1 00:00:05,300 --> 00:00:10,800 This is identity at the center. If it has anything to do with I 2 00:00:10,800 --> 00:00:18,000 am this is the go-to podcast. Now your host Jim McDonald and 3 00:00:18,000 --> 00:00:22,800 Jeff Stedman Welcome to the identity of the sender podcast. 4 00:00:22,800 --> 00:00:23,900 I'm Jeff. And that's Jim. 5 00:00:23,900 --> 00:00:25,500 Hey, Jim. Hey, Jeff, how are you? 6 00:00:25,600 --> 00:00:28,100 Oh, not too bad yourself. I'm doing fantastic man, and 7 00:00:28,100 --> 00:00:30,600 I've survived last night tonight. 8 00:00:30,600 --> 00:00:32,400 We've got karaoke, are you ready? 9 00:00:32,700 --> 00:00:33,500 Well, i'mi'm? Ready? 10 00:00:33,500 --> 00:00:35,000 Because I'm just gonna be sitting there watching. 11 00:00:35,400 --> 00:00:39,300 Yeah, well, I have to make sure that I don't end up as horse at 12 00:00:39,300 --> 00:00:42,500 the end of today, doing a lot of recording you over here at 13 00:00:42,500 --> 00:00:46,200 identify worse. And by the way, you know, we're 14 00:00:46,200 --> 00:00:47,900 doing this Nostradamus week idea. 15 00:00:47,900 --> 00:00:49,100 I think it's been going really well. 16 00:00:49,100 --> 00:00:50,700 What do you think? Yeah, I've got some good. 17 00:00:50,800 --> 00:00:52,400 Predictions. We've had some great guests. 18 00:00:52,400 --> 00:00:54,300 We've got another one. Today we'll get to in a second. 19 00:00:55,200 --> 00:00:59,900 It's interesting to see identify worse this year, a ice there 20 00:01:00,100 --> 00:01:02,100 decentralized identity. It seems like all the future 21 00:01:02,100 --> 00:01:07,400 stuff is starting to become more prevalent as topics within 22 00:01:07,500 --> 00:01:11,200 things but there's a lot of new speakers to like that. 23 00:01:11,200 --> 00:01:13,400 People just haven't seen before which has been pretty cool. 24 00:01:13,400 --> 00:01:15,800 So I'm digging that. Yeah you know I think 25 00:01:15,800 --> 00:01:18,500 everybody's like real open and networking here as well. 26 00:01:18,500 --> 00:01:22,500 So all those new speakers there Like we're talking about before. 27 00:01:22,500 --> 00:01:27,100 Like you, you can learn so much from these individuals who are 28 00:01:27,100 --> 00:01:29,400 out there in the real world. Just like our listeners 29 00:01:30,300 --> 00:01:34,300 implementing identity and access management Technologies, and 30 00:01:34,800 --> 00:01:37,300 they just have so much knowledge to share. 31 00:01:37,300 --> 00:01:40,400 And I think what's great about our industry is that people are 32 00:01:40,400 --> 00:01:42,600 so willing to share that that knowledge. 33 00:01:42,900 --> 00:01:44,600 Yes definitely. That is like one of my 34 00:01:44,607 --> 00:01:46,800 highlights for sure. I think I mentioned that in our 35 00:01:46,800 --> 00:01:49,600 conversation, we talked about Andre Durand yesterday. 36 00:01:49,600 --> 00:01:52,500 I think I came up during that So, yeah, yeah, it's good times. 37 00:01:52,900 --> 00:01:56,600 Yeah, and by the way, I didn't point this out, but he was one 38 00:01:56,600 --> 00:01:59,400 of the few people who said, I chose identity. 39 00:02:00,400 --> 00:02:03,500 Yeah, he absolutely did. It's a rare bird. 40 00:02:03,500 --> 00:02:05,700 But yeah. Well it's just also to think 41 00:02:05,700 --> 00:02:08,600 about like, you know, paying idea in the size of PID and he's 42 00:02:08,600 --> 00:02:11,700 like talking about like his first day was just him as in 43 00:02:11,700 --> 00:02:14,000 boxes. Empty and he had no emails that 44 00:02:14,400 --> 00:02:16,400 you know I just picture that my head. 45 00:02:16,400 --> 00:02:19,200 I'm like that is absolutely insane. 46 00:02:19,200 --> 00:02:20,800 It's funny. You know, everyone talks about 47 00:02:21,000 --> 00:02:23,100 Inbox zero, and you're crazy inbox and stuff like that and 48 00:02:23,100 --> 00:02:25,400 some people thrive on that and some people like, oh my gosh, I 49 00:02:25,408 --> 00:02:27,600 have way too many emails when you're gonna get done. 50 00:02:27,600 --> 00:02:30,400 It's interesting that see the dichotomy between the two. 51 00:02:30,900 --> 00:02:33,700 It's like people who keep a clean inbox or have nothing 52 00:02:34,100 --> 00:02:37,400 versus an inbox is just jam-packed with stuff. 53 00:02:37,600 --> 00:02:41,800 Yeah, so I had a client, I won't identify who it was, but he had 54 00:02:41,800 --> 00:02:45,800 gotten so far behind on his email that he quote, unquote, 55 00:02:45,800 --> 00:02:49,600 declared email bankruptcy. So that meant if you emailed me 56 00:02:49,600 --> 00:02:51,600 and you're expecting your Response. 57 00:02:51,600 --> 00:02:53,900 You will not be getting a response from that email. 58 00:02:53,900 --> 00:02:57,000 So you need to email me again. It's like the big reset button. 59 00:02:57,000 --> 00:02:59,300 It's a big reset. Yeah, kind of wish you could do 60 00:02:59,300 --> 00:03:03,600 that for few different things. All right. 61 00:03:03,600 --> 00:03:04,900 Why don't we get to our guest for today? 62 00:03:04,900 --> 00:03:07,000 She's very, very gracious to gift us. 63 00:03:07,000 --> 00:03:09,200 Some of her time. She is Gallaher Lansky. 64 00:03:09,200 --> 00:03:12,200 She's the co-founder and chief product officer at plain' ID. 65 00:03:12,200 --> 00:03:13,200 Welcome to the show. Go. 66 00:03:13,500 --> 00:03:16,000 Thank you, thank you for having me here. 67 00:03:16,000 --> 00:03:19,100 Yes, you're all the way coming from Tel Aviv Israel. 68 00:03:19,200 --> 00:03:22,400 Yes, I were suffering. Various versions of jet. 69 00:03:22,400 --> 00:03:24,100 Lag. Yours is probably little bit 70 00:03:24,108 --> 00:03:27,600 worse than mine it at this point, but this is the first 71 00:03:27,600 --> 00:03:30,200 time you've been on the show and we like to learn more about 72 00:03:30,200 --> 00:03:33,300 about identity origin stories. I actually met you several years 73 00:03:33,300 --> 00:03:36,500 ago, I think when playing Eddie was just kind of starting out 74 00:03:36,700 --> 00:03:38,800 and it seems like you guys have grown quite a bit since then. 75 00:03:38,800 --> 00:03:41,000 Yes, we have. So this is a conversation that's 76 00:03:41,000 --> 00:03:43,800 definitely worth worth having and has been probably long 77 00:03:43,800 --> 00:03:46,500 overdue before we get to that, though. 78 00:03:47,200 --> 00:03:49,300 How did you get into the identity and access management 79 00:03:49,300 --> 00:03:50,900 space? Is it something that you You 80 00:03:50,908 --> 00:03:55,300 chose or did it Choose You? Well I think it shows me 81 00:03:55,300 --> 00:04:01,500 actually I you know, I started studying physics, not even 82 00:04:01,500 --> 00:04:03,900 computer science. I did combine it a bit with 83 00:04:03,900 --> 00:04:08,500 computer science but once I, you know, in Israel does the 84 00:04:08,900 --> 00:04:12,200 military service that we are doing right after that. 85 00:04:12,500 --> 00:04:16,200 I started working for a company called mem Co not sure if are, 86 00:04:16,600 --> 00:04:20,100 you know, when core but it was one of the first cyber security 87 00:04:20,100 --> 00:04:23,800 companies in Well, and they invented single sign-on. 88 00:04:24,200 --> 00:04:27,400 So maybe, you know, some of the other names of that product such 89 00:04:27,400 --> 00:04:31,800 as proxy, mices. So control is say, and so on. 90 00:04:32,900 --> 00:04:37,400 So that's how I started my. I am Journey after that, I 91 00:04:37,400 --> 00:04:40,200 joined cyber log, which you probably all know, right? 92 00:04:40,300 --> 00:04:45,800 So again and identity company and form, they'll that was my 93 00:04:45,800 --> 00:04:50,500 primary focus security, identity and access management and now 94 00:04:50,500 --> 00:04:53,000 plane Eid. So for those who aren't familiar 95 00:04:53,000 --> 00:04:56,500 with plain' ID, the authorization company I believe, 96 00:04:57,500 --> 00:05:00,200 tell us about it. Give us like what's the 32nd? 97 00:05:00,300 --> 00:05:03,000 62nd hallway? Identifiers pitch if somebody's 98 00:05:03,000 --> 00:05:05,200 like, oh, what have I done? You know, what is what is plain? 99 00:05:05,200 --> 00:05:06,900 I do put in a dee doo. Yeah. 100 00:05:06,900 --> 00:05:10,600 So, plain idea is, there's always action company or thighs, 101 00:05:10,600 --> 00:05:14,800 ation is connecting identities to digital assets, right? 102 00:05:15,000 --> 00:05:19,300 We enable organizations to manage to control Ortho ization 103 00:05:19,300 --> 00:05:24,200 policies in a Assistant way a centralized way and enforce dose 104 00:05:24,200 --> 00:05:27,600 of the relation policies in the different Technologies which 105 00:05:27,600 --> 00:05:31,800 organizations have today whether those are applications apis, 106 00:05:31,800 --> 00:05:38,200 Michael services, and data, so that the 30 seconds about of the 107 00:05:38,200 --> 00:05:40,900 relations, but we are going to talk more about that, right? 108 00:05:40,900 --> 00:05:42,300 Yeah. We're going to get into P back a 109 00:05:42,300 --> 00:05:46,400 back, our back, all the backs, I'm sure authorizations are 110 00:05:46,400 --> 00:05:50,700 really hard to do cross application cross. 