1 00:00:09,700 --> 00:00:13,000 You're listening to the identity of the center podcast, this is 2 00:00:13,000 --> 00:00:15,600 the show that talks about identity and access management 3 00:00:15,700 --> 00:00:18,600 and making sure you know who has access to what let's get 4 00:00:18,600 --> 00:00:26,100 started. Welcome to the identity of the 5 00:00:26,108 --> 00:00:28,400 sender podcast, I'm Jeff and that's Jim. 6 00:00:28,400 --> 00:00:31,600 Hey Jim hey, Jeff, how are you and happy New Year? 7 00:00:31,800 --> 00:00:34,000 Happy New Year. Welcome to 2022. 8 00:00:34,000 --> 00:00:40,300 The first show of 2022. Yeah, the first call I had was 9 00:00:40,300 --> 00:00:44,700 on Monday coming back from the long break and I felt like I 10 00:00:44,700 --> 00:00:48,000 couldn't even concentrate, but I've been on the phone all day. 11 00:00:48,000 --> 00:00:51,000 Now for you know the behind-the-scenes this Wednesday 12 00:00:51,300 --> 00:00:57,500 afternoon years and yeah sorry. Get back on track and my 13 00:00:57,500 --> 00:00:59,000 favorite part is trying to remember what it is. 14 00:00:59,000 --> 00:01:02,300 I do for a living and how to do all the different things that I 15 00:01:02,400 --> 00:01:05,400 that I just don't do very often and have to start again, the new 16 00:01:05,400 --> 00:01:07,200 year. So it's always good times. 17 00:01:07,200 --> 00:01:08,400 I'm sure other people are like that too. 18 00:01:08,400 --> 00:01:11,500 Was always a big time for password resets coming home 19 00:01:11,500 --> 00:01:14,400 security Hobson. No doubt no doubt in for what we 20 00:01:14,400 --> 00:01:18,400 do, you know I just was reminded of one of the interesting 21 00:01:18,400 --> 00:01:23,000 aspects today which is, you know, we hold workshops with our 22 00:01:23,000 --> 00:01:26,100 clients to help. Kind of develop their I am 23 00:01:26,100 --> 00:01:29,100 strategy and we're meeting with people throughout the 24 00:01:29,100 --> 00:01:31,700 organization. So we might be meeting with 25 00:01:31,700 --> 00:01:34,700 somebody from the business continuity test Disaster, 26 00:01:34,700 --> 00:01:40,300 Recovery side or logging, or you name it, any other part of 27 00:01:40,300 --> 00:01:41,600 eyeteeth. Pmo. 28 00:01:42,000 --> 00:01:48,200 And if folks aren't prepared or understand why I am might have 29 00:01:48,200 --> 00:01:52,100 something to do with their area or their area might have 30 00:01:52,100 --> 00:01:54,700 something to do with, I am the last question. 31 00:01:54,900 --> 00:01:58,300 It's like why are you asking these questions? 32 00:01:58,300 --> 00:02:01,700 What we know, what is my what I do have to do with what you do? 33 00:02:02,200 --> 00:02:06,100 And so I think that goes for a lot of parts of life, though, 34 00:02:06,100 --> 00:02:08,100 right? I mean, you got to kind of set 35 00:02:08,100 --> 00:02:09,800 the context. You got to kind of set the 36 00:02:09,800 --> 00:02:14,300 Baseline and just, you know, I felt reminded of that today. 37 00:02:14,300 --> 00:02:16,200 And that was, you know what I wanted to share? 38 00:02:16,900 --> 00:02:21,100 Yeah, context is key in any in setting expectations for any 39 00:02:21,100 --> 00:02:24,700 conversation you and I were part of that same conversation and 40 00:02:25,100 --> 00:02:27,800 Hopefully, I brought it back to try and rescue kind of where 41 00:02:27,800 --> 00:02:30,600 things were going but you know, I think trick in full 42 00:02:30,600 --> 00:02:32,900 transparency. It wasn't a great start but we 43 00:02:32,900 --> 00:02:36,600 figured it out. Yeah, well, I mean, it's 44 00:02:37,300 --> 00:02:42,300 something we've run into many times over many years or so it's 45 00:02:42,900 --> 00:02:46,300 something that, you know, I mean, it's it never goes away. 46 00:02:46,500 --> 00:02:50,000 I used to call it, stump the chump because you get this, get 47 00:02:50,000 --> 00:02:53,900 in a situation where, you know, you kind of feel like some of 48 00:02:53,900 --> 00:02:57,300 those questions are Are you know, trying to get you rattled. 49 00:02:57,300 --> 00:03:00,400 It really kind of depends on the, you know, how aggressive 50 00:03:00,400 --> 00:03:04,200 the the person gets in terms of white. 51 00:03:04,200 --> 00:03:05,200 Why are you asking these questions? 52 00:03:05,200 --> 00:03:09,500 But I think for the most part people are just trying to 53 00:03:09,500 --> 00:03:12,100 understand like why do you need to know this information? 54 00:03:12,100 --> 00:03:16,700 Because we're all kind of Guardians of the information 55 00:03:16,700 --> 00:03:21,800 that were responsible for and you don't want to just give out 56 00:03:21,800 --> 00:03:26,100 your give out that information willy-nilly we especially if 57 00:03:26,100 --> 00:03:29,700 it's secret to that business. Yeah. 58 00:03:29,700 --> 00:03:31,900 Plus I'll so people don't want to waste their time. 59 00:03:32,500 --> 00:03:34,400 Right. Why am I here was you know, 60 00:03:34,400 --> 00:03:37,000 what's the point of this? This could have been an email 61 00:03:37,000 --> 00:03:39,300 instead of a meeting, right? All that all that stuff, too. 62 00:03:39,300 --> 00:03:43,600 So it goes with it. We also started something new 63 00:03:43,600 --> 00:03:45,900 over the break. You want to talk about that? 64 00:03:46,700 --> 00:03:52,900 Yeah, so it's idac identity at the center or idac dot live. 65 00:03:53,100 --> 00:03:58,200 It's a YouTube streaming. Page, if you will, we're going 66 00:03:58,200 --> 00:04:01,200 on once a week and we're streaming video, we've always 67 00:04:01,200 --> 00:04:03,900 been resistant to doing video with the podcast. 68 00:04:03,900 --> 00:04:06,000 And when you see the podcasts are when you see the video, 69 00:04:06,000 --> 00:04:10,400 you'll know why that's probably true. 70 00:04:11,000 --> 00:04:14,700 But I think it's interesting because we do the podcast and 71 00:04:14,700 --> 00:04:17,200 it's more formal more structured. 72 00:04:17,399 --> 00:04:21,200 So he's guess where it's the streamers issue and I and it's a 73 00:04:21,207 --> 00:04:23,800 little less structured. We pick something like an 74 00:04:23,800 --> 00:04:26,900 article, we read. Recently and just share our 75 00:04:26,900 --> 00:04:30,800 thoughts and our experiences relative to that or whatever 76 00:04:30,800 --> 00:04:35,900 comes to mind and I think people will like it as I think, you 77 00:04:35,900 --> 00:04:41,000 know, I I follow a few podcast myself and, you know, 78 00:04:41,000 --> 00:04:45,100 definitely, you know, you start down your podcast route based on 79 00:04:45,400 --> 00:04:49,300 what your interest areas are and you want to, you know, hear what 80 00:04:49,300 --> 00:04:53,300 these experts in whatever field it is talk. 81 00:04:53,500 --> 00:04:57,500 But after a while, it's The personalities and the Side 82 00:04:57,500 --> 00:05:01,800 Tracks that keep you interested in it and if you like this 83 00:05:01,800 --> 00:05:04,800 personality should keep coming back for more and hopefully, you 84 00:05:04,800 --> 00:05:07,700 know, people like our personalities and come back for 85 00:05:07,700 --> 00:05:12,000 more with the with the stream. Yeah, it's fun. 86 00:05:12,100 --> 00:05:15,300 I like it, it's it's different. We're still kind of figuring 87 00:05:15,300 --> 00:05:18,400 out, I think format and length, and time. 88 00:05:18,400 --> 00:05:20,900 And when to do it and things like that, but I like that it 89 00:05:20,900 --> 00:05:23,200 gives us the opportunity to be more current with things. 90 00:05:23,600 --> 00:05:25,900 And also, if you're watching Seeing the stream or even after 91 00:05:25,900 --> 00:05:27,500 the fact, right? You can always comment and we 92 00:05:27,500 --> 00:05:31,400 can engage in a conversation kind of real-time and answer 93 00:05:31,400 --> 00:05:34,800 questions and get you know what, what people give our two cents 94 00:05:35,200 --> 00:05:37,300 on what it was there thinking, you know, we've we've done it a 95 00:05:37,308 --> 00:05:40,800 couple times here so it's cool. You know, the why, the wild 96 00:05:40,800 --> 00:05:44,900 Madman ramblings of Jim and Geoff when it comes to I am and 97 00:05:44,900 --> 00:05:47,300 whatever else strikes our fancy for that particular day. 98 00:05:48,600 --> 00:05:51,800 Absolutely. Well let's pivot this to where 99 00:05:51,800 --> 00:05:55,500 we want to take this conversation because Speaking of 100 00:05:55,500 --> 00:05:58,200 like Smooth Transitions and the wild ramblings. 101 00:05:58,300 --> 00:06:01,100 I feel like zero trust has been one of those for the last couple 102 00:06:01,100 --> 00:06:03,400 of years. It has not stopped. 103 00:06:03,400 --> 00:06:07,500 It is, you know, gained steam over the last, I'd say really 104 00:06:07,500 --> 00:06:11,200 the last year is when I've seen kind of a lot of growth in the 105 00:06:11,200 --> 00:06:13,600 area. And we're very fortunate that 106 00:06:13,600 --> 00:06:17,400 for our first guest to 2022. We've got Dan Jones, he's the 107 00:06:17,400 --> 00:06:20,200 chief security officer at Banyan security and he's also an 108 00:06:20,200 --> 00:06:23,400 Advisory Board member with the identity defined security 109 00:06:23,400 --> 00:06:25,400 Alliance. Welcome to The show Den. 110 00:06:26,300 --> 00:06:28,000 Hey guys! Thank you very much for having 111 00:06:28,000 --> 00:06:31,100 me and happy New Year. Everyone, it's great to be here. 112 00:06:31,500 --> 00:06:33,900 Yeah, happy New Year and I should also, I'm going to T, 113 00:06:33,900 --> 00:06:35,200 something. We're going to talk about later. 114 00:06:35,500 --> 00:06:39,100 Also known as Urban punks. So we're going to get into what 115 00:06:39,100 --> 00:06:41,700 that means a little bit later because I'm totally fascinated 116 00:06:41,700 --> 00:06:44,100 by this. But before we get there, let's 117 00:06:44,100 --> 00:06:47,900 talk a little bit about identity and this being the first time he 118 00:06:47,900 --> 00:06:50,400 on the show, we always like to kind of find out what the 119 00:06:50,400 --> 00:06:53,400 identity origin story is for somebody, whether it's Identity 120 00:06:53,400 --> 00:06:56,900 or info suck at Large. Is it something that you chose 121 00:06:56,900 --> 00:06:59,700 or did it choose you? How did you get into the space? 122 00:07:00,200 --> 00:07:05,200 Well, I tell you so I was a young kid at College back in 123 00:07:05,200 --> 00:07:09,300 Scotland, in the mid 90s and, you know, back then it was 124 00:07:09,300 --> 00:07:11,500 pretty hard to get a job out of college. 