1 00:00:00,040 --> 00:00:02,080 And then you've got to scan AQR code and then you've got to type 2 00:00:02,080 --> 00:00:03,400 that code in. And then you've got to type the 3 00:00:03,400 --> 00:00:06,280 next code in. And it's just, it's a really 4 00:00:06,560 --> 00:00:10,200 terrible user experience. It's, it's secure more than an 5 00:00:10,200 --> 00:00:12,840 SMS. But when you start putting hoops 6 00:00:12,840 --> 00:00:15,480 in front of people and it makes it difficult to register, it's, 7 00:00:15,480 --> 00:00:19,040 it's the old abandoned shopping cart scenario, like, OK, this, 8 00:00:19,040 --> 00:00:20,480 forget this, this is taking too long. 9 00:00:20,480 --> 00:00:23,240 I'm going to either not do MFA or I'm going to default to a 10 00:00:23,240 --> 00:00:25,240 less secure model. Yeah. 11 00:00:25,240 --> 00:00:27,960 Well, OK. I mean, you're right, you're 12 00:00:27,960 --> 00:00:30,360 right. I know I'm going to isolate that 13 00:00:30,360 --> 00:00:32,000 and that's going to become, you know. 14 00:00:33,640 --> 00:00:35,600 Yeah, you're going to have a short out there where I was just 15 00:00:35,600 --> 00:00:37,920 like you say something, I'm just like, you're right, you're 16 00:00:37,920 --> 00:00:45,640 right. This is identity at the center. 17 00:00:47,480 --> 00:00:53,120 If it has anything to do with IAM, This is the go to podcast 18 00:00:55,000 --> 00:00:59,440 now, your host Jim McDonald and Jeff Stedman. 19 00:01:03,280 --> 00:01:04,959 Welcome to the Idea Ethos Center podcast. 20 00:01:04,959 --> 00:01:06,280 I'm Jeff, and that's Jim. Hey, Jim. 21 00:01:06,680 --> 00:01:09,000 Hey, Jeff, how are you? Happy Monday morning. 22 00:01:09,240 --> 00:01:11,920 Hey, how are you? It's it is Monday morning. 23 00:01:13,080 --> 00:01:16,800 I know and I'm all my second cup, so I'm starting to get my 24 00:01:17,360 --> 00:01:21,480 act together a little bit. But you know, I spent the 25 00:01:21,480 --> 00:01:26,520 weekend kind of working on an assessment project for one of 26 00:01:26,520 --> 00:01:31,000 our clients, like assessing the maturity of the IM program. 27 00:01:31,360 --> 00:01:35,040 And I kind of thought back like, where do you, where is the 28 00:01:35,040 --> 00:01:36,600 value? What is the value of what I'm 29 00:01:36,600 --> 00:01:38,120 doing? Where's the client going to 30 00:01:38,320 --> 00:01:42,040 benefit from this information looking at things and say, all 31 00:01:42,040 --> 00:01:46,360 right, this is a maturity on like a maturity scale of like 0 32 00:01:46,360 --> 00:01:51,720 to 5 is kind of the common, the common consulting maturity CMO, 33 00:01:51,720 --> 00:01:57,480 my if you will, what it where do you see the value in doing an 34 00:01:57,480 --> 00:02:00,160 exercise like that? Well, I think it's helpful to 35 00:02:00,160 --> 00:02:03,440 take a step back at certain points and say, OK, how are 36 00:02:03,440 --> 00:02:05,040 things going? What are we doing, what are we 37 00:02:05,040 --> 00:02:06,720 missing? We get buried a lot in 38 00:02:06,720 --> 00:02:09,000 operations mode and just kind of day-to-day. 39 00:02:09,600 --> 00:02:11,840 And so I think there's value of periodically, maybe it's once a 40 00:02:11,840 --> 00:02:13,960 year, maybe it's every other year, maybe it's more frequent, 41 00:02:13,960 --> 00:02:16,040 kind of depends on the maturity I guess where you're at. 42 00:02:16,040 --> 00:02:18,440 And I know how quickly the the environment is changing, but 43 00:02:19,320 --> 00:02:21,200 yeah, I mean, take a step back and say, hey, how are things 44 00:02:21,200 --> 00:02:22,760 going? This is kind of like a it's kind 45 00:02:22,760 --> 00:02:25,520 of like a recap episode of your favorite show, right? 46 00:02:25,520 --> 00:02:29,600 OK, what do we miss? Are we on the same page? 47 00:02:29,600 --> 00:02:32,480 And then let's set the, set the, set the new frame to go forward. 48 00:02:33,000 --> 00:02:35,360 Yeah, yeah. And I, I feel like I've been 49 00:02:35,360 --> 00:02:39,520 doing these for, you know, 1213 years of doing identity 50 00:02:39,520 --> 00:02:41,720 consulting. And I think everybody wants to 51 00:02:41,720 --> 00:02:46,440 start off with this assessment, but I start questioning myself 52 00:02:46,440 --> 00:02:49,360 sometimes like, OK, why is what I'm doing important? 53 00:02:49,480 --> 00:02:51,840 What is the value that's going to come out of this? 54 00:02:51,840 --> 00:02:55,520 And I came up with really three things that the exercise really 55 00:02:55,520 --> 00:02:59,440 helps with. And the first one is just kind 56 00:02:59,440 --> 00:03:04,720 of the the point in time to say, this is where we were on such 57 00:03:04,720 --> 00:03:07,280 and such a date. We had somebody come in, do a 58 00:03:07,280 --> 00:03:10,720 maturity assessment around like how well do we govern our 59 00:03:10,720 --> 00:03:13,560 program? How do we do, how are we doing 60 00:03:13,560 --> 00:03:16,600 with identity life cycle, how are we doing with authentication 61 00:03:16,880 --> 00:03:20,560 so that you can then snap that line again three years, five 62 00:03:20,560 --> 00:03:23,440 years down the road to see how much progress you've made. 63 00:03:23,760 --> 00:03:27,200 The one thing I will say to keep in mind is that, you know, you 64 00:03:27,200 --> 00:03:31,600 snapped that line today, 3-5 years down the road thing that 65 00:03:31,600 --> 00:03:36,160 the line in terms of what is like a level 2 maturity is going 66 00:03:36,160 --> 00:03:38,960 to change. So looking back at some decks 67 00:03:38,960 --> 00:03:42,520 from you know, a decade ago and looking at some of the 68 00:03:42,800 --> 00:03:46,520 assessment around authentication, there's a lot of 69 00:03:46,520 --> 00:03:49,400 stuff around you should really need to use multi factor 70 00:03:49,400 --> 00:03:50,880 authentication. You should not. 71 00:03:50,920 --> 00:03:52,600 That's a whole strategy you should all. 72 00:03:52,600 --> 00:03:55,320 Strategy. Well, you know what the time is 73 00:03:55,320 --> 00:03:58,240 like, people were like, you know, do we really need that? 74 00:03:59,560 --> 00:04:03,680 And I think you know, there's no mention of password list, no 75 00:04:03,680 --> 00:04:06,840 mention of pass keys, things like that, or. 76 00:04:06,840 --> 00:04:11,000 Quantum or AI or any of the buzzwords this you know that 77 00:04:11,000 --> 00:04:14,200 we're seeing now. Yeah, no distributed identity, 78 00:04:14,720 --> 00:04:17,680 nothing. So I, what I'm saying is that 79 00:04:17,680 --> 00:04:21,800 the, the line, you know what it takes to be like at any given 80 00:04:21,880 --> 00:04:24,880 level of maturity, that line moves over time. 81 00:04:25,120 --> 00:04:27,920 You know, just having MFA everywhere, there's no longer 82 00:04:27,920 --> 00:04:30,520 like, Oh yeah, you got your, all of your ducks in a row. 83 00:04:31,080 --> 00:04:34,200 I'm not knocking MFA or saying you shouldn't have MFA 84 00:04:34,200 --> 00:04:36,680 everywhere. What I'm saying is like it, it's 85 00:04:36,680 --> 00:04:40,560 not what it was 10 years ago. Well, even the methodologies 86 00:04:40,560 --> 00:04:42,760 have changed, right? It's like SMS used to be the 87 00:04:42,760 --> 00:04:48,240 gold standard, now it's the. People make fun of it. 88 00:04:48,240 --> 00:04:50,360 Almost. Yeah, well, it's easy to 89 00:04:50,360 --> 00:04:53,640 exploit, but again, you know, we're dealing with a curve of 90 00:04:54,240 --> 00:04:57,160 progress. As things go up, things become 91 00:04:57,160 --> 00:04:59,680 more, more or less secure depending on what's going on. 92 00:04:59,680 --> 00:05:01,440 The world. Turns out SMS is totally 93 00:05:01,440 --> 00:05:03,640 unencrypted and there's plenty of back doors. 94 00:05:03,640 --> 00:05:06,080 And if I don't know if you've ever read about SMS behind the 95 00:05:06,080 --> 00:05:08,800 scenes, it's like basically like an unencrypted channel that 96 00:05:09,080 --> 00:05:11,400 everybody has access to if if you're like a telco operator. 97 00:05:11,920 --> 00:05:13,800 Oh yeah. I mean, that's why they they 98 00:05:13,800 --> 00:05:17,920 tell you now if you're doing cross-platform texting that you 99 00:05:17,920 --> 00:05:19,640 should just assume it can be read. 100 00:05:21,480 --> 00:05:24,080 Exactly. So, OK, so the second thing that 101 00:05:24,080 --> 00:05:28,800 I came up with is that it gives you an idea of prioritization. 102 00:05:28,800 --> 00:05:31,680 So if you say this is your current maturity, this is your 103 00:05:31,680 --> 00:05:35,240 target maturity and you'll cross the landscape of all your 104 00:05:35,240 --> 00:05:39,120 different areas of IAM capabilities, you start to 105 00:05:39,120 --> 00:05:42,480 highlight like, oh, we need to be at level 4 maturity. 106 00:05:42,480 --> 00:05:45,840 That's where we're going to have our our program where it's like 107 00:05:45,840 --> 00:05:48,400 coming along. And right now we're at a level 1 108 00:05:48,400 --> 00:05:52,320 maturity. So that that becomes maybe it 109 00:05:52,320 --> 00:05:55,720 just helps highlight the area focus, if it wasn't clear to you 110 00:05:55,720 --> 00:06:00,280 already, or maybe it starts to just, you know, kind of support 111 00:06:00,280 --> 00:06:04,520 what you already suspected. So that's the second thing is 112 00:06:04,520 --> 00:06:07,040 prioritization. And then I think the third thing 113 00:06:07,040 --> 00:06:10,600 is going through the exercise, documenting how things are in 114 00:06:10,600 --> 00:06:15,520 the current state just provides justification for why you need 115 00:06:15,520 --> 00:06:17,920 to make investments. So it's kind of the detail 116 00:06:18,160 --> 00:06:21,760 behind the assessment. So it's the exercise spits out 117 00:06:21,760 --> 00:06:25,720 all these things. You know, I, I think the way you 118 00:06:25,720 --> 00:06:28,600 kind of the, the way I've always approached getting to an 119 00:06:28,600 --> 00:06:31,920 assessment is like doing workshops, meeting with people 120 00:06:31,920 --> 00:06:35,600 who are the stakeholders, people who are doing the IEM program on 121 00:06:35,600 --> 00:06:39,600 a day in and day out basis. Plus the people who, you know, 122 00:06:40,880 --> 00:06:45,840 manage or oversee information security, human resources, all 123 00:06:45,840 --> 00:06:50,000 the areas that plug into the identity program and getting 124 00:06:50,000 --> 00:06:53,120 their opinions. Pulling all that together really 125 00:06:53,120 --> 00:06:57,200 kind of shows you where you ranked today in terms of, you 126 00:06:57,200 --> 00:07:00,600 know, when you match up. Here's how we do I, here's what 127 00:07:00,600 --> 00:07:03,280 we expected. If I, you can kind of start to 128 00:07:03,280 --> 00:07:07,160 put together where you rank from a maturity perspective. 