111 00:05:50,800 --> 00:05:52,500 Loud. I'd love to get a little more 112 00:05:52,500 --> 00:05:55,500 about how you kind of approach that before we get to that. 113 00:05:55,500 --> 00:05:57,700 We were kind of talking a little bit before we hit record here 114 00:05:57,700 --> 00:06:00,900 around introductions and say, okay, we've got gal, she's the, 115 00:06:01,000 --> 00:06:05,400 You Know, Chief product officer, but you're also do CTO work as 116 00:06:05,400 --> 00:06:06,900 well. And you kind of had this 117 00:06:06,900 --> 00:06:09,100 interesting spin, which I totally like get. 118 00:06:09,100 --> 00:06:12,300 It makes, though it makes sense. I was originally going to 119 00:06:12,300 --> 00:06:16,200 introduce you as CT o /c p 0 product officer, no privacy 120 00:06:16,300 --> 00:06:19,600 C-3PO. Yes, a very, but she had this 121 00:06:19,600 --> 00:06:23,400 interesting response. Why did you ask, why do we 122 00:06:23,400 --> 00:06:26,200 settle on the introduction of Chief product officer and that 123 00:06:26,200 --> 00:06:27,400 both? Yeah. 124 00:06:27,400 --> 00:06:32,400 So I believe that Paul actually did technology and not the other 125 00:06:32,400 --> 00:06:34,200 way around. Eventually we are building 126 00:06:34,200 --> 00:06:39,000 products for our customers. We are not throwing technology 127 00:06:39,000 --> 00:06:41,200 on them that they can't really use. 128 00:06:41,600 --> 00:06:45,700 And that's why. I believe product should be the 129 00:06:45,700 --> 00:06:50,700 primary focus product should be using the technology options. 130 00:06:50,800 --> 00:06:53,600 Which are available to the best way it is. 131 00:06:54,400 --> 00:06:56,600 It is possible and not the other way around. 132 00:06:56,600 --> 00:07:01,200 You can just get in love with technology and then try to turn 133 00:07:01,200 --> 00:07:03,700 it into a product. I think it should be the other 134 00:07:03,700 --> 00:07:07,200 way around because sometimes you need to choose other 135 00:07:07,200 --> 00:07:09,200 technologies that can better fit. 136 00:07:09,200 --> 00:07:12,800 What your customers are actually asking, I love that connection 137 00:07:13,300 --> 00:07:17,700 between customer requirements. Customer needs to the technology 138 00:07:17,700 --> 00:07:19,500 that can address them in the best way. 139 00:07:20,000 --> 00:07:22,900 So, Give a standing ovation. I would because I love the idea 140 00:07:22,900 --> 00:07:26,700 of identity as a product, even if even if you are a product 141 00:07:26,700 --> 00:07:29,300 company even within an organization identity, is a 142 00:07:29,308 --> 00:07:33,100 product that you're serving to your constituents employees 143 00:07:33,100 --> 00:07:35,200 vendors, consumers, whatever it may be. 144 00:07:35,200 --> 00:07:38,200 So yeah, I don't have my son works here but standing 145 00:07:38,200 --> 00:07:39,900 Applause. I like that concept, Jeff. 146 00:07:39,900 --> 00:07:42,700 I mean, you're putting together product and if nobody's buying 147 00:07:42,700 --> 00:07:45,200 it, that ought to be an indication that it doesn't have 148 00:07:45,200 --> 00:07:48,000 a lot of value or something's wrong, right? 149 00:07:48,000 --> 00:07:50,500 They, it could be value. Could be awareness, maybe you've 150 00:07:50,500 --> 00:07:54,100 got Got wrong assumptions but yeah, nobody builds something 151 00:07:54,100 --> 00:07:56,900 and hopes, it doesn't get used except maybe Disaster Recovery. 152 00:07:57,200 --> 00:07:58,600 It's kind of a weird way but yeah. 153 00:07:58,600 --> 00:07:59,700 Right. I get where you're going with 154 00:07:59,700 --> 00:08:02,900 it. Yeah, so so gal, you're the 155 00:08:02,900 --> 00:08:07,000 co-founder of plain' ID and you talked a lot about P back. 156 00:08:07,100 --> 00:08:11,000 Can you give us an overview of what P back is? 157 00:08:11,200 --> 00:08:14,500 Yes, I'm going to start with what provoked is not be work, is 158 00:08:14,500 --> 00:08:18,300 not marketing, just marketing. You know, some people might 159 00:08:18,300 --> 00:08:22,500 argue but I do want to emphasize It hasn't been development. 160 00:08:22,500 --> 00:08:27,700 In that phase p Bach is a way to manage authorization, policies. 161 00:08:27,700 --> 00:08:30,100 That's pee bucket management method. 162 00:08:30,200 --> 00:08:34,000 And if you look at how this space has evolved, it started 163 00:08:34,000 --> 00:08:37,299 with ACLS. We all know ACLS, right? 164 00:08:37,299 --> 00:08:40,700 Access Control list. That was the very first way. 165 00:08:40,700 --> 00:08:44,000 We started managing Authority tations and then it evolved into 166 00:08:44,000 --> 00:08:49,100 a wall based Access Control to try and simplify how we manage 167 00:08:49,100 --> 00:08:53,100 authorization that. Ended up in Roll Explosion. 168 00:08:53,100 --> 00:08:57,100 We are also all familiar with that a buck attribute based 169 00:08:57,100 --> 00:08:59,400 Access Control. Try to maybe. 170 00:08:59,400 --> 00:09:04,600 So some of those challenges, a buckets, eventually the method 171 00:09:04,600 --> 00:09:09,600 of leveraging attributes from the identity and the acetyl, the 172 00:09:09,600 --> 00:09:13,800 result identities, trying to access defining, the combining 173 00:09:13,800 --> 00:09:16,700 relationship between them, and then making decisions based on 174 00:09:16,700 --> 00:09:19,300 that. But it did also lacks some 175 00:09:19,300 --> 00:09:22,200 stuff. It was very It wasn't it didn't 176 00:09:22,200 --> 00:09:25,700 include all the posters which are required and then came 177 00:09:25,700 --> 00:09:28,500 p'burg and feedback is not a replacement. 178 00:09:28,500 --> 00:09:30,800 I mean, it's very important to understand P. 179 00:09:30,800 --> 00:09:35,400 Work is a method of management. It includes yes. 180 00:09:35,400 --> 00:09:39,100 A book policies is obviously travel injure attributes, but it 181 00:09:39,100 --> 00:09:43,500 also uses Roars Roars is just another attribute of the 182 00:09:43,500 --> 00:09:47,100 identity. We can't throw away roles. 183 00:09:47,200 --> 00:09:50,400 We can't do it because we don't know anything everything about 184 00:09:50,400 --> 00:09:51,300 the idea. Entity. 185 00:09:51,700 --> 00:09:56,400 So that's really P. Back one business policies life 186 00:09:56,400 --> 00:10:00,600 cycle of how policy should be handled within the organization 187 00:10:00,600 --> 00:10:05,400 and then enforcement different methods because so many 188 00:10:05,400 --> 00:10:07,600 Technologies are out there. Can you give an example? 189 00:10:07,600 --> 00:10:12,500 Because I do think that, I don't think people confuse P back with 190 00:10:12,500 --> 00:10:14,900 our backs so much. I think people have that concept 191 00:10:14,900 --> 00:10:19,000 down but P back in a back. And I think you pointed that out 192 00:10:19,000 --> 00:10:20,700 as people think it's the same thing. 193 00:10:21,200 --> 00:10:24,500 Can you give an example of P back that will kind of highlight 194 00:10:24,900 --> 00:10:26,500 that difference. Yes. 195 00:10:26,500 --> 00:10:30,700 So a book started as a velly technically notion. 196 00:10:30,700 --> 00:10:35,000 Let's leverage attributes. To Define connections between 197 00:10:35,000 --> 00:10:36,700 identities and assets. Right? 198 00:10:36,700 --> 00:10:40,000 That's a box. That's very clear, but it 199 00:10:40,000 --> 00:10:44,800 doesn't include the processes. Eventually we know authorities 200 00:10:44,800 --> 00:10:46,500 ation. Should be governed. 201 00:10:46,900 --> 00:10:50,100 Should be audited. Should be managed as a lifecycle 202 00:10:50,100 --> 00:10:52,600 to all of that. That and that is what P back 203 00:10:52,600 --> 00:10:56,600 brings to the table. The policy is not just a 204 00:10:56,600 --> 00:10:59,700 technical tool. It's also a business 205 00:10:59,700 --> 00:11:03,500 representation of the decision, the organization wants to 206 00:11:03,500 --> 00:11:05,500 implement within their systems, right? 207 00:11:05,500 --> 00:11:08,400 So it needs to be expressed in that way. 208 00:11:08,400 --> 00:11:11,700 It needs to go through a life cycle through the, through the 209 00:11:11,700 --> 00:11:15,900 processes of the organization development staging staging 210 00:11:15,900 --> 00:11:18,500 production. How that looks like, right? 211 00:11:19,700 --> 00:11:23,500 It needs to have some Kind of review process simulation. 212 00:11:23,500 --> 00:11:28,100 Maybe those are all elements of the policy system that the 213 00:11:29,100 --> 00:11:33,500 organization I think. So, shout out to Paul volution 214 00:11:33,800 --> 00:11:35,800 friend of the show, one of your employees. 215 00:11:35,800 --> 00:11:39,900 They're playing an ID and he actually made the introduction 216 00:11:40,200 --> 00:11:45,200 to get you here today. But he had given me a demo and 217 00:11:45,300 --> 00:11:49,900 kind of one of my big takeaways was that you know the P back 218 00:11:49,900 --> 00:11:53,300 system could Pull data attributes that were maybe 219 00:11:53,300 --> 00:11:59,400 traditionally, identity data or they're not like in your ldap 220 00:11:59,400 --> 00:12:02,000 right there. You can pull this data and start 221 00:12:02,000 --> 00:12:05,900 to build an Uber profile of a person. 222 00:12:06,100 --> 00:12:10,100 Now, apply the policy to it and now you've got something that's, 223 00:12:10,600 --> 00:12:14,400 you know, a force multiplier if you will exactly it. 224 00:12:14,400 --> 00:12:17,700 Sits on top of all those attributes that are being pulled 225 00:12:17,700 --> 00:12:21,000 about both the identity, by the way, and the acetate To 226 00:12:21,000 --> 00:12:25,000 destroying to access. So leveraging, both sides in 227 00:12:25,000 --> 00:12:27,500 order to make the decision. Yeah. 228 00:12:27,700 --> 00:12:30,500 Where does p back fit from a strategy perspective? 