125 00:07:11,500 --> 00:07:15,300 So I of their a class members. I was the one person to go to 126 00:07:15,300 --> 00:07:18,000 job and the first sheet of leaving college. 127 00:07:18,000 --> 00:07:22,400 And I just happened to join a factory working in a small, it 128 00:07:22,400 --> 00:07:26,100 team and my first job. Was I was going to be in the 129 00:07:26,100 --> 00:07:31,500 vale admin a network admin server admin and email admin all 130 00:07:31,500 --> 00:07:35,400 of all of the above you know like all these smaller it teams. 131 00:07:36,200 --> 00:07:42,100 So my first identity gig was really working with NDS Novella 132 00:07:42,100 --> 00:07:45,300 version 3.0 11. I think it was back in those 133 00:07:45,300 --> 00:07:51,300 days. And so I'd say in desperation, I 134 00:07:51,300 --> 00:07:55,100 got the first job that came along so I kind of You have 135 00:07:55,100 --> 00:07:57,700 picked me. I think what I just wanted a 136 00:07:57,700 --> 00:08:02,300 job. So, worked hard there and, you 137 00:08:02,300 --> 00:08:03,800 know, to start to learn more things. 138 00:08:03,800 --> 00:08:06,000 So then it was really a jack-of-all-trades. 139 00:08:07,300 --> 00:08:09,500 So I know you kind of had like that, it background. 140 00:08:09,500 --> 00:08:12,500 What is it? That I guess what was the pivot 141 00:08:12,500 --> 00:08:14,900 from managing? Like an IT infrastructure? 142 00:08:14,900 --> 00:08:17,300 We like yeah. Give me infosec like, that's 143 00:08:17,300 --> 00:08:18,500 what I want. I'm crazy. 144 00:08:19,000 --> 00:08:24,000 Yeah, it was really bizarre. So I left that company. 145 00:08:24,700 --> 00:08:29,100 Sometime done some contract, work and landed in Adobe back in 146 00:08:29,100 --> 00:08:32,500 there and brofist, European it team. 147 00:08:32,900 --> 00:08:35,400 And then in 2001, move to the US. 148 00:08:35,700 --> 00:08:39,600 And if anyone follows the Adobe history, we certainly had our 149 00:08:40,000 --> 00:08:43,600 challenges from a security perspective and it's some point 150 00:08:43,600 --> 00:08:46,400 as part of a huge investment, Adobe were making to try and, 151 00:08:46,800 --> 00:08:50,700 you know, get on top of all all of their challenges, they 152 00:08:50,700 --> 00:08:54,300 created a central it security team and I was part of that and 153 00:08:54,300 --> 00:08:57,100 what I It was all of the directory and authentication 154 00:08:57,100 --> 00:09:03,200 stuff all the privilege stuff. So I really everything was all 155 00:09:03,200 --> 00:09:09,300 centered around the directory type Services because that's 156 00:09:09,300 --> 00:09:12,200 that's what I had been doing for pretty much 20-odd years. 157 00:09:12,200 --> 00:09:18,500 So I knew even within Adobe, I'd been in Adobe that point for 158 00:09:18,500 --> 00:09:21,200 over 15 years. So I knew where the skeletons 159 00:09:21,200 --> 00:09:24,500 were because I knew about privileged because I knew about 160 00:09:24,600 --> 00:09:27,100 About how the server team ran their stuff, so privileged 161 00:09:27,100 --> 00:09:30,700 identities on servers. I knew how we done a Social 162 00:09:30,700 --> 00:09:33,300 Media stuff. I knew about our Banking and 163 00:09:33,300 --> 00:09:36,700 Financial systems because I had led Services, they care to 164 00:09:36,700 --> 00:09:39,200 those. So when you think of identity 165 00:09:39,500 --> 00:09:43,400 identity is not just the regular personal logs in and checks 166 00:09:43,400 --> 00:09:46,900 email, right, there's privileged identity, especially is where 167 00:09:46,900 --> 00:09:50,300 you get into. It's not just an API account. 168 00:09:50,300 --> 00:09:54,000 It's not just an engineer, it's all of, it's all of the above 169 00:09:54,000 --> 00:09:56,100 and more. So yeah. 170 00:09:56,100 --> 00:09:59,800 So that was a fascinating change and you're not the first person 171 00:09:59,800 --> 00:10:02,100 from Adobe, we've had on the show we had Eric Anderson on a 172 00:10:02,108 --> 00:10:05,700 few months back. Last year I guess technically at 173 00:10:05,700 --> 00:10:08,500 this point and it was a great conversations I think it was 174 00:10:08,500 --> 00:10:11,700 episode 91 if I if I remember correctly so courage people to 175 00:10:11,700 --> 00:10:15,600 go back and check that out and also shout out to Eric because I 176 00:10:15,600 --> 00:10:17,700 had forgotten how good the struts were and based on our 177 00:10:17,700 --> 00:10:21,700 conversation on that one. They totally, they owned my 178 00:10:21,700 --> 00:10:24,200 Spotify listening habits for 2021. 179 00:10:24,200 --> 00:10:27,800 So, But I digress. So at this point, then you're 180 00:10:27,800 --> 00:10:31,400 with Danny and security. What is Banyan security do? 181 00:10:31,400 --> 00:10:34,000 Because you know, for people who aren't as familiar with the 182 00:10:34,000 --> 00:10:36,700 organization, I guess, what are? You know, some of the issues or 183 00:10:36,700 --> 00:10:38,100 challenges that you guys look to solve? 184 00:10:38,400 --> 00:10:41,400 Yeah, well, well, the first thing to clear up is we're not 185 00:10:41,400 --> 00:10:44,500 the Banyan veins team. If you know anyone who's been in 186 00:10:44,500 --> 00:10:47,800 the industry long enough, will know, there was this old company 187 00:10:47,800 --> 00:10:54,000 called Banyan Vines II, never use their technology so I don't 188 00:10:54,000 --> 00:10:56,200 really know too. It's about them, but I can tell 189 00:10:56,200 --> 00:11:01,200 you about us which is, were small start-up in the zero trust 190 00:11:01,200 --> 00:11:04,700 space and we will get back to what do we mean by zero? 191 00:11:04,700 --> 00:11:09,300 Trust, I guess soon but in the zero trust space I was a 192 00:11:09,300 --> 00:11:11,700 customer of Banyan when I was at Adobe. 193 00:11:12,700 --> 00:11:17,600 Eric and I and our team we adopted by a platform early on, 194 00:11:18,500 --> 00:11:22,400 we were really excited about it years later because I'd left 195 00:11:22,400 --> 00:11:27,200 Adobe a few years. Then I rejoined but I joined 196 00:11:27,200 --> 00:11:31,100 Banyan with really some enthusiasm because their 197 00:11:31,100 --> 00:11:34,900 proposition in this space I think is pretty unique their 198 00:11:34,900 --> 00:11:39,200 ability to get up and running really fast is brilliant. 199 00:11:40,000 --> 00:11:44,100 It's a really customer great user experience, you know, user 200 00:11:44,100 --> 00:11:48,500 experience friendly platform and then one of the other things is 201 00:11:48,700 --> 00:11:54,300 VPN or not to VPN, they not only help you recognize and solve 202 00:11:54,300 --> 00:11:56,800 that. That question but they will show 203 00:11:56,800 --> 00:12:00,200 you and help you understand where you are in your journey of 204 00:12:00,200 --> 00:12:02,000 zero trust which is really unique. 205 00:12:02,000 --> 00:12:04,400 There's there's not a lot of players in the market that do 206 00:12:04,400 --> 00:12:07,700 that. So I knew the co-founders from 207 00:12:07,700 --> 00:12:11,700 working with them before in Adobe and you know, they reached 208 00:12:11,700 --> 00:12:15,500 out they wanted to bring in some people who'd had practitioner 209 00:12:15,500 --> 00:12:18,900 experience. So me having led the team, Adobe 210 00:12:18,900 --> 00:12:21,800 to deploy, zero trust, then led the team at Cisco. 211 00:12:22,800 --> 00:12:26,000 I'm uniquely position to talk. About the scars and the war 212 00:12:26,000 --> 00:12:29,700 wounds of actually delivering zero trust and how did you pull 213 00:12:29,700 --> 00:12:32,200 that off? So it's an exciting thing. 214 00:12:32,500 --> 00:12:35,700 The good thing is I'm not a big fan of salespeople, so I don't 215 00:12:35,700 --> 00:12:39,000 mean to disparage on them but they're not. 216 00:12:39,000 --> 00:12:41,000 My favorite type of people to engage with. 217 00:12:41,400 --> 00:12:44,000 So one thing that we've got which is really cool, you don't 218 00:12:44,000 --> 00:12:46,900 need to talk to her sales team, you can just go to Banyan 219 00:12:46,900 --> 00:12:50,900 security dot IO and you can take this test drive and for a small 220 00:12:50,900 --> 00:12:54,100 team it's actually my teams Edition which is free and you 221 00:12:54,108 --> 00:12:58,500 can get Running in 15 minutes so you can you can get started and 222 00:12:58,500 --> 00:13:01,400 it's pretty cool. So I don't want to do the sales 223 00:13:01,400 --> 00:13:03,700 pitch. That's really not my job. 224 00:13:03,800 --> 00:13:07,600 I don't want to be a sales guy so I'll let people go figure 225 00:13:07,600 --> 00:13:10,300 that out for themselves and you know they'll find out who call 226 00:13:10,300 --> 00:13:11,700 the sales team if they want that. 227 00:13:13,600 --> 00:13:17,600 Tim love, the origin story is kind of a blast from the past. 228 00:13:17,600 --> 00:13:21,300 Think about the directory days because I think if you're 229 00:13:21,300 --> 00:13:26,100 involved in, I am and account security, you know, 15, 20 years 230 00:13:26,100 --> 00:13:31,000 ago, it was all about ldap, it was all about Netscape directory 231 00:13:31,000 --> 00:13:35,400 or sun directory or even active directory, which was kind of 232 00:13:35,400 --> 00:13:40,100 the, you know, it was frowned upon and in this establishment 233 00:13:40,100 --> 00:13:43,100 in terms of being a true directory. 234 00:13:43,400 --> 00:13:46,800 It's interesting. Today how much, how much more is 235 00:13:46,800 --> 00:13:50,700 looked at as the de facto directory standard or maybe not 236 00:13:50,700 --> 00:13:55,700 the standard, but at least the standard-bearer it's, I am also 237 00:13:55,700 --> 00:13:59,700 glad that you brought up the Banyan bind speech because I do 238 00:13:59,700 --> 00:14:02,000 think I'm going to go on a limb here, Jeff. 239 00:14:02,200 --> 00:14:06,600 And because we had one guess to part of their origin story, was 240 00:14:06,800 --> 00:14:10,000 they were a banyan, binds administrator and I think it was 241 00:14:10,000 --> 00:14:15,100 Jackson Shaw episode 52. Back in July of 2020. 242 00:14:15,900 --> 00:14:17,900 So I'm going to go back and listen to that. 243 00:14:18,100 --> 00:14:21,500 I think it was him. If I got that wrong, it's my 244 00:14:21,500 --> 00:14:25,300 bad. But yeah, you don't really run 245 00:14:25,300 --> 00:14:29,100 into that many folks who are, you know, have banging binds in 246 00:14:29,100 --> 00:14:32,300 their origin story. Yeah, I don't know for sure when 247 00:14:32,300 --> 00:14:35,600 it was, I'll be honest, but it's old school. 