129 00:07:08,520 --> 00:07:11,200 Yeah, you get all those inputs from different areas, and it's a 130 00:07:11,200 --> 00:07:13,560 good opportunity also to celebrate wins and victories, 131 00:07:13,560 --> 00:07:14,560 too. It's like, hey, look how far 132 00:07:14,560 --> 00:07:17,640 we've come based on where we were, you know, a year ago or 133 00:07:17,640 --> 00:07:19,000 six months ago or whatever it may be. 134 00:07:20,000 --> 00:07:22,680 Or even if you're regressing, right, if your program really 135 00:07:22,680 --> 00:07:26,200 hasn't moved at all in three years, you can show that, hey, 136 00:07:26,520 --> 00:07:30,360 the, the industry continues to move, the hackers, the bad guys 137 00:07:30,360 --> 00:07:34,280 continue to move. You know, things like 0 trust, 138 00:07:34,280 --> 00:07:37,920 even though maybe they existed, not many people were doing it 139 00:07:37,920 --> 00:07:39,560 before. Now everybody's doing it. 140 00:07:39,560 --> 00:07:44,520 There's a reason behind that. We're falling behind just by not 141 00:07:44,520 --> 00:07:46,480 doing anything, just by not investing. 142 00:07:47,320 --> 00:07:49,640 Yeah, That might be a tough discussion to have is if you're 143 00:07:49,640 --> 00:07:52,040 in charge of an IM program and to report back and say, well, 144 00:07:52,480 --> 00:07:55,000 we're not better at having nothing's moving, why are we 145 00:07:55,000 --> 00:07:57,600 doing this? So you've got to be careful on 146 00:07:57,600 --> 00:08:00,560 that messaging. I've seen a lot of times where 147 00:08:00,560 --> 00:08:04,120 you're dealing with some maybe a new IM program manager and 148 00:08:04,120 --> 00:08:08,720 they've inherited this beast and they actually want lower scores 149 00:08:08,720 --> 00:08:13,440 because they want to reflective reality that, you know, this has 150 00:08:13,440 --> 00:08:16,760 been under invested, under invested isn't going to to work 151 00:08:16,760 --> 00:08:18,960 here any longer. And now we need a strategy to go 152 00:08:18,960 --> 00:08:23,480 from under invested very immature to a future state. 153 00:08:23,480 --> 00:08:25,880 That's a lot different. I get your point though. 154 00:08:25,880 --> 00:08:29,320 I mean, you know, you know, who wants to get a report card of 155 00:08:29,320 --> 00:08:33,880 all CS and DS and maybe some FS if you're the one responsible 156 00:08:33,880 --> 00:08:35,799 for pulling it together? Yeah. 157 00:08:36,480 --> 00:08:38,159 So hopefully, hopefully it's going better. 158 00:08:38,320 --> 00:08:42,600 But there is value obviously in sharing that message because I 159 00:08:42,600 --> 00:08:46,440 think a lot of people run into organizational change being very 160 00:08:46,440 --> 00:08:48,360 difficult to actually move forward with things. 161 00:08:48,360 --> 00:08:51,680 And, you know, I think you and I both find as we, you know, talk 162 00:08:51,680 --> 00:08:54,240 with, you know, our clients and stuff like that is most people 163 00:08:54,240 --> 00:08:56,480 know what they want to do, what they should be doing, but 164 00:08:56,480 --> 00:08:59,480 they're encountering the roadblocks above or to the size 165 00:08:59,480 --> 00:09:02,640 of them as preventing progress. Could be budget, could be 166 00:09:02,640 --> 00:09:06,200 resourcing, could be timing, you know, whatever it may be. 167 00:09:06,720 --> 00:09:09,280 I think sometimes the value of an assessment is it gives you a 168 00:09:09,280 --> 00:09:14,000 little bit of a CYA to say, OK, we told you where we're at now. 169 00:09:14,000 --> 00:09:18,160 Something happens and it has to do with this thing that we've 170 00:09:18,160 --> 00:09:20,000 assessed. You can't just say you didn't 171 00:09:20,000 --> 00:09:22,760 know about it. Every organization is making a 172 00:09:22,760 --> 00:09:25,160 conscious decision on on the risk they're going to accept. 173 00:09:25,200 --> 00:09:30,520 And sometimes that acceptance of risk to their security is by not 174 00:09:30,520 --> 00:09:32,760 doing anything. They're not funding it, they're 175 00:09:32,760 --> 00:09:34,760 not resourcing it, they're not treating as a priority. 176 00:09:34,760 --> 00:09:39,120 So hey, you know the IM program told the right people and the 177 00:09:39,120 --> 00:09:40,880 decision was still made not to do anything about it. 178 00:09:41,360 --> 00:09:42,520 OK. That's a risk decision. 179 00:09:43,680 --> 00:09:48,760 I've always thought exactly the way you just laid out there, you 180 00:09:48,760 --> 00:09:52,960 know, it is a little bit of CYA, but it's not just CYA. 181 00:09:53,080 --> 00:09:58,000 It's you know, you're doing your job because you don't get to 182 00:09:58,000 --> 00:10:01,280 make the decision of we're going to spend $1,000,000 or we're not 183 00:10:01,280 --> 00:10:05,320 going to spend $1,000,000. I think you make the case, you 184 00:10:05,320 --> 00:10:09,360 showed that here are the risks doing something about these 185 00:10:09,360 --> 00:10:13,440 risks in terms of mitigating them as a cost associated either 186 00:10:13,520 --> 00:10:16,360 make the investment or you don't make the investment. 187 00:10:16,360 --> 00:10:19,320 You live with the risk and accept it where you spend the 188 00:10:19,320 --> 00:10:21,400 money. But you don't get to do both. 189 00:10:21,520 --> 00:10:24,800 You don't get to not spend the money and have the risk go away. 190 00:10:25,520 --> 00:10:28,720 Now that would be magic if that if that were to to take place. 191 00:10:30,680 --> 00:10:32,880 So a lot of people working weekends, maybe I don't. 192 00:10:32,880 --> 00:10:35,520 Yeah, well, I mean, I am as a 24/7 job. 193 00:10:35,520 --> 00:10:37,680 You know, it'd be nice if the threats and the risks would 194 00:10:37,680 --> 00:10:39,920 schedule themselves like any other calendar appointment, but. 195 00:10:40,600 --> 00:10:42,600 Well, they do seem to schedule themselves. 196 00:10:42,800 --> 00:10:47,000 They happen on Friday night and they happen before long holiday 197 00:10:47,000 --> 00:10:48,960 weekends. Yeah, because they know people 198 00:10:48,960 --> 00:10:50,720 are going to be out of the office and sure, it's a smart 199 00:10:50,720 --> 00:10:52,520 time to make an attack or or whatever. 200 00:10:52,520 --> 00:10:54,160 Maybe. So take advantage of that. 201 00:10:54,640 --> 00:10:57,480 Exactly. All right, Speaking of CYA, I'm 202 00:10:57,480 --> 00:10:59,840 going to give you a couple seconds here while I read off 203 00:10:59,840 --> 00:11:01,560 our discount codes for the upcoming conferences. 204 00:11:01,560 --> 00:11:02,680 You can take a sip of your coffee. 205 00:11:05,000 --> 00:11:07,800 So this is the last week that you're going to be in the US. 206 00:11:07,800 --> 00:11:11,720 You're heading off to Berlin for the Cooper your Coal conference 207 00:11:11,800 --> 00:11:14,240 coming up. So for those who are so 208 00:11:14,240 --> 00:11:17,480 inclined, May 6th to the 9th, Jim and I will both be at the 209 00:11:17,920 --> 00:11:20,320 European Identity and Cloud Conference put on by Cooper your 210 00:11:20,320 --> 00:11:23,120 coal. If you use the code ID AC25, 211 00:11:23,200 --> 00:11:26,360 MKO, better use that code quickly because conference is 212 00:11:26,360 --> 00:11:27,560 only a couple weeks away at this point. 213 00:11:27,560 --> 00:11:32,640 So you want to use that, get 25% off and hope to see a lot of 214 00:11:32,640 --> 00:11:35,200 friendly faces there. I think we both got some 215 00:11:35,200 --> 00:11:37,720 identity or plans while we're in the area. 216 00:11:37,720 --> 00:11:40,120 And Jim, ahead of time, you're going to Norway, so I think 217 00:11:40,120 --> 00:11:43,120 you're going to do one there. I think there's a river cruise 218 00:11:43,120 --> 00:11:45,840 that we're both signed up for while we're there. 219 00:11:45,840 --> 00:11:49,440 So a lot of fun activities and I'm looking forward to seeing a 220 00:11:49,440 --> 00:11:53,280 lot of friendly faces. So we got that and then just a 221 00:11:53,280 --> 00:11:55,520 few weeks later, we've got Ideniverse in Las Vegas. 222 00:11:55,520 --> 00:12:00,440 So that's June 3rd, the 6th. And if you use the code IDV 25-I 223 00:12:00,440 --> 00:12:04,960 D AC25, that'll get you 25% off. We'll have both of those codes 224 00:12:04,960 --> 00:12:08,280 in our show notes as well as on the homepage at idcpodcast.com 225 00:12:08,280 --> 00:12:11,200 so people can check that out. Jim, you and I are getting very 226 00:12:11,200 --> 00:12:13,280 close to getting Ideniverse kind of finalized. 227 00:12:14,320 --> 00:12:16,640 I, I'm going to go ahead and just put out there, we are going 228 00:12:16,640 --> 00:12:20,280 to kick off the Expo hall opening night. 229 00:12:20,280 --> 00:12:23,520 I think Tuesday night, whatever that is, sort of first on deck 230 00:12:23,520 --> 00:12:26,720 in the Expo hall. We're going to be reprising the 231 00:12:27,600 --> 00:12:30,520 Family Feud style game show that we did at Syndicate last year. 232 00:12:30,960 --> 00:12:32,960 I think right now we're still have a working title of 233 00:12:32,960 --> 00:12:38,280 Identimatch for legal purposes and for trademark purposes. 234 00:12:39,080 --> 00:12:40,640 So we're working on putting that together. 235 00:12:40,640 --> 00:12:42,880 But we got about 1/2 hour that we'll do another kind of game 236 00:12:42,880 --> 00:12:43,840 show. You're going to be a team 237 00:12:43,840 --> 00:12:46,680 captain, I'm not sure who the other team captain is going to 238 00:12:46,680 --> 00:12:49,800 be yet, but hopefully you're working with that person and 239 00:12:49,800 --> 00:12:52,280 also figuring out who your team mates are going to be as part of 240 00:12:52,280 --> 00:12:54,120 that. And then we'll have, you know, 241 00:12:54,120 --> 00:12:56,160 judges and, and things like that to kind of help us out. 242 00:12:56,160 --> 00:12:58,840 But looking forward to to bring in that Tide universe for the 243 00:12:58,840 --> 00:13:01,600 first time. I'll be team captain, You'll be 244 00:13:01,600 --> 00:13:05,200 Steve Harvey, right? I will be Steve Harvey Standen, 245 00:13:05,480 --> 00:13:09,320 shorter, less mustache version of Steve Harvey. 246 00:13:09,720 --> 00:13:12,520 I'd probably you're going to tone it down a little bit in 247 00:13:12,520 --> 00:13:15,680 terms of the clothing, right? Yeah, I don't have any like long 248 00:13:15,680 --> 00:13:19,400 yellow Sport coat, you know, suit jacket type things. 249 00:13:19,800 --> 00:13:22,600 So you'll probably see me in my, in my, you know, blue Sport coat 250 00:13:22,600 --> 00:13:25,840 with AT shirt. Yeah, well, we're joking around 251 00:13:25,840 --> 00:13:27,560 the other day. I think it was Steve Harvey 252 00:13:27,560 --> 00:13:31,440 that, you know, mess up during the Miss Universe pageant and 253 00:13:31,440 --> 00:13:34,720 said the wrong person won. I mean, that's like the 254 00:13:34,720 --> 00:13:39,520 ultimate, like I, I, you hate for it to happen that somebody 255 00:13:39,520 --> 00:13:43,400 who somebody gets defined by one mistake that they made. 256 00:13:43,400 --> 00:13:46,000 But I don't know, Steve, Charlie outlived that. 257 00:13:46,000 --> 00:13:47,480 Maybe it's just stuck in my head. 258 00:13:47,880 --> 00:13:50,280 Well, he's got so much other stuff that he does, I don't 259 00:13:50,280 --> 00:13:51,720 think. I mean, that's just a blip of 260 00:13:52,120 --> 00:13:55,000 all the things he's done. So I if I'm Steve, I'm not too 261 00:13:55,000 --> 00:13:56,360 worried about that. It's like, yeah, whatever it 262 00:13:56,360 --> 00:13:58,080 happens. Yeah, right. 