity for adaptive strategies in addressing vulnerabilities that may emerge as technologies advance. Companies must balance innovation with robust security measures to ensure their systems remain secure.
Non-Human Identities Impact on Security
The rise of non-human identities, including bots and automated systems, presents unique security challenges that need to be addressed. As organizations increasingly rely on these identities for various functions, they must also ensure that proper security measures are in place to protect sensitive data. The potential for misuse and exploitation of non-human identities emphasizes the importance of implementing robust authorization and authentication protocols. Organizations are encouraged to actively monitor these identities to prevent unauthorized access and protect their operations.
The Significance of the Recent Zoom Outage
A recent outage affecting Zoom's services sparked interest in understanding the underlying issues that caused widespread disruptions. The root cause was traced back to a miscommunication between domain management companies, highlighting the vulnerabilities that can arise from interdependencies in technology ecosystems. This incident serves as a reminder of the complexities involved in managing online services and reinforces the importance of robust communication strategies among stakeholders. Organizations must strive to enhance their incident response frameworks to minimize the impact of similar challenges in the future.
As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data.
In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He’ll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security.
In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR.
