1 00:00:05,360 --> 00:00:10,560 This is identity at the center. If it has anything to do with 2 00:00:10,640 --> 00:00:18,080 IAM, this is the go to podcast now your hosts Jim McDonald and 3 00:00:18,080 --> 00:00:26,280 Jeff Stedman. Welcome to the Identity at the 4 00:00:26,280 --> 00:00:28,160 Center podcast. I'm Jeff and that's Jim. 5 00:00:28,160 --> 00:00:30,440 Hey, Jim. Hey, Jeff, how are you? 6 00:00:30,640 --> 00:00:35,120 Oh, not so bad yourself. I'm excited for today's sequel. 7 00:00:35,120 --> 00:00:38,160 This will be the first sequel we've had on the Identity at the 8 00:00:38,160 --> 00:00:40,840 Center podcast. Yeah, we've got another sponsor 9 00:00:40,840 --> 00:00:42,800 Spotlight episode. These are fully sponsored 10 00:00:42,800 --> 00:00:46,320 episodes that we develop in collaboration with our partners. 11 00:00:46,320 --> 00:00:48,840 And we're very excited to welcome back our first sponsor 12 00:00:48,840 --> 00:00:50,920 Spotlight, which was Sundry Security. 13 00:00:51,400 --> 00:00:55,240 We actually had Sandy Byrd join us way back in December of 2023. 14 00:00:55,240 --> 00:00:58,600 Feels like so long ago, but welcome back to the show, Sandy. 15 00:00:59,000 --> 00:01:00,880 Hey, thanks for thanks for having me back. 16 00:01:00,880 --> 00:01:03,960 I just couldn't stay away so so much fun last time. 17 00:01:04,560 --> 00:01:07,480 I think we talked about EVs at the end and Heroes. 18 00:01:07,480 --> 00:01:09,720 We took an EV car, so it'll be interesting to see what today 19 00:01:09,720 --> 00:01:12,920 brings for interesting topics. And we kind of kept that EV 20 00:01:12,920 --> 00:01:15,280 conversation going because we were talking before we hit the 21 00:01:15,280 --> 00:01:17,600 record button about EV stories and things like that. 22 00:01:17,600 --> 00:01:19,400 So I feel like there's this natural affinity there. 23 00:01:19,400 --> 00:01:22,760 But let's talk about Sun RE because you've got some new 24 00:01:22,760 --> 00:01:23,920 things that you guys have announced. 25 00:01:23,920 --> 00:01:25,040 I want to get to that in a second. 26 00:01:25,600 --> 00:01:27,760 Now this is your second time being with us, so I'm not going 27 00:01:27,760 --> 00:01:29,520 to make you go through your background. 28 00:01:29,520 --> 00:01:31,400 You want to hear that? Go back and listen to episode 29 00:01:31,400 --> 00:01:34,200 251. We asked Sandy all about how do 30 00:01:34,200 --> 00:01:37,120 you get into the Zion space, but we do want to ask about sundry 31 00:01:37,120 --> 00:01:39,040 security. Tell us a little bit about what 32 00:01:39,040 --> 00:01:41,600 you guys do. Yeah. 33 00:01:41,760 --> 00:01:44,480 And Sundry Security has been around for for several years and 34 00:01:44,480 --> 00:01:49,200 we've spent a lot of time trying to get customers that are using 35 00:01:49,200 --> 00:01:54,160 Cloud, AWS, Azure, GCP to least privilege and remove a lot of 36 00:01:54,160 --> 00:01:55,400 identity risk out of their cloud. 37 00:01:55,400 --> 00:01:58,400 So in that other episode, we talk about you know kind of four 38 00:01:58,400 --> 00:02:00,800 steps to doing that quickly. We talk about unused identities 39 00:02:00,800 --> 00:02:02,520 and getting rid of them. We talk about finding your 40 00:02:02,520 --> 00:02:07,440 administrators removing some lateral movement has, but we've 41 00:02:07,440 --> 00:02:09,280 also learned a lot in those those few years. 42 00:02:09,280 --> 00:02:12,280 And so Sunri as it's kind of developed over time has come up 43 00:02:12,280 --> 00:02:15,560 with solutions to you know fix these without generating 44 00:02:15,800 --> 00:02:18,160 hundreds of thousands of tickets for your developers to go fix. 45 00:02:18,160 --> 00:02:19,920 And I think we're going to spend some time on that today. 46 00:02:19,920 --> 00:02:22,520 We're we're building some pretty innovative solutions in that 47 00:02:22,520 --> 00:02:24,320 space and it'll be a lot of fun to talk about. 