263 00:13:59,240 --> 00:14:02,240 So that's going to be exciting. We got some podcast episodes and 264 00:14:02,240 --> 00:14:05,080 I think there's a bunch of stuff going on in the ID Pro Slack 265 00:14:05,080 --> 00:14:07,240 channel. So definitely want to check out 266 00:14:07,240 --> 00:14:09,920 ID pro.org and coordinate with those folks. 267 00:14:09,920 --> 00:14:12,200 I think some people are going to the John Wick experience at Area 268 00:14:12,200 --> 00:14:15,600 15 earlier in the week. I'm actually going to go later 269 00:14:15,600 --> 00:14:18,240 in the week with my brother and check that out. 270 00:14:18,240 --> 00:14:22,240 But lots of stuff going on, so hopefully we see lots of 271 00:14:22,240 --> 00:14:24,320 friendly faces out there. Yeah, I feel like we're going to 272 00:14:24,320 --> 00:14:28,880 be pretty busy there. You and I are both facilitating 273 00:14:29,440 --> 00:14:31,560 panels. We're doing that. 274 00:14:32,320 --> 00:14:36,120 I Dennis, squabble. I like that name too. 275 00:14:36,800 --> 00:14:41,120 Yeah, it's kind of cool, right? I I remember just doing like a 276 00:14:41,120 --> 00:14:45,520 synonym for feud and squabble and match both came up. 277 00:14:45,520 --> 00:14:49,280 So yeah. So we'll be doing those two 278 00:14:49,280 --> 00:14:52,040 things and then we're going to record a few podcasts and I 279 00:14:52,040 --> 00:14:54,800 think we're going to try to do like just men on the street and 280 00:14:55,080 --> 00:14:58,680 capture some video to have some things to throw on our YouTube 281 00:14:58,680 --> 00:15:01,760 channel. But overall, I mean, we're going 282 00:15:01,760 --> 00:15:06,440 to be couple of working dudes. Typical conference for us, man. 283 00:15:06,920 --> 00:15:11,000 Yeah, well, I hope people will stop by and just, you know, say 284 00:15:11,000 --> 00:15:12,880 hi, maybe do like men on the street. 285 00:15:12,880 --> 00:15:15,640 We're not going to make it into anything commercial. 286 00:15:15,640 --> 00:15:19,800 So they kind of like push your company's and you know business 287 00:15:19,800 --> 00:15:23,080 that's probably not kosher for the channel. 288 00:15:23,080 --> 00:15:25,400 So we'll we'll leave it at that for now. 289 00:15:25,800 --> 00:15:27,280 That's what sponsor spotlights are for. 290 00:15:27,280 --> 00:15:30,120 So donate early, donate often. That's how we get off to these 291 00:15:30,120 --> 00:15:31,560 conferences. That's right. 292 00:15:31,560 --> 00:15:33,840 That's right. And we will have a spot on the 293 00:15:33,840 --> 00:15:36,000 shelf floor somewhere I believe will be sort of like on the 294 00:15:36,000 --> 00:15:38,520 entrance off to the side of where the Expo hall is. 295 00:15:38,520 --> 00:15:42,160 Not quite exactly sure yet, but the CRA team has been a lot of 296 00:15:42,160 --> 00:15:44,760 fun to to work with and especially Shirley, she's kind 297 00:15:44,840 --> 00:15:45,240 of. Been. 298 00:15:45,280 --> 00:15:50,040 Shirley Yep. So OK, so that is all the 299 00:15:50,440 --> 00:15:54,400 meandering and Babble upfront. Why don't we get to our main 300 00:15:54,560 --> 00:15:58,080 thing today, which is mailbag? So we've been getting a lot more 301 00:15:58,480 --> 00:16:03,360 emails, LinkedIn messages, carrier pigeons, SMS texts with 302 00:16:03,400 --> 00:16:04,880 with questions and things like that. 303 00:16:05,440 --> 00:16:09,400 So we've got a handful for today and this one is going to be 100% 304 00:16:09,400 --> 00:16:12,320 listener base from all around the world, including our lighter 305 00:16:12,320 --> 00:16:13,720 note at the end. So people want to stick around 306 00:16:13,720 --> 00:16:15,720 for that. So I think, Jim, the way that 307 00:16:15,720 --> 00:16:19,000 will handle this is I'll read the question, you tell me your 308 00:16:19,000 --> 00:16:21,040 thoughts on it and then I'll chime in if I have anything to 309 00:16:21,040 --> 00:16:22,240 add and we'll just kind of go through that. 310 00:16:22,240 --> 00:16:23,360 Does that work? Sure. 311 00:16:23,480 --> 00:16:26,240 And by the way, I did cheat and I looked at the questions. 312 00:16:26,640 --> 00:16:28,080 OK, well, that's fine. Like we want to be. 313 00:16:28,080 --> 00:16:31,320 Able to have like 15 minutes of mental preparation. 314 00:16:32,360 --> 00:16:34,880 OK, so let's start with Robbie from India. 315 00:16:36,200 --> 00:16:39,520 Are passwords ever really going away or are we just stuck with 316 00:16:39,520 --> 00:16:42,480 them forever? Kind of a this is AI feel like 317 00:16:42,480 --> 00:16:44,720 this is a very gym question. Like this is a very downer. 318 00:16:45,040 --> 00:16:46,920 Let's let's open things up with a downer. 319 00:16:46,920 --> 00:16:49,000 Let's see if we can rescue Robbie from the doldrums. 320 00:16:49,440 --> 00:16:51,920 Are passwords ever really going to go away? 321 00:16:52,480 --> 00:16:58,560 So I think at some point, yeah, the, you know, you stop typing 322 00:16:58,560 --> 00:17:02,680 into a keyboard. So, you know, Speaking of 323 00:17:02,680 --> 00:17:05,920 password, how's that any different than doing like a Face 324 00:17:05,920 --> 00:17:10,160 ID or thumbprint? But one thing I found to be true 325 00:17:10,160 --> 00:17:14,280 in IT is that things that are old keep coming back. 326 00:17:14,480 --> 00:17:16,880 You know, things that were done in the mainframe mirror, like 327 00:17:16,880 --> 00:17:18,920 come back and everybody thinks it's just new. 328 00:17:19,160 --> 00:17:22,560 So I can see some people in a board room 30 years from now, 329 00:17:22,560 --> 00:17:25,160 maybe on a Zoom call say, hey, I've got an idea. 330 00:17:25,960 --> 00:17:30,200 Why don't we just come up with something that people, it's like 331 00:17:30,200 --> 00:17:33,640 a secret that somebody has in their head and then to get into 332 00:17:33,640 --> 00:17:39,040 our app or whatever they're calling in those days, you just 333 00:17:39,720 --> 00:17:42,000 give the this thing, we'll call it a password. 334 00:17:43,520 --> 00:17:45,160 Yeah, So I can see it coming back. 335 00:17:45,160 --> 00:17:47,360 But so maybe we'll never get rid of them. 336 00:17:47,520 --> 00:17:50,880 But I think the instantiation of passwords that we see today, 337 00:17:51,680 --> 00:17:55,160 they're only going to go away because interface change, 338 00:17:55,160 --> 00:18:00,240 because, you know, it just becomes easier to build an 339 00:18:00,240 --> 00:18:04,600 application, build a system, and to use some other form of 340 00:18:04,600 --> 00:18:06,400 authentication other than a password. 341 00:18:06,680 --> 00:18:12,200 I don't think teams are going to build systems that don't use 342 00:18:12,200 --> 00:18:16,200 passwords because they understand the Security benefits 343 00:18:16,200 --> 00:18:20,680 of not using passwords. Yeah, I think, I don't think 344 00:18:20,680 --> 00:18:24,720 passwords ever really go away. I think they get obfuscated and 345 00:18:24,720 --> 00:18:28,760 hidden behind the scenes and it will be some sort of password or 346 00:18:28,760 --> 00:18:32,440 password like mechanism, whether it's certificates or other types 347 00:18:32,440 --> 00:18:34,680 of you know, keys that might might be behind the scenes. 348 00:18:34,680 --> 00:18:39,640 So I think the the interaction with them will definitely 349 00:18:39,640 --> 00:18:43,320 change, but I don't know if it actually goes away. 350 00:18:43,320 --> 00:18:45,600 And like you said, I mean legacy systems are going to be out 351 00:18:45,600 --> 00:18:46,920 there. They use passwords and 352 00:18:46,920 --> 00:18:51,800 retrofitting a mainframe, it's maybe not feasible and maybe 353 00:18:51,800 --> 00:18:54,280 doesn't make sense. So I hate to say it, they're 354 00:18:54,280 --> 00:18:59,720 probably around for a while, but I think the usability of them 355 00:18:59,720 --> 00:19:01,680 will definitely increase, especially as we, you know, come 356 00:19:01,680 --> 00:19:02,960 together on standards and things like that. 357 00:19:02,960 --> 00:19:06,200 And it might not, it might not look and feel like a password, 358 00:19:06,440 --> 00:19:10,240 which is OK as long as it's secure and there is a, a 359 00:19:10,240 --> 00:19:12,440 process, you know, that that goes along with that to make 360 00:19:12,440 --> 00:19:14,800 sure that is secure and usable and all that good stuff. 361 00:19:15,360 --> 00:19:19,600 Do you think that passwords are the password situation today is 362 00:19:19,600 --> 00:19:23,760 that they're more usable or less usable than they were 10 years 363 00:19:23,760 --> 00:19:26,880 ago? Define usable because we've 364 00:19:26,880 --> 00:19:29,760 gotten more complex from a password strength meter. 365 00:19:30,520 --> 00:19:32,440 Yeah, no, we've gotten more complex. 366 00:19:32,440 --> 00:19:36,640 I, I, the, the, I don't think I can't be more specific with the 367 00:19:36,640 --> 00:19:40,160 question because it gets into the answer, which is that we've 368 00:19:40,160 --> 00:19:43,560 got more complex, but we have to change them less frequently. 369 00:19:43,800 --> 00:19:47,560 But The thing is, it's like everywhere you go, the password 370 00:19:47,560 --> 00:19:49,760 standard is different. So if you think about it like 371 00:19:49,760 --> 00:19:52,480 all the different websites you use, some of them do make you 372 00:19:52,480 --> 00:19:56,000 change it every so often. You can't reuse passwords, You 373 00:19:56,000 --> 00:19:59,600 can't use 2 letters that are the same in a row. 374 00:19:59,600 --> 00:20:02,600 Like where do people come up with these stupid rules? 375 00:20:02,840 --> 00:20:05,880 Yeah, all these pattern stuff or my favorite my my my least 376 00:20:05,880 --> 00:20:09,400 favorite right now actually is your password must be between 8 377 00:20:09,400 --> 00:20:12,600 and 20 characters, no more, no less. 378 00:20:12,760 --> 00:20:16,080 And you're in this little box. So if you want to have a long 379 00:20:16,080 --> 00:20:19,640 password, which is, you know, secure and, or use pass phrases, 380 00:20:19,640 --> 00:20:21,240 right? And things like that, 20 381 00:20:21,240 --> 00:20:24,040 characters is really limiting to be able to do that. 382 00:20:24,040 --> 00:20:28,560 So you're, you're artificially impacting the security of your 383 00:20:28,600 --> 00:20:29,880 system. And that might be a system 384 00:20:29,880 --> 00:20:31,600 limitation, right? We can't, this field can't have 385 00:20:31,600 --> 00:20:32,760 more than that because of whatever. 386 00:20:33,320 --> 00:20:36,480 But I it's, it's, it's gotten out of hand, I think. 387 00:20:37,640 --> 00:20:41,880 So I, you know, I'm not going to throw any of our fellow, I am 388 00:20:41,880 --> 00:20:50,200 practitioners on the bus, but I use a retirement site where they 389 00:20:50,200 --> 00:20:54,320 don't allow special characters. So you can't use a dash, you 390 00:20:54,320 --> 00:20:58,160 can't use an exclamation point or a hashtag or any of those 391 00:20:58,520 --> 00:21:02,200 things that I think make the password more complex. 392 00:21:02,360 --> 00:21:05,400 And they have a minimum strength of eight characters. 