My first job out of college was at Atlassian, where I led a product team focused on identity security & visibility. I met dozens of CIOs, IT admins, and CISOs who were focused on right-sizing permissions, preventing data exfiltration in and out of their collaboration tools, and integration posture between the Atlassian suite and everything else. The north star was to hopefully transition to a pro-active threat detection model from the classic post-hoc log review process.
Really enjoyed reading this opus magnum on identity. Definitely agree that there must emerge an identity centric "firewall" that lies in the flow between users/machines and critical applications (IaaS, PaaS, SaaS..etc) and applies fine grained policies. AuthZ is the prize.
1. Most new products build their own AuthN and AuthZ services as CIEM costs are too high to be leveraged for customer identities
2. While Sailpoint is the leader in IGA, it is still complex and expensive to implement. It is a good problem to solve especially by leveraging AI and ML.
3. The surprise factor as you mentioned is that Google is not leveraging or promoting its Cloud identity and federation capabilities. Most startups leverage Federated access from GSuite for various SAAS apps. Unfortunately Google does not convert these customers to Cloud Identity/ Beyond Corp.
As the piece is already quite long it would be see another write up on how Zero Trust concepts and principals effect Identity providers. While Identity is the new perimeter implementing Zero Trust principles of conditional access based on locations, device and behaviour would effectively prevent attackers from exploiting applications and systems.
Absolutely enjoyed the read, thank you Rak for the well thought-out research.
Notably missing imho - identity orchestration efforts as of recent (e.g. strata, ping and others in the making). Do you have any thoughts on that?
Really enjoyed reading this opus magnum on identity. Definitely agree that there must emerge an identity centric "firewall" that lies in the flow between users/machines and critical applications (IaaS, PaaS, SaaS..etc) and applies fine grained policies. AuthZ is the prize.
https://www.cummulative.io/p/zero-trust-lesson-from-las-vegas
Great Insights Rak.
Few comments
1. Most new products build their own AuthN and AuthZ services as CIEM costs are too high to be leveraged for customer identities
2. While Sailpoint is the leader in IGA, it is still complex and expensive to implement. It is a good problem to solve especially by leveraging AI and ML.
3. The surprise factor as you mentioned is that Google is not leveraging or promoting its Cloud identity and federation capabilities. Most startups leverage Federated access from GSuite for various SAAS apps. Unfortunately Google does not convert these customers to Cloud Identity/ Beyond Corp.
As the piece is already quite long it would be see another write up on how Zero Trust concepts and principals effect Identity providers. While Identity is the new perimeter implementing Zero Trust principles of conditional access based on locations, device and behaviour would effectively prevent attackers from exploiting applications and systems.
Any thoughts on ?
https://www.socure.com/
Excellent article. Well researched, well written and excellent evolutionary overview of IDM.