248 00:14:35,900 --> 00:14:39,900 I a, I think a banyan I think of Steve Banyan from well, that's 249 00:14:39,900 --> 00:14:40,500 different. Steve, Daniel. 250 00:14:40,500 --> 00:14:43,200 But I think of Banyan from Seinfeld. 251 00:14:43,700 --> 00:14:46,800 So that's just me. Yeah. 252 00:14:46,900 --> 00:14:51,200 That's that's funny. So but so we're going to talk 253 00:14:51,200 --> 00:14:54,600 today about zero trust and I'm not sure if you've heard of it, 254 00:14:55,100 --> 00:15:01,500 but if you have you know, maybe you could give give us a. 255 00:15:01,500 --> 00:15:03,900 What is your definition of zero trust. 256 00:15:03,900 --> 00:15:07,200 What does it really mean to you? Is it a product or is it 257 00:15:08,400 --> 00:15:11,900 something something more? Yeah, that's it. 258 00:15:12,300 --> 00:15:14,900 It's a great question. I always say people if you get 259 00:15:15,100 --> 00:15:18,100 20 people in the room and you ask them what zero trust is, 260 00:15:18,100 --> 00:15:22,600 you'll get 25 answers and I still think after all these 261 00:15:22,600 --> 00:15:26,200 years you can go, you can go back to the junk in the rug 262 00:15:26,200 --> 00:15:28,900 days, wherein photo store, you know, he's got the paper out and 263 00:15:28,900 --> 00:15:33,100 says what it is, you can go before that where you talk about 264 00:15:34,600 --> 00:15:37,900 the government US Government defense, where the they have 265 00:15:37,900 --> 00:15:41,400 their views on that and then you've got Google's Beyond Corp, 266 00:15:41,700 --> 00:15:45,300 I kind of look at it. Like Is an architecture is a 267 00:15:45,300 --> 00:15:49,000 principle. Is it, you know, an ideal 268 00:15:49,000 --> 00:15:53,300 ideology. The reality for me is I sum this 269 00:15:53,300 --> 00:15:58,500 up really simply is I try and see it away from the terror now, 270 00:15:58,900 --> 00:16:01,100 because I really want to focus on the outcome. 271 00:16:01,400 --> 00:16:04,100 I think so many people get wrapped up in what they mean by 272 00:16:04,100 --> 00:16:08,100 zero trust that they forget what actually here to run a business. 273 00:16:08,600 --> 00:16:12,000 And the biggest part of the outcome is the way the identity 274 00:16:12,000 --> 00:16:15,600 industry is moved far. Or word years ago. 275 00:16:15,800 --> 00:16:17,600 I needed to know. It was Dan, it was going to 276 00:16:17,600 --> 00:16:20,100 access the app. So I put in a username and 277 00:16:20,100 --> 00:16:24,400 password and there was no thought of trust, given to the 278 00:16:24,400 --> 00:16:25,800 network. You are on. 279 00:16:26,200 --> 00:16:30,200 So that whole idea of you've got your firewall, and if you're 280 00:16:30,200 --> 00:16:32,200 inside the corporate Network, you're good. 281 00:16:32,500 --> 00:16:35,700 Well, that I think is obviously evolved over the years. 282 00:16:35,700 --> 00:16:37,600 The way we're being attacked by bad, guys. 283 00:16:38,000 --> 00:16:40,900 So, I just kind of look at this. Like it's a bit of an 284 00:16:40,900 --> 00:16:46,400 Eeveelution of how we access. And services taking into account 285 00:16:46,600 --> 00:16:49,400 that the networks and the environments were coming from, 286 00:16:49,700 --> 00:16:51,800 have a totally different level of trust. 287 00:16:52,100 --> 00:16:55,300 So what we're really trying to do now is establish a better 288 00:16:55,300 --> 00:16:59,200 level of trust and in some cases when you get more mature, you 289 00:16:59,200 --> 00:17:03,100 might talk about that trust level might be more Dynamic, 290 00:17:03,200 --> 00:17:04,200 right? I don't know. 291 00:17:04,200 --> 00:17:08,500 The type of app I'm going to the kind of role I have the kind of 292 00:17:08,500 --> 00:17:11,000 device, I'm from the country, I'm from. 293 00:17:11,300 --> 00:17:14,700 So when I think of this is no longer Simply am I in the 294 00:17:14,700 --> 00:17:18,599 network on my corporate computer where I just go straight to the 295 00:17:18,599 --> 00:17:21,800 app internally? Well, we've evolved, we've got 296 00:17:21,800 --> 00:17:25,099 so many more Cloud apps will get so many traveling Workforce, 297 00:17:25,400 --> 00:17:28,500 especially when the recent years with all the work from home, 298 00:17:28,800 --> 00:17:32,600 then that's totally changed our concept or our thinking on a 299 00:17:32,600 --> 00:17:36,400 what this but how we're being attacked, you know, we're no 300 00:17:36,400 --> 00:17:38,200 longer being Brute, Force attack. 301 00:17:38,200 --> 00:17:40,000 Let me break your firewall and get in. 302 00:17:40,300 --> 00:17:43,600 We're being here's an email. Just click this link and All of 303 00:17:43,600 --> 00:17:47,400 a sudden the Bad actors on your device with your credentials. 304 00:17:47,900 --> 00:17:51,800 So you know for me it's it's a different mindset. 305 00:17:51,900 --> 00:17:55,400 I just see this though as an evolution of what we've really 306 00:17:55,400 --> 00:17:58,400 been trying to do in the industry on guaranteeing that 307 00:17:58,400 --> 00:18:01,700 it's you and that it's not a bad guy pretending to be you. 308 00:18:03,300 --> 00:18:06,800 Yeah, I kind of feel like if you were to put together degree 309 00:18:06,800 --> 00:18:11,900 program in identity and access management zero trust, would 310 00:18:11,900 --> 00:18:16,400 have to, at least be one of the one of the courses and for me 311 00:18:16,400 --> 00:18:22,400 required reading would be the newest paper. 800-218-4243 312 00:18:23,900 --> 00:18:27,200 starco texture. It's it's heavy, right? 313 00:18:27,200 --> 00:18:30,000 That's kind of putting it in that University context, a lot 314 00:18:30,000 --> 00:18:33,000 of reading, but it's good reading, right? 315 00:18:33,100 --> 00:18:37,000 I think if you really want to understand your trust and kind 316 00:18:37,000 --> 00:18:40,100 of build a footing in it, it's a good place to start. 317 00:18:41,400 --> 00:18:45,000 I think the other thing is how to talk about zero trust because 318 00:18:45,000 --> 00:18:48,400 there's the selling process within the organization, right? 319 00:18:50,500 --> 00:18:53,900 The first time I heard of zero trust you know, it did cross my 320 00:18:53,900 --> 00:18:57,500 mind, what you don't trust me. And I kind of always feel like 321 00:18:57,500 --> 00:19:02,000 when we talk about zero trust you, somebody who's not an I am 322 00:19:02,000 --> 00:19:05,900 lifer or security lifer, that's probably the impression that 323 00:19:05,900 --> 00:19:07,500 they get what you don't trust me. 324 00:19:08,700 --> 00:19:11,700 What do you think of that? Kind of selling processor zero, 325 00:19:11,700 --> 00:19:14,800 trust from C? So perspective, are you have to 326 00:19:15,100 --> 00:19:20,100 talk to non non information security? 327 00:19:20,300 --> 00:19:24,900 Nerds like us and make them understand what it is and why 328 00:19:24,900 --> 00:19:27,400 it's important. And so how do you do, how do you 329 00:19:27,400 --> 00:19:31,100 do that and get past that those kind of hurdles? 330 00:19:31,700 --> 00:19:37,100 Yeah and there's three main audience is, you know, so I was 331 00:19:37,200 --> 00:19:41,400 in Adobe it was a uniquely different experience because the 332 00:19:41,400 --> 00:19:44,800 term zero trust wasn't as mainstream as it is now. 333 00:19:45,200 --> 00:19:48,100 So we're going back to late 2017. 334 00:19:50,200 --> 00:19:55,300 And the, the way I phrased this and I was blessed either. 335 00:19:55,300 --> 00:20:00,100 Good, architect was in our team that really was hit my head off 336 00:20:00,100 --> 00:20:02,000 a wall. Saying, hey, we should look at 337 00:20:02,000 --> 00:20:03,000 this. We should do this. 338 00:20:03,000 --> 00:20:06,200 It wasn't my brainchild and Adobe to start the program off. 339 00:20:07,100 --> 00:20:11,200 I think re-architect Benzie John, he was hit my head off a 340 00:20:11,200 --> 00:20:13,500 wall thing, but but look think of this thing. 341 00:20:13,700 --> 00:20:17,500 So it started with him selling it to me and he was selling it 342 00:20:17,500 --> 00:20:22,400 to me, really a technical level But then an emotional level and 343 00:20:22,400 --> 00:20:25,800 the first thing I thought of is okay, this thing actually would 344 00:20:25,800 --> 00:20:29,500 be brilliant, totally, they don't know, I'm sold in the 345 00:20:29,500 --> 00:20:31,800 principles of the easiest sales technique. 346 00:20:31,800 --> 00:20:35,000 There's three audiences. There is the person that runs 347 00:20:35,400 --> 00:20:38,100 it. There's a person I run security 348 00:20:38,300 --> 00:20:42,100 and then there's your user base. And if you start with your user 349 00:20:42,100 --> 00:20:45,700 base and you turn around and say, would you like to never 350 00:20:45,700 --> 00:20:48,200 have to enter your username and password again? 351 00:20:49,600 --> 00:20:52,000 Right, I'd sounds like an easy question. 352 00:20:52,300 --> 00:20:55,600 So, would you like to never have to login via VPN again? 353 00:20:56,300 --> 00:20:58,300 Okay, sounds like an easy question. 354 00:20:58,700 --> 00:21:01,100 How about you never want to change your password every 90 355 00:21:01,100 --> 00:21:04,500 days again? And that sounds like an easy 356 00:21:04,500 --> 00:21:05,800 question. So if you got your user 357 00:21:05,800 --> 00:21:07,900 community and you say, hey, do you want some of that? 358 00:21:08,600 --> 00:21:13,700 That's easy. If you go to your CIO and their 359 00:21:13,700 --> 00:21:18,100 leadership team, they are all about user experience in the 360 00:21:18,100 --> 00:21:21,600 organization and that all about saving money, right? 361 00:21:21,600 --> 00:21:25,900 Cios are under extreme pressure. To reduce the operational cost. 362 00:21:26,000 --> 00:21:29,300 So if you turn right into them and you would say, how would you 363 00:21:29,300 --> 00:21:32,200 like to reduce the service desk ticket? 364 00:21:32,400 --> 00:21:35,600 Related to password change by 60 to 80%. 365 00:21:36,400 --> 00:21:40,100 They're all over that if you would like to say to them or and 366 00:21:40,100 --> 00:21:43,000 how would you like to not have to have users change passwords 367 00:21:43,300 --> 00:21:46,000 and user passwords? And, and when you tell them the 368 00:21:46,000 --> 00:21:50,200 same thing, their eyes light up because they get it, and they 369 00:21:50,200 --> 00:21:54,700 can translate that to soft dollar value that they can take 370 00:21:54,700 --> 00:21:58,600 back to their leadership. Now, if you go to the, the 371 00:21:58,600 --> 00:22:02,700 security leader, now, in those days, in Adobe, I was the Right 372 00:22:02,700 --> 00:22:06,900 to reporting to their CSO. When I go to our CSO, an adult. 