48 00:02:24,640 --> 00:02:26,040 Yeah, I'm excited to get into it. 49 00:02:26,560 --> 00:02:28,800 You know there was a question that I that I wanted to ask last 50 00:02:28,800 --> 00:02:31,200 time and this is something actually we have listeners ask 51 00:02:31,200 --> 00:02:34,760 when we have folks like you on. And that's really is how do we, 52 00:02:34,840 --> 00:02:38,720 how do your clients or customers measure success with Sunri. 53 00:02:38,720 --> 00:02:40,920 And I imagine we'll probably talk a little bit about that and 54 00:02:41,480 --> 00:02:44,000 when we talk about the the the new feature that you guys just 55 00:02:44,000 --> 00:02:47,680 rolled out. But at a very high level, how do 56 00:02:47,680 --> 00:02:50,000 your customers measure success with your solutions? 57 00:02:51,480 --> 00:02:55,040 Yeah, it's again, every customer does this slightly differently, 58 00:02:55,040 --> 00:02:57,680 but there's definitely key performance indicators, you want 59 00:02:57,680 --> 00:03:00,760 to want to call it that. The solution itself always 60 00:03:00,760 --> 00:03:03,480 measured a risk score, right. So you know, we, we take a look 61 00:03:03,480 --> 00:03:05,760 at all of the types of risks that are there. 62 00:03:05,760 --> 00:03:07,320 We kind of generate a score from it. 63 00:03:07,400 --> 00:03:10,560 You know, maybe you get a 85 or something like that and you want 64 00:03:10,560 --> 00:03:13,720 to reduce that down to a 70 or 60 or 50 or whatever you want to 65 00:03:13,720 --> 00:03:15,400 get to. And you hope that your 66 00:03:15,400 --> 00:03:17,520 production environments and where your sensitive data is a 67 00:03:17,520 --> 00:03:20,400 low risk and you know maybe your sandbox accounts are are high 68 00:03:20,400 --> 00:03:22,920 risk, but generally you want them all to start to get to be 69 00:03:22,920 --> 00:03:27,080 at a lower state. We spent a lot of time trying to 70 00:03:27,080 --> 00:03:29,960 help customers do that. And so you say, well, what's 71 00:03:29,960 --> 00:03:34,360 success and what's interesting is some customers built some 72 00:03:34,360 --> 00:03:36,600 great process. They kind of operationalized it. 73 00:03:37,360 --> 00:03:39,120 They found those critical things they wanted to fix. 74 00:03:39,120 --> 00:03:41,800 They generated tickets back to their teams to say, you know, 75 00:03:42,120 --> 00:03:45,040 these applications and workloads you've created are not at least 76 00:03:45,040 --> 00:03:48,120 privileged. Here's a recommended fix for 77 00:03:48,120 --> 00:03:49,960 that. Maybe it's a new policy in AWS. 78 00:03:49,960 --> 00:03:51,920 Maybe it's a better role in in Azure. 79 00:03:52,400 --> 00:03:56,320 Apply that to the, you know, whatever the workload is, deploy 80 00:03:56,320 --> 00:03:58,640 that out. You know now you're closed the 81 00:03:58,640 --> 00:04:00,400 ticket. And So what would happen is, is 82 00:04:00,400 --> 00:04:03,720 that those tickets would get issued, The teams would actually 83 00:04:03,720 --> 00:04:04,960 do that. They would always test them 84 00:04:04,960 --> 00:04:08,040 through, you know, some sort of a staging or UAT environment. 85 00:04:08,160 --> 00:04:10,080 It would work. They'd move it to prod, the 86 00:04:10,080 --> 00:04:11,920 ticket would close. In summary, everybody would be 87 00:04:11,920 --> 00:04:13,240 happy. We'd celebrate. 88 00:04:14,200 --> 00:04:16,640 And So what happens is over time you close more and more of 89 00:04:16,640 --> 00:04:19,320 those, the risk goes down and everybody's is kind of 90 00:04:19,320 --> 00:04:22,079 celebrating. But when we actually started to 91 00:04:22,079 --> 00:04:24,720 measure ourselves against that in a way we would find things 92 00:04:24,720 --> 00:04:29,920 like, you know, maybe a customer fixes 2000 of these tickets over 93 00:04:29,920 --> 00:04:33,040 a 10 month period and everybody's like this is we're 94 00:04:33,040 --> 00:04:36,200 super happy about this. And then you look at their cloud 95 00:04:36,200 --> 00:04:38,960 and you realize in the time that it took them to close 2000 96 00:04:38,960 --> 00:04:41,720 identities, they've created 4000 more that are no longer at least 97 00:04:41,720 --> 00:04:43,040 privilege. And we have to build a history 98 00:04:43,040 --> 00:04:44,440 for that to figure out what least privilege is. 99 00:04:44,440 --> 00:04:49,040 And that cycle starts all over again and you start thinking 100 00:04:49,040 --> 00:04:50,560 there has to be a better way, right? 