229 00:12:30,500 --> 00:12:33,600 Because I see a lot of organizations struggle with 230 00:12:33,600 --> 00:12:36,900 rolls just in general, like, oh, we want to be a man are back, 231 00:12:37,700 --> 00:12:39,500 you know, shop, for lack of a better word. 232 00:12:40,000 --> 00:12:44,200 And they get some percentage of the way down the journey. 233 00:12:44,700 --> 00:12:49,200 And then they stopped making progress if I'm going into a 234 00:12:49,200 --> 00:12:51,800 green field situation where We really haven't started anything 235 00:12:51,800 --> 00:12:53,700 yet. I've always been more of a fan 236 00:12:53,700 --> 00:12:57,000 of the attribute base side of things, because I feel like it's 237 00:12:57,000 --> 00:13:01,600 a little easier to start up setup because he was okay. 238 00:13:01,600 --> 00:13:03,400 Well, what are some key attributes? 239 00:13:03,400 --> 00:13:05,600 Are you an employee or you not an employee, okay? 240 00:13:05,600 --> 00:13:08,000 Well, if you're an employee, you get this. 241 00:13:08,100 --> 00:13:10,800 And now, we've got some sort of Access Control like that and 242 00:13:10,800 --> 00:13:13,200 maybe you start to combine a few different attributes and for a 243 00:13:13,208 --> 00:13:16,200 long time, I'm glad Jen, Jim asked the question because I 244 00:13:16,200 --> 00:13:18,800 thought a back could be back where the same thing it was just 245 00:13:19,100 --> 00:13:21,900 pee back was the marketing term and Is I don't know a back 246 00:13:21,900 --> 00:13:23,100 wasn't sexy enough, I don't know. 247 00:13:24,100 --> 00:13:26,400 But as I've said, you know, learn more over the years. 248 00:13:26,400 --> 00:13:30,900 It's like, okay I get it if I'm going into an organization and I 249 00:13:30,908 --> 00:13:34,800 have not yet taken the journey towards any sort of consistent 250 00:13:34,800 --> 00:13:38,400 access control method. Any of the backs could I start 251 00:13:38,400 --> 00:13:41,400 with policy based Access Control P back or are there 252 00:13:41,400 --> 00:13:45,300 prerequisites to be able to be successful for a policy 253 00:13:45,300 --> 00:13:48,600 standpoint versus attribute or role-based perspective? 254 00:13:49,000 --> 00:13:51,000 Yes. Oh, I think you should dealt 255 00:13:51,000 --> 00:13:52,700 with policy based access control. 256 00:13:52,700 --> 00:13:56,500 I think it is a core component of any modernized. 257 00:13:56,500 --> 00:14:01,200 I am infrastructure but you know, you need to understand. 258 00:14:01,200 --> 00:14:04,500 You can't do without holes and they'll explain. 259 00:14:04,500 --> 00:14:06,200 Okay? You give an excuse, you gave an 260 00:14:06,200 --> 00:14:12,600 example where you're leveraging HR data to make decisions, but 261 00:14:12,600 --> 00:14:15,400 it's not enough, right? We can't make all the decisions 262 00:14:15,400 --> 00:14:18,900 just to on what HR knows. And we all will also understand 263 00:14:18,900 --> 00:14:22,700 that HR Doesn't get it. Always right. 264 00:14:23,400 --> 00:14:27,300 No come on I don't hate has always pristine and never needs 265 00:14:27,300 --> 00:14:28,700 to be cleaned. You know. 266 00:14:28,700 --> 00:14:31,500 I was also thinking of a scenario like let's say you 267 00:14:31,500 --> 00:14:35,400 wanted to have an authorization based on, you know, you can only 268 00:14:35,400 --> 00:14:39,100 access this if you have more than a hundred thousand dollars 269 00:14:39,100 --> 00:14:41,300 of assets under management, right? 270 00:14:41,300 --> 00:14:44,100 Well that's not data that you would want, you wouldn't want 271 00:14:44,100 --> 00:14:47,500 the person's account balance, in your, I am system, where you'd 272 00:14:47,500 --> 00:14:51,100 want the ability to apply that rule, they get the Access 273 00:14:51,100 --> 00:14:53,600 because yes or no. Hmm, right? 274 00:14:53,900 --> 00:14:56,700 Yes, exactly, exactly. And that's, that's another key 275 00:14:56,700 --> 00:14:59,900 component, which needs to be to be not. 276 00:14:59,900 --> 00:15:03,600 Well, known, right? Pivec is not just about those 277 00:15:03,600 --> 00:15:07,800 Dynamic, fine-grained decisions. Eventually authorizations are 278 00:15:07,800 --> 00:15:11,600 not implemented, just one way there. 279 00:15:11,600 --> 00:15:15,500 So many ways of authorizations are implemented today and even 280 00:15:15,500 --> 00:15:19,400 if we want for standard to be out there, it would take some 281 00:15:19,400 --> 00:15:24,200 time if at all All we need to be able to manage authorizations 282 00:15:24,200 --> 00:15:28,300 for application Level security. We need to do the same for apis 283 00:15:28,700 --> 00:15:35,000 for microservices for data and we can't say one fits, all 284 00:15:35,000 --> 00:15:38,700 right, doesn't work that way. That's the advantage of P back. 285 00:15:38,700 --> 00:15:43,700 They enable you to manage the decisions in a consistent way. 286 00:15:43,700 --> 00:15:48,500 Regardless, if it is for data Access Control, API Access 287 00:15:48,500 --> 00:15:50,600 Control, Michael service, Access Control. 288 00:15:50,700 --> 00:15:52,200 All. And that's important. 289 00:15:52,200 --> 00:15:56,900 That is a key component P. Back does not enforce technology 290 00:15:57,400 --> 00:16:00,500 P. Back is a method of management 291 00:16:00,500 --> 00:16:03,700 with many options of enforcement. 292 00:16:04,100 --> 00:16:06,600 All right, I'm going to post a little bit into a rabbit hole 293 00:16:06,600 --> 00:16:08,800 but all that on, I promise I'll stop. 294 00:16:09,100 --> 00:16:12,500 But I would imagine a scenario where it let's take that 295 00:16:12,500 --> 00:16:14,600 example. I had where, you know, people 296 00:16:14,600 --> 00:16:18,800 can only access a certain portal if they have a hundred thousand 297 00:16:18,800 --> 00:16:22,800 dollars under management, So assumably that would be some 298 00:16:22,800 --> 00:16:26,300 kind of like web service call to some system that would say you 299 00:16:26,300 --> 00:16:29,000 know Jim has the assets or he doesn't have the assets. 300 00:16:29,000 --> 00:16:34,000 Ideally that's in real time but you can see the potential hang 301 00:16:34,000 --> 00:16:39,100 up if that's in real time. So you have to probably stage 302 00:16:39,100 --> 00:16:43,100 that data which is always like why virtual directories existed 303 00:16:43,100 --> 00:16:45,600 in the first place, right? So I would imagine that's one of 304 00:16:45,600 --> 00:16:48,900 the real challenges when it comes to authorization is like 305 00:16:48,900 --> 00:16:53,800 okay, how often do I have refresh this my data that I'm 306 00:16:53,800 --> 00:16:56,000 going to base this policy decision on. 307 00:16:56,000 --> 00:16:59,600 Yeah, absolutely. And you know what, that's how we 308 00:16:59,600 --> 00:17:03,200 used to do authorizations. But now I believe you would find 309 00:17:03,200 --> 00:17:06,900 our more advanced ways. There are actually four patterns 310 00:17:06,900 --> 00:17:09,599 to authorities ations and and that's also, I don't know if 311 00:17:09,599 --> 00:17:14,900 it's a well, known fact. But in the old standards, there 312 00:17:14,900 --> 00:17:18,599 was just permit to deny. So you could ask that question. 313 00:17:18,599 --> 00:17:22,700 Can I approve this transaction? Chen which is more or less than 314 00:17:22,700 --> 00:17:24,700 1 million dollars and get a. Yes, no. 315 00:17:25,000 --> 00:17:28,300 But that's really inefficient and you need to go leafless your 316 00:17:28,300 --> 00:17:31,200 data over and over again. Right today. 317 00:17:31,200 --> 00:17:34,700 There are more patterns for, like, I mentioned patterns for 318 00:17:34,700 --> 00:17:36,900 authorizations in addition to permitting. 319 00:17:36,900 --> 00:17:41,200 I we also have entitlement resolution, which is an 320 00:17:41,200 --> 00:17:44,500 open-ended question, right? What are the least of 321 00:17:44,900 --> 00:17:47,700 capabilities? A user can do within this 322 00:17:47,700 --> 00:17:50,300 session. People might even consider that 323 00:17:50,300 --> 00:17:55,200 as Log in time or so ization, to support a, the authorities, 324 00:17:55,200 --> 00:17:59,500 ation spell, a login session. There's also a resource 325 00:17:59,500 --> 00:18:02,500 resolution or asset resolution, which is the same way. 326 00:18:02,500 --> 00:18:06,200 Same question, into the wealth Pearl, a specific asset. 327 00:18:06,200 --> 00:18:10,100 What al-essawi idea user resolution is called what are 328 00:18:10,100 --> 00:18:14,600 the list of users per asset under the most interesting one? 329 00:18:14,600 --> 00:18:18,000 Which is, I think the answer to the example you gave it's called 330 00:18:18,000 --> 00:18:22,500 policy resolution and this is This decision is that handles 331 00:18:22,500 --> 00:18:26,300 data because you do not have to ask a pill meeting I per 332 00:18:26,300 --> 00:18:28,200 transaction, you don't need to do that. 333 00:18:28,500 --> 00:18:32,300 You need to put your controls in that case on the data 11 and 334 00:18:32,300 --> 00:18:37,900 therefore the data which user can see is only the data, the 335 00:18:37,900 --> 00:18:43,200 policy enables him to see not by transaction by by filtering the 336 00:18:43,200 --> 00:18:48,100 data, the user can actually access implementing those within 337 00:18:48,100 --> 00:18:52,000 your overall architecture provides It's you the best 338 00:18:52,000 --> 00:18:55,000 authorization solution and obviously Security in place. 