373 00:22:06,900 --> 00:22:10,000 We I was like, hey, how would you like to improve security? 374 00:22:10,000 --> 00:22:13,200 And these ways? Oh, and by the way, your peer, 375 00:22:13,200 --> 00:22:17,600 the CIO, she'll reduce our cost by X y&z here. 376 00:22:17,600 --> 00:22:23,700 Here and here, At that point, the security conversation is 377 00:22:23,700 --> 00:22:26,200 really good. Would you like to improve 378 00:22:26,200 --> 00:22:28,200 security? So, the bad guy is kind of 379 00:22:28,200 --> 00:22:31,800 scraped passwords and we're doing more more male factor or 380 00:22:31,800 --> 00:22:35,500 more Dynamic than to keishon. Would you like to remove the 381 00:22:35,500 --> 00:22:39,000 ability for lateral movement? Would you like it so that when 382 00:22:39,000 --> 00:22:43,800 you VPN the employee, who vpns and doesn't have full access to 383 00:22:43,800 --> 00:22:46,700 the corporate Network? Because most companies when they 384 00:22:46,700 --> 00:22:52,300 build VPN Solutions They lock it down for all these groups, but 385 00:22:52,300 --> 00:22:55,200 generally, the full time employee Group, which is your 386 00:22:55,200 --> 00:22:57,700 biggest group. They're not locked down. 387 00:22:57,900 --> 00:23:02,000 They usually get full access because locking it down was very 388 00:23:02,000 --> 00:23:06,800 expensive, and very complicated and usually flawed anyway. 389 00:23:07,300 --> 00:23:12,200 So when you tell these people, that all of a sudden these three 390 00:23:12,200 --> 00:23:16,500 audiences, they love with the here and you're not mentioning 391 00:23:16,500 --> 00:23:19,900 zero trust because you don't have to say, Would you like some 392 00:23:19,900 --> 00:23:22,200 zero trust, especially nobody really agrees? 393 00:23:22,200 --> 00:23:25,500 What zero trust us? Yeah, it's not like there's like 394 00:23:25,800 --> 00:23:28,900 an easy button right for it. So, so Dan, you sold me. 395 00:23:28,900 --> 00:23:30,900 I don't want to change my password anymore. 396 00:23:30,900 --> 00:23:32,400 I don't want to have to enter the one. 397 00:23:32,400 --> 00:23:37,100 I do have as often now comes the hard part, I think in a lot of 398 00:23:37,100 --> 00:23:40,400 people's minds and that is where do I even start? 399 00:23:40,700 --> 00:23:44,100 I guess my question to you would be how do I get started with 400 00:23:44,100 --> 00:23:47,200 zero trust? And if you can kind of help me 401 00:23:47,500 --> 00:23:49,100 understand that I think that would help a lot. 402 00:23:49,300 --> 00:23:50,500 People out there. Yeah. 403 00:23:50,500 --> 00:23:54,800 So there's there's people process technology but just from 404 00:23:54,800 --> 00:23:58,700 a you know, most of us are in the listeners are technologists, 405 00:23:58,700 --> 00:24:00,800 right? So let's talk about technology. 406 00:24:01,400 --> 00:24:05,800 So I was in charge of the identity management of both 407 00:24:05,800 --> 00:24:11,600 companies Adobe in Cisco, and you don't need to ask permission 408 00:24:12,400 --> 00:24:15,800 to improve the experience of the authentication workflow. 409 00:24:16,500 --> 00:24:19,800 So I started there, I said, well, wait a minute, I'll 410 00:24:19,800 --> 00:24:25,900 improve the experience. We connected our alte platform 411 00:24:25,900 --> 00:24:30,500 in Adobe to r0. Trust platform for posture 412 00:24:30,500 --> 00:24:32,500 check. So, the very first thing we done 413 00:24:32,800 --> 00:24:36,300 with we do not really small pilot where we built these 414 00:24:36,300 --> 00:24:39,700 little environment. You know, the pilot environment 415 00:24:39,900 --> 00:24:43,700 and we took OCTA. And in those days, it was a 416 00:24:43,700 --> 00:24:49,300 VMware, the IDM and Five, apm's for the reverse proxy and we 417 00:24:49,300 --> 00:24:54,000 built these things together in a small pilot to prove that we 418 00:24:54,000 --> 00:24:59,400 could use a certificate instead of the password that we could do 419 00:24:59,400 --> 00:25:03,600 a posture check on the device and then we could seamlessly let 420 00:25:03,600 --> 00:25:08,200 you into our applications on the network but only to the specific 421 00:25:08,200 --> 00:25:12,100 selected applications. So basically we were internet 422 00:25:12,100 --> 00:25:14,900 enabling those apps. That was the kind of feel in 423 00:25:14,900 --> 00:25:17,900 your giving. For someone who's on the device 424 00:25:17,900 --> 00:25:21,900 which has the zero trust stuff. So in our case is zero trust off 425 00:25:21,900 --> 00:25:27,500 was, was it managed did have our endpoint protection on it or we 426 00:25:27,500 --> 00:25:30,800 look at the iOS version. Do you look at the patch version 427 00:25:31,300 --> 00:25:35,700 and your journey of zero trust? You know that that posture check 428 00:25:36,100 --> 00:25:38,900 can improve? We didn't start to off 429 00:25:39,300 --> 00:25:43,400 complicated at all. It was latest OS and was it 430 00:25:43,400 --> 00:25:46,900 managed and then with the endpoint protection, And our 431 00:25:46,900 --> 00:25:50,800 certificate have our certificate existed that was, you know, a 432 00:25:50,800 --> 00:25:53,900 big thing because we use that to hide the username and password. 433 00:25:54,300 --> 00:25:58,600 So if you can inject into the authentication flow and then do 434 00:25:58,600 --> 00:26:01,700 the posture check and then divert traffic. 435 00:26:01,700 --> 00:26:04,900 If it's an internal app via your proxy. 436 00:26:05,300 --> 00:26:08,600 That's not a complicated architecture to build out. 437 00:26:08,900 --> 00:26:13,000 We built our pilot environment in a couple of months and then 438 00:26:13,000 --> 00:26:16,000 actually to expand that to a production friends. 439 00:26:16,000 --> 00:26:19,600 And Family launch get some feedback that that for us in 440 00:26:19,600 --> 00:26:25,500 Adobe was a seven-month project to go from concept to actual 441 00:26:25,500 --> 00:26:30,000 fill go live with 40,000 users and along that Journey. 442 00:26:30,500 --> 00:26:34,600 We were just testing out with larger groups but the 443 00:26:34,600 --> 00:26:36,700 architecture wasn't very complicated. 444 00:26:37,000 --> 00:26:39,800 So I think people that think how do I get started? 445 00:26:39,900 --> 00:26:41,600 I've heard all sorts of nonsense. 446 00:26:41,600 --> 00:26:45,400 I've heard someone say asset management and it's like, what 447 00:26:45,400 --> 00:26:46,900 do you mean asset? Judgment. 448 00:26:47,000 --> 00:26:50,600 I don't think in 20 years I've ever heard of the cmdb ever been 449 00:26:50,600 --> 00:26:53,000 right? And asset management ever been 450 00:26:53,000 --> 00:26:56,700 great, you know? So for me one thing I could do 451 00:26:56,700 --> 00:27:01,400 though as I could say using our zero trust platform, we could 452 00:27:01,400 --> 00:27:05,200 scrape the data of the, your device, and the fact you logged 453 00:27:05,200 --> 00:27:07,700 in. And we can fair that we see you 454 00:27:07,700 --> 00:27:11,100 every day on this laptop week, them fair that, that laptop is 455 00:27:11,100 --> 00:27:15,300 there for yours or were tagging it to you and then then we'll 456 00:27:15,300 --> 00:27:19,100 drop that in this. Cmdb and then and you would have 457 00:27:19,100 --> 00:27:23,400 heard Eric talked about this on your show how we gamified and we 458 00:27:23,400 --> 00:27:26,600 showed that devices. So if you logged into an 459 00:27:26,600 --> 00:27:31,400 application from a device that had nothing like didn't have any 460 00:27:31,400 --> 00:27:33,300 of our zero trust. No end point. 461 00:27:33,400 --> 00:27:37,200 We would throw it under your name on that portal and give you 462 00:27:37,200 --> 00:27:40,900 a flat zero. You've got really low score so 463 00:27:40,900 --> 00:27:44,300 if I wanted my organization of a good score then hey guys, I 464 00:27:44,308 --> 00:27:47,700 better get to a position where that device Is managed because 465 00:27:47,700 --> 00:27:51,600 any unmanaged device is a log in to any of our apps from. 466 00:27:52,000 --> 00:27:55,200 I'm going to get a bad score so you can scrape that information 467 00:27:55,600 --> 00:27:57,600 and stuff. Like that was really cool. 468 00:27:57,800 --> 00:28:00,500 Well I think of zero trust for me zero. 469 00:28:00,500 --> 00:28:03,100 Trust says, I don't trust a device that doesn't have at 470 00:28:03,100 --> 00:28:06,700 least three things that we wanted to have and we would 471 00:28:06,700 --> 00:28:09,300 which grape that. And then you get to the position 472 00:28:09,300 --> 00:28:10,800 as well. We're within that. 473 00:28:10,800 --> 00:28:15,300 Same thing that you built out, you could deny access to the 474 00:28:15,300 --> 00:28:18,400 application. Even if you were zero trust 475 00:28:18,400 --> 00:28:22,500 enabled meet in our minimum posture and that's the really 476 00:28:22,500 --> 00:28:26,700 powerful piece. So I have a quick comment around 477 00:28:26,700 --> 00:28:32,500 gamification and I just this is my brilliant identity software. 478 00:28:32,500 --> 00:28:36,700 Feature enhancement idea for 2022 that I'd love to see 479 00:28:36,700 --> 00:28:42,100 someone build and that is take the idea of Spotify unwrapped 480 00:28:42,100 --> 00:28:44,900 right where it listens to your music history and kind of comes 481 00:28:44,900 --> 00:28:47,100 in with, here's your things. Do the same thing for 482 00:28:47,100 --> 00:28:51,200 authentication except gamify in a way was like, oh, you typed 483 00:28:51,200 --> 00:28:54,300 your password in X number of times this year, or you took 484 00:28:54,300 --> 00:28:57,000 advantage of x y z, you know, methods whatever. 485 00:28:57,000 --> 00:28:59,100 Maybe that's how big of an identity nerd. 486 00:28:59,100 --> 00:29:01,300 I am. And I'm sure that somewhere out 487 00:29:01,300 --> 00:29:02,600 there. Someone wants to build something 488 00:29:02,600 --> 00:29:04,100 like that. Well, we were doing. 489 00:29:04,600 --> 00:29:09,700 Yeah, in the Adobe team. So in 2001, we build a portal 490 00:29:10,500 --> 00:29:14,500 myself and this one lowest notes developer. 491 00:29:14,500 --> 00:29:17,400 Believe It or Not, Eric. Talked about this poor old where 492 00:29:17,400 --> 00:29:20,100 we used to allow self-service for groups, right? 493 00:29:20,400 --> 00:29:23,700 We done groups and password that lipstick on the pig in front of 494 00:29:23,700 --> 00:29:25,700 all these platforms that we had an adobe. 