Identity at the Center

This episode is sponsored by IAMONES. Visit https://iamones.ai/idac to learn more.In this sponsored episode of the Identity at the Center podcast, Jim welcomes Andrea Rossi from IAMONES, an innovative conversational identity governance platform. They discuss the revolutionary approach IAMONES takes in simplifying identity and access management (IAM) using large language models (LLM). Andrea explains how IAMONES aims to eliminate the need for complex roles and middle layers by providing business users with direct and comprehensible access to system functions. The discussion dives into the practical applications of LLM in enhancing existing IAM systems, particularly focusing on making permissions and entitlements more understandable and manageable for business users, auditors, and administrators. The episode also highlights the ease of integrating IAMONES with existing identity infrastructures and offers insights into reducing the burden of maintaining multilingual UIs. Tune in to learn more about the potential of AI in transforming IAM.Chapters00:00 Introduction to Simplifying Access Management02:11 Welcome to the Identity at the Center Podcast02:23 Sponsor Spotlight: Andrea Rossi from IAMONES05:04 The Story Behind the Name 'IAMONES'08:16 Conversational Identity and Large Language Models12:35 Revolutionizing IGA with AI17:22 The Future of AI in Identity Management23:08 Enhancing IGA Configuration with Natural Language31:37 Understanding Outcomes in Identity Governance32:09 The Shift from RBAC to PBAC33:35 Challenges with Role Explosion34:02 Introducing Temporal Identity Graph35:27 Simplifying Access for Business Users39:36 Ensuring Proper Data Visibility46:06 Implementing the Identity Gateway48:45 Customer Feedback and Success Metrics52:07 Future of AI in Identity Management56:21 Travel Tips for Visiting ItalyConnect with Andrea: https://www.linkedin.com/in/arossi67Learn more about IAMONES: https://iamones.ai/idacRamones - Blitzkrieg Bop (Official Music Video): https://www.youtube.com/watch?v=268C3N2dDYkMicrosoft’s Satya Nadella on the evolution of SaaS: https://www.youtube.com/watch?v=a_RjOhCkhvQ&t=22sConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

Matt Franko, Principal at RSM who leads cyber strategy and IAM work, joins to discuss where identity fits in risk management. They cover top attack vectors like phishing and weak passwords. Conversation touches on IAM ownership, limiting admin access, zero trust basics, AI and cloud impacts, and leadership lessons from coaching youth sports.

David Johnson, Principal PM Architect at Microsoft who governs Microsoft 365, Entra, and SharePoint at scale. He talks group types and membership management. He covers guest definitions, lifecycle and reattestation. He explains labeling, data protection, and how AI like Copilot changes permissions and governance.

Stephen Washington, Head of IAM at Discover Financial, brings decades of identity and access management experience. He discusses why user access reviews matter, lifecycle and service account cleanup, and how AI, identity data lakes, and policy shifts can make certifications less painful. Conversation also touches on IGA evolution and practical steps to get auditors and teams aligned.

In this engaging conversation, Sean O'Dell, an identity expert from Disney, shares his insights on optimizing identity and access management. They discuss the importance of data integrity for security, along with innovative frameworks like the Shared Signals Framework and Continuous Access Evaluation Profile. The talk highlights the shift toward event-driven identity management and the complexities of verifying identities in a zero-trust environment. Sean also emphasizes the critical role of accurate, centralized data in enhancing security practices.

This episode is sponsored by Andromeda Security. Learn more at https://www.andromedasecurity.com/idac⁠ Join Jeff and Jim on the Identity at the Center podcast as they chat with Ashish Shah, co-founder and Chief Product Officer of Andromeda Security. In this sponsored episode, Ashish dives deep into the importance of solving identity security problems, especially in cloud and SaaS environments. He explains how Andromeda's AI-powered platform focuses on both human and non-human identities, offering use case-driven solutions for security maturity. The discussion covers challenges, AI and machine learning applications, and practical insights into permissions management, risk scoring, just-in-time access, and more. Stay tuned for interesting takes on identity security and some fun recommendations for your reading/listening list. Chapters 00:00 Introduction to Identity as a Data Problem 00:41 Overview of Andromeda's Capabilities 01:27 Welcome to the Identity at the Center Podcast 02:03 Meet Ashish Shah, Co-Founder of Andromeda 02:37 The Genesis of Andromeda 03:33 Addressing Identity Security Challenges 05:29 Andromeda's Approach to Identity Security 09:44 Measuring Success with Andromeda 12:21 Andromeda's Market Position and Ideal Customers 18:35 The Rise of Non-Human Identities 28:42 Understanding Identity and Accounts in AWS 28:54 The Concept of Incarnations in Identity Management 29:42 Human and Non-Human Identities 32:13 Challenges in Authorization and Access Control 32:44 Implementing Zero Trust and Least Privilege 35:10 Role of AI and Machine Learning in Identity Management 36:21 Risk Scoring and Behavioral Analysis 39:04 Customer Data and Model Training 41:08 Explainability and Security of AI Models 46:14 Customer Influence on Model Tuning 49:03 Andromeda's Offer and Final Thoughts 51:34 Book Recommendations and Closing Remarks Connect with Ashish: https://www.linkedin.com/in/ashishbshah/ Learn more about Andromeda: https://www.andromedasecurity.com/idac⁠ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and watch at https://www.youtube.com/@idacpodcast Keywords: Identity security, IAM, cybersecurity, artificial intelligence, AI, machine learning, ML, non-human identities, NHI, just-in-time access, JIT, IGA, privileged access management, PAM, identity threat detection and response, ITDR, cloud security, SaaS security, Andromeda Security, Ashish Shah, IDAC, Identity at the Center, Jim McDonald, Jeff Steadman

Martin Kuppinger, Founder and Principal Analyst at KuppingerCole, dives deep into the future of identity management. He discusses the integration of AI in identity verification, stressing the need for reliable, decentralized solutions. The conversation highlights emerging trends like policy-based access and the importance of reusable identities. Martin also introduces a chatbot designed to enhance SaaS models while pondering the evolving European identity landscape. Plus, listeners can look forward to travel tips for Berlin and insights on the upcoming European Identity and Cloud Conference.

Ian Glazer, founder of Weave Identity and Digital Identity Advancement Foundation, shares frameworks for modern identity architecture. He discusses layered policy and data tiers. He explores orchestration, execution, and event-driven IAM. He highlights ephemeral access, workforce identity data platforms, and the push for standardized open data schemas.

Tauseef Ghazi, the Security and Privacy practice lead at RSM, unpacks the intricate dance between cybersecurity and digital identity. He highlights the vital role of apprenticeship in addressing the skills gap, emphasizing mentorship over short-term roles. Ghazi explores the impact of AI and blockchain on identity management, and the pressing need for resilience in cloud environments. With insights on the zero trust framework and the importance of continuous skill investment, he inspires listeners to balance personal growth with professional challenges.

Hed Kovetz, CEO and co-founder of Silverfort, leads identity security at a company protecting human and non-human access. He discusses securing legacy and modern systems, the rise of service accounts and non-human identities, preserving startup-style innovation while scaling, and how AI will reshape attacks, defenses, and identity strategy.