339 00:18:55,500 --> 00:19:00,800 So that gives a good background. I think of P back and what it is 340 00:19:00,800 --> 00:19:03,000 today, right? We talked about going to talk 341 00:19:03,000 --> 00:19:06,000 about how things are going to be in the future and one of the 342 00:19:06,000 --> 00:19:11,100 things that I'd like to know would be, do you see p back over 343 00:19:11,100 --> 00:19:16,100 taking our back in the future and let me just before you start 344 00:19:16,100 --> 00:19:19,300 answering that? I feel like, I don't know if 345 00:19:19,300 --> 00:19:23,300 Jeff really agrees with this because we kind of got into it 346 00:19:23,300 --> 00:19:27,700 on, on this topic before, but I think that the popularity of our 347 00:19:27,700 --> 00:19:32,400 back is what it is, because people understand it. 348 00:19:32,600 --> 00:19:38,200 I've got this role and I put people in the role and then they 349 00:19:38,200 --> 00:19:42,100 get this access. I get that or if it's a dynamic 350 00:19:42,100 --> 00:19:44,900 role. It's, you know, I take the data 351 00:19:44,900 --> 00:19:46,700 and my plug-in, I understand that. 352 00:19:46,700 --> 00:19:50,300 All right. And it's audible a my orders, 353 00:19:50,300 --> 00:19:53,400 like it. Now, I think Pete back 354 00:19:53,400 --> 00:19:54,800 challenge. I think it's much stronger. 355 00:19:54,800 --> 00:19:56,600 I think it has much more capabilities. 356 00:19:57,300 --> 00:19:59,000 I don't think people understand, right. 357 00:19:59,000 --> 00:20:02,300 We're here on the identity, the center podcast, and I'm learning 358 00:20:02,300 --> 00:20:04,000 a lot. Just listening to you, I'm 359 00:20:04,000 --> 00:20:06,700 learning a lot. So how's the data? 360 00:20:06,800 --> 00:20:10,500 How does this information get out there and no bring it back 361 00:20:10,500 --> 00:20:13,200 to the simple question? Do you see p back? 362 00:20:13,200 --> 00:20:15,300 Overtaking are back in the future. 363 00:20:16,200 --> 00:20:19,500 So no, I don't and also I want to emphasize. 364 00:20:19,500 --> 00:20:23,500 This is not a wall between 5:00 and a buckle Arabic. 365 00:20:23,800 --> 00:20:28,100 They are all needed in order to support the advanced 366 00:20:28,100 --> 00:20:30,700 authorization requirements organization have today. 367 00:20:31,000 --> 00:20:33,800 Let's let me go back to the example you provided. 368 00:20:33,900 --> 00:20:38,100 Yes, you are assigning a role to a user and that simple to 369 00:20:38,100 --> 00:20:41,200 understand. But now let's ask the question. 370 00:20:41,700 --> 00:20:45,500 What does that wall entitle the user to do? 371 00:20:46,200 --> 00:20:48,800 Who makes that decision. You are a doctor. 372 00:20:48,800 --> 00:20:50,200 Okay. What can you do? 373 00:20:50,800 --> 00:20:52,800 Can you see your patient records? 374 00:20:53,100 --> 00:20:57,400 Can you approve of some kind of subscription that is 375 00:20:57,400 --> 00:20:59,300 authorization? And that's the difference. 376 00:20:59,300 --> 00:21:02,900 And that's what needs to be understood by the broader 377 00:21:03,800 --> 00:21:06,000 audience. You still need words because you 378 00:21:06,000 --> 00:21:09,200 need to, you need to give some title or some. 379 00:21:09,300 --> 00:21:14,900 I don't know information, which is personally personally 380 00:21:14,900 --> 00:21:19,200 assigned to a user. But the decision, which is 381 00:21:19,200 --> 00:21:22,700 attached to that or the logic, which is attached to that all 382 00:21:23,100 --> 00:21:27,700 that is authorization. It takes the role and explains 383 00:21:27,700 --> 00:21:30,800 the whole to the application resources to the data to 384 00:21:30,800 --> 00:21:34,900 whatever. P back is still a concept of 385 00:21:35,200 --> 00:21:38,500 like centralization that right. I mean it's not you're not 386 00:21:38,500 --> 00:21:41,500 talking about at the app because to me it's like if you have a 387 00:21:41,500 --> 00:21:46,300 great orchestration of what you should have access to, In these 388 00:21:46,300 --> 00:21:48,200 applications. But then when you get the 389 00:21:48,200 --> 00:21:52,400 application, they have three rolls 33, you know, very simple 390 00:21:52,400 --> 00:21:54,400 levels of what you can do within the application. 391 00:21:54,400 --> 00:21:57,800 Mom getting to at least privilege models pretty 392 00:21:58,200 --> 00:21:59,800 difficult or impossible. Right? 393 00:22:00,400 --> 00:22:04,200 Well, if you just rely on laws, then, yes, but let's talk about 394 00:22:04,200 --> 00:22:06,300 least privilege. What is least privilege? 395 00:22:06,800 --> 00:22:09,100 What what what is that? What does that mean? 396 00:22:09,100 --> 00:22:15,300 It means that you can access whatever resources at a specific 397 00:22:15,300 --> 00:22:19,000 point of To begin with. You do not have access obviously 398 00:22:19,200 --> 00:22:23,500 but you'll get your gate egg getting access when you need it 399 00:22:23,500 --> 00:22:29,700 to the specific function or resource whatever right now what 400 00:22:29,700 --> 00:22:32,700 is identity first what is identity? 401 00:22:32,700 --> 00:22:36,700 Well what is zero trust and they all saying basically the same 402 00:22:36,700 --> 00:22:41,900 thing when access is made Let's understand who the user is. 403 00:22:42,200 --> 00:22:45,700 Let's make the decision if this access can be granted. 404 00:22:45,900 --> 00:22:51,100 David and to what level they are all eventually talking about the 405 00:22:51,100 --> 00:22:56,100 same concept, the same Notions access should be much more 406 00:22:56,100 --> 00:22:58,300 advanced. It should be dynamic. 407 00:22:58,300 --> 00:23:01,000 It should be smart. However, marketing terms, you 408 00:23:01,000 --> 00:23:06,500 have, you want to put on top of that, make the decision for user 409 00:23:06,900 --> 00:23:10,700 in the context of the access at the time of access. 410 00:23:11,000 --> 00:23:14,500 Obviously, we'll possible or as close to access as possible. 411 00:23:15,300 --> 00:23:17,600 Right? We make it sound so easy but 412 00:23:17,600 --> 00:23:20,400 it's hard, right? I mean, if we think about it in 413 00:23:20,408 --> 00:23:24,300 the real world of authorizations are a mess for a lot of 414 00:23:24,300 --> 00:23:25,500 companies. Yes, it is. 415 00:23:25,500 --> 00:23:28,000 Even if you just look at active directory, naming conventions, 416 00:23:28,000 --> 00:23:31,100 don't make any sense incomplete memberships are off. 417 00:23:31,100 --> 00:23:34,100 You've got nested groups. Now you start taking that 418 00:23:34,100 --> 00:23:38,200 problem and adding in every other application and trying to 419 00:23:38,200 --> 00:23:40,800 come up with. Well, what is the policy for 420 00:23:40,800 --> 00:23:47,700 someone across 20, 30, 40, 50 different Maybe this the end 421 00:23:47,700 --> 00:23:50,400 system doesn't support that granular. 422 00:23:50,700 --> 00:23:52,800 Yeah I'm an authorization standpoint most probably 423 00:23:52,800 --> 00:23:55,100 doesn't. You are absolutely right but you 424 00:23:55,100 --> 00:23:56,800 know what? That's the chicken and egg heel. 425 00:23:56,800 --> 00:23:58,300 Right. It's always like that with 426 00:23:58,300 --> 00:24:01,500 technology. Think about s is so SS. 427 00:24:01,500 --> 00:24:04,800 So today the authentication if you're saying authentication 428 00:24:04,800 --> 00:24:08,800 today, everyone in the space would it automatically think 429 00:24:08,800 --> 00:24:12,900 about IDP and open I did connect or sam'l depending where you 430 00:24:12,900 --> 00:24:15,200 are. That's given that even In a 431 00:24:15,200 --> 00:24:20,300 commodity today, but going back 10, 15 years, that was not the 432 00:24:20,300 --> 00:24:23,400 case. I still remember, trying to 433 00:24:23,400 --> 00:24:27,400 convince application owners where I where I walked to 434 00:24:27,400 --> 00:24:31,800 connect to active directory or later on to connect to whatever 435 00:24:31,800 --> 00:24:35,200 IDP I had in place, now, we don't want to speak with your 436 00:24:35,200 --> 00:24:38,300 authentication system. We have built-in authentication 437 00:24:38,300 --> 00:24:40,700 system. If your system goes down, my 438 00:24:40,700 --> 00:24:43,100 application, not available. Exactly. 439 00:24:43,200 --> 00:24:44,900 People get mad at me. They don't yell at you. 440 00:24:45,100 --> 00:24:47,700 You, they yell at me and I can't control the experience to the 441 00:24:47,700 --> 00:24:49,000 level that they think that they want to. 442 00:24:49,008 --> 00:24:53,300 That's where I mean, that's a common organizational struggle, 443 00:24:53,300 --> 00:24:57,400 where to me it's like too much decision-making has been 444 00:24:57,400 --> 00:25:01,900 delegated out to, you know, the business unit or the application 445 00:25:01,900 --> 00:25:05,600 teams where it's like, you're going to if you can't get by in 446 00:25:05,600 --> 00:25:09,600 around a simple concept, like authentication than your current 447 00:25:09,600 --> 00:25:11,800 position where you can't really push anything. 448 00:25:11,800 --> 00:25:15,400 Well, the cows point, though. Single sign-on was in the same 449 00:25:15,400 --> 00:25:17,400 boat. Exactly 18, 20 years ago, and it 450 00:25:17,400 --> 00:25:19,400 took time as it always does, right? 