495 00:29:26,100 --> 00:29:30,200 Well, myself, in this guy, venkatesh, we built this and 496 00:29:30,200 --> 00:29:33,200 then the original version of it. He built a Lotus Notes, front 497 00:29:33,200 --> 00:29:37,700 end, and I had batch files at the back end, all going to 498 00:29:37,700 --> 00:29:40,500 active directory and there's like net group, blah, blah, 499 00:29:40,500 --> 00:29:42,300 blah. And so, we were, adding removing 500 00:29:42,300 --> 00:29:45,100 users from groups way back in 2001. 501 00:29:46,600 --> 00:29:50,600 And in, for me, I wanted to evolve that thing to where we 502 00:29:50,600 --> 00:29:53,500 were going to be like, like a dynamic playlist. 503 00:29:53,900 --> 00:29:57,600 So I remember Tallman your show, talking about role-based access 504 00:29:57,600 --> 00:30:00,700 control. And for me, I was never a fan of 505 00:30:00,700 --> 00:30:04,000 it because it never really, it was always expensive, right? 506 00:30:04,100 --> 00:30:07,200 So I was like, well, why don't we create it that you as a user 507 00:30:07,200 --> 00:30:10,500 could go in there and you could create rules, but you can create 508 00:30:10,500 --> 00:30:12,700 roles in the form of a dynamic playlist. 509 00:30:13,200 --> 00:30:16,000 Hey, if you didn't this org, you've got this title. 510 00:30:16,200 --> 00:30:19,600 You get in this country, I want you to be in this group and this 511 00:30:19,600 --> 00:30:23,600 group has access to these things and then all of a sudden we just 512 00:30:23,600 --> 00:30:28,200 do the look up every night and we'd start to see that and then 513 00:30:28,200 --> 00:30:32,700 all you know you can't have no gamify it but you you make it 514 00:30:32,700 --> 00:30:36,700 all self-service, my whole thing in my career was I don't want to 515 00:30:36,700 --> 00:30:40,000 have to work really hard. I want to build things that 516 00:30:40,000 --> 00:30:44,100 enable things to happen without being intrusive to our users, 517 00:30:44,800 --> 00:30:47,300 and and sense. That makes me don't work so 518 00:30:47,300 --> 00:30:50,300 hard. So Dan, one of the things that 519 00:30:50,300 --> 00:30:52,300 crossed my mind? Well, first, I have to kind of 520 00:30:52,300 --> 00:30:55,500 go back to the cmdb point because I just thought this is 521 00:30:55,500 --> 00:30:58,700 funny Jeff. And I, we were during our stream 522 00:30:58,700 --> 00:31:03,900 this morning, you know, both in lockstep need to cmdb need, a 523 00:31:03,900 --> 00:31:08,800 good asset inventory, right? I mean, but I think the point 524 00:31:08,800 --> 00:31:11,700 that you're making, right, is you never seem to seem DP this 525 00:31:11,700 --> 00:31:14,000 perfect. But have you ever seen a 526 00:31:14,000 --> 00:31:18,800 non-existent cmdb or One that is like such garbage that you can't 527 00:31:18,800 --> 00:31:22,000 even use as a starting point. That's the problem that I run 528 00:31:22,000 --> 00:31:24,700 into a lot. And it's like you at least need 529 00:31:24,700 --> 00:31:27,400 to know the basics of your environment. 530 00:31:27,400 --> 00:31:31,800 Because how are you going to get control of access to your 531 00:31:31,800 --> 00:31:33,100 environment? If you don't know what your 532 00:31:33,100 --> 00:31:35,300 environment is? Yeah. 533 00:31:35,300 --> 00:31:36,000 Yeah, absolutely. No. 534 00:31:36,008 --> 00:31:39,600 I've never seen one that's been so garbage that you've wanted to 535 00:31:39,600 --> 00:31:41,700 just throw it out and start all over again. 536 00:31:42,600 --> 00:31:44,600 I've seen some fancy Excel sheets. 537 00:31:46,300 --> 00:31:51,200 I remember really in the early days in Adobe we had before this 538 00:31:51,200 --> 00:31:54,700 is all automated. A lot of our networks were all 539 00:31:54,700 --> 00:31:57,200 Excel sheets. I mean it was all, you know, 540 00:31:57,200 --> 00:31:59,600 this huge big tables and tables and tables. 541 00:32:00,700 --> 00:32:06,800 And in the end we we deployed you know, bmc's platform. 542 00:32:06,800 --> 00:32:09,800 But we also deployed in four blocks his platform, we 543 00:32:09,800 --> 00:32:12,700 integrated them. And then we go bmc's Network 544 00:32:12,700 --> 00:32:16,000 automation technology. So that it was always bring that 545 00:32:16,100 --> 00:32:21,100 In and I think the principle is a good cmdb is something which 546 00:32:21,100 --> 00:32:24,800 is derived via, you know, Discovery and automated means. 547 00:32:25,100 --> 00:32:29,800 So if you're if you've got a nice, you know, is our Cloud 548 00:32:29,800 --> 00:32:33,400 platform where you're building compute, you do have a choice to 549 00:32:33,400 --> 00:32:35,900 say, if I'm going to build a computer where it's only going 550 00:32:35,900 --> 00:32:39,400 to last 15 minutes. However, going to record that 551 00:32:39,400 --> 00:32:43,500 thing existed for 15 minutes and then was pulled down like these 552 00:32:43,500 --> 00:32:45,900 kind of decisions. I think where you get into the 553 00:32:45,900 --> 00:32:52,200 net Nitty-gritty of it. But ultimately, I can look at 554 00:32:52,200 --> 00:32:56,900 this, like, we have enough logs. We've enough automated processes 555 00:32:57,300 --> 00:33:00,000 where it's not hard to put it together. 556 00:33:00,400 --> 00:33:04,200 It's just about dedicating resources and time to kind of 557 00:33:04,200 --> 00:33:07,400 make that effort. And, and, you know, a lot of 558 00:33:07,408 --> 00:33:12,000 cios, they all talk about cmdb has been brilliant, but at the 559 00:33:12,000 --> 00:33:14,100 end of it when they're really pressured about, where do they 560 00:33:14,100 --> 00:33:16,000 put their money, they put their money on. 561 00:33:16,100 --> 00:33:20,500 Things are very visible to the business and sometimes the cmdb 562 00:33:20,600 --> 00:33:23,300 and he's back end Services. They're just not so visible. 563 00:33:23,600 --> 00:33:26,700 So they don't really enjoy the same level of funding attention 564 00:33:26,700 --> 00:33:31,100 and love that you really need to have, you know, but that's life 565 00:33:31,300 --> 00:33:32,900 Point. I've definitely seen that. 566 00:33:34,100 --> 00:33:37,900 One other thing I wanted to mention about the selling 567 00:33:37,900 --> 00:33:42,100 process of zero trust as I think even people might start with the 568 00:33:42,108 --> 00:33:45,000 question, like well why do I need to see row trust that? 569 00:33:45,000 --> 00:33:49,300 All right, what is Protecting me from like, what is the benefit I 570 00:33:49,300 --> 00:33:53,200 get. And I think if you kind of 571 00:33:53,900 --> 00:33:58,100 dissect a data breach or ransomware attack and you kind 572 00:33:58,100 --> 00:34:01,900 of go through the parts and pieces of how somebody gets in 573 00:34:01,900 --> 00:34:05,400 and then what they do from there, so you talked a lot about 574 00:34:05,400 --> 00:34:08,199 authentication, right? Which is the, how do they get in 575 00:34:08,500 --> 00:34:11,400 or, you know, but there's other ways that you can have a 576 00:34:11,400 --> 00:34:14,699 ransomware attack which is somebody's machine, could be 577 00:34:14,699 --> 00:34:17,800 compromised at a Starbucks. Buck's location or they're 578 00:34:17,800 --> 00:34:23,400 working from home and click officially part of the, the 579 00:34:23,400 --> 00:34:26,800 smart thing about ransomware containment is containment 580 00:34:26,800 --> 00:34:30,400 right, making sure that that can spread laterally. 581 00:34:30,400 --> 00:34:33,699 And when we talked the other day, you brought up an idea, 582 00:34:33,699 --> 00:34:36,600 which I hadn't thought of before, which was brilliant 583 00:34:36,699 --> 00:34:39,300 around. You know, when you, you join the 584 00:34:39,300 --> 00:34:42,000 corporate, when you come on the corporate Network, right? 585 00:34:42,000 --> 00:34:46,500 You're in your own little cell kind of like when you Go to a 586 00:34:46,500 --> 00:34:51,800 Starbucks or something, you join a public public Wi-Fi, right? 587 00:34:51,800 --> 00:34:53,400 You're not. You shouldn't see the clients 588 00:34:53,400 --> 00:34:57,300 who are our next to you also on that Wi-Fi, maybe you can, but 589 00:34:57,300 --> 00:34:59,500 that would be a security flaw. All right. 590 00:35:00,700 --> 00:35:04,700 It reminded me of, you know, 15, 20 years ago when you would go 591 00:35:04,700 --> 00:35:09,100 on to corporate network with your Windows machine and you go 592 00:35:09,100 --> 00:35:12,000 into Network Explorer and you see all these computers and all 593 00:35:12,000 --> 00:35:14,600 these printers and you could just go and see what are they 594 00:35:14,600 --> 00:35:18,500 sharing in a people? For oversharing potentially 595 00:35:18,500 --> 00:35:22,400 could get into their file shares and and do things, right? 596 00:35:22,400 --> 00:35:24,500 I was kind of like a network guy. 597 00:35:24,500 --> 00:35:29,300 So I was always goofing around like looking around and people 598 00:35:29,400 --> 00:35:33,100 over share all the time and you know, I mean who could who could 599 00:35:33,100 --> 00:35:36,200 be completely aware of all the settings and what they're 600 00:35:36,200 --> 00:35:39,200 sharing on their computer. But sorry, I wanted to turn it 601 00:35:39,200 --> 00:35:42,300 over to you to kind of explain what your idea was around that 602 00:35:42,300 --> 00:35:44,100 because I thought that was really interesting. 603 00:35:44,500 --> 00:35:48,700 Yeah, this is so, One of the earliest things that I shared 604 00:35:48,700 --> 00:35:52,000 with our CSO was, you know, what do you wanna do, you want to? 605 00:35:52,000 --> 00:35:55,700 And I put the word almost eliminate lateral movement 606 00:35:56,100 --> 00:36:00,800 because in every big attack. The bad actor comes in, they get 607 00:36:00,800 --> 00:36:03,200 a machine. And from the machine, they start 608 00:36:03,200 --> 00:36:05,600 spreading out and they can spread out in seconds right 609 00:36:05,600 --> 00:36:07,200 there. No, this isn't over months. 610 00:36:07,200 --> 00:36:10,600 It's this, this they can be hiding for months, but they can 611 00:36:10,600 --> 00:36:14,100 spread out over s. So, one of the things in that 612 00:36:14,100 --> 00:36:18,700 concept was If you just look at Network segmentation and the 613 00:36:18,707 --> 00:36:20,400 industry. So, first of all, a lot of 614 00:36:20,400 --> 00:36:24,300 security people, a lot of their Origins are networks, so they 615 00:36:24,300 --> 00:36:28,100 think of it like Network segmentation and firewalls solve 616 00:36:28,100 --> 00:36:31,700 all problems, right? Or most of our problems, I'd 617 00:36:31,700 --> 00:36:34,900 like to expand on that little bit farther and say don't don't 618 00:36:34,900 --> 00:36:37,600 necessarily disagree that they solve lots of problems. 