393 00:21:05,880 --> 00:21:09,720 So it's like, come on. And this is a site where you go 394 00:21:09,720 --> 00:21:12,920 to manage your retirement funds money. 395 00:21:13,160 --> 00:21:15,520 I, I just think it's absolutely ridiculous. 396 00:21:15,720 --> 00:21:18,320 Like if you're going lazy. Way to address an injection 397 00:21:18,320 --> 00:21:20,480 attack. That's that's the way I look at 398 00:21:20,480 --> 00:21:23,640 it like, OK, if there's, if you're, if you're, if you're, 399 00:21:23,640 --> 00:21:27,560 you know, if you have a problem with an injection attack, OK, I 400 00:21:27,560 --> 00:21:29,720 get it right. There's certain characters that 401 00:21:29,720 --> 00:21:34,120 need to be, you know, obfuscated, moved away, 402 00:21:34,120 --> 00:21:37,200 restricted, whatever it may be. But to say you cannot use any 403 00:21:37,200 --> 00:21:40,320 special characters in a password, again, it's it's, it's 404 00:21:40,320 --> 00:21:42,320 not security, it's security theatre. 405 00:21:43,080 --> 00:21:47,320 And then and then the the MFA is SMS. 406 00:21:48,240 --> 00:21:51,880 So you, yeah, put those things to those two things together. 407 00:21:51,880 --> 00:21:53,720 It's like you got to be kidding me. 408 00:21:54,120 --> 00:21:57,040 Yeah, I don't know if we answered Robbie's question, but 409 00:21:57,040 --> 00:22:00,360 I think you and I agree that the password situation needs to get 410 00:22:00,360 --> 00:22:03,160 better. But I the, the silver lining for 411 00:22:03,160 --> 00:22:06,000 me again, is I think the interaction with it changes and 412 00:22:06,000 --> 00:22:09,840 becomes more behind the scenes and plumbing versus, you know, 413 00:22:09,840 --> 00:22:13,600 the first thing you see when you visit a website or an app, login 414 00:22:14,040 --> 00:22:15,560 into your ID and password. Yeah. 415 00:22:15,560 --> 00:22:18,000 And for the practitioners out there, what are the takeaways? 416 00:22:18,000 --> 00:22:21,760 It's all right, move forward passkeys. 417 00:22:22,240 --> 00:22:27,160 It's use stronger authenticators than SMS. 418 00:22:27,560 --> 00:22:29,480 At least make those things an option. 419 00:22:30,640 --> 00:22:34,280 You know, if your users want to default to SMS, and maybe the 420 00:22:34,280 --> 00:22:38,920 problem is that 95% would, but you should at least give people 421 00:22:38,920 --> 00:22:46,360 the option to use stronger security mechanisms, Yeah, and 422 00:22:46,360 --> 00:22:50,080 get away from using passwords on on your app, especially if 423 00:22:50,080 --> 00:22:53,720 you're you're protecting is like highly secret. 424 00:22:54,640 --> 00:22:58,200 Yeah, I I would like to see a better way to do push 425 00:22:58,200 --> 00:23:01,840 notifications and authenticator type apps and kind of things 426 00:23:01,840 --> 00:23:03,440 like that. It's a very clunky experience. 427 00:23:03,440 --> 00:23:06,240 If you're not a, you know, I am person, you have to kind of 428 00:23:06,240 --> 00:23:08,600 explain, oh, you've got to download the Google 429 00:23:08,600 --> 00:23:11,680 Authenticator or the Microsoft Authenticator or, you know, the 430 00:23:11,960 --> 00:23:14,120 I800 other authenticator apps out there. 431 00:23:14,120 --> 00:23:16,200 And then you've got to scan AQR code and then you've got to type 432 00:23:16,200 --> 00:23:18,400 that code in and then you've got to type the next code in. 433 00:23:18,880 --> 00:23:22,480 And it's just, it's a really terrible user experience. 434 00:23:22,480 --> 00:23:24,800 It's, it's secure more than an SMS. 435 00:23:24,800 --> 00:23:28,320 But when you start putting hoops in front of people and it makes 436 00:23:28,320 --> 00:23:31,000 it difficult to register, it's it's the old abandoned shopping 437 00:23:31,000 --> 00:23:33,920 cart scenario. OK, this, forget this, this is 438 00:23:33,920 --> 00:23:36,520 taking too long. I'm going to either not do MFA 439 00:23:36,520 --> 00:23:38,400 or I'm going to default to a less secure model. 440 00:23:39,160 --> 00:23:42,080 Yeah, OK. I mean, you're right, You're 441 00:23:42,080 --> 00:23:44,480 right. I know I'm going to isolate that 442 00:23:44,480 --> 00:23:46,080 and that's going to become, you know. 443 00:23:47,760 --> 00:23:49,720 Yeah, you're going to have a short out there where I was just 444 00:23:49,720 --> 00:23:52,040 like you say something and I'm just like, you're right, you're 445 00:23:52,040 --> 00:23:52,800 right. Yep, Yep. 446 00:23:53,320 --> 00:23:56,120 OK, let's go to Sarah from the United Kingdom. 447 00:23:56,680 --> 00:24:01,720 What's one thing in IAM you wish more companies would prioritize 448 00:24:01,720 --> 00:24:10,360 but often don't? You know, it's interesting. 449 00:24:10,360 --> 00:24:15,160 So this is one of the ideas that I actually thought of bringing 450 00:24:15,160 --> 00:24:21,320 up dirt as my opening tirade or my opening rant, if you will. 451 00:24:21,720 --> 00:24:26,640 So let me ask you a question, user experience, Wayne. 452 00:24:26,640 --> 00:24:31,200 If you go into an organization, they're very like doing things 453 00:24:31,200 --> 00:24:33,960 very manually. Maybe they're very decentralized 454 00:24:34,240 --> 00:24:40,400 and they've got a lot of onboarding forms that end users 455 00:24:41,160 --> 00:24:42,440 use. They fill out the form to 456 00:24:42,440 --> 00:24:46,880 onboard somebody, they send it in, and then magically the 457 00:24:46,880 --> 00:24:49,120 person shows up and all the access is there. 458 00:24:49,360 --> 00:24:51,880 There's a bunch of people behind the scenes making it all happen, 459 00:24:51,880 --> 00:24:56,080 but from an end user experience. End user experience is quite 460 00:24:56,080 --> 00:24:58,200 good, right? They fill out the form, they 461 00:24:58,200 --> 00:25:00,720 e-mail it away, and then somebody takes care of the 462 00:25:00,720 --> 00:25:02,440 problem. I don't know if it's good. 463 00:25:02,600 --> 00:25:04,960 I think it's average and here's why. 464 00:25:04,960 --> 00:25:06,520 Why am I filling out a form in the 1st place? 465 00:25:07,440 --> 00:25:09,360 You know the person's coming, you know you're going to pay 466 00:25:09,360 --> 00:25:12,720 them hopefully, so they should be in some system somewhere. 467 00:25:12,960 --> 00:25:15,800 Why am I still having to fill out a form in the 1st place? 468 00:25:17,680 --> 00:25:20,960 We've defaulted to. Oh well they default onboarding 469 00:25:21,280 --> 00:25:25,320 user experience is a manager or an HR person or somebody an 470 00:25:25,320 --> 00:25:30,080 admin goes in and says oh Jim is starting today on board him. 471 00:25:31,480 --> 00:25:33,360 Like why are? Why is I am the last person to 472 00:25:33,360 --> 00:25:36,680 know about that? Let's say, I mean, let's say 473 00:25:36,680 --> 00:25:40,480 we're in a very automated version and we say, all right, 474 00:25:40,680 --> 00:25:45,120 Jeff is the manager. He hires somebody and you know, 475 00:25:45,280 --> 00:25:47,920 all right, the person comes from the HR system. 476 00:25:48,120 --> 00:25:52,920 We give them the birth rate rolls, they, you know, I'm sure 477 00:25:52,920 --> 00:25:57,480 you had to request a laptop for them and maybe a phone and phone 478 00:25:57,480 --> 00:26:01,840 number etcetera. Anyway, all that goes through 479 00:26:01,880 --> 00:26:03,880 now what about the more advanced? 480 00:26:03,880 --> 00:26:08,320 So you know, they're going, you hire somebody to do podcast, 481 00:26:08,600 --> 00:26:11,800 podcast video editing. So they're going to need XY and 482 00:26:11,800 --> 00:26:13,760 Z. That's different than the 483 00:26:13,760 --> 00:26:16,560 average user. There's no role to find for this 484 00:26:16,560 --> 00:26:19,120 job. So where's the owner's go? 485 00:26:19,120 --> 00:26:25,360 Does it go on you that you have to go out to the ITSM or go out 486 00:26:25,360 --> 00:26:28,200 to an IAM system to request all this access? 487 00:26:28,480 --> 00:26:32,640 Or does somebody supposed to contact you like, or does the 488 00:26:32,640 --> 00:26:36,200 person just show up and they can't do the job until? 489 00:26:37,080 --> 00:26:42,440 So to me it's it's those are not a good user experience. 490 00:26:43,200 --> 00:26:46,440 Having one form to go to, to say, all right, you know, this 491 00:26:46,440 --> 00:26:49,840 new person starting and they need a laptop and they're going 492 00:26:49,840 --> 00:26:52,960 to need all the software. Maybe I'll just type it into the 493 00:26:52,960 --> 00:26:55,760 notes. I'm not saying it's the most 494 00:26:55,760 --> 00:26:59,400 efficient way or the right way, but from a user experience 495 00:26:59,400 --> 00:27:02,440 perspective, it's like, oh, I just had to fill out one form 496 00:27:02,440 --> 00:27:05,440 and they showed up and pretty much they were right off and. 497 00:27:05,440 --> 00:27:09,160 Working well, I think the user. So it sounds to me like you want 498 00:27:09,160 --> 00:27:11,720 to prioritize the user experience, which you know, I 499 00:27:11,720 --> 00:27:14,560 can find no fault in that. No, no, no actually. 500 00:27:14,560 --> 00:27:18,360 So here's my counter intuitive is, you know, maybe we have to 501 00:27:18,360 --> 00:27:20,800 de prioritize the user experience. 502 00:27:21,840 --> 00:27:23,920 Why would you de prioritize the user experience? 503 00:27:24,040 --> 00:27:25,520 Walk me through that. Gym logic. 504 00:27:26,000 --> 00:27:27,400 Yeah, right. So I. 505 00:27:27,400 --> 00:27:31,120 Tied the user experience to in that situation where it's just 506 00:27:31,120 --> 00:27:33,680 one word form they e-mail around. 507 00:27:34,120 --> 00:27:37,200 So de prioritize it from the standpoint of like we're not 508 00:27:37,200 --> 00:27:40,320 going to do that anymore, but prioritize it from the 509 00:27:40,320 --> 00:27:46,200 perspective that you have to mimic at least as good of a user 510 00:27:46,200 --> 00:27:49,320 experience as what existed with the manual form. 511 00:27:49,880 --> 00:27:52,880 I mean, if you're trying to replicate manual processes with 512 00:27:52,880 --> 00:27:55,160 your automation tools, I think you're thinking about this in 513 00:27:55,160 --> 00:27:57,720 the wrong way. The whole point is to be more 514 00:27:57,720 --> 00:27:59,520 data-driven. You know, you know someone's 515 00:27:59,520 --> 00:28:02,280 coming on boarded, you know, and they're in the work day system 516 00:28:02,280 --> 00:28:05,280 or whatever your HR platform is, take that data and do stuff with 517 00:28:05,280 --> 00:28:06,800 it. You spent money on automation, 518 00:28:06,800 --> 00:28:08,760 so automate like what's the problem here? 519 00:28:09,200 --> 00:28:13,520 Stop, stop, stop making busy work for people, managers, HR 520 00:28:13,520 --> 00:28:15,680 people. Stop making fill out forms. 521 00:28:16,600 --> 00:28:19,960 Now I know I'm being probably a little bit pie in the sky Ultra 522 00:28:19,960 --> 00:28:23,160 Stickler may be, but if you have the technology to automate and 523 00:28:23,160 --> 00:28:25,480 you've got the data and you think the data is in a good 524 00:28:25,480 --> 00:28:28,720 enough spot where you can't automate, automate. 