451 00:25:19,400 --> 00:25:23,400 We talk about cycles and yeah, some organizations are agile and 452 00:25:23,400 --> 00:25:26,800 can be and some, aren't it. Takes time to to build in that 453 00:25:26,800 --> 00:25:31,300 functionality authorizations. I don't know if I've seen as 454 00:25:31,300 --> 00:25:34,400 much of a shift towards. Yeah, we do need to build in 455 00:25:34,400 --> 00:25:37,100 more granular permissions. Sometimes you see it. 456 00:25:37,400 --> 00:25:40,100 Sometimes it's hidden behind extra licensing or subscription 457 00:25:40,100 --> 00:25:44,800 costs that SAS products like to charge extra era for a team 458 00:25:44,800 --> 00:25:46,800 license, right? Or something like that, versus 459 00:25:46,800 --> 00:25:49,200 an individual seat or something like that. 460 00:25:49,700 --> 00:25:54,100 How do we get applications to get on board with you know 461 00:25:54,100 --> 00:25:56,500 having more flexibility from an authorization standpoint to be 462 00:25:56,500 --> 00:25:58,100 able to enable stuff like this? Yeah. 463 00:25:58,100 --> 00:26:01,400 So like I said, it's a chicken and egg you need to start 464 00:26:01,400 --> 00:26:03,500 somewhere. Where would you start with the 465 00:26:03,500 --> 00:26:06,700 newer Technologies with the new developments, right? 466 00:26:06,800 --> 00:26:10,200 Be considered an organization which cut which currently takes 467 00:26:10,200 --> 00:26:13,300 big monolithic applications and Converse. 468 00:26:13,500 --> 00:26:16,400 Them to Michael Services, which is a common theme, right? 469 00:26:16,400 --> 00:26:19,000 A lot of organizations are going through that transition. 470 00:26:19,200 --> 00:26:21,300 How do you provide authorizations for 471 00:26:21,300 --> 00:26:24,000 microservices? Would you go develop that by the 472 00:26:24,100 --> 00:26:28,100 by yourself? If in the past developers they 473 00:26:28,100 --> 00:26:32,900 said I want to own that code. I don't want you to tell me what 474 00:26:32,900 --> 00:26:35,400 to do. Once you move to my core 475 00:26:35,400 --> 00:26:40,300 Services, that's not the case each micro service owner wants 476 00:26:40,300 --> 00:26:44,400 to be responsible on the business logic of his His small 477 00:26:44,400 --> 00:26:48,500 micro service authorization should be a service like 478 00:26:48,500 --> 00:26:53,200 authentication provided to all those say microservices. 479 00:26:53,200 --> 00:26:56,500 So this is like a very good opportunity to start thinking, 480 00:26:56,800 --> 00:26:59,900 don't worry dowshen, don't try to take care of all your legacy 481 00:26:59,900 --> 00:27:04,200 application that for sure would not walk, but look at new 482 00:27:04,200 --> 00:27:07,200 development, new initiative, which you are onboarding. 483 00:27:07,600 --> 00:27:13,300 So that would be one second. I see more vandals like cots. 484 00:27:13,400 --> 00:27:17,000 SAS applications supporting built-in policies and that's 485 00:27:17,000 --> 00:27:19,000 another opportunity there, right? 486 00:27:19,100 --> 00:27:23,400 So the market is evolving still slowly but it is evolving. 487 00:27:23,600 --> 00:27:27,100 I think we are seeing a very similar path to what happened 488 00:27:27,100 --> 00:27:32,200 with the SSO with you know single sign-on. 489 00:27:33,300 --> 00:27:36,700 Yes it's more complex but also more interesting. 490 00:27:37,200 --> 00:27:39,000 What's a fundamental shift in the way we do things? 491 00:27:39,200 --> 00:27:41,200 Yeah. Just like MFA was as fundamental 492 00:27:41,200 --> 00:27:44,700 shift to Authentication. It's very difficult to change 493 00:27:44,700 --> 00:27:47,600 How We Do authorizations in a short time period. 494 00:27:48,000 --> 00:27:49,300 If you're building an application, your point. 495 00:27:49,300 --> 00:27:52,300 Yes, you can do that. You know, if you're on a rack F 496 00:27:52,300 --> 00:27:54,800 Mainframe which we've been saying, you know, is going to 497 00:27:54,800 --> 00:27:58,500 die for, I don't know 30 years and now all of a sudden it's hot 498 00:27:58,500 --> 00:28:00,400 again, you can't find people who know how to do it. 499 00:28:01,200 --> 00:28:05,100 There's these great cycles and sometimes sometimes the answer 500 00:28:05,100 --> 00:28:08,500 is no, we're just not going to do that because the cost is too 501 00:28:08,500 --> 00:28:13,100 great to invest to re-architect an application when it is time 502 00:28:13,100 --> 00:28:16,200 to replace the application. Let's take this as something 503 00:28:16,200 --> 00:28:18,400 that we want to consider is part of the, you know, the purchase 504 00:28:18,400 --> 00:28:20,700 decision, which is why I love having identity. 505 00:28:20,700 --> 00:28:24,300 Have a seat at the table for new applications coming in having 506 00:28:24,300 --> 00:28:26,800 some sort of Standards don't go buy a product that doesn't 507 00:28:26,800 --> 00:28:29,000 integrate with Open Standards to do. 508 00:28:29,100 --> 00:28:32,600 Authentication, don't go buy a product that doesn't set us up 509 00:28:32,600 --> 00:28:34,500 for future, success from an authorization standpoint. 510 00:28:34,500 --> 00:28:37,300 Either maybe doesn't have as much cash. 511 00:28:37,300 --> 00:28:40,000 A right now. From a, you know, a purchasing 512 00:28:40,000 --> 00:28:42,900 decision standpoint, but it should be something that I A 513 00:28:42,900 --> 00:28:46,400 teams out there who are listening and who have influence 514 00:28:46,400 --> 00:28:49,300 over steering committees or architecture review boards, or 515 00:28:49,700 --> 00:28:52,500 whatever, you know, political thing exists, within an 516 00:28:52,500 --> 00:28:54,800 organization to say yes we're going to get that app. 517 00:28:55,000 --> 00:28:58,100 These are the things that they should be aware of when they're 518 00:28:58,100 --> 00:29:01,000 making a decision. No one goes out and says I'm 519 00:29:01,000 --> 00:29:03,900 going to buy this thing and I and I never will be able to 520 00:29:03,900 --> 00:29:05,500 connect it to mind active directory. 521 00:29:05,900 --> 00:29:08,700 Oh my gosh. Why not exactly. 522 00:29:08,700 --> 00:29:10,400 And you know what? You touched, another very 523 00:29:10,400 --> 00:29:12,700 important Point. Absolutely agree with you. 524 00:29:12,800 --> 00:29:16,500 New identity, people, they need to be part of that discussion. 525 00:29:16,600 --> 00:29:19,400 Today, there's a bit of Disconnect, right application 526 00:29:19,400 --> 00:29:21,300 owners. They're doing what they want up. 527 00:29:21,300 --> 00:29:25,800 SEC data stack is not connected to the identity identity space. 528 00:29:26,000 --> 00:29:29,500 And that leaves a very big gap there because also ization. 529 00:29:29,500 --> 00:29:32,700 Eventually, if you think about that also has a Sheen takes all 530 00:29:32,700 --> 00:29:36,400 the efforts, which organizations have placed into identity and 531 00:29:36,400 --> 00:29:39,900 access management well-defined identities, well-managed 532 00:29:39,900 --> 00:29:42,600 identities. Well, authenticated identities. 533 00:29:43,500 --> 00:29:48,400 And brings all that effort into the application, space into the 534 00:29:48,400 --> 00:29:52,900 data space, but they need to stick together on the same Cable 535 00:29:52,900 --> 00:29:56,200 in order for that to happen. Can I ask a side question here? 536 00:29:56,200 --> 00:29:58,800 Because it's it came up this morning as part of the opening, 537 00:29:58,800 --> 00:30:03,000 Keener, the keynote for this for this morning, about the role of 538 00:30:03,000 --> 00:30:06,800 potentially having something, a chief identity officer, and 539 00:30:06,800 --> 00:30:09,800 having a sea of the table at, you know, basically the c-suite. 540 00:30:09,900 --> 00:30:13,000 So right there with cpos and ctOS. 541 00:30:13,200 --> 00:30:17,000 And all the see people, where do you stand on that? 542 00:30:17,000 --> 00:30:18,600 Because I thought was interesting discussion this 543 00:30:18,600 --> 00:30:21,100 morning. The panel with Andy, hindle and 544 00:30:21,100 --> 00:30:26,300 Glaser and Claire something. I'm gonna personally know 545 00:30:26,700 --> 00:30:28,400 someone else. There was a couple other folks I 546 00:30:28,400 --> 00:30:29,700 figured out names. I really apologize. 547 00:30:29,700 --> 00:30:31,700 I should have been more prepared to ask this question, but just 548 00:30:31,700 --> 00:30:33,200 occurred to me as I'm thinking about it here. 549 00:30:34,200 --> 00:30:41,000 Do you think now is a good time to have a chief identity officer 550 00:30:41,000 --> 00:30:43,800 sitting at the board level or reporting to a Like those other 551 00:30:43,800 --> 00:30:47,600 roles might be, or do you have a different perspective on it? 552 00:30:48,600 --> 00:30:54,000 So, I haven't thought about that too much, but I do believe it 553 00:30:54,000 --> 00:30:58,300 should roll under security. Because why would you do that? 554 00:30:58,300 --> 00:31:02,600 Why would you do authentication? Why would you do authorization? 555 00:31:03,300 --> 00:31:07,300 And the reason is Security in many cases. 556 00:31:07,800 --> 00:31:12,600 And eventually, all of those Technologies are a means to an 557 00:31:12,600 --> 00:31:14,800 end. And the end is the business 558 00:31:14,800 --> 00:31:18,400 objective of the organization not having multi-factor 559 00:31:18,400 --> 00:31:21,300 authentication or well-defined authorization that really 560 00:31:21,300 --> 00:31:24,800 doesn't matter to anyone. They want, they their 561 00:31:24,800 --> 00:31:28,000 organization to preform, according to its business 562 00:31:28,000 --> 00:31:33,100 objective and to do that, they need support of security and I 563 00:31:33,100 --> 00:31:37,600 am. So that's the way I can't lie, 564 00:31:37,600 --> 00:31:41,700 see that but still new to the concept. 