619 00:36:38,100 --> 00:36:41,800 But, if you take a network, you say, look, I've got a data 620 00:36:41,800 --> 00:36:44,600 center. I've got a lab Network and I've 621 00:36:44,600 --> 00:36:48,300 got an office Network. so just those three kind of based 622 00:36:48,300 --> 00:36:53,400 Networks, To get from the office Network to the data center. 623 00:36:53,600 --> 00:36:56,900 Normally every good company with a Bastion host and they should 624 00:36:56,900 --> 00:36:58,900 require multi-factor authentication. 625 00:36:59,100 --> 00:37:03,800 So there's some level of gate to get in there and and lab 626 00:37:03,800 --> 00:37:05,600 networks. You know, maybe they're a bit 627 00:37:05,600 --> 00:37:08,700 twice eaten unique so they may have that they may not they 628 00:37:08,700 --> 00:37:12,100 might be wide open to get to. But if they were then why would 629 00:37:12,100 --> 00:37:14,200 you segment them off to begin with, right? 630 00:37:14,500 --> 00:37:18,400 So the office Network, that's the one where the Massey's are 631 00:37:18,900 --> 00:37:20,800 if you think of your privilege. Users. 632 00:37:21,100 --> 00:37:24,900 They're usually always in the office Network before the get 633 00:37:24,900 --> 00:37:28,300 privileged and go into, you know, their computer horse 634 00:37:28,300 --> 00:37:31,900 bastions or whatever. But if you took that office 635 00:37:31,900 --> 00:37:36,400 Network and you turn that into a guest network and on all guests 636 00:37:36,400 --> 00:37:40,000 networks Starbucks, for example, is like a guest Network, all 637 00:37:40,000 --> 00:37:42,400 guest Network. So you've got the principle of 638 00:37:42,500 --> 00:37:44,500 all I can do is get to the internet. 639 00:37:45,000 --> 00:37:47,300 I can't see those arriving to me, right? 640 00:37:47,600 --> 00:37:53,100 So if you do that, That to your office Network and your 641 00:37:53,100 --> 00:37:56,900 applications and services at all behind your zero trust platform. 642 00:37:57,100 --> 00:38:00,200 Then you're not VPN again to get any white access. 643 00:38:00,500 --> 00:38:03,600 The only thing you can do is connect to your zero, trust 644 00:38:04,000 --> 00:38:08,000 available applications and you get to the app and nothing else 645 00:38:08,100 --> 00:38:12,600 via that port and protocol and it guarantees, and ensures your 646 00:38:12,600 --> 00:38:15,000 device meets a minimum security posture. 647 00:38:15,500 --> 00:38:18,300 So, the problem with things like ransomware and all this other 648 00:38:18,300 --> 00:38:21,900 stuff, is it cancer? Right really quickly to things 649 00:38:21,900 --> 00:38:25,400 you don't want and and it gets in really quickly because 650 00:38:25,400 --> 00:38:30,700 usually the point of entry, is someone clicked a link and their 651 00:38:30,700 --> 00:38:33,300 endpoint security software, didn't catch it. 652 00:38:33,900 --> 00:38:37,000 So do you have good endpoint? I don't know, like which one's 653 00:38:37,000 --> 00:38:38,700 the best. I don't want to debate that but 654 00:38:38,700 --> 00:38:42,900 the reality is is give yourself a Fighting Chance as an 655 00:38:42,900 --> 00:38:47,400 organization by saying I will require that device have a good 656 00:38:47,400 --> 00:38:52,700 awareness, be patched have good. A software, good logging and 657 00:38:52,700 --> 00:38:55,900 require multi-factor. You know at least a basic 658 00:38:55,900 --> 00:38:57,700 hygiene that we know is all goodness. 659 00:38:58,200 --> 00:39:03,000 So the problem is is traditionally before zero trust 660 00:39:03,000 --> 00:39:06,200 before what we were building, it was just username and password 661 00:39:06,200 --> 00:39:09,600 regardless of the device posture and it was on a network that was 662 00:39:09,600 --> 00:39:13,000 wide open. So if I can see for a thousand 663 00:39:13,000 --> 00:39:17,400 devices inside a corporate Network like Adobe or Cisco or 664 00:39:17,800 --> 00:39:21,500 whatever, right then that means A doctor, once they're in they 665 00:39:21,500 --> 00:39:27,300 can spread that far that far that fast usually in those 666 00:39:27,300 --> 00:39:32,300 Networks you're going to find devices evading stay of quality 667 00:39:32,600 --> 00:39:36,000 of security posture. So me you're gonna have a, 668 00:39:36,700 --> 00:39:39,400 you're going to come in on the one machine, you're going to 669 00:39:39,400 --> 00:39:45,200 scan, whatever you can scan, you know, in the lateral way. 670 00:39:45,500 --> 00:39:50,900 And then if you can find another device and in fact it Take over 671 00:39:50,900 --> 00:39:55,000 that device, use whatever authentic, whatever accounts 672 00:39:55,000 --> 00:39:59,000 have been, authenticator hashes exist on that computer and then 673 00:39:59,300 --> 00:40:02,100 we play that until you get to the point where eventually, you 674 00:40:02,100 --> 00:40:05,600 can own the active directory and then it's game over, right? 675 00:40:05,600 --> 00:40:08,000 That's when you pay the big Ransom, whatever. 676 00:40:08,000 --> 00:40:10,900 It's going to take because your company's been brought to its 677 00:40:10,900 --> 00:40:14,000 knees. But interesting, one thing I 678 00:40:14,008 --> 00:40:16,200 wanted to key off of the you talk about their, she talked 679 00:40:16,200 --> 00:40:19,100 about corporate networks, I haven't been on a corporate 680 00:40:19,100 --> 00:40:22,400 Network and Two years, right? I haven't gone into an office in 681 00:40:22,400 --> 00:40:27,900 two years, but I VPN in and I'm wondering, you know, I learned a 682 00:40:27,900 --> 00:40:34,900 lot about ztn a over the past two years, you know, especially 683 00:40:34,900 --> 00:40:38,000 over this past year and I'm wondering, is that the Next 684 00:40:38,000 --> 00:40:41,600 Generation for VPN is VPN going to the go the way of the 685 00:40:41,600 --> 00:40:46,300 dinosaur? Is that the TLs instead of HTTP? 686 00:40:48,900 --> 00:40:50,000 If you're following what I'm here? 687 00:40:50,300 --> 00:40:55,000 Yeah, so it's great. Great quite so I great question 688 00:40:55,700 --> 00:41:00,400 when I've done a lot of presentations. 2018 onwards on 689 00:41:00,400 --> 00:41:04,500 on our zero, trust efforts over the years, both the Adobe stuff 690 00:41:04,500 --> 00:41:08,000 on The Cisco stuff. And most of the questions that 691 00:41:08,000 --> 00:41:13,900 people gave me were, is this a VPN replacement project? 692 00:41:13,900 --> 00:41:16,800 Or did you justify the funding for your zero? 693 00:41:16,800 --> 00:41:20,600 Trust by using funding from VPN in an Cases. 694 00:41:20,600 --> 00:41:29,100 I said no there's there's a place for VPN and I never used 695 00:41:29,100 --> 00:41:32,400 the funding for it. Why did use though was the 696 00:41:32,400 --> 00:41:35,200 luxury of saying? Hey we're going to deploy this 697 00:41:35,200 --> 00:41:38,100 zero trust thing and if ever this thing doesn't work you can 698 00:41:38,100 --> 00:41:40,800 still use a VPN stuff. We're not taking that away just 699 00:41:40,800 --> 00:41:46,200 now and then over the course of the maturity of your efforts you 700 00:41:46,200 --> 00:41:48,100 get to decide. Are you going to reduce the 701 00:41:48,100 --> 00:41:54,700 investment and VPN One of one of the things that people really 702 00:41:54,700 --> 00:41:58,200 struggle with on any zero trust initiative, where they're trying 703 00:41:58,200 --> 00:42:04,100 to reduce the VPN usage is understanding the VPN stuff and 704 00:42:04,100 --> 00:42:06,500 you know what activities happening over there VPN 705 00:42:06,500 --> 00:42:08,800 network. I would always just say to 706 00:42:08,800 --> 00:42:12,300 people. There's a lot of players in the 707 00:42:12,308 --> 00:42:14,500 market. One thing I love about what 708 00:42:14,500 --> 00:42:17,100 we're doing is we enable that visibility. 709 00:42:17,400 --> 00:42:20,000 We actually do have a VPN solution as well. 710 00:42:20,200 --> 00:42:24,000 So we do, we do acknowledge that you might not be comfortable 711 00:42:24,000 --> 00:42:29,400 taking VPN away, there may be usages for that but we use that 712 00:42:29,400 --> 00:42:33,100 to our advantage as part of your journey, I look at it. 713 00:42:33,100 --> 00:42:39,200 Like there's vpns are usually wide open to your network with 714 00:42:39,200 --> 00:42:43,400 any port and protocol. Well our proposition is with 715 00:42:43,400 --> 00:42:47,900 zero, trust deployments is to say, it's only that application 716 00:42:47,900 --> 00:42:50,000 and only that Port protocol that you need. 717 00:42:50,100 --> 00:42:53,800 Need to get to the application and you don't get to the rest of 718 00:42:53,800 --> 00:42:56,500 the stuff inside. Get ecosystem, which from a 719 00:42:56,508 --> 00:43:00,400 security perspective is huge. And from a user experience 720 00:43:00,400 --> 00:43:04,800 perspective is huge because you don't know where the app is. 721 00:43:04,800 --> 00:43:07,800 You don't need to know where the app is and you're not VPN again. 722 00:43:08,800 --> 00:43:14,400 I think the first scenario is less administrative effort. 723 00:43:14,800 --> 00:43:17,600 You can just have access to everything, the others more 724 00:43:17,600 --> 00:43:23,000 administrative effort by much. Secure you know, the last 725 00:43:23,100 --> 00:43:26,800 question I went to kind of hit on relative to zero. 726 00:43:26,800 --> 00:43:30,000 Trust was you were talking about how much money you can see for 727 00:43:30,000 --> 00:43:33,400 passwords and sticky from the CEO, I'm thinking to myself, I 728 00:43:33,408 --> 00:43:35,300 don't want to spend anything on passwords. 729 00:43:35,300 --> 00:43:39,100 It's like you came to my house and said you know, I could put 730 00:43:39,100 --> 00:43:42,300 it in a new well and it's like already have a well I don't want 731 00:43:42,300 --> 00:43:47,000 to spend money on that but just thinking of. 732 00:43:47,300 --> 00:43:49,800 So another words where I was going with that is like I'd 733 00:43:49,800 --> 00:43:52,100 rather. Ergo password less, you know, 734 00:43:52,107 --> 00:43:55,800 you talked about, you know, the days of people trying to Brute 735 00:43:55,800 --> 00:43:58,800 Force passwords is over, but people are still trying to use 736 00:43:58,800 --> 00:44:03,800 the password as a way, as probably the most common way to 737 00:44:03,800 --> 00:44:07,800 start a ransomware attack or at least a data breach or any way 738 00:44:07,800 --> 00:44:11,500 to infiltrate a network or an application is through a stolen 739 00:44:11,500 --> 00:44:15,400 password or you know, commonly use password things like that, 740 00:44:15,800 --> 00:44:20,000 go to possession based authentication to me seems like 741 00:44:20,200 --> 00:44:23,800 It's a critical component of zero trial straight. 