525 00:28:30,200 --> 00:28:33,920 Don't do it half ass. Yeah, no, I think maybe I was 526 00:28:33,920 --> 00:28:36,720 trying to be a little overly creative with the answer here, 527 00:28:37,080 --> 00:28:40,760 but you can't take a step back in terms of the user experience. 528 00:28:42,080 --> 00:28:44,840 I, I part of that user experience is psychological. 529 00:28:45,360 --> 00:28:47,680 In other words, sucky. You're the manager and you 530 00:28:47,680 --> 00:28:52,400 wouldn't know that when the your new, your new hire shows up that 531 00:28:52,400 --> 00:28:54,560 he or she is going to have everything they need. 532 00:28:54,720 --> 00:28:56,520 They're going to have their laptop, they're going to have 533 00:28:56,520 --> 00:28:59,400 all their tech, but they're also going to have all the access 534 00:28:59,400 --> 00:29:02,200 that they need. You should at least kind of go 535 00:29:02,200 --> 00:29:06,480 through and like be able to see in kind of a dashboard setting. 536 00:29:06,480 --> 00:29:09,640 Like here's all the things they need that they're going to get 537 00:29:09,800 --> 00:29:13,320 from an automation perspective, and here's all the things that 538 00:29:13,600 --> 00:29:17,600 maybe do need to be requested. Maybe after you go through that 539 00:29:17,600 --> 00:29:21,320 list, you're like, oh, Adobe Premiere is not on that list. 540 00:29:21,440 --> 00:29:23,640 I got to make sure that they get Adobe Premiere. 541 00:29:24,560 --> 00:29:26,720 But do they need that day one? I'd argue maybe not. 542 00:29:27,120 --> 00:29:30,080 How many people hire and are doing their full job within 543 00:29:30,080 --> 00:29:33,040 seconds of onboarding? Usually the first couple days 544 00:29:33,040 --> 00:29:36,960 is, you know, going through onboarding training or company 545 00:29:36,960 --> 00:29:38,760 training or, or things like that. 546 00:29:39,600 --> 00:29:43,120 Then maybe I'm making an argument for prioritizing 0 547 00:29:43,120 --> 00:29:45,280 standing privilege or just in time privileges. 548 00:29:46,120 --> 00:29:48,080 Yeah, we're talking about getting access to a whole bunch 549 00:29:48,080 --> 00:29:51,440 of things that they may or may not even use right away. 550 00:29:51,440 --> 00:29:55,360 So why not be more dynamic with that decision and say make it 551 00:29:55,360 --> 00:29:57,360 more self-service? I mean, we all know how to use 552 00:29:57,360 --> 00:29:59,880 Amazon and buy stuff. Nobody taught us how to do it. 553 00:29:59,880 --> 00:30:03,320 But if I want to go in and, you know, get a new camera, I can 554 00:30:03,320 --> 00:30:06,520 click up a couple buttons and it'll be delivered to me pretty 555 00:30:06,520 --> 00:30:09,280 quickly, you know, within a couple days for the most part. 556 00:30:09,640 --> 00:30:12,360 Why not take that same model and make it more self-service for 557 00:30:12,360 --> 00:30:14,120 those people say, oh, I'm going to be doing some video editing. 558 00:30:14,120 --> 00:30:16,040 OK, which video editor do you want to use? 559 00:30:16,160 --> 00:30:19,520 Adobe Davinci Final Cut. You know XYZ, whatever it may 560 00:30:19,520 --> 00:30:23,240 be, select the one you want, click the button and boom, it 561 00:30:23,240 --> 00:30:25,120 provisions it. You have the tools from an 562 00:30:25,120 --> 00:30:27,920 automation standpoint. I think your bill won being 563 00:30:27,920 --> 00:30:32,480 overly creative now. OK, So what's the answer? 564 00:30:32,480 --> 00:30:35,080 Like what is the one thing you wish companies would prioritize 565 00:30:35,080 --> 00:30:37,680 but often don't? Because we went, you went down 566 00:30:37,680 --> 00:30:41,240 the user experience role and then I'm not sure if you argued 567 00:30:41,240 --> 00:30:43,240 it for or against that the prioritization. 568 00:30:43,880 --> 00:30:48,280 I think, I think I may try to be creative by arguing against it, 569 00:30:48,640 --> 00:30:52,240 but I think in the end of the day, I argued for it, which was, 570 00:30:52,920 --> 00:30:56,320 you know, you have to kind of think about it from multiple 571 00:30:56,320 --> 00:31:01,720 aspects and make sure that you're not taking a step back 572 00:31:01,720 --> 00:31:04,160 with automation. Because I think our minds are 573 00:31:04,160 --> 00:31:08,320 wired toward let's say things that are manual, automate them. 574 00:31:08,480 --> 00:31:11,240 That's not always a better user experience if it's not well 575 00:31:11,240 --> 00:31:13,000 thought through. Yeah. 576 00:31:13,000 --> 00:31:15,840 And I think sometimes we we stop automating, we say, oh, that's 577 00:31:15,840 --> 00:31:18,440 good enough, forget it. And then you start leaving, you 578 00:31:18,440 --> 00:31:21,280 know, systems on the table from like an integration standpoint 579 00:31:21,280 --> 00:31:24,320 to, to further that automation and automation can be done much 580 00:31:24,320 --> 00:31:26,880 different things. Doesn't have to mean like fully 581 00:31:26,880 --> 00:31:29,560 on board, fully off board and everything is, you know, In 582 00:31:29,560 --> 00:31:31,400 Sync, right? In this magical world. 583 00:31:31,400 --> 00:31:34,680 There's the reality of things come in and I think you can kind 584 00:31:34,680 --> 00:31:36,080 of find what what a win looks like. 585 00:31:36,400 --> 00:31:39,480 I would argue something else for prioritization. 586 00:31:39,480 --> 00:31:43,320 I think that's actually running your IM as a program 587 00:31:43,920 --> 00:31:47,440 strategically instead of quarter by quarter, month by month, 588 00:31:47,440 --> 00:31:51,840 fiscal year by fiscal year and not really having a strategy or 589 00:31:51,840 --> 00:31:53,400 plan of where you're where you're going. 590 00:31:53,400 --> 00:31:58,080 So I would like to see more companies think about identity 591 00:31:58,080 --> 00:32:00,520 from more strategic terms, especially at a program level. 592 00:32:01,440 --> 00:32:03,680 What are you trying to do? What are your objectives, you 593 00:32:03,680 --> 00:32:06,600 know, from a program perspective versus oh shoot, we got to get 594 00:32:06,600 --> 00:32:10,480 this thing in because it's next quarter or it's this app is 595 00:32:10,480 --> 00:32:12,680 going live and we're band aiding everything over the time. 596 00:32:12,680 --> 00:32:15,600 And I think that tends to lead to overly complex IM 597 00:32:15,600 --> 00:32:19,640 environments and the governance isn't there for policies or 598 00:32:19,640 --> 00:32:23,280 standards or even procedure. And so I'd like to see more of 599 00:32:23,280 --> 00:32:26,640 the people in the process side of IM have more focus rather 600 00:32:26,640 --> 00:32:29,920 than just, hey, we slapped a technology on it and that'll fix 601 00:32:29,920 --> 00:32:34,240 everything. Yeah, I, you know, I also think 602 00:32:34,240 --> 00:32:36,960 when people are putting to you that their IM strategy, some 603 00:32:36,960 --> 00:32:41,280 people are wired to think that a strategy is a list of products 604 00:32:42,160 --> 00:32:45,360 and an IM strategy is not a list of products. 605 00:32:45,600 --> 00:32:49,920 It's that that must play a role but a few process and 606 00:32:49,920 --> 00:32:52,760 technology. And I know this sounds cliche, 607 00:32:52,760 --> 00:32:55,360 but it's as true as ever with I am. 608 00:32:55,880 --> 00:32:57,720 Yeah, that's a good sound bite. We'll just leave it there. 609 00:32:58,560 --> 00:33:01,240 Got that one out now as well. All right, let's go to our 610 00:33:01,240 --> 00:33:06,000 friend Carlos from the USA. How do you see AI really 611 00:33:06,000 --> 00:33:08,920 impacting identity governance in the next few years? 612 00:33:08,920 --> 00:33:14,320 What is hype versus reality? Welcome to this portion of AI at 613 00:33:14,320 --> 00:33:18,560 the Center. You know, I, I really think that 614 00:33:18,720 --> 00:33:24,560 where AI is going to make the differences for the ability for 615 00:33:24,560 --> 00:33:28,240 people to kind of not have to know how to do things, but just 616 00:33:28,240 --> 00:33:31,120 to go into some kind of interface and say, this is what 617 00:33:31,120 --> 00:33:35,160 I'm trying to accomplish. For AI to figure out what they 618 00:33:35,160 --> 00:33:40,160 need and they get to the right place, perhaps interpret the the 619 00:33:40,160 --> 00:33:44,160 queries that they're making and turn them into action. 620 00:33:44,400 --> 00:33:48,000 I think identity is hopefully there's something that people 621 00:33:48,000 --> 00:33:52,840 don't have to do every day so they forget, you know, if a 622 00:33:52,840 --> 00:33:58,320 couple weeks pass between business to IM systems, where to 623 00:33:58,320 --> 00:34:02,320 go to do things. And I think AI could be a huge 624 00:34:02,320 --> 00:34:05,320 help in that. So kind of it is from a user 625 00:34:05,320 --> 00:34:08,320 experience perspective, I think that's probably one of the 626 00:34:08,320 --> 00:34:13,080 biggest areas that you're going to see AI show up because I 627 00:34:13,080 --> 00:34:17,760 think a lot of the the back end things that you could have AI 628 00:34:17,760 --> 00:34:19,239 do. I think people are afraid to 629 00:34:19,239 --> 00:34:21,239 touch right now. They're afraid to turn over to 630 00:34:21,239 --> 00:34:24,040 AII. Don't you know? 631 00:34:24,040 --> 00:34:27,400 One thing I've always been concerned about is like, does AI 632 00:34:27,400 --> 00:34:31,560 know the boundaries of what data it can include in terms of 633 00:34:31,840 --> 00:34:37,199 returning a response to a query? And I feel like a lot of 634 00:34:37,679 --> 00:34:40,679 developers or product companies, they're actually, they are 635 00:34:40,679 --> 00:34:43,840 afraid of that. So I think we're going to see AI 636 00:34:43,840 --> 00:34:48,440 show up the earliest is from an end user perspective on kind of 637 00:34:48,480 --> 00:34:51,719 more or less the basics of finding things, being able to 638 00:34:51,719 --> 00:34:56,960 query but be but limiting that pretty significantly. 639 00:34:57,760 --> 00:35:00,040 Yeah, I I'd agree with that. I think we're already, you know, 640 00:35:00,040 --> 00:35:01,520 we've talked to several companies already that have 641 00:35:01,520 --> 00:35:05,120 integrated AI and generative AI specifically for like natural 642 00:35:05,120 --> 00:35:07,600 language queries, right, or things like that. 643 00:35:07,600 --> 00:35:11,960 And I think you end up in a spot where I think it will impact the 644 00:35:11,960 --> 00:35:15,000 user experience first. Because I think that's the 645 00:35:15,000 --> 00:35:18,400 safest place theoretically to to impact. 646 00:35:18,400 --> 00:35:21,840 Because I don't know if we're yet to the spot where we would 647 00:35:21,840 --> 00:35:27,400 trust an AI to configure itself to be secure without somebody 648 00:35:27,400 --> 00:35:31,440 looking at the code, the workflow, the configuration or 649 00:35:31,440 --> 00:35:34,080 whatever it might look like to actually make sure that it makes 650 00:35:34,080 --> 00:35:35,080 sense, it's doing the right thing. 651 00:35:35,080 --> 00:35:38,120 So I do think of things where it is more accessible, right? 