The Analyst Brief

This week Simon and David discussed the ever growing question around identity and access management deployment models that arose from Simon's recent trip to the Identit.eu consumer identity event in Belguim.  What are the options?  How do practitioners decide between the vast array of choices from private cloud and on-prem through to SaaS.  Do they really just need a managed service if a SaaS offering becomes too hard to customize or perhaps can't connect to on-premises data? They also check in at the mid-point of the latest The Cyber Hut poll that is running - seeing where AI/ML will have the biggest benefit in the IAM industry...

This week Simon and David do a deep dive riff on that old age chestnut...authentication!  Uber has recently been in the news regarding a data breach...one seemingly executed by using an MFA Bombing attack technique.  Could it have been stopped?  What options are available?  They then discuss a recent LinkedIn poll run by The Cyber Hut asking why are we not using passwordless authentication....tune into hear the midweek poll results.

In episode 9, Simon and David briefly discuss the International Identity Day that is being promoted on Sept 16 - that aims to include, protect and empower citizens globally in the pursuit for having government issued identities for all.  Simon attended the Gartner SRM conference this week in London, where there was a left-shifting of identity into the app-sec and network-sec worlds, as well as a detailed discussion on outcome driven metrics - and making sure the business know how their cyber and IAM investments are doing. 

This week Simon and David reviewed the recent Gartner IAM event held in Las Vegas.  One of the larger annual industry events dedicated purely to the identity and access management space, it is of course, broad and varied, covering a range of established and emerging trends and technologies within the identity space.  In this episode they covered the role of the identity hype cycle, how cloud identity is big, complex and here to stay, the importance of outcome related communications and management of IAM and how we're all gravitating towards identity centric security.

This week Simon and David take a look at three large recent data breaches - that had some interesting meta-characteristics.  Firstly...all are key suppliers of technology to organisations outsourcing key components of their business infrastructure.  Is it that hackers are getting more bang-for-their-buck by attacking suppliers?  Secondly the attack characteristics all focused on identity - with phishing based attacks based on SMS and Push MFA the main entry point.  Details of the breaches discussed on the podcast can be found here: Twilio, Cloudflare and Cisco.

This week Simon and David briefly discuss the emergence of the legal profession into the world of cyber and identity and how privacy is making advertising waves by the likes of Samsung and Apple.  They also review the latest acquisition of Ping Identity by Thoma Bravo and what that may mean to both Ping (and Sailpoint!) and perhaps the rest of the IAM market.

This week Simon and David discuss the recent acquisition of European identity and access management for B2E and B2C OneWelcome by French giants Thales.  This week also saw an interesting partnership between passwordless authentication startup Transmit Security and global heavy weights Microsoft - with Transmit bolting into their Azure AD B2C offering.

This week Simon (David's on holiday!) took a quick peek at some interesting blog entries that appeared.  Ubisecure provided some insight into hybrid cloud deployments, 1Kosmos told us more about "Identity Based Authentication" as a pillar of zero trust and Trulioo discussed how risk assessment should be a part of identity onboarding.  In other news Ping Identity announced a partnership with Microsoft and Workday to work on a profile for verifiable credentials and JWT and identity based access control startup Cyolo.io announced a $60 million series B round.  Finally an April article by Palo Alto's Unit 42 on cloud based threats also caught Simon's eye.

In this episode, Simon and David review the recent Identiverse conference from Denver and the Infosec Europe event that happened simultaneously in London.  They cover the rise of identity for the hybrid cloud, how authentication and proofing are becoming one, the use of blockchain technology to provide an immutable record of the who and the what and how employees are our first firewall of defence.

This week Simon and David discuss the recent RSA 2022 conference in San Francisco, and how the topics of identity and access management filtered into areas such as Machine Identity, the rise of Cloud Native Security solutions, how the world of Cyber Insurance is evolving and how vendors, providers and conferences...must start to align security solutions back to business outcomes if they are to provide real long term value.