Identity at the Center

Jim and Jeff dive into the latest findings from the IDSA report, revealing that 94% of surveyed companies experienced identity-related breaches. They discuss the critical role of phishing and the importance of multi-factor authentication (MFA) in preventing these incidents. The duo examines the surprising prevalence of internal breaches and debates user education versus technical controls. With insights on the economics of attacks and emphasizing strict access controls, they underscore that investing early in identity management can significantly reduce the risk of breaches.

A deep dive into the world of passwords reveals their outdated and insecure nature. With insights on password managers and the push for MFA, the conversation emphasizes the need for better security practices. The rise of phishing threats during the pandemic raises alarms, highlighting the importance of vigilance against scam emails. Plus, as remote work flourishes, discussions on the balance between convenience and security challenges unfold. Finally, they touch on the job market for identity professionals and offer advice for newcomers.

Ron Keys, an experienced IAM consultant at Identropy from Australia, shares his insights on developing an IAM program framework. He distinguishes between contextual elements like governance and operational activities such as lifecycle management. The conversation dives into common entry points for IAM projects and the importance of aligning automation with organizational maturity. Ron also emphasizes the need for long-term sustainability in IAM implementations, discussing the challenges of cloud adaptation and the importance of proper IAM ownership to avoid conflicts.

Paul Volosen, a Centrify expert with a rich history in identity access management from Microsoft and SailPoint, shares insights on securing server access. He explains the importance of IAM for tech enthusiasts and dives into the challenges of managing access across numerous servers. Learn about the role of 'Sudo' in command management, the significance of PAM modules, and how to handle service account governance. Paul also discusses the relevance of LDAP today and strategies for integrating Active Directory with Linux systems, emphasizing the ongoing need for strong privileged access management in cloud environments.

Explore the nuts and bolts of developing a solid Return on Investment strategy for Identity and Access Management. Discover the nuanced differences between tangible and intangible benefits, and why cautious assumptions matter. Learn how shifting identity management can boost developer productivity and streamline onboarding. The hosts also weigh the pros and cons of building custom solutions versus buying off-the-shelf. Finally, get insights on quantifying risk and choosing the best ROI analysis for your IAM projects.

Dive into the transformative world of customer identity and access management. Discover how modernizing outdated systems reshapes digital experiences. Learn about the importance of creating a unified user experience and the benefits of a consolidated customer data view. Hear expert insights on balancing security with usability, the pitfalls of storing transactional data in CIAM, and the need for ongoing improvement. Plus, understand the critical role of compliance and consent management in today's digital landscape.

In this engaging discussion, Richard Bird, Chief Customer Information Officer at Ping Identity, shares insights on the chaos of U.S. data privacy regulations. He boldly claims these regulations are often 'dead on arrival,' highlighting their lack of specificity and retroactive nature. Richard dives into the fragmented landscape of privacy laws and emphasizes the burden on consumers. He also advocates for strong digital identities and centralized consent via identity platforms, all while recounting personal stories of data mishandling that underscore the real human impact behind the statistics.

This week, Jim and Jeff chat with Andy Clark, a Principal Consultant at Okta with an extensive background in IT and identity access management. Andy dives into the evolution of IAM, emphasizing the benefits of centralized systems over app-specific identities. He explains the differences between SAML and OpenID Connect, touting OIDC’s simplicity for developers. The conversation also covers the importance of user experience in MFA adoption and discusses emerging trends in cloud IAM and identity consolidation. Get insights on how secure authentication is shaping our digital landscape!

Explore the nuances of assessing customer identity and access management, highlighting the stark contrasts with enterprise IAM. Discover governance essentials crucial for CIAM, including application inventory and architecture. Dive into authentication strategies featuring OAuth2 and AI-based anomaly detection. Learn about managing roles at scale, crafting robust user lifecycle processes, and integrating privacy and consent strategies tailored for modern regulations. Wrap up with a recap of the CIAM maturity model and what steps to take next.

In a candid discussion about identity management during a pandemic, the hosts tackle the impact of coronavirus on travel and remote work. They emphasize the importance of VPN scalability and security while addressing the challenges of password policies for remote users. The conversation takes a playful turn as they relate baseball’s sign-stealing scandal to identity security issues, exploring whether using technology in sports is a breach of ethics. They also highlight the rise in phishing scams and the changing landscape of office culture.