652 00:35:38,320 --> 00:35:41,120 I, I've forgotten most of the sequel that I would have used, 653 00:35:41,160 --> 00:35:44,160 you know, 20 years ago to, to query a database looking for 654 00:35:44,160 --> 00:35:47,800 data in my IGA platform. You know, at this point, I 655 00:35:47,800 --> 00:35:50,360 should be able to go into a system and say, show me all the 656 00:35:50,360 --> 00:35:54,360 users that have access to this application or show me all the 657 00:35:54,360 --> 00:35:57,800 users that do not have MFA enabled or show me all the 658 00:35:57,800 --> 00:36:00,680 people with this specific, you know, privileged entitlement, 659 00:36:00,680 --> 00:36:03,160 you know, whatever it might be. That's all just reporting. 660 00:36:03,240 --> 00:36:06,120 And I think that's, that accessibility is going to make 661 00:36:06,120 --> 00:36:09,240 it easier to do things with the data that we've been sitting on. 662 00:36:09,240 --> 00:36:12,640 So I think, I think AI is extremely impactful on that 663 00:36:12,640 --> 00:36:14,240 side. And that's what's coming 1st. 664 00:36:14,720 --> 00:36:17,840 And then you will start to see behind the scenes, you know, 665 00:36:18,080 --> 00:36:20,560 and, and there's companies already working on it, right, to 666 00:36:20,640 --> 00:36:25,520 configure their tools, Hey, set up a connection to this 667 00:36:25,520 --> 00:36:31,360 application and my IDP or my IGA or my privileged access 668 00:36:31,360 --> 00:36:32,600 management system or wherever it may be. 669 00:36:32,600 --> 00:36:36,520 So I, I think I, I don't think it's, I think it's a little bit 670 00:36:36,520 --> 00:36:39,120 of hype right now because I think people are excited about 671 00:36:39,120 --> 00:36:42,200 the opportunities, but I think it's going to quickly turn into 672 00:36:42,200 --> 00:36:44,640 reality. The question will be, does the 673 00:36:44,640 --> 00:36:50,560 reality match the hype and how to quickly does that become 674 00:36:50,920 --> 00:36:54,320 truth? Because I think in 50 years, 675 00:36:54,600 --> 00:36:58,440 most I am platforms, if they're even going to be, I implied so 676 00:36:58,440 --> 00:37:01,560 at that point are going to be almost self-sustaining. 677 00:37:01,560 --> 00:37:02,840 They're going to be a service that you buy. 678 00:37:02,840 --> 00:37:05,400 And this is the way it works and AI or whatever, right? 679 00:37:05,400 --> 00:37:07,920 Machine learning language. Things take behind, take place 680 00:37:07,920 --> 00:37:11,560 behind the scenes, do the work, and you're you. 681 00:37:11,600 --> 00:37:15,400 Everyone at that point is an end user of the tool, like very few 682 00:37:15,400 --> 00:37:18,360 admins. For listeners and for 683 00:37:18,360 --> 00:37:23,040 practitioners, do you think that if you're not using AI in some 684 00:37:23,040 --> 00:37:27,320 way in your job now that you're falling behind, Are there things 685 00:37:27,320 --> 00:37:31,040 that you would recommend to practitioners that you need to 686 00:37:31,040 --> 00:37:35,320 get good at this thing? Yeah, I think you need to. 687 00:37:35,360 --> 00:37:38,320 It's like anything else, read off on it, experiment with it, 688 00:37:38,320 --> 00:37:42,160 play with it, understand the benefits and the potential 689 00:37:42,160 --> 00:37:44,560 drawbacks. I mean, there's no shortage of 690 00:37:44,640 --> 00:37:48,560 AI tools out there now, right? Between Open AI and Google and 691 00:37:48,680 --> 00:37:51,920 you know, all the different models out there, Anthropic, 692 00:37:51,920 --> 00:37:55,040 etcetera, they're all pretty darn good. 693 00:37:55,080 --> 00:37:57,080 And this is the worst that it will ever be. 694 00:37:57,520 --> 00:38:00,000 It's only going to get better. Tomorrow's going to be better 695 00:38:00,000 --> 00:38:01,480 than it was today and so on and so on. 696 00:38:01,480 --> 00:38:05,080 So I think understanding how you can leverage it for any number 697 00:38:05,080 --> 00:38:07,400 of reasons, whether it's, you know, helping write a report or 698 00:38:07,400 --> 00:38:11,400 helping analyze data or, you know, things like that, you 699 00:38:11,400 --> 00:38:13,440 know, definitely you want to stay on top of it. 700 00:38:13,440 --> 00:38:16,840 I think where I would be concerned about is when I start 701 00:38:16,840 --> 00:38:20,680 to hear, well, we just have AI doing all the work and there's 702 00:38:20,680 --> 00:38:23,360 nobody checking it to make sure that it's good. 703 00:38:24,400 --> 00:38:26,680 That's the part where we're not quite there yet. 704 00:38:26,760 --> 00:38:32,320 And we need to have people who understand their space, you 705 00:38:32,320 --> 00:38:34,600 know, whether it's authentication or authorization 706 00:38:34,600 --> 00:38:38,320 or governance processes, right, or whatever it may be, somebody 707 00:38:38,320 --> 00:38:40,680 still has to check that to make sure that that is still correct 708 00:38:40,680 --> 00:38:44,960 because AI still hallucinate and they go off the off the deep end 709 00:38:44,960 --> 00:38:47,000 sometimes. And so you need people who know 710 00:38:47,000 --> 00:38:51,200 their stuff to call out the AI or whatever you're using, right, 711 00:38:51,200 --> 00:38:54,320 to make sure that it's good. So it doesn't absolve people in 712 00:38:54,320 --> 00:38:56,080 the IM world of not knowing their stuff. 713 00:38:56,080 --> 00:38:57,400 You still have to know your stuff. 714 00:38:58,520 --> 00:39:03,440 Yeah, I commented on a A blog article because the focus group 715 00:39:03,440 --> 00:39:08,960 put out a blog article. They're an analyst firm and they 716 00:39:08,960 --> 00:39:12,680 attempted to use AI to put together an analyst paper. 717 00:39:13,120 --> 00:39:16,680 And I think what they found, which is what I find a lot with 718 00:39:16,680 --> 00:39:21,120 AI, is it does a fantastic job in terms of putting together the 719 00:39:21,120 --> 00:39:25,760 shell, in terms of putting together kind of a lot of words. 720 00:39:25,760 --> 00:39:29,000 And kind of like, oh, man, if you just looked at it without 721 00:39:29,000 --> 00:39:31,640 actually reading all the detail, you say this is very good. 722 00:39:31,640 --> 00:39:34,080 But then when you get into the detail, it's like it's not very 723 00:39:34,080 --> 00:39:37,000 creative. The date is old, things like 724 00:39:37,000 --> 00:39:40,520 that. And yeah, I mean, is that what 725 00:39:40,520 --> 00:39:43,360 you find as well? Yeah, I mean, I think this is 726 00:39:43,360 --> 00:39:46,120 where different models have different strengths and they 727 00:39:46,120 --> 00:39:47,720 continually are improving things like that. 728 00:39:47,720 --> 00:39:52,080 I think I find some of the AI services are better at report 729 00:39:52,200 --> 00:39:54,520 generation, writing skills, basically. 730 00:39:54,520 --> 00:39:58,880 Others are better at analyzing the data and putting it together 731 00:39:58,920 --> 00:40:01,480 in a way, and others, you know, are just better at interpreting 732 00:40:01,480 --> 00:40:04,000 actions. So I think there's still a long 733 00:40:04,000 --> 00:40:07,280 ways to go for all the different AI services, but it's exciting. 734 00:40:07,280 --> 00:40:09,720 I'm, you know, I'm on record as being a fan for it. 735 00:40:10,000 --> 00:40:12,600 It's going to be used for. Things that probably shouldn't 736 00:40:12,600 --> 00:40:17,000 be used for, but I think in the in the end it's going to be a 737 00:40:17,000 --> 00:40:18,800 very valuable tool for a lot of folks. 738 00:40:20,640 --> 00:40:23,360 Do you have any of the expensive subscriptions? 739 00:40:23,600 --> 00:40:25,840 No, I stick with the $20.00 a month. 740 00:40:25,840 --> 00:40:30,720 Once I know that there's like $200 versions out there which I 741 00:40:30,720 --> 00:40:33,080 don't, I don't think those are worth it for me. 742 00:40:33,080 --> 00:40:36,560 I think those are probably more for, you know, developers maybe, 743 00:40:36,560 --> 00:40:38,080 or people who are really taking advantage of it. 744 00:40:38,080 --> 00:40:39,840 And I subscribe to multiple ones. 745 00:40:39,840 --> 00:40:43,400 So, you know, between Gemini and ChatGPT and some other ones, 746 00:40:43,960 --> 00:40:46,560 that's enough for me. So I'm probably spending, you 747 00:40:46,560 --> 00:40:48,560 know, half that for a variety of services. 748 00:40:48,560 --> 00:40:50,560 But I think it also gives me an opportunity to look at different 749 00:40:50,560 --> 00:40:54,480 models and leverage the appropriate model for what it is 750 00:40:54,480 --> 00:40:56,760 I'm trying to do. So yeah. 751 00:40:56,880 --> 00:40:59,400 And, and, and look, those prices will come down at some point, 752 00:40:59,440 --> 00:41:01,680 you know, they'll get the the models themselves will become 753 00:41:01,680 --> 00:41:03,560 cheaper and more efficient to run. 754 00:41:03,560 --> 00:41:06,560 So costs will come down, which theoretically gets passed on to 755 00:41:06,560 --> 00:41:09,120 us as consumers and then it becomes the, you know, bundled 756 00:41:09,120 --> 00:41:10,360 as part of a service, whatever it may be. 757 00:41:11,080 --> 00:41:13,840 But I don't, I think this is a, a real cash grab for a lot of 758 00:41:13,840 --> 00:41:15,360 these companies. So it's going to be very 759 00:41:15,360 --> 00:41:20,320 interesting to see when, when and how does the, the economic 760 00:41:20,320 --> 00:41:24,320 model of a subscription to an AI update or change over time? 761 00:41:24,760 --> 00:41:28,600 Is it just, hey, this is the new streaming platform, you know, we 762 00:41:28,600 --> 00:41:31,680 all have like 8 different video services that we use. 763 00:41:31,680 --> 00:41:33,920 Is this now another thing where it's like, this is just another 764 00:41:33,920 --> 00:41:37,360 subscription that we're all going to be tied to And, you 765 00:41:37,360 --> 00:41:39,920 know, it gets better theoretically over time and 766 00:41:39,920 --> 00:41:41,600 maybe there's a war at some point. 767 00:41:41,600 --> 00:41:44,920 It's like, OK, well, you know, is it Netflix versus, you know, 768 00:41:44,920 --> 00:41:49,240 Disney Plus? Or is it Anthropic versus open 769 00:41:49,240 --> 00:41:50,440 AI right? Or whatever it may be. 770 00:41:51,600 --> 00:41:55,400 Have you seen anything with Apple Intelligence lately? 771 00:41:57,040 --> 00:41:58,920 I mean, I've seen their attempts at it. 772 00:41:58,920 --> 00:42:00,880 I I'm not impressed with what they put out so far. 773 00:42:00,880 --> 00:42:02,720 I think they're, I think they're actually late to the game on 774 00:42:02,720 --> 00:42:07,840 this. It is it's, I don't, I would say 775 00:42:07,840 --> 00:42:11,480 it's not good at the moment. It's so it's so, so basic 776 00:42:11,480 --> 00:42:15,120 compared to what you can see and do with some of the services out 777 00:42:15,120 --> 00:42:17,360 there, especially if you look at Android phones and what they've 778 00:42:17,360 --> 00:42:20,400 done with integrating like Gemini into the OS and things 779 00:42:20,400 --> 00:42:22,040 like that. It's just, it's just further 780 00:42:22,040 --> 00:42:25,240 along, you know, I have no doubt Apple will catch up at some 781 00:42:25,240 --> 00:42:28,960 point and move beyond parlor tricks like image playground 782 00:42:28,960 --> 00:42:31,520 and, you know, stupid stuff like that, that doesn't really 783 00:42:31,520 --> 00:42:35,440 matter. So I, I think they're behind and 784 00:42:35,440 --> 00:42:37,080 I think they're doing their Apple thing. 