In this episode, Jim McDonald and Jeff Steadman are joined by Steve Rennick, Senior Leader for IAM Architecture at Ciena, for a wide-ranging discussion on the most pressing topics in identity today.
The conversation kicks off with a practical look at vendor demos, sharing best practices for cutting through the slideware and getting to the heart of a product's capabilities. From there, they dive deep into the complex world of Non-Human Identities (NHI). Steve shares his practitioner's perspective on why NHIs are such a hot topic, the challenges of managing them, and the risks they pose when left unchecked.
The discussion covers:
- Why traditional IAM approaches fail for non-human identities.
- The importance of visibility and creating a standardized process for NHI creation.
- The debate around terminology: NHI vs. machine identity vs. service accounts.
- The reasons for NHI's current prominence, including threat actors shifting focus away from MFA-protected human accounts.
- Practical, actionable advice for getting a handle on legacy service accounts.
- The emerging challenge of IAM for AI and the complexities of managing agentic AI.
- The critical role of authorization and the future of policy-based access control.
Whether you're struggling with service account sprawl, preparing for an AI-driven future, or just want to run more effective vendor demos, this episode is packed with valuable insights.
Connect with Steve: https://www.linkedin.com/in/steven-rennick/
ARIA (Agent Relationship-Based Identity & Authorization) LinkedIn Post from Patrick Parker: https://www.linkedin.com/posts/patrickparker_ai-agent-authorization-activity-7335265428774031360-braE/
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com
CHAPTER TIMESTAMPS:
00:00:10 - Introduction & The Art of the Vendor Demo
00:08:02 - Steve Rennick's Take on Vendor Demos
00:12:39 - Formal Introduction: Steve Rennick
00:14:45 - Recapping the Identiverse Squabble Game Show
00:17:22 - The Hot Topic of Non-Human Identities (NHI)
00:22:22 - Is NHI a Joke or a Serious Framework?
00:26:41 - The Controversy Around the Term "NHI"
00:30:24 - How to Simplify NHI for Practitioners
00:34:06 - First Steps for Getting a Handle on NHI
00:37:20 - Can Active Directory Be a System of Record for NHI?
00:45:08 - Why is NHI a Hot Topic Right Now?
00:51:19 - The Challenge of Cleaning Up Legacy NHIs
00:58:00 - IAM for AI: Managing a New Breed of Identity
01:03:33 - The Future is Authorization
01:06:22 - The Zero Standing Privilege Debate
01:10:39 - Favorite Dinosaurs and Outro
KEYWORDS:
NHI, Non-Human Identity, Machine Identity, Service Accounts, Vendor Demos, IAM for AI, Agentic AI, Authorization, Zero Trust, Zero Standing Privilege, Secrets Management, IAM Strategy, Cybersecurity, Identity and Access Management, Steve Rennick, Ciena, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald
Identity at the Center