565 00:31:42,400 --> 00:31:46,300 So I'm going to try Later. Turn this into a question, but 566 00:31:46,600 --> 00:31:48,800 during Andres keynote, he talked about. 567 00:31:48,800 --> 00:31:51,500 Okay. Well, really where what's 568 00:31:51,700 --> 00:31:55,700 important is like, I kind of feel like our industry has done 569 00:31:55,700 --> 00:31:58,600 a pretty good job on the authentication side when you can 570 00:31:58,600 --> 00:32:01,200 see what's happening with it. It's like I was getting better 571 00:32:01,200 --> 00:32:06,300 and better in terms of validating that the person or 572 00:32:06,300 --> 00:32:10,900 potentially the non human being is who they say they are they 573 00:32:10,900 --> 00:32:16,300 can authenticate the problem now that we need To solve is on the 574 00:32:16,300 --> 00:32:20,700 authorization side and I my mind where I was going with this was 575 00:32:20,700 --> 00:32:25,400 like the over-provisioned account problem, right? 576 00:32:25,400 --> 00:32:28,900 Which kind of a pulling back to the statement. 577 00:32:29,000 --> 00:32:32,900 It's not our back burst P back and I agree with that because I 578 00:32:32,900 --> 00:32:39,200 feel like P back is In this context, kind of like the 579 00:32:39,200 --> 00:32:41,900 scalpel. Where's our back is kind of like 580 00:32:41,900 --> 00:32:43,800 the sledgehammer or the axe, right? 581 00:32:43,800 --> 00:32:47,400 It's like you have two hundred applications, you're probably 582 00:32:47,400 --> 00:32:50,300 not going to do p back for all 200 application but for your big 583 00:32:50,300 --> 00:32:53,300 ones it's like that's where we use the scalpel. 584 00:32:53,300 --> 00:33:00,000 We got a really this is this my idea anyway, so I think that 585 00:33:00,000 --> 00:33:03,000 over-provisioned account problem because you have all these 586 00:33:03,000 --> 00:33:08,000 accounts sitting dormant They've got all this access if this 587 00:33:08,000 --> 00:33:13,200 accounts get hijacked somehow. Now they've got tons of access 588 00:33:13,200 --> 00:33:17,300 that they didn't really need to have in the first place and I 589 00:33:17,300 --> 00:33:20,500 think our back puts you in position that that's what's 590 00:33:20,500 --> 00:33:23,000 going to happen. I think P back is kind of like 591 00:33:23,100 --> 00:33:26,400 on more like on-the-fly decision so it's not like 592 00:33:26,500 --> 00:33:29,300 over-provisioned account sitting there with that access. 593 00:33:29,600 --> 00:33:32,000 Do you see things that way? Is that is that the right way to 594 00:33:32,008 --> 00:33:34,800 think about it? Yeah, yeah and I think it's 595 00:33:35,200 --> 00:33:38,200 Evolution not a revolution and that's it. 596 00:33:38,500 --> 00:33:42,200 That's part of what. What you have mentioned. 597 00:33:42,200 --> 00:33:46,900 P'burg does not replace any of the other stuff which is the lp 598 00:33:46,900 --> 00:33:50,900 back makes them better. So yes, we have over-provisioned 599 00:33:50,900 --> 00:33:54,500 accounts, the reason being that's how application operate 600 00:33:54,500 --> 00:33:59,100 today applications, the majority of them, do not know how to 601 00:33:59,100 --> 00:34:05,000 operate without that account. Being still, and we do see your 602 00:34:05,000 --> 00:34:08,300 applications having that ability, which is great in my 603 00:34:08,300 --> 00:34:10,600 opinion. But that's again an evolution, 604 00:34:10,600 --> 00:34:15,400 which P book supports Arabic, cannot support that, pubic can 605 00:34:15,400 --> 00:34:18,900 support that, but that's the combination of both that enables 606 00:34:19,199 --> 00:34:23,000 enable that to actually happen. I like to think of myself as 607 00:34:23,100 --> 00:34:25,500 pragmatic, right? And this is where I think a back 608 00:34:25,500 --> 00:34:30,500 has a role because you may get into a situation where with your 609 00:34:30,500 --> 00:34:34,699 IDP you're integrating many applications since these are 610 00:34:34,699 --> 00:34:37,500 just to pass them, the attributes that they want. 611 00:34:37,500 --> 00:34:40,600 It's not so Security numbers is not Bank. 612 00:34:40,699 --> 00:34:45,400 Count balances and find you guys want to take the attributes and 613 00:34:45,400 --> 00:34:47,500 determine what parts of your application. 614 00:34:48,000 --> 00:34:51,199 Pragmatically speaking, I'm just going to pass a so to me that's 615 00:34:51,699 --> 00:34:57,100 where a back or if you don't have a pee back tool that might 616 00:34:57,100 --> 00:35:00,300 end up being your answer. I feel like if you're going to 617 00:35:00,300 --> 00:35:04,000 go down the P background as more of you know as somebody 618 00:35:04,000 --> 00:35:07,400 delivering this authorization service to the organization you 619 00:35:07,400 --> 00:35:11,400 have to have more of a partnership with the Application 620 00:35:11,400 --> 00:35:15,400 teams to make sure that you're applying these policies 621 00:35:15,400 --> 00:35:18,100 correctly, putting people into the right roles. 622 00:35:18,100 --> 00:35:19,500 Correct. I mean, of course, you have to 623 00:35:19,508 --> 00:35:23,500 put them in the right roles, but it made me think of where we 624 00:35:23,500 --> 00:35:26,900 were with the authorization, maybe a decade ago, which was 625 00:35:26,900 --> 00:35:29,800 exact mole, right? The exact Mo standard and I 626 00:35:29,800 --> 00:35:34,400 always felt like the exact the most standard was, I didn't see 627 00:35:34,400 --> 00:35:38,000 very many organizations implementing it because back to 628 00:35:38,000 --> 00:35:40,600 your original point, it was hard enough to get. 629 00:35:40,700 --> 00:35:44,100 In teams many times to give up authorization, right? 630 00:35:44,100 --> 00:35:47,300 And maybe I'm just thinking a point in time where I had to 631 00:35:47,308 --> 00:35:51,300 physically deal with trying to get a bunch of applications with 632 00:35:51,300 --> 00:35:54,800 different application owners and their own agendas to get onto a 633 00:35:54,808 --> 00:35:59,700 common authentication platform, that was really hard, but then 634 00:35:59,700 --> 00:36:03,300 to get them to give up authorization where you're 635 00:36:03,300 --> 00:36:06,600 making the decision whether or not the end user can see a 636 00:36:06,600 --> 00:36:10,600 screen within their application. It's like, no way not happening. 637 00:36:10,700 --> 00:36:13,300 You're not qualified to make that decision. 638 00:36:13,400 --> 00:36:17,400 And to me, that's where exact mode put you now to me, there 639 00:36:17,400 --> 00:36:21,700 was a, I use case for that. If you had a situation where, 640 00:36:22,200 --> 00:36:26,000 you know, you are a Security First organization, and you 641 00:36:26,000 --> 00:36:29,800 absolutely had to have a paper trail in Central location of 642 00:36:29,800 --> 00:36:34,200 what people could access, and did access that put you in a 643 00:36:34,207 --> 00:36:37,800 good position to do that. But it feels like nobody talks 644 00:36:37,800 --> 00:36:40,800 about exactly anymore which is a good thing. 645 00:36:42,100 --> 00:36:47,300 No I'm just okay so I think Sakamoto meant well and it's a 646 00:36:47,300 --> 00:36:51,900 good deal it was a good involvement of the market to 647 00:36:51,900 --> 00:36:55,000 start speaking about authorizations. 648 00:36:55,000 --> 00:36:59,400 I also believe that is part of the reason, people are afraid 649 00:36:59,700 --> 00:37:03,400 for my salvation, just because of that Camille and the 650 00:37:03,400 --> 00:37:07,700 complexity it brought in In but Zach. 651 00:37:07,700 --> 00:37:13,200 Amell is not the only method for authorization management. 652 00:37:13,200 --> 00:37:16,100 Certainly not for authorization enforcement. 653 00:37:16,100 --> 00:37:19,700 There are many new developments today and we can see them all 654 00:37:19,700 --> 00:37:27,800 over the place like, Opa, which is an open standard Amazon Sada. 655 00:37:27,800 --> 00:37:33,600 We have, we have other development as well there. 656 00:37:33,600 --> 00:37:35,700 And I think that those are all good. 657 00:37:35,900 --> 00:37:39,900 Indications because it means there is the need what we 658 00:37:39,900 --> 00:37:42,500 started with maybe Zachary was not good. 659 00:37:42,500 --> 00:37:48,100 Enough was too complex for us and looking for news new options 660 00:37:48,300 --> 00:37:50,600 and and that's good. That's the evolution. 661 00:37:50,600 --> 00:37:52,200 The market is currently going through. 662 00:37:52,200 --> 00:38:01,500 We need to I would say shake out that is a Camille bad notion. 663 00:38:01,500 --> 00:38:03,700 May be sent to some areas are currently still. 664 00:38:03,700 --> 00:38:08,200 Okay to still good. I I formed my personal 665 00:38:08,200 --> 00:38:12,000 perspective, do not see organizations now. 666 00:38:12,000 --> 00:38:16,000 Adopting zakah meal for four. New implementations, doesn't 667 00:38:16,000 --> 00:38:21,800 seem like a lot of the concepts from exact mole still exist. 668 00:38:21,800 --> 00:38:26,300 Like policy decision Point policy enforcement Point policy 669 00:38:26,300 --> 00:38:28,400 Administration Point. Like to me those were like oh 670 00:38:28,400 --> 00:38:32,400 yeah that helped me understand authorization. 