785 00:42:37,560 --> 00:42:40,440 They're being cautious. They don't they're not inventing 786 00:42:40,480 --> 00:42:42,160 the scenario. What they're going to be really 787 00:42:42,160 --> 00:42:45,600 good at is refining how it gets used and how it's integrated, 788 00:42:45,600 --> 00:42:47,880 things like that. So, you know, I think we're 789 00:42:47,880 --> 00:42:54,080 still a couple years from where Apple probably should be when it 790 00:42:54,080 --> 00:42:56,840 comes to integrating AI. But if you want a glimpse of it, 791 00:42:56,880 --> 00:42:59,520 fire up an Android phone and go into, you know, Gemini and 792 00:42:59,520 --> 00:43:01,960 Google Assistant and and that that kind of change over is 793 00:43:01,960 --> 00:43:03,080 happening. It's it's pretty neat. 794 00:43:03,800 --> 00:43:07,240 Yeah, very cool. There's your AI at the center. 795 00:43:08,040 --> 00:43:11,600 All right, all right. Let's go to Isabel from France. 796 00:43:11,880 --> 00:43:16,160 How can smaller companies with limited budgets still build a 797 00:43:16,160 --> 00:43:19,200 strong IM program? I love this question because 798 00:43:19,200 --> 00:43:23,520 everybody, nobody has enough money or resources to get things 799 00:43:23,520 --> 00:43:25,920 done. Most of the organizations you 800 00:43:25,920 --> 00:43:28,960 know, that I've seen are, you know, scraping by or have to 801 00:43:28,960 --> 00:43:33,240 justify every dollar and cents. So Jim, how can a smaller 802 00:43:33,240 --> 00:43:36,640 company with a limited budget still build a strong IM program? 803 00:43:38,000 --> 00:43:41,720 Yeah, since I have to answer this first, I'm, I'm actually 804 00:43:41,720 --> 00:43:44,480 picking on something you said earlier about the IM program. 805 00:43:44,480 --> 00:43:48,080 And you know, if I put my program manager hat on, it's 806 00:43:48,080 --> 00:43:51,800 about identifying where you spend that small budget, right? 807 00:43:51,800 --> 00:43:54,360 So there's not one blanket that's like spending on 808 00:43:54,360 --> 00:43:59,200 authentication or spending on identity governance or 809 00:43:59,200 --> 00:44:02,840 privileged access. It's figuring out where are your 810 00:44:02,840 --> 00:44:07,920 needs and making that case and then be able to paint the risk 811 00:44:08,200 --> 00:44:10,800 landscape. So having a strong I am program 812 00:44:10,800 --> 00:44:13,760 manager is probably the first investment to identify where the 813 00:44:13,760 --> 00:44:17,360 rest of the money goes. Yeah, I think that's good. 814 00:44:17,360 --> 00:44:21,760 I think really setting the stage for your program, what are your 815 00:44:21,760 --> 00:44:23,320 policies? What are your standards? 816 00:44:23,840 --> 00:44:25,600 What can you do with what you have? 817 00:44:26,800 --> 00:44:29,360 You know, I work with a few different nonprofits and 818 00:44:29,360 --> 00:44:32,840 typically they don't have a ton of money and so they can't 819 00:44:32,840 --> 00:44:35,720 afford, you know, IGA tools, privileged access management 820 00:44:35,720 --> 00:44:39,280 tools and, you know, user and entity, you know, behavior 821 00:44:39,280 --> 00:44:41,520 analysis, right, and ITDR and all the buzzwords. 822 00:44:41,520 --> 00:44:44,560 So a lot of it is trying to figure out, OK, well, what can 823 00:44:44,560 --> 00:44:47,720 we do with what we have? And a lot of that falls back to 824 00:44:48,240 --> 00:44:50,960 inventory. I mean, it doesn't cost money, 825 00:44:51,600 --> 00:44:53,520 you know, to you don't have to buy a tool, I guess to, to 826 00:44:53,520 --> 00:44:55,200 inventory things. You probably have some things 827 00:44:55,200 --> 00:44:58,040 that you can already do to say, OK, well, let's at least get 828 00:44:58,040 --> 00:45:00,960 user extracts, extracts, you know, from different systems and 829 00:45:00,960 --> 00:45:04,840 know who has access to what. You know, there's, there's 830 00:45:04,840 --> 00:45:07,360 things you can do. It's going to be painful in the 831 00:45:07,360 --> 00:45:11,640 real world if there's an incident or you know, maybe 832 00:45:11,640 --> 00:45:14,520 onboarding is a real pain because you have to go and log 833 00:45:14,520 --> 00:45:17,640 into 200 different systems and see, you know, if that person 834 00:45:17,640 --> 00:45:18,880 exists there. And that's where human error 835 00:45:18,880 --> 00:45:20,320 comes in. You forget to do a system where 836 00:45:20,320 --> 00:45:21,680 it may be or onboarding same way. 837 00:45:21,680 --> 00:45:24,520 It's like takes forever. It's a real challenge. 838 00:45:24,640 --> 00:45:30,520 And I think, I think it starts with the program itself, people 839 00:45:30,840 --> 00:45:35,200 and process the technology should be third on that list. 840 00:45:35,200 --> 00:45:38,680 And hopefully as the organization grows or matures, 841 00:45:39,200 --> 00:45:41,720 you know, they're, they're investing right size 842 00:45:41,720 --> 00:45:44,680 technologies versus and hopefully proactively before 843 00:45:44,680 --> 00:45:47,600 there's a problem that forces them to to invest in it. 844 00:45:48,200 --> 00:45:50,280 Yeah. So you so often hear though, as 845 00:45:50,320 --> 00:45:54,080 you talk to companies like we're a Microsoft shop, and this isn't 846 00:45:54,160 --> 00:45:56,680 to blast Microsoft, but is that the right approach? 847 00:45:58,200 --> 00:46:00,480 Well, I mean, they have a lot of capability. 848 00:46:00,480 --> 00:46:03,040 So yeah, it can absolutely be the right approach. 849 00:46:03,040 --> 00:46:06,680 If you're already on Office 365 or Microsoft 365 and you know, 850 00:46:06,680 --> 00:46:09,880 you are a window shop, right? All that stuff, there's plenty 851 00:46:09,880 --> 00:46:13,160 of tools that come along with Microsoft to help you manage it. 852 00:46:13,160 --> 00:46:17,280 Now, is it 100% coverage? Does it do it the way you wish 853 00:46:17,280 --> 00:46:19,880 it would do it? Probably not, right? 854 00:46:19,880 --> 00:46:22,320 I think that's where you see add-ons and third parties and 855 00:46:22,320 --> 00:46:24,200 all these other products come in to kind of help fill those 856 00:46:24,200 --> 00:46:27,160 voids. But this is where you decide, 857 00:46:27,160 --> 00:46:30,040 OK, well, how do we match up our people and process to line up 858 00:46:30,040 --> 00:46:31,640 with the tools that we actually have? 859 00:46:32,560 --> 00:46:34,440 Boy, it'd be really great to have Cyber Ark, right? 860 00:46:34,440 --> 00:46:38,200 Or Beyond Trust or Delinea or whatever it may be, but we can't 861 00:46:38,200 --> 00:46:40,080 afford it. So how do we take advantage of 862 00:46:40,240 --> 00:46:44,240 PIM and Entra to do some things, you know, use the tools you've 863 00:46:44,240 --> 00:46:46,720 got? I, I think, I think there is, 864 00:46:47,280 --> 00:46:50,400 there is things you can do to to match up your people and process 865 00:46:50,400 --> 00:46:52,120 with what you've got as best as you can. 866 00:46:52,920 --> 00:46:56,200 Yeah, that's a great answer. I know I'm going to isolate that 867 00:46:56,200 --> 00:47:01,000 one as well. All right, let's go to our last 868 00:47:01,000 --> 00:47:03,520 question. This is from Anders in from 869 00:47:03,520 --> 00:47:06,080 Norway. I like this question and Jim, 870 00:47:06,080 --> 00:47:07,760 I'm very curious to see what you're going to answer this one 871 00:47:07,760 --> 00:47:11,600 is what's your dream guest to have on identity at the center? 872 00:47:11,840 --> 00:47:14,480 You can pick anybody you want, living or dead. 873 00:47:14,760 --> 00:47:16,720 Who would you like to have on as a guest for the show? 874 00:47:16,720 --> 00:47:19,680 I'm. Going to put somebody who I 875 00:47:19,680 --> 00:47:23,720 actually tried to get on for a guess when he was still with us, 876 00:47:24,080 --> 00:47:27,080 Kim Cameron, he has seven laws of identity. 877 00:47:27,400 --> 00:47:29,160 I mean, this is an identity podcast, right? 878 00:47:29,160 --> 00:47:32,160 So if I answer Abraham Lincoln or something, it's a little 879 00:47:32,160 --> 00:47:35,040 like, well, that wouldn't make a whole lot of sense. 880 00:47:35,560 --> 00:47:37,080 Kim would have. Been this podcast doesn't make a 881 00:47:37,080 --> 00:47:40,000 whole lot of sense anyway, it would fit right in. 882 00:47:41,120 --> 00:47:44,960 True, that's how I would pick. So Kim Cameron, I'm going to go 883 00:47:44,960 --> 00:47:46,080 a little bit different direction. 884 00:47:46,080 --> 00:47:54,000 I would like to have more large company CEOs and Csos because 885 00:47:54,000 --> 00:47:57,120 they're the ones that are really controlling what is happening in 886 00:47:57,120 --> 00:48:00,040 the real world from an identity standpoint, budget, resourcing 887 00:48:00,040 --> 00:48:03,080 and things like that. And I think if we can put our 888 00:48:03,560 --> 00:48:07,520 our message and get into, you know, the minds of some of these 889 00:48:07,520 --> 00:48:10,920 folks that are controlling the budget and understand what their 890 00:48:10,920 --> 00:48:13,240 triggers are, that's going to be super helpful for people. 891 00:48:13,240 --> 00:48:17,320 So I would like to have more, you know, executive level people 892 00:48:17,720 --> 00:48:23,240 explaining to us why or why not to invest in this thing called 893 00:48:23,240 --> 00:48:26,880 digital identity. Whether you're a vendor, right? 894 00:48:27,280 --> 00:48:29,400 I'm, I'm sure there's, you know, there's, there's large companies 895 00:48:29,400 --> 00:48:31,680 that we've tried to have on in the past that, you know, just 896 00:48:31,840 --> 00:48:34,040 haven't been responsive on that. And that's fine. 897 00:48:34,040 --> 00:48:38,120 But I would like to have, you know, really the, the, the 898 00:48:38,120 --> 00:48:42,200 executive viewpoint come on more because I think if we can start 899 00:48:42,200 --> 00:48:44,480 to speak their language, that might help folks out there make 900 00:48:44,480 --> 00:48:47,480 a decision or help help them make their decisions and on how 901 00:48:47,480 --> 00:48:51,240 they want to present their investment asks right from a, 902 00:48:51,240 --> 00:48:53,480 from a identity standpoint. And that doesn't have to be just 903 00:48:53,480 --> 00:48:54,600 technology. It could be, hey, we need 904 00:48:54,600 --> 00:48:57,680 another person because I'm, I'm falling behind here, or we're 905 00:48:57,680 --> 00:49:00,120 not delivering the service we need to or it's not secure or 906 00:49:00,120 --> 00:49:02,840 whatever it may be. Yeah, I'd like to hear if they 907 00:49:02,840 --> 00:49:04,840 agree that identity's at the center. 