742 00:44:23,800 --> 00:44:27,200 It's a it's your level of assurance that the person is who 743 00:44:27,200 --> 00:44:31,900 they say they are of course much more by going past from this, 744 00:44:32,100 --> 00:44:33,300 would you? Yeah. 745 00:44:33,500 --> 00:44:34,600 Yeah. Absolutely. 746 00:44:34,700 --> 00:44:38,700 Now I'd love to come by to one point, you mentioned on the VPN 747 00:44:38,700 --> 00:44:42,300 and the cost of administration. One thing to think of in the ztn 748 00:44:42,300 --> 00:44:45,800 platform zero trust. Environment is you're not 749 00:44:45,800 --> 00:44:49,600 worried about the network articles and all that business. 750 00:44:49,600 --> 00:44:52,500 So there's Nothing of that. It's a few two members of the 751 00:44:52,500 --> 00:44:54,600 group that has access to the application. 752 00:44:54,900 --> 00:44:58,500 So it's really just by nature of you being in the directory 753 00:44:58,500 --> 00:45:00,900 group, you get access to the app. 754 00:45:00,900 --> 00:45:04,600 So there's absolutely zero Administration from a VPN 755 00:45:04,600 --> 00:45:08,800 equivalent, which is a great cost saver from an operational 756 00:45:08,800 --> 00:45:13,200 perspective from a password list perspective, I've been trying to 757 00:45:13,207 --> 00:45:18,200 go password list since about 2011. 758 00:45:18,200 --> 00:45:23,500 I think I wrote a way, Paper internally to do, be working 759 00:45:23,500 --> 00:45:28,800 with PWC, just own identity strategies and in this idea of 760 00:45:28,808 --> 00:45:31,800 being able to go password list was just, you know, always 761 00:45:31,800 --> 00:45:37,500 intriguing to me because, yeah, look, we always just write the 762 00:45:37,500 --> 00:45:40,200 same crap down on a Post-It note, you know, back then. 763 00:45:40,200 --> 00:45:42,300 And you'd be like, password, and then it's like, okay. 764 00:45:42,300 --> 00:45:45,500 But you got to change your password 10 times, you know, or 765 00:45:45,500 --> 00:45:48,800 like every so often. But you can't reuse the last 10. 766 00:45:49,100 --> 00:45:53,500 So you're paying the The 1 or a 2 and a 3 and you said it's 767 00:45:53,500 --> 00:45:56,500 always the same format, we're human, we're not, we're not that 768 00:45:56,500 --> 00:45:59,400 creative. If we use a password manager, 769 00:45:59,400 --> 00:46:03,700 now that's brilliant. But from a corporate perspective 770 00:46:03,700 --> 00:46:07,800 and this was great in Adobe, we used to give password managers 771 00:46:07,800 --> 00:46:11,400 out as part of, you know, just being an employee. 772 00:46:12,400 --> 00:46:14,400 But at some point we ended up saying, look, we're not going to 773 00:46:14,400 --> 00:46:17,600 pay for this anymore. We'll arrange a discount and 774 00:46:17,600 --> 00:46:23,400 here's a discount code because Corporate ways we had over 2,000 775 00:46:23,400 --> 00:46:29,100 applications tighter opta platform all requiring MFA so 776 00:46:29,100 --> 00:46:32,900 when we use certificates as part of that first factor or not 777 00:46:32,900 --> 00:46:36,100 password we're like what's that password manager doing within 778 00:46:36,100 --> 00:46:40,000 our corporate really not much in your home like you may still 779 00:46:40,000 --> 00:46:42,500 have hundreds of things because they're not easily tied like 780 00:46:42,500 --> 00:46:46,000 that. But the desire to go password 781 00:46:46,000 --> 00:46:48,900 list is if I'm not entering a password. 782 00:46:48,900 --> 00:46:52,600 I've nothing for a bad day. Actor to scrape and that's a big 783 00:46:52,600 --> 00:46:54,500 thing, right? So for us, it's like, it's 784 00:46:54,500 --> 00:46:58,800 changing the security posture at the same time as it's changing 785 00:46:58,800 --> 00:47:02,100 that user experience. I think that's the key part of 786 00:47:02,100 --> 00:47:04,700 password list, right? Is removing that, that hash that 787 00:47:04,700 --> 00:47:07,700 can't be compromised. Yeah, we've covered a lot of 788 00:47:07,700 --> 00:47:11,900 ground on the Zero trusting and it's, you can see why people are 789 00:47:11,900 --> 00:47:15,200 confused over it, just on this conversation alone, sometimes 790 00:47:15,200 --> 00:47:19,300 where it's sprawl. So much of the infrastructure 791 00:47:19,700 --> 00:47:23,100 and The network and the internet and all the different things 792 00:47:23,100 --> 00:47:27,100 that are out there which leads me to my last question for you 793 00:47:27,100 --> 00:47:29,700 done. And that is what is good enough? 794 00:47:29,700 --> 00:47:33,800 Look like 40 trust in the year 2022 because I feel like 795 00:47:33,800 --> 00:47:36,600 sometimes we get lost and say, oh, you need to have the latest 796 00:47:36,600 --> 00:47:39,500 and greatest all the bells and whistles and you're never truly 797 00:47:39,500 --> 00:47:41,300 done. But I think about this from a 798 00:47:41,308 --> 00:47:44,400 more pragmatic perspective is, okay, how do I get to good 799 00:47:44,400 --> 00:47:45,700 enough? Because this is not the only 800 00:47:45,700 --> 00:47:47,800 fire as a sea so that I need to fight. 801 00:47:48,400 --> 00:47:49,900 Yeah, I know that's a brilliant question, Jeff. 802 00:47:50,000 --> 00:47:53,600 And it's funny, right? So, my both of my team is but my 803 00:47:53,600 --> 00:47:56,300 Adobe leadership team that I worked with for years. 804 00:47:56,300 --> 00:48:00,100 Great, great, great team. But they would give me so much 805 00:48:00,100 --> 00:48:03,400 grief because I'd use a term good enough all the time and 806 00:48:03,400 --> 00:48:06,900 they're like, if I told the organization had good enough, 807 00:48:06,900 --> 00:48:10,700 they're thinking that I'm loading my standards and it's 808 00:48:10,700 --> 00:48:13,300 like no I don't want to lower the standards, I want to 809 00:48:13,300 --> 00:48:16,000 recognize that we have other things, I don't think are good 810 00:48:16,000 --> 00:48:18,400 enough. So let's get this to good enough 811 00:48:18,400 --> 00:48:21,600 and then decide how far You want to take it, right? 812 00:48:21,700 --> 00:48:27,000 So, good enough, if you haven't taken any steps and zero trust, 813 00:48:27,000 --> 00:48:30,800 I want to say look, it's easy. You're not having to bring in a 814 00:48:30,808 --> 00:48:34,200 million players. I need one person to my staff 815 00:48:34,200 --> 00:48:38,400 and Adobe we use the existing team that does the existing 816 00:48:38,400 --> 00:48:41,700 endpoint, the existing Network that exists, all the existing 817 00:48:41,700 --> 00:48:45,300 people, you know, they're just working together and the good 818 00:48:45,300 --> 00:48:49,900 enough for me was get them working together, get a small. 819 00:48:50,000 --> 00:48:53,200 Pilot going and then expand the pilot into production. 820 00:48:53,200 --> 00:48:56,900 And the first thing you want to really do, say, can we do a 821 00:48:56,900 --> 00:49:00,900 posture check as part of the authentication from? 822 00:49:00,900 --> 00:49:05,400 If can we get to the internal applications via a reverse proxy 823 00:49:05,400 --> 00:49:09,900 or some other capability? And if you can, if you can get 824 00:49:09,900 --> 00:49:14,100 to a position where you can see, let's let's do those things. 825 00:49:14,100 --> 00:49:17,800 Then for me, that that be a great accomplishment, as you go 826 00:49:17,800 --> 00:49:22,800 through your year, you get to Further, you know, the network 827 00:49:22,800 --> 00:49:26,100 concept of turning your network and two guest Network or if 828 00:49:26,100 --> 00:49:30,000 you're doing an m&a try not connecting their Network to 829 00:49:30,000 --> 00:49:32,700 yours and have the things that that company needs. 830 00:49:32,700 --> 00:49:35,600 Those people needs available via zero trust zero. 831 00:49:35,600 --> 00:49:38,800 Trust enabled their devices we done that in Adobe a couple of 832 00:49:38,800 --> 00:49:45,100 times and it worked a charm. I would just say you know take 833 00:49:45,100 --> 00:49:49,000 one step forward every day that gets you in a position where you 834 00:49:49,008 --> 00:49:50,800 would a little bit better. Better off than you were 835 00:49:50,800 --> 00:49:53,100 yesterday. One of the big things that 836 00:49:53,100 --> 00:49:56,200 people get hung up on and they don't take a step forward is 837 00:49:56,200 --> 00:49:59,100 because it's not perfect. So, good enough for me, is a 838 00:49:59,100 --> 00:50:02,600 brilliant term because it simply means I want to be better today 839 00:50:02,600 --> 00:50:05,800 than I was yesterday. And I want to recognize that 840 00:50:05,800 --> 00:50:08,400 this week, I might Focus here. And next week, you might focus 841 00:50:08,400 --> 00:50:11,300 on security intelligence or something else. 842 00:50:12,500 --> 00:50:16,900 It's okay to get smarter, right? What is he doing? 843 00:50:17,700 --> 00:50:19,700 Sorry, good sorry. I was just going to say look we 844 00:50:19,700 --> 00:50:24,200 don't have enough money and resources as Enterprises to do 845 00:50:24,200 --> 00:50:27,700 all the things you want to do. So you have to be really smart 846 00:50:27,700 --> 00:50:31,500 and pick your battles wisely and just know, you know, not try and 847 00:50:31,500 --> 00:50:33,400 boil the ocean on Everything You Touch. 848 00:50:34,400 --> 00:50:37,000 So I know that we normally would do like predictions at the end 849 00:50:37,000 --> 00:50:38,700 of the year, so it, but we're weird. 850 00:50:38,700 --> 00:50:40,700 And we're going to start with, or at the beginning of the year 851 00:50:41,400 --> 00:50:43,600 real quickly, because I know we're running short on time. 852 00:50:43,700 --> 00:50:47,900 Is what is zero trust? Good enough look like next year 853 00:50:48,100 --> 00:50:51,900 in 2023 of table Stakes right now, in your mind is being able 854 00:50:51,900 --> 00:50:56,000 to do that posture check, what should I be planning for as 855 00:50:56,000 --> 00:50:59,700 table Stakes for next year? I would say, you know, 856 00:50:59,700 --> 00:51:03,500 especially as people will return to the office figuring out how 857 00:51:03,500 --> 00:51:06,200 to start. Learning office networks and two 858 00:51:06,200 --> 00:51:10,700 guest networks and, you know, allow listing core services that 859 00:51:10,700 --> 00:51:14,800 you just couldn't zero trust and able and and for everything else 860 00:51:14,800 --> 00:51:19,500 have users, just go to the internet to get any internal 861 00:51:19,500 --> 00:51:22,900 Services acknowledging that you have a blend of internal and 862 00:51:22,900 --> 00:51:24,700 very likely, a lot of cloud services. 