671 00:38:32,700 --> 00:38:37,000 Yes, I think those concepts are still They still apply it right? 672 00:38:37,000 --> 00:38:41,900 Yes is absolutely and that that is certainly a very important 673 00:38:41,900 --> 00:38:46,900 contributor physical standard to put in place those main elements 674 00:38:46,900 --> 00:38:51,100 of an authorization solution but let's not get too much in love 675 00:38:51,100 --> 00:38:55,200 with that because we are seeing that the solution eventually can 676 00:38:55,200 --> 00:38:58,900 be more distributed. For example, we cannot force all 677 00:38:58,900 --> 00:39:03,700 Technologies to outreach to the PDP the policy decision Point. 678 00:39:03,800 --> 00:39:06,000 That's not how it works today. Day. 679 00:39:06,100 --> 00:39:11,700 So we need to kind of understand those all separate components 680 00:39:11,800 --> 00:39:15,400 that can reside in the technology itself, not just in 681 00:39:15,400 --> 00:39:18,600 the authorization solution and that's how we need to think 682 00:39:18,600 --> 00:39:20,800 about it. Maybe I got the Nuance that 683 00:39:20,800 --> 00:39:24,400 you're talking about their the distribution which I think is 684 00:39:24,400 --> 00:39:31,000 kind of like okay if you're talking about a pea back system, 685 00:39:31,200 --> 00:39:36,600 you have the IDP that somewhere in the chain of Person to the 686 00:39:36,600 --> 00:39:40,600 applications and authenticated User, it's doing some call to 687 00:39:40,900 --> 00:39:43,700 that P. Back system to get, give me the 688 00:39:43,700 --> 00:39:47,800 authorizations. I'm going to stick these in the 689 00:39:47,800 --> 00:39:49,800 information I'm sending to the application. 690 00:39:50,100 --> 00:39:53,400 Yes, for example. Yeah, that would be one one 691 00:39:53,400 --> 00:39:55,500 example, and it's a good example. 692 00:39:55,500 --> 00:39:59,400 It's not against how authorization should be treated 693 00:39:59,500 --> 00:40:03,800 because again, the, he's a technology that needs to consume 694 00:40:03,800 --> 00:40:07,200 the authorizations. We can't Force the technology. 695 00:40:07,200 --> 00:40:09,400 How to walk? We can't force the application 696 00:40:09,600 --> 00:40:12,100 to call out each. And every time it needs a 697 00:40:12,107 --> 00:40:16,200 decision that failed. It didn't prove itself. 698 00:40:16,200 --> 00:40:19,100 So we need to be more flexible. We buy, we, I'm saying the 699 00:40:19,100 --> 00:40:21,800 authorization solution. There's always action, solution 700 00:40:21,800 --> 00:40:25,700 should be flexible to accommodate the different 701 00:40:25,700 --> 00:40:28,300 technology requirements application. 702 00:40:29,600 --> 00:40:32,300 That needs everything in advanced and application that 703 00:40:32,300 --> 00:40:35,400 needs more elaborated. Decision, that is fine. 704 00:40:35,400 --> 00:40:40,300 A And surely the objective is to be able to see the decisions to 705 00:40:40,300 --> 00:40:42,900 manage them. In a centralized way to be able 706 00:40:42,900 --> 00:40:47,000 to govern an audit, all those authorization policies, that's 707 00:40:47,000 --> 00:40:50,500 what we want to achieve. Not at the underlying 708 00:40:50,500 --> 00:40:52,900 technology, which controls enforcement. 709 00:40:53,100 --> 00:40:56,900 There's so much to unpack here. Well, we can do some more vodka. 710 00:40:56,900 --> 00:40:59,500 Yeah, each and every suffix, your death is going to come 711 00:40:59,500 --> 00:41:02,200 back, but I know we've got different engagements that we 712 00:41:02,200 --> 00:41:04,000 all need to get to probably Colonel but so will probably 713 00:41:04,000 --> 00:41:05,900 rise. Start to wrap things up but To 714 00:41:05,900 --> 00:41:09,200 close us out with a lightning round something where I'm going 715 00:41:09,200 --> 00:41:14,200 to say something and you give me your gut reaction or prediction 716 00:41:14,300 --> 00:41:16,400 or whatever you'd like to go off of it. 717 00:41:16,400 --> 00:41:18,000 So it's kind of a dealer's Choice. 718 00:41:18,000 --> 00:41:22,000 That's we're in Vegas, are back and P back, what comes to mind 719 00:41:22,800 --> 00:41:27,000 also, we sections, that was kind of a softball just to get things 720 00:41:27,000 --> 00:41:32,100 warmed up. Zero trust wide concept need to 721 00:41:32,100 --> 00:41:34,700 be better understood in the market. 722 00:41:35,700 --> 00:41:38,000 Artificial intelligence. Oh cool. 723 00:41:38,000 --> 00:41:42,500 Interesting future and one I'm just got throw in blockchain. 724 00:41:44,100 --> 00:41:47,900 Yeah, absolutely. I absolutely believe a big 725 00:41:47,900 --> 00:41:49,200 believer. Yes, I am. 726 00:41:49,500 --> 00:41:51,600 What do you think? Is the killer app? 727 00:41:51,700 --> 00:41:54,200 The killer use case for blockchain other than 728 00:41:54,200 --> 00:41:57,500 cryptocurrency. Okay, so not allowed to talk 729 00:41:57,500 --> 00:42:01,600 about crypto and this to the can, if you want but just just 730 00:42:02,000 --> 00:42:04,400 well, they'll many there are many and they think 731 00:42:04,400 --> 00:42:09,700 decentralized identity comes into mind because that's the 732 00:42:09,700 --> 00:42:12,000 space. I mean, I think it would be very 733 00:42:12,000 --> 00:42:16,300 interesting to see how that would evolve having each person 734 00:42:16,400 --> 00:42:21,600 own its own identity and the data, which is associated with 735 00:42:21,600 --> 00:42:26,200 his identity and having the ability to share that, not as 736 00:42:26,500 --> 00:42:31,200 you know, just one package but in a more smart way and 737 00:42:31,900 --> 00:42:35,100 certainly I want to go back to artificial intelligence for a 738 00:42:35,107 --> 00:42:39,200 minute because relative to authorization, I think is a big 739 00:42:39,200 --> 00:42:44,100 opportunity for AI, which is again, with these Provisioned 740 00:42:44,100 --> 00:42:49,600 accounts to be able to Crunch the data of you have this 741 00:42:49,600 --> 00:42:52,000 access, but you're using this access. 742 00:42:52,000 --> 00:42:55,700 So therefore, all this other access, you don't really need, 743 00:42:56,000 --> 00:42:59,400 we could take it away. One of the things have been kind 744 00:42:59,400 --> 00:43:03,900 of turning on is, well, if you don't write those rules very 745 00:43:03,900 --> 00:43:06,800 carefully. So let's say you use this access 746 00:43:06,800 --> 00:43:08,300 in six months, you don't need it. 747 00:43:08,500 --> 00:43:11,500 Well what about like route annual review? 748 00:43:11,500 --> 00:43:13,400 Just like you, do the annual reviews of people? 749 00:43:13,400 --> 00:43:18,200 People annually. What if that got taken away in 750 00:43:18,200 --> 00:43:21,700 August because you hadn't used it in a year, man on a good 751 00:43:21,700 --> 00:43:23,700 thing, right? It happens all the time, you 752 00:43:23,700 --> 00:43:26,300 your aunt's cycles and it's true. 753 00:43:26,900 --> 00:43:28,400 It happens. Anyway, right, how do we get 754 00:43:28,400 --> 00:43:31,800 smarter about that maybe more? Maybe there's a way to say, hey 755 00:43:31,800 --> 00:43:35,600 we're you know, because of the time of year and attribute or 756 00:43:35,600 --> 00:43:39,600 policy comes up and says, for people who don't normally carry 757 00:43:39,600 --> 00:43:41,500 this access throughout the year, but we know it's a busy time 758 00:43:41,500 --> 00:43:43,300 this season. Maybe you were ramping up 759 00:43:43,500 --> 00:43:46,100 Password reset support because we still are killing the 760 00:43:46,100 --> 00:43:48,900 password. 20 years later, you know things like that where you 761 00:43:48,908 --> 00:43:53,600 have more of a dynamic or a femoral access policy where it 762 00:43:53,600 --> 00:43:57,000 only exists when you need it. And because you have the data to 763 00:43:57,000 --> 00:44:00,800 be able to determine predetermine when you're going 764 00:44:00,800 --> 00:44:04,500 to need it, we know there was going to be a spike in something 765 00:44:04,600 --> 00:44:07,200 or we know that we're going to kick off a certification. 766 00:44:07,900 --> 00:44:10,800 All the people who don't care the access kick, you kick it on 767 00:44:10,800 --> 00:44:13,100 for the pilot for the axis owners or whatever it may be. 768 00:44:13,500 --> 00:44:15,600 I think there's I think there's ways to go with that nose. 769 00:44:15,700 --> 00:44:17,000 Let's see. Now we're getting into AI at the 770 00:44:17,000 --> 00:44:20,000 center again. Yeah, we've been told our 771 00:44:20,000 --> 00:44:22,100 podcast is becoming a at the center. 772 00:44:22,100 --> 00:44:26,500 It's that could be a compliment. I mean, it's we can't ignore it. 773 00:44:26,700 --> 00:44:29,700 I mean, it's you, it's everywhere here at identity 774 00:44:29,700 --> 00:44:32,300 versus people are not well. We've gotta figure out how to 775 00:44:32,300 --> 00:44:34,400 how we're going to work with. It's not going to go away. 776 00:44:34,900 --> 00:44:39,400 I think we at some point in the last two years, the name 777 00:44:39,400 --> 00:44:42,400 identity at the center, kind of finally hit like, oh my gosh, 778 00:44:42,400 --> 00:44:44,900 genius. Like you guys saw this coming? 