908 00:49:04,840 --> 00:49:08,640 So if you're talking about a siso of like a Fortune 10 909 00:49:08,640 --> 00:49:12,640 company or something, we talk about identity, the center, like 910 00:49:12,760 --> 00:49:16,680 are we, are we in our echo chamber just talking to each 911 00:49:16,680 --> 00:49:19,640 other and all agreeing? I think so. 912 00:49:20,040 --> 00:49:22,720 I mean, how can we not be right? This is an identity podcast. 913 00:49:22,720 --> 00:49:24,080 We're talking about identity things. 914 00:49:24,600 --> 00:49:27,320 We're not a mass market podcast where, you know, we're the first 915 00:49:27,320 --> 00:49:30,040 thing, unfortunately, that people don't turn on, you know, 916 00:49:30,040 --> 00:49:31,880 when they're a commute for, you know, millions of people out 917 00:49:31,880 --> 00:49:33,320 there. We got a lot of listeners but 918 00:49:34,000 --> 00:49:37,560 and, and viewers, but they're they're in the identity space or 919 00:49:37,560 --> 00:49:40,000 cybersecurity, right adjacent, right, things like that. 920 00:49:40,400 --> 00:49:45,240 So there is a lot of education and training, I think to be done 921 00:49:45,240 --> 00:49:47,840 still for the the public. And I have a a real good friend 922 00:49:47,840 --> 00:49:50,280 of mine, Jay, we were talking, you know, the other night about 923 00:49:50,280 --> 00:49:52,920 MFA and he's like, you know, what's that? 924 00:49:52,920 --> 00:49:54,360 I was like, Oh yeah, yeah, this is other thing, right? 925 00:49:54,360 --> 00:49:57,280 Yeah. We take MFA for granted and 926 00:49:58,200 --> 00:50:02,720 there is not a lot of awareness at the general public level who 927 00:50:02,720 --> 00:50:05,800 are not in the space. So how do we educate those 928 00:50:05,800 --> 00:50:07,680 folks? You know, how do we, you know, 929 00:50:07,680 --> 00:50:10,320 bring them into the fold? How do we design solutions that 930 00:50:10,320 --> 00:50:14,680 are secure by design for them and usable and they don't even 931 00:50:14,680 --> 00:50:16,320 have to think about security. Should they be thinking about 932 00:50:16,320 --> 00:50:18,680 security? Maybe, maybe not. 933 00:50:19,120 --> 00:50:20,800 Is that our job as identity people to do that? 934 00:50:20,920 --> 00:50:24,480 Yes, it is. So how do we smooth that over? 935 00:50:25,840 --> 00:50:28,800 Bad answer, Jeff, you make that clip. 936 00:50:28,960 --> 00:50:30,640 I'm not going to, I'm not going to answer like that one. 937 00:50:31,880 --> 00:50:36,400 OK, why don't we go ahead and wrap up this episode with a 938 00:50:36,400 --> 00:50:39,240 lighter note from Sophie from New Zealand? 939 00:50:39,240 --> 00:50:45,160 I think this is a cool question. So if IAM was a superhero, what 940 00:50:45,160 --> 00:50:49,320 would its superpower be? So this concept of identity and 941 00:50:49,320 --> 00:50:53,480 access management has somehow taken life and is now a 942 00:50:53,480 --> 00:50:55,600 superhero. Or you know what a super 943 00:50:55,600 --> 00:50:58,520 villain, let's call it. Either way, what would the 944 00:50:58,520 --> 00:51:00,800 superpower be for that superhero or super villain? 945 00:51:01,960 --> 00:51:04,960 So we know there are, I am superheroes. 946 00:51:04,960 --> 00:51:06,760 We've run into them all the time, right? 947 00:51:06,880 --> 00:51:11,120 A lot of identity programs would just completely fall apart if it 948 00:51:11,120 --> 00:51:14,680 weren't for the superheroes. A lot of times it's because 949 00:51:15,000 --> 00:51:20,760 companies have under invested, so people have to kind of become 950 00:51:20,760 --> 00:51:25,160 superheroes and work crazy hours and things like that. 951 00:51:25,160 --> 00:51:29,760 So I'm going to talk about those people and what would be the 952 00:51:29,760 --> 00:51:33,400 special skill that would be able to take the things over the top 953 00:51:33,400 --> 00:51:35,200 for them. And it would be if they didn't 954 00:51:35,200 --> 00:51:39,480 have to sleep. So the I am superhero superpower 955 00:51:39,480 --> 00:51:44,440 would be Sleepless woman or sleepless man and they can stay 956 00:51:44,440 --> 00:51:48,560 up 24 hours a day working on I. Wow, that sounds like a really 957 00:51:48,560 --> 00:51:53,920 crappy superpower. I'm not saying I would want it, 958 00:51:55,240 --> 00:51:59,880 I'm just saying that would be the superpower that the real 959 00:51:59,880 --> 00:52:04,440 world I am superheroes was probably it was supercharged 960 00:52:04,440 --> 00:52:09,040 their ability. OK, I'm going to go with more of 961 00:52:09,040 --> 00:52:13,880 a a super villain in this state and just confusion. 962 00:52:14,840 --> 00:52:19,040 The the concept of confusion and being able to say what is I am 963 00:52:19,040 --> 00:52:23,200 really good at confusing people and befuddling them and that 964 00:52:23,200 --> 00:52:24,160 could be any number of things, right? 965 00:52:24,160 --> 00:52:26,440 It could be for the end users. They don't really know how to do 966 00:52:26,440 --> 00:52:28,080 this thing. Why do I have to put a password 967 00:52:28,080 --> 00:52:31,600 that's 8 to 20 characters can't use any special characters, 968 00:52:31,920 --> 00:52:34,240 can't have two numbers in a pattern, right? 969 00:52:34,560 --> 00:52:37,480 It's super confusing, right? Or maybe it's us and the 970 00:52:37,480 --> 00:52:40,440 identity side is like, oh, we have 80 new acronyms every year 971 00:52:40,440 --> 00:52:41,600 for all these different services. 972 00:52:41,920 --> 00:52:43,640 Did you mean this one or that one right? 973 00:52:43,640 --> 00:52:46,800 And so I think confusion is like the superpower of I am. 974 00:52:47,520 --> 00:52:52,160 And the hero opposite of that is someone who can clarify that 975 00:52:52,160 --> 00:52:56,040 confusion, someone who can distill messages down, simplify 976 00:52:56,040 --> 00:52:57,600 them to make them easily understood. 977 00:52:58,400 --> 00:53:01,800 That's the that's the opposite side of that yin Yang coin. 978 00:53:02,520 --> 00:53:08,840 Yeah, well, yeah, yeah, man. So I actually, I, the one of the 979 00:53:08,840 --> 00:53:11,880 most frustrating things to me is like, you know, you've logged 980 00:53:11,880 --> 00:53:16,960 into whatever application, say you flew an airline, but it's 981 00:53:16,960 --> 00:53:19,920 been 15 years. And so you go in and you try to 982 00:53:19,920 --> 00:53:25,160 log in and it says, sorry, you know, go ahead and reset your 983 00:53:25,160 --> 00:53:29,000 account or it doesn't. That basically doesn't recognize 984 00:53:29,000 --> 00:53:30,880 your username, your e-mail address. 985 00:53:31,240 --> 00:53:34,120 So then you go through and you try and register using that 986 00:53:34,120 --> 00:53:36,240 e-mail address. So sorry, you can't reuse an 987 00:53:36,240 --> 00:53:39,400 e-mail address. Oh my God. 988 00:53:41,160 --> 00:53:45,480 I guess I'll give you. Yeah, I I guess I will just 989 00:53:45,480 --> 00:53:48,960 register as a guest. Yeah, or the favorite 1 is like 990 00:53:48,960 --> 00:53:51,640 you can't, you know, you try to reset your password and you type 991 00:53:51,640 --> 00:53:54,160 it in and it won't take it and then you go, OK, well, I guess I 992 00:53:54,160 --> 00:53:56,120 have to reset my password because it's because. 993 00:53:56,120 --> 00:53:57,840 You can't reuse your. Right. 994 00:53:57,840 --> 00:53:59,960 And then say oh you can't, your password can't be the same as 995 00:53:59,960 --> 00:54:00,920 the current password. Like what? 996 00:54:01,680 --> 00:54:03,880 Yeah, that's a there's a meme out there for that. 997 00:54:03,880 --> 00:54:06,400 And it's like the guy with all the numbers flying around the 998 00:54:06,400 --> 00:54:08,800 said, yeah, that's, that's pretty good. 999 00:54:09,080 --> 00:54:12,160 So there you go. That is the I am confusion 1000 00:54:12,280 --> 00:54:15,240 supervillain striking again. Like what is going on here? 1001 00:54:15,600 --> 00:54:18,920 Why doesn't this make sense? So hopefully other I am heroes 1002 00:54:18,920 --> 00:54:20,720 come in to save the day and clarify things. 1003 00:54:21,920 --> 00:54:24,760 OK, well, I want to thank all of our listeners who sent that 1004 00:54:24,760 --> 00:54:26,240 stuff in. We, you know, we get a lot of 1005 00:54:26,240 --> 00:54:27,640 messages. We try to respond to the ones we 1006 00:54:27,640 --> 00:54:29,680 can, some of the ones we save up for episodes like this. 1007 00:54:29,680 --> 00:54:33,480 So I think we're already at like maybe 2, maybe 3 mailbags for 1008 00:54:33,480 --> 00:54:36,480 this year, which is great. I'd much rather answer questions 1009 00:54:37,160 --> 00:54:40,120 from people than, you know, try to come up with something 1010 00:54:40,120 --> 00:54:43,200 innovative every week because this is the real world of I am. 1011 00:54:43,200 --> 00:54:45,040 So it's like, all right, well, we're going to have those 1012 00:54:45,040 --> 00:54:46,880 conversations as well, but let's hear from people and what are 1013 00:54:46,880 --> 00:54:48,760 the challenges or what are they, you know, want our viewpoints on 1014 00:54:48,760 --> 00:54:51,040 and stuff like that. And, you know, our opinions can 1015 00:54:51,040 --> 00:54:52,880 certainly change. And I'm sure if we look back on 1016 00:54:52,880 --> 00:54:55,440 the podcast, it's the time. Cancel as you like to say, Jim, 1017 00:54:55,880 --> 00:54:57,840 you know, in 10 years from now, they're like, oh, can't believe 1018 00:54:57,840 --> 00:54:59,080 you guys were talking about that kind of stuff. 1019 00:54:59,080 --> 00:55:03,320 What Cavemen. All right, so let's go ahead and 1020 00:55:03,320 --> 00:55:04,920 leave it there. Let's see. 1021 00:55:04,920 --> 00:55:09,720 Visit the show on the web, IDC podcast.com, like and subscribe. 1022 00:55:09,720 --> 00:55:13,120 That is super helpful for us. Share it with folks out there. 1023 00:55:14,040 --> 00:55:16,520 Visit our YouTube channel, like and subscribe that as well. 1024 00:55:16,520 --> 00:55:20,480 I noticed our YouTube shorts have kind of taken on a life and 1025 00:55:20,800 --> 00:55:22,320 yeah, maybe that's better format for YouTube. 1026 00:55:22,320 --> 00:55:25,040 We'll always have our full episodes up there, but you know, 1027 00:55:25,040 --> 00:55:28,520 we try to have somewhere between one and three minute clips there 1028 00:55:28,560 --> 00:55:30,920 that we that we do for each episode throughout the week. 1029 00:55:31,360 --> 00:55:36,720 And then send us your comments, thoughts, prayers, wishes, 1030 00:55:36,920 --> 00:55:39,280 curses, whatever, you know, send us out on LinkedIn. 1031 00:55:39,520 --> 00:55:41,320 Jim and I was happy to connect with folks out there. 1032 00:55:41,760 --> 00:55:45,040 And yeah, so with that, we'll go ahead and leave it for this 1033 00:55:45,040 --> 00:55:47,160 week. Thank you for watching and or 1034 00:55:47,160 --> 00:55:49,520 listening and we'll talk with you all in the next one. 1035 00:55:51,880 --> 00:55:54,840 You've been listening to Identity at the Center. 1036 00:55:55,160 --> 00:55:59,280 We hope you've enjoyed the show. Make sure to like, rate and 1037 00:55:59,280 --> 00:56:02,920 review, and we'll be back soon. But in the meantime, hit the 1038 00:56:02,920 --> 00:56:06,320 website at identity@thecenter.com. 1039 00:56:06,920 --> 00:56:11,000 See you next time on Identity at the Center.