863 00:51:25,100 --> 00:51:27,800 You can do that. That would be that because 864 00:51:27,800 --> 00:51:29,800 ransomware is not slowing down, right? 865 00:51:30,200 --> 00:51:34,100 And that's something that can really help save and reduce the 866 00:51:34,100 --> 00:51:36,500 Impact of any, you know, ransomware attack. 867 00:51:37,500 --> 00:51:40,500 That makes sense. So let's it's--this at the 868 00:51:40,500 --> 00:51:43,800 beginning of the of the show. When I mention Urban punks. 869 00:51:44,300 --> 00:51:49,100 So who / what is urban Punk's dead? 870 00:51:51,100 --> 00:51:51,900 Yeah. It's brilliant. 871 00:51:51,900 --> 00:51:54,900 You don't link link to the I guess I left sitting in there 872 00:51:54,900 --> 00:51:57,200 that, you know, co-founder of our Urban Punk's. 873 00:51:57,200 --> 00:52:03,000 Not for we originally, Urban punks was my idea where I've got 874 00:52:03,000 --> 00:52:07,200 a big musical background and I just had the idea. 875 00:52:07,300 --> 00:52:11,400 I wanted to get a collective of producers together and we would 876 00:52:11,900 --> 00:52:17,000 collaborate on every song that we released, but I got really 877 00:52:17,000 --> 00:52:20,900 busy in this work business so I never got to get the other 878 00:52:20,900 --> 00:52:23,300 people together. So Arbonne Punk's is just one. 879 00:52:23,300 --> 00:52:28,600 Punk is to still just me where I over the years, I've released 880 00:52:28,600 --> 00:52:32,000 music under many names are Ben Punk's was the the most recent 881 00:52:32,000 --> 00:52:35,300 one that I've used. I'd been releasing music since 882 00:52:35,300 --> 00:52:40,000 94 released my first First single on vinyl hoping everyone 883 00:52:40,000 --> 00:52:43,400 remembers what vinyl is because it's making a huge comeback. 884 00:52:43,400 --> 00:52:45,600 I say it, it's the new rage right now again like yeah it's 885 00:52:45,600 --> 00:52:48,800 right up there, a bell bottoms. Yeah, yeah, is right. 886 00:52:48,800 --> 00:52:53,400 So I was fortunate enough to get a record deal in my early 20s 887 00:52:54,100 --> 00:52:59,000 played gigs release Records Was a ghost ghost writer for other 888 00:52:59,000 --> 00:53:03,600 bands and DJs so, you know, I done I don't know a lot of that 889 00:53:03,600 --> 00:53:07,200 stuff in my mid-20s and then when I moved to the u.s. in, 890 00:53:07,300 --> 00:53:11,600 One, I continue to do it, but just know as not know, I 891 00:53:11,600 --> 00:53:15,300 successfully or not as busy I guess, because I was focused on 892 00:53:15,300 --> 00:53:19,600 this, it career. So the type of music, you know, 893 00:53:19,600 --> 00:53:22,400 you were kind enough to share kind of the SoundCloud with it 894 00:53:22,400 --> 00:53:27,300 and is I guess electronic dance music but I don't want to over 895 00:53:27,300 --> 00:53:29,300 generalize it. How would you describe your 896 00:53:29,300 --> 00:53:31,700 music to someone's like, okay, what the heck? 897 00:53:31,700 --> 00:53:35,800 What the heck am I listening to? Yeah, I mean it's it's 898 00:53:35,800 --> 00:53:41,400 electronic. It's based on sense and that 899 00:53:41,400 --> 00:53:46,200 style of gear, you'll not find much in the way of a guitar and 900 00:53:46,200 --> 00:53:48,900 a saxophone in my music. But sometimes I've been known to 901 00:53:48,908 --> 00:53:53,900 drop them in there and, and, you know, I try to think that it was 902 00:53:53,900 --> 00:53:58,900 house techno trance, but I never seem to think I faii easily in 903 00:53:58,900 --> 00:54:02,900 any of those genres. So, I try not to label it. 904 00:54:02,900 --> 00:54:06,400 It's a hobby, it's fun. You know, and I'm trying to not 905 00:54:06,400 --> 00:54:12,100 like, Pressure on myself to try and like get the next top 40 hit 906 00:54:12,100 --> 00:54:14,400 I guess although that would be nice. 907 00:54:16,000 --> 00:54:20,200 So I guess you've been kind of, we're actually going to play one 908 00:54:20,200 --> 00:54:23,000 of your songs. I'm going to append it to the 909 00:54:23,000 --> 00:54:25,000 end of the show here, so people will check it out. 910 00:54:25,100 --> 00:54:28,400 It's a track called gee, I guess, tell me what the 911 00:54:28,400 --> 00:54:33,500 inspiration for that is, well, it's funny because all the names 912 00:54:33,500 --> 00:54:36,700 of the songs is kind of like, going back to the days where I 913 00:54:36,700 --> 00:54:39,100 was sharing earlier, you know, naming servers, when I was 914 00:54:39,100 --> 00:54:41,900 building servers. I could never think of a name. 915 00:54:41,900 --> 00:54:44,100 I could build this error quicker than I could think of the name 916 00:54:44,100 --> 00:54:50,000 for this Arbor So usually I'm pulling names from famous 917 00:54:50,200 --> 00:54:55,200 actresses, actors TV, movie characters and things like that. 918 00:54:55,200 --> 00:54:58,400 So randomly these names just pop up. 919 00:54:58,700 --> 00:55:00,800 I guess, I don't really know where they come from. 920 00:55:01,300 --> 00:55:05,200 Usually with enough of the right, the right liquid 921 00:55:05,200 --> 00:55:07,600 refreshment. Then you can come up with some 922 00:55:07,600 --> 00:55:12,300 creative names that is known to been to be truth, the world 923 00:55:12,300 --> 00:55:13,800 over. All right, well, I think that's 924 00:55:13,800 --> 00:55:18,400 a pretty good spot to leave it. It for this week real quickly. 925 00:55:18,400 --> 00:55:22,900 Any final thoughts Den on the topic of zero trust or or 926 00:55:22,900 --> 00:55:24,400 anything. That's kind of spark at your 927 00:55:24,400 --> 00:55:27,500 brain right now that people should be taking away from this 928 00:55:27,500 --> 00:55:30,600 specific conversation. I mean I yeah I mean I think 929 00:55:31,500 --> 00:55:35,400 well first of all zero trust is going to continue to be a huge 930 00:55:35,400 --> 00:55:39,600 Buzz board and probably become mind-numbingly boring as a term, 931 00:55:40,200 --> 00:55:43,000 I really just say focus on the outcomes. 932 00:55:43,500 --> 00:55:46,500 Don't focus on the term, focus on the Outcomes and focus on 933 00:55:46,500 --> 00:55:51,100 that business value and find a way to connect with the 934 00:55:51,100 --> 00:55:54,300 leadership above you and the the customers around you. 935 00:55:54,300 --> 00:55:57,000 Because if you can get connected there without emotional level, 936 00:55:57,500 --> 00:55:59,500 then you'll find that they want those outcomes. 937 00:56:00,900 --> 00:56:01,900 Jim. How about yourself? 938 00:56:04,200 --> 00:56:09,100 Well, something that I think Dan just kind of touched on very 939 00:56:09,100 --> 00:56:14,400 briefly, which is around, you know, the idea that we want to 940 00:56:14,400 --> 00:56:19,400 invest in something that's something that can be seen or 941 00:56:19,400 --> 00:56:24,100 felt or, you know, I think in it a lot, it's the user experience, 942 00:56:24,300 --> 00:56:26,000 right? It's improvements to the user 943 00:56:26,000 --> 00:56:29,700 experience, so even if that's most of the money is going in 944 00:56:29,700 --> 00:56:33,300 behind the scenes, if you can, you know, remove somebody's 945 00:56:33,300 --> 00:56:36,700 ability. Or requirement to put in a 946 00:56:36,700 --> 00:56:39,300 password, you can improve security, but also improve the 947 00:56:39,300 --> 00:56:42,500 user experience. So I know that in our past 948 00:56:42,500 --> 00:56:44,900 conversation, when you hit on it too much on the call today, but 949 00:56:44,900 --> 00:56:48,400 in our conversation previously, with then we talked quite a bit 950 00:56:48,400 --> 00:56:52,500 of a lot about that. And I think that ought to be 951 00:56:52,500 --> 00:56:57,300 kind of a minor take away that people tie that user experiences 952 00:56:57,300 --> 00:57:01,900 way to sell something like zero trust, or the parts and 953 00:57:01,900 --> 00:57:04,600 components of a zero. Trust are Architecture. 954 00:57:05,900 --> 00:57:08,500 I don't care how good your product is, if it sucks to use, 955 00:57:08,500 --> 00:57:12,100 no one wants it. So and very I was going to say 956 00:57:12,100 --> 00:57:15,100 Jeff from very rarely in your career do you get a chance to 957 00:57:15,100 --> 00:57:18,200 improve the user experience and improve security. 958 00:57:18,900 --> 00:57:22,200 This is one of those rare things where you get to do both. 959 00:57:22,600 --> 00:57:24,200 Yep. This is why I like the, I am 960 00:57:24,200 --> 00:57:27,000 space. It's the opportunity to fix 961 00:57:27,600 --> 00:57:31,900 process through the proper application of people, process 962 00:57:31,900 --> 00:57:34,400 and technology. So, how's that for a nerd speak? 963 00:57:35,000 --> 00:57:37,800 All right, so I think we'll go ahead and leave it for this 964 00:57:37,800 --> 00:57:39,600 week. You could learn more about 965 00:57:39,600 --> 00:57:43,200 Banyan security at Banyan security dot IO. 966 00:57:43,200 --> 00:57:47,700 It's be a ñ, ÿ åý, ñ security. .I o if you want to learn more 967 00:57:47,700 --> 00:57:51,400 about us and the show we're at idac podcast.com and you can 968 00:57:51,400 --> 00:57:56,400 follow us on Twitter at idac podcast and come on, check out 969 00:57:56,400 --> 00:57:59,000 our YouTube show that we're doing weekly. 970 00:57:59,100 --> 00:58:02,400 It's idea CDOT live, that'll take you right to our YouTube 971 00:58:02,400 --> 00:58:05,600 channel. Again, kind of a A work in 972 00:58:05,600 --> 00:58:08,000 progress as we work through it. But hope to see more and more 973 00:58:08,000 --> 00:58:11,200 people kind of attending live and continue the conversation 974 00:58:11,500 --> 00:58:14,100 with that. So, rather than our normal 975 00:58:14,100 --> 00:58:17,600 clothes out, I'm going to through the power of audio 976 00:58:17,600 --> 00:58:22,300 editing, insert Urban punks and a track called Gia. 977 00:58:22,300 --> 00:58:24,700 So thank you all for listening and here's that, 978 01:03:45,100 --> 01:03:48,000 Thanks for listening to the identity at the center podcast. 979 01:03:48,100 --> 01:03:50,400 If you like what you heard, don't forget to subscribe and 980 01:03:50,400 --> 01:03:53,500 visit us on the web and identity at the center.com.