The Analyst Brief

This week Simon and David met up face to face at the Whitehall IDM Conference in London.  This one day event covered a host of topics, case studies and vendor pitches.  Simon and David pick out the best and most interesting aspects focused on the rise of AI+ML in authentication and IGA - asking the question is identity becoming a big data problem?  They discuss the emergence of machine and service identities - what it is, who will own it and how it works.  They cover cyber insurance the ever growing need to articulate the business case for IAM and how identity for zero trust architectures is for small and large organisations alike.

After a short break, Simon and David return to discuss the recent $2.3 billion acquisition of ForgeRock by Thoma Bravo and the effect that may have on the broader IAM market - with Thoma Bravo already recently completing the acquisition of Ping Identity.  They also cover the recent Authenticate 2022 conference and how can we improve MFA adoption?  An emerging vulnerability in asymmetric challenge response authentication and passkeys also make an appearance...

This week Simon and David continue the conversation around identity and access management deployment patterns.  Identity is broad and can be deployed in many different ways - yet buy side decision makers and vendors alike often misunderstand the nuances seen in the difference between SaaS, PaaS, IaaS, Managed Services and the classic on-premises.  The Cyber Hut released a free open source article this week outlining the definitions.  Identity Threat Detection and Response startup Oort received a $15M round this week - Simon and David weigh in on identity funding and the rise of ITDR in general.  And finally German based identity consultancy IC-Consult acquired fellow specialists Kapstone to make an 800 strong private consultancy practice.

This week Simon and David discussed the ever growing question around identity and access management deployment models that arose from Simon's recent trip to the Identit.eu consumer identity event in Belguim.  What are the options?  How do practitioners decide between the vast array of choices from private cloud and on-prem through to SaaS.  Do they really just need a managed service if a SaaS offering becomes too hard to customize or perhaps can't connect to on-premises data? They also check in at the mid-point of the latest The Cyber Hut poll that is running - seeing where AI/ML will have the biggest benefit in the IAM industry...

This week Simon and David do a deep dive riff on that old age chestnut...authentication!  Uber has recently been in the news regarding a data breach...one seemingly executed by using an MFA Bombing attack technique.  Could it have been stopped?  What options are available?  They then discuss a recent LinkedIn poll run by The Cyber Hut asking why are we not using passwordless authentication....tune into hear the midweek poll results.

In episode 9, Simon and David briefly discuss the International Identity Day that is being promoted on Sept 16 - that aims to include, protect and empower citizens globally in the pursuit for having government issued identities for all.  Simon attended the Gartner SRM conference this week in London, where there was a left-shifting of identity into the app-sec and network-sec worlds, as well as a detailed discussion on outcome driven metrics - and making sure the business know how their cyber and IAM investments are doing. 

This week Simon and David reviewed the recent Gartner IAM event held in Las Vegas.  One of the larger annual industry events dedicated purely to the identity and access management space, it is of course, broad and varied, covering a range of established and emerging trends and technologies within the identity space.  In this episode they covered the role of the identity hype cycle, how cloud identity is big, complex and here to stay, the importance of outcome related communications and management of IAM and how we're all gravitating towards identity centric security.

This week Simon and David take a look at three large recent data breaches - that had some interesting meta-characteristics.  Firstly...all are key suppliers of technology to organisations outsourcing key components of their business infrastructure.  Is it that hackers are getting more bang-for-their-buck by attacking suppliers?  Secondly the attack characteristics all focused on identity - with phishing based attacks based on SMS and Push MFA the main entry point.  Details of the breaches discussed on the podcast can be found here: Twilio, Cloudflare and Cisco.

This week Simon and David briefly discuss the emergence of the legal profession into the world of cyber and identity and how privacy is making advertising waves by the likes of Samsung and Apple.  They also review the latest acquisition of Ping Identity by Thoma Bravo and what that may mean to both Ping (and Sailpoint!) and perhaps the rest of the IAM market.

This week Simon and David discuss the recent acquisition of European identity and access management for B2E and B2C OneWelcome by French giants Thales.  This week also saw an interesting partnership between passwordless authentication startup Transmit Security and global heavy weights Microsoft - with Transmit bolting into their Azure AD B2C offering.