101 00:04:50,560 --> 00:04:52,360 We can't. You know we have these 102 00:04:52,360 --> 00:04:55,600 interesting customers that have you know, 50,100 thousand 103 00:04:55,600 --> 00:04:57,200 identities that are workload identities. 104 00:04:57,640 --> 00:05:01,400 If you're going to do that one at a time and have people test 105 00:05:01,400 --> 00:05:03,760 them, not just like randomly rewrite the policies on them 106 00:05:03,760 --> 00:05:05,520 all, which maybe I would say that you could do, but not 107 00:05:05,520 --> 00:05:09,360 everyone's comfortable with. It's going to take, you know 108 00:05:09,400 --> 00:05:11,960 you're going to measure this in months and years for success. 109 00:05:12,200 --> 00:05:15,040 And I think you know customers today, we're all a little 110 00:05:15,040 --> 00:05:17,080 distracted. We like these kind of quick 111 00:05:17,080 --> 00:05:19,480 wins. We needed to find a way to get 112 00:05:19,480 --> 00:05:21,480 to the quick wins faster and that's we're going to spend a 113 00:05:21,480 --> 00:05:23,360 lot of time talking with today and the new product. 114 00:05:23,360 --> 00:05:26,160 But you know customers definitely measure success using 115 00:05:26,160 --> 00:05:28,280 those risk scores. Let's get those things lower. 116 00:05:28,440 --> 00:05:31,040 I can show progress. Let's close tickets, right? 117 00:05:31,160 --> 00:05:33,880 Issue tickets, close tickets. I can measure success that way. 118 00:05:34,440 --> 00:05:38,520 But the real thing is, is like, is the actual cloud more secure 119 00:05:38,520 --> 00:05:41,280 at the end of the day, right? And I think, you know, even 120 00:05:41,280 --> 00:05:43,640 ourselves measuring ourselves as a customer needed a better way 121 00:05:43,640 --> 00:05:45,960 for that customer to get to that point faster. 122 00:05:46,640 --> 00:05:49,920 Sandia called this a sequel, and I think the best sequels are, 123 00:05:50,320 --> 00:05:53,480 you know, a lot of the same characters, but a new story. 124 00:05:53,760 --> 00:05:57,280 And you have a new story and it's you just announced this 125 00:05:57,280 --> 00:06:02,480 thing called the 1st, the first cloud permissions firewall, and 126 00:06:02,480 --> 00:06:05,880 by calling it the first it means nobody knows what it is. 127 00:06:06,160 --> 00:06:10,200 So can you tell us what is the first cloud permissions 128 00:06:10,200 --> 00:06:13,360 firewall? Yeah, there's a there was a lot 129 00:06:13,360 --> 00:06:15,360 of discussions about using the word firewall. 130 00:06:15,360 --> 00:06:18,880 Let me tell you, when we named this product there were it was 131 00:06:18,880 --> 00:06:23,240 definitely a triggering word for everybody for pro or for con for 132 00:06:23,240 --> 00:06:26,880 using this word. But we if you go back to that 133 00:06:26,880 --> 00:06:29,200 original problem where we say we're trying to fix this 100,000 134 00:06:29,200 --> 00:06:31,240 identities and we're fixing them one at a time. 135 00:06:32,080 --> 00:06:34,880 And customers, we, we actually said customers are struggling 136 00:06:34,880 --> 00:06:36,920 with this, right. If you didn't have a dedicated 137 00:06:36,920 --> 00:06:39,160 team helping you know a lot of times the ticket doesn't get 138 00:06:39,160 --> 00:06:41,360 fixed whatever it was and we said we have to flip this on its 139 00:06:41,360 --> 00:06:43,760 head. The problem is, is every you 140 00:06:43,760 --> 00:06:46,800 know, development team building a workload is free to create any 141 00:06:46,800 --> 00:06:49,400 identity they want with any set of permissions that they want. 142 00:06:49,400 --> 00:06:53,680 And across all three clouds you have like 4443 thousand 143 00:06:53,680 --> 00:06:56,280 permissions. There's like today and you think 144 00:06:56,280 --> 00:06:58,720 you know, do some relation back to firewalls, there's an awful 145 00:06:58,720 --> 00:07