779 00:44:44,900 --> 00:44:47,800 Yes. Well, here's why I say, we just 780 00:44:47,800 --> 00:44:50,600 call it identity. The center people say, identity 781 00:44:50,600 --> 00:44:54,200 is the new perimeter and then we're at the identity as 782 00:44:54,500 --> 00:44:59,400 everywhere conference. So it's just identity, identity 783 00:44:59,400 --> 00:45:01,700 identity. All right, let's end on a 784 00:45:01,707 --> 00:45:04,500 lighter note. What's been your favorite 785 00:45:04,500 --> 00:45:07,100 identify verse experience so far this week? 786 00:45:08,500 --> 00:45:14,200 Okay. So the many, the many Event 787 00:45:14,200 --> 00:45:18,300 Zealand and, you know, discussion panels and so on. 788 00:45:18,500 --> 00:45:22,000 I was primarily in meeting. So I'm just being locked in a 789 00:45:22,008 --> 00:45:23,800 meeting room to speak with customers. 790 00:45:23,800 --> 00:45:26,900 That's what they do. So I would say my favorite 791 00:45:26,900 --> 00:45:30,000 experience was the pizza place. I really like pizza. 792 00:45:30,000 --> 00:45:32,200 Okay. Which pizza place one here. 793 00:45:32,700 --> 00:45:34,800 That's where I saw you. Yo, yes, exactly. 794 00:45:34,800 --> 00:45:36,700 That's what we met on that first day. 795 00:45:36,700 --> 00:45:38,400 Yeah. What did you what did you end up 796 00:45:38,400 --> 00:45:41,200 ordering to eat? Well, what's on your pizza 797 00:45:42,400 --> 00:45:45,600 basic? You know, Oh the napoletana. 798 00:45:45,600 --> 00:45:48,400 Like they call Italy love something like that. 799 00:45:48,800 --> 00:45:52,700 Just plain tradition of picture. I like the margarita. 800 00:45:52,800 --> 00:45:55,500 Yeah, my beliefs and yeah, yeah, exactly. 801 00:45:55,500 --> 00:45:58,400 I actually went to this place to get pizza and I wound up getting 802 00:45:58,400 --> 00:46:01,300 chicken parm and I don't regret that decision. 803 00:46:01,300 --> 00:46:05,800 One bit, it was fantastic. I had Margarita Pizza on Monday 804 00:46:05,800 --> 00:46:07,800 when I fill in, so hey, of course, we're good. 805 00:46:07,800 --> 00:46:10,200 Yeah, Jim. What's been your favorite 806 00:46:10,200 --> 00:46:13,300 experience? So last night we went out of on 807 00:46:13,400 --> 00:46:16,900 on this party bus with my friends from accents, thank you 808 00:46:16,900 --> 00:46:20,300 to them. They had that Jason, Statham 809 00:46:20,300 --> 00:46:24,100 impersonator his, by the way. His real first name is Jason, 810 00:46:24,100 --> 00:46:27,500 Jason Stanley's is real name. Very cool guy. 811 00:46:27,800 --> 00:46:31,600 And what I realized was when you get a bunch of it, people 812 00:46:31,600 --> 00:46:34,800 together, right? We're kind of like a tame crowd. 813 00:46:35,000 --> 00:46:39,200 So having somebody like him kind of like get everybody dancing 814 00:46:39,200 --> 00:46:41,700 and doing their thing was really cool. 815 00:46:41,900 --> 00:46:45,400 So party bus kind Sounds a little intimidating, which is, I 816 00:46:45,400 --> 00:46:48,600 think why I probably didn't have a bigger crowd than they had, 817 00:46:49,400 --> 00:46:52,600 but I mean, we basically took a bus and they had some like, an 818 00:46:52,600 --> 00:46:57,700 open bar on the bus. We took this bus to that, 819 00:46:57,800 --> 00:47:01,900 welcome to Las Vegas sign, which is a very everybody knows it. 820 00:47:02,100 --> 00:47:05,600 And then we went to the Fremont Street Experience, they had an 821 00:47:05,600 --> 00:47:08,600 outdoor concert. I mean, so if you need a 822 00:47:08,600 --> 00:47:12,800 recommendation, it take. Next time I come to Las Vegas is 823 00:47:12,800 --> 00:47:15,000 either. Spend some extra non-business 824 00:47:15,000 --> 00:47:18,700 time or come here on vacation Fremont Street. 825 00:47:18,700 --> 00:47:23,000 Looks like that's my speed man. Like you know they've got the 826 00:47:23,000 --> 00:47:29,500 1199 steak and lobster dinner. They've got open concerts and 827 00:47:29,500 --> 00:47:34,900 its technical Wizardry. Like you think Times Square or 828 00:47:35,800 --> 00:47:38,800 the strip here is like neon. Go there. 829 00:47:39,200 --> 00:47:42,700 You feel like it's full day time because they have an overhead 830 00:47:42,900 --> 00:47:45,000 TV. Just bigger than one I've ever 831 00:47:45,000 --> 00:47:49,700 seen before and just like, great, fantastic experience. 832 00:47:49,700 --> 00:47:55,400 So, yeah, last night sounds like about you, Jeff, you know, it's 833 00:47:55,400 --> 00:47:58,600 a lot of little little moments walking through the hall seeing 834 00:47:58,600 --> 00:48:01,900 people that I haven't seen before being able to thank guess 835 00:48:01,900 --> 00:48:03,800 that we've had on the show that we haven't been able to meet in 836 00:48:03,800 --> 00:48:07,600 person over the years. I'm not, I don't know what it 837 00:48:07,600 --> 00:48:09,400 is, but I guess I'm not as approachable as you because I 838 00:48:09,408 --> 00:48:11,500 know you have always had people coming up saying, Hey, listen to 839 00:48:11,508 --> 00:48:13,200 the show and for that, which is very cool. 840 00:48:13,300 --> 00:48:16,200 We always appreciate all our listeners, I had one last night, 841 00:48:16,200 --> 00:48:18,200 which was great. I was walking back to my hotel 842 00:48:18,200 --> 00:48:21,800 room and I think his name was John John. 843 00:48:22,300 --> 00:48:25,100 Hopefully, with John, from transmits times like, hey, Jeff, 844 00:48:25,100 --> 00:48:26,800 I listen to podcasts like, oh, very cool. 845 00:48:26,800 --> 00:48:29,100 Thank you very much. So you're definitely the more 846 00:48:29,100 --> 00:48:31,300 social butterfly but little interactions like that. 847 00:48:31,300 --> 00:48:34,400 I think are very cool and being able to kind of talk with looks 848 00:48:34,400 --> 00:48:35,500 like that. Yeah, yeah. 849 00:48:35,500 --> 00:48:41,000 Like well half of it is like me grabbing people that I've known 850 00:48:41,000 --> 00:48:45,900 over the years I saw Ryan Rossi in the vendor Hall. 851 00:48:45,900 --> 00:48:50,000 And, you know, we go back a long time and back from his board 852 00:48:50,000 --> 00:48:53,200 Rock days and he left word Rock and now he's back and forward 853 00:48:53,200 --> 00:48:55,700 Rock. So yeah, it's great seeing him 854 00:48:55,700 --> 00:48:58,000 and he's supposed to come out and do karaoke tonight. 855 00:48:58,000 --> 00:48:59,700 So we'll see. We'll see what you're supposed 856 00:48:59,700 --> 00:49:01,800 to sing something tonight. You still haven't told me what 857 00:49:01,800 --> 00:49:04,400 your songs going to be Jesus. And told me what 858 00:49:04,400 --> 00:49:06,800 misunderstanding. Okay, well I won't be singing. 859 00:49:06,800 --> 00:49:09,300 So hopefully people come out and join me on the bench watching. 860 00:49:09,300 --> 00:49:11,900 There you go. Hey I think you guys will have 861 00:49:11,900 --> 00:49:14,000 just as much money on if not. More definitely. 862 00:49:14,900 --> 00:49:16,800 All right, let's go ahead and wrap it up for this one. 863 00:49:16,800 --> 00:49:19,700 Gal thank you so much for being part of this conversation for 864 00:49:19,700 --> 00:49:22,300 folks who are interested will have links in the show notes. 865 00:49:22,300 --> 00:49:27,000 But you can check out plain' ID.com to learn more about what 866 00:49:27,000 --> 00:49:28,700 you guys are doing a speech was very cool. 867 00:49:29,000 --> 00:49:31,800 We'll also have a link to gals profile on LinkedIn, so you can 868 00:49:31,800 --> 00:49:35,000 connect with her and tell her why she's right or wrong when it 869 00:49:35,000 --> 00:49:38,400 comes to, I guess anything. But probably something identity. 870 00:49:38,400 --> 00:49:40,500 Right? Is what I'm guessing we're on 871 00:49:41,000 --> 00:49:42,300 the web. Idac. 872 00:49:42,300 --> 00:49:47,800 Podcast.com On Twitter at idac podcast, Mastodon at I still 873 00:49:47,800 --> 00:49:50,900 have mastered. So I still post we have one or 874 00:49:50,900 --> 00:49:54,000 two people who sort of engage on that side and like a post, we 875 00:49:54,000 --> 00:49:57,900 definitely help appreciate that. Our friend, Chris is one of 876 00:49:57,900 --> 00:50:00,400 those. So I basically do it for Chris, 877 00:50:00,500 --> 00:50:04,000 do it, because it's hard. Yeah, Chris Powers but yeah, 878 00:50:04,000 --> 00:50:07,400 we're on Macon. At idac podcasts at infosec got 879 00:50:07,400 --> 00:50:08,800 exchanged. Obviously, you can always 880 00:50:08,800 --> 00:50:11,600 connect with Jim and I we got a lot of interesting things coming 881 00:50:11,600 --> 00:50:12,900 up. I think I want to get into a 882 00:50:12,900 --> 00:50:14,500 little more. I run this Chief identity 883 00:50:14,500 --> 00:50:18,000 officer role and Jim and I are going to kind of fall some ideas 884 00:50:18,000 --> 00:50:21,100 and take it back again. We've got Ian Ian's coming up 885 00:50:21,100 --> 00:50:24,000 next here, except so yeah, so that would be a good one to 886 00:50:24,000 --> 00:50:26,400 springboard off of maybe. Yeah. 887 00:50:26,400 --> 00:50:29,600 And that's pretty much it. So subscribe like all the cool 888 00:50:29,600 --> 00:50:32,200 fun things that you know people like you to do when you listen 889 00:50:32,200 --> 00:50:35,800 to podcasts and we'll talk with everyone in the next one. 890 00:50:36,000 --> 00:50:39,100 Thank you. You've been listening to 891 00:50:39,100 --> 00:50:43,100 Identity at the center. We hope you've enjoyed the show. 892 00:50:43,300 --> 00:50:47,600 Make sure to like rate and review and we'll be back soon, 893 00:50:47,600 --> 00:50:51,100 but in the meantime, hit the website at identity at the 894 00:50:51,100 --> 00:50:57,100 center.com and find us on Twitter at ivac podcast. 895 00:50:57,500 --> 00:51:01,600 See you next time on identity at the center,