The Analyst Brief

This episode, sees The Week in Identity have another specialist guest: Bojan Simic, Co founder and CEO of passwordless specialists HYPR. Simon and Bojan delve into Bojan's story from being a computer science graduate to entering the security world pen-testing in New York and working with some of the world's largest financial services institutions. From there the inspiration to rid the world of passwords started to take hold...and ten years later, seeing HYPR as a leading passwordless authentication provider. The topic covers a range of fascinating subjects, from the perfect storm of FIDO, mobile biometrics and secure hardware storage, through to how to create strategies for mass passwordless adoption based on nudge-theory, gamification and stakeholder buy-in. They also cover success criteria, AI and what the future may hold for IAM...

This week Simon and David discuss the recent Identiverse conference as well the Gartner Security Risk Management summit that happened shortly afterwards. They delve into the world of passkeys (again), verifiable credentials and modern architectures and how we're moving to an industry education maturity model, where organisations are going beyond knowing what a technology is, to how to get started and derive value. They also discuss the concept of "minimum effectiveness" as it pertains to technology, expertise, friction and insights and that essentially having too much identity and access management "stuff" is often a precursor to complexity and failure.

This week Simon and David review the recent Heliview IAM Conference that took place in the Netherlands. The main topic for the day was the rise of the identity fabric (or mesh) and how this can enable the modern organisation with a range of agile IAM components that supports both business and security use cases. Simon presented a keynote on the future of IAM - using some research from The Cyber Hut focusing on where IAM may look like in 2028 and beyond... They also discussed the need for people, process and technology integration, in order to map the existing IAM landscape to future investment and metrics. They finish off by discussing the rise in cyber threat reports that have emerged in the past month that all have a very strong reliance on IAM - and why ITDR is a process not a product. Cyber Threat Reports: Joint Cyber Advisory: People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection CISA Advisory: Hunting Russian Intelligence “Snake” Malware Permiso Security: Unmasking GUI-Vil - Financially Motivated Cloud Threat Actor

This week Simon and David review the recent RSA Conference that occurred at the end of April over in San Francisco. From the generic meta-patterns at the conference covering themes such as collaboration, standards, multi-cloud and technology integration, through to more IAM focused conversations covering MFA, passkeys and authentication attacks. Are passkeys now here to stay? What will help adoption? Will attacks on passkeys start to increase along with usage rates? Will attacks against existing MFA forms including SIM swap, MFA fatigue and social engineering be a compelling event to improve adoption?

This week Simon and David tackle a range of news items including: Radiant Logic completing the acquisition of IGA vendor Brainwave; Authorization vendor Styra getting a new CEO and Auth0 (by Okta) releasing v1.0 of a new open source authorization project called OpenFGA. They also tackle the question of whether we need to see Chief Identity Officers in the board room and how zero trust is essentially driving the demand for authorization platforms.

In this week's episode, Simon and David are joined by Alex Bovee the CEO of https://www.conductorone.com/ - a next generation identity security and IGA provider. They cover a range of topics including the adoption of cloud services and the impact on security, the cloud shared security model, the left shifting of identity risk from being detection focused to preventative, reducing access reviews to focus on exceptions only, how the security world is taking on more IAM capabilities and knowledge and the introduction of a new open source project called Baton - to extract and manage identity data.

In this episode Simon and David review the recent Gartner IAM conference held in Grapevine Texas. Is Identity Orchestration on the rise and how will that impact the complex identity infrastructure of the modern enterprise? What role does security now play within IAM and how will that impact metrics, persona and integration? Is this the year of Identity Threat Detection and Response? And what is becoming of Zero Trust and how it relates to identity?

This week we hear from a special guest as Simon has a great conversation with 1Kosmos CEO Hemen Vimadalal.  They start off at the beginning...going back to 2003/4 when Hemen helped setup identity certification and role management startup Vaau - which later became Sun Role Manager, then Oracle Identity Analytics.  From there Hemen continued on the entrepreneurial journey to setup Simeio Solutions - a 1000 strong identity advisory and managed services player, before moving on to setup 1Kosmos - a software vendor aiming to tackle the usability and security dilemma by linking identity proofing to passwordless authentication.  An insightful discussion that covered identity governance and administration, trust boundaries, the rise of different identity personas, data breaches, privacy and identity based authentication.

This week Simon and David review the recent eCrime summit that happened in London, where the topic of ChatGPT was discussed.  Is it just for the bad guys?  Can the good guys benefit too?  Where is that heading? Identity Threat Detection and Response vendor Authomize released a new project called OpenITDR - what is it and what is the benefit?  Identity visibility seems to be in vogue this month too..with both Radiant Logic and Ermetic making product releases that focus on joining up data in the identity ecosystem.

This week Simon and David take a look at two of the giants in the IAM space - CyberArk and Microsoft.  Are Microsoft emerging as the dominant cloud service provider in the identity space? What were CyberArk's latest results telling us? Who are Plaid and why have they partnered with Okta?  What is becoming of the workload identity space?