The Analyst Brief

Simon and David convene for a special episode to discuss the ongoing global IT outages caused by a Crowdstrike update. Note this was released Friday 19th July 9am PST / 5pm BST

Summary In this episode, Simon and David discuss the recent identity conferences they attended, including Identiverse and Identity Week. They highlight the growing interest in identity across various industries and the need for resilience and security in identity management. They also delve into the topics of decentralized identity and generative AI, emphasizing the importance of tying security investment to business outcomes and altering the way we think about data and technology. They conclude by mentioning future episodes dedicated to decentralized identity and generative AI. Keywords identity conferences, Identiverse, Identity Week, resilience, security, decentralized identity, generative AI, security investment, business outcomes Takeaways Identity conferences have seen a surge in interest from various industries, indicating the growing importance of identity management. Resilience and security are crucial in identity management, especially in the face of evolving threats and attacks. Decentralized identity and generative AI are emerging topics that require careful consideration and alignment with business goals. Security investment should be tied to business outcomes and the specific needs of the organization. The identity and security industry is still relatively young and evolving, requiring a shift in thinking and approach. Links Identiverse Identity Week Europe Gartner Security & Risk

Summary In this episode, Simon and David discuss recent acquisitions in the identity and access management space, including Palo Alto's acquisition of QRadar, Akamai's acquisition of NoName, and CyberArk's acquisition of Venafi. They explore the importance of resilience in IAM infrastructure and the growing need for managing machine identities and workloads. The conversation highlights the challenges and opportunities in securing non-human identities and the role of PAM in addressing these issues. They also touch on the dark web and identity-based threats. Keywords identity and access management, acquisitions, resilience, IAM infrastructure, machine identities, workloads, PAM, non-human identities, dark web, identity-based threats Takeaways Recent acquisitions in the IAM space include Palo Alto's acquisition of Q Radar, Akamai's acquisition of No Name Security, and CyberArk's acquisition of Venafi. Managing machine identities and workloads is a growing challenge in the IAM space. PAM plays a crucial role in securing non-human identities. Chapters 00:00 Introduction and Overview 02:40 Recent Acquisitions in the IAM Space 06:02 The Importance of Resilience in IAM Infrastructure 09:12 Managing Machine Identities and Workloads 15:23 The Role of PAM in Securing Non-Human Identities 26:14 Upcoming Presentation at Identiverse

Summary In this episode, Simon and David discuss the convergence of identity and cybersecurity, particularly in the context of cloud adoption. They explore the challenges and opportunities that arise from this convergence and the impact on organizations of different sizes. They also touch on the confusion caused by the abundance of acronyms in the industry and the need for clarity and standardization. Overall, they emphasize the importance of protecting identity components and the critical role of identity in security. The conversation explores the challenges and opportunities in the identity and access management (IAM) space, with a focus on the importance of data management and the need for effective discovery and remediation processes. The fragmentation of identity systems and the lack of visibility into identities and their interactions are identified as key issues. The acquisition of Q Radar by Palo Alto is discussed as a potential game-changer in the IAM space. The conversation concludes with the recognition that while automation and AI have their place, human involvement is still crucial for effective remediation. Keywords identity, cybersecurity, convergence, cloud, challenges, opportunities, acronyms, standardization, protection, security, identity and access management, IAM, data management, discovery, remediation, fragmentation, visibility, Q Radar, Palo Alto, automation, AI, human involvement Takeaways Identity and cybersecurity are converging, particularly in the context of cloud adoption. Organizations of different sizes face different challenges and opportunities in managing identity and security. The abundance of acronyms in the industry can be confusing, and there is a need for clarity and standardization. Protecting identity components is crucial, as identity often plays a central role in security breaches. Effective data management is crucial in the identity and access management space. Fragmentation of identity systems and lack of visibility into identities and their interactions are key challenges. The acquisition of Q Radar by Palo Alto has the potential to impact the IAM space. While automation and AI have their place, human involvement is still necessary for effective remediation. Chapters 00:00 Introduction and Post-RSA Recovery 01:23 Unpacking the Convergence of Identity and Cybersecurity 07:13 Lessons from the Transition from Horses to Cars 09:08 The Confusion of Acronyms and the Need for Clarity 13:25 The Hype Cycle and the Trajectory of New Technologies 15:16 The Impact of Cloud Adoption on Identity and Security 23:21 The Transient Tilt in the Cloud and the Importance of Protecting Identity Components 24:13 The Importance of Data Management in IAM 27:38 Challenges of Fragmentation and Lack of Visibility 30:53 The Potential Impact of the Q Radar Acquisition 34:44 The Role of Automation and Human Involvement in Remediation

Summary In this episode, Simon and David discuss their experiences at the RSA Conference 2024 and highlight the key themes and trends in the identity and access management (IAM) space. They emphasize the growing importance of identity in the security landscape and the increasing integration of identity into RSA. They also discuss the impact of AI and Gen AI on IAM, the need for better discovery and visibility in identity systems, and the challenges of transitioning from legacy technology to new, intelligent systems. They conclude by highlighting the importance of preparing data for the Gen AI world and the need for organizations to adapt and embrace new technologies in order to stay competitive. Keywords RSA Conference, RSAC2024, identity and access management, IAM, security, AI, Gen AI, discovery, visibility, legacy technology, data preparation, competitive advantage Takeaways Identity is becoming increasingly important in the security landscape, and RSA is a key event for identity professionals. The integration of identity into themes and topics at RSAC2024 is a reflection of the growing significance of identity in the industry. AI and Gen AI are driving the need for more intelligent identity systems and the transition from legacy technology. Discovery and visibility are crucial in identity systems, and organizations need to break down silos and integrate their identity infrastructure. Preparing data for the Gen AI world is essential for organizations to stay competitive and take advantage of new technologies. Chapters 00:00 Introduction and Overview of RSA Conference 13:02 The Growing Importance of Identity in the Security Landscape 21:03 Challenges of Transitioning from Legacy Technology to New, Intelligent Systems 25:01 The Impact of AI and Gen AI on IAM 31:05 Preparing Data for the Gen AI World 33:30 Preview of Next Episode on Fraud and Cloud

This week Simon and David return with a weekly dose of industry analysis on the global identity and access management space. First up a discussion on Microsoft announcing the GA of their Entra for External IDs - who is it aimed at? Is it ground breaking? Next up is Cisco who announced an investment round into next-gen PAM provider StrongDM. Finally they discuss a great interview by Standard Chartered CEO Bill Winters and his view of cyber in the board and its strategic value.

This week hosts Simon and David review a range of topical news events in the global identity and access management space. First up BeyondTrust have a definitive agreement with Entitle to combine up PAM and IGA. Cisco appear twice..once regarding a breach on Duo MFA service and another regarding their new solution launch - the Hypershield. A discussion on definitions before a quick comment on the new CEO at SecureAuth.

After a small spring break, Simon and David return with a special episode focused on the convergence of identity and access management and fraud. Why the convergence? How to measure success? What are the three 'V's' as they relate to fraud? How should people and process adapt to keep up with technology changes? And how to thwart the asymmetric advantage of the fraudster?

This week Simon and David tackle several topics in the governance space - how NIST Cyber Security Framework got a rev to v2.0, with the addition of a governance stage, are Privileged Access Management and Identity Governance & Administration convergence and a review of some CISO spending habits by investment firm Nightdragon.

This week Simon and David have a mini-deep dive on data security. Data storage locations are changing. Organisations are harvesting PII, transaction and payment data continually being collected. And what about disinformation and misinformation? What role does identity have here? What about data and deepfakes for onboarding and biometrics? What does data access governance meanin 2024? Is data integrity protection the biggest issue within cyber today? How should we handle fine grained and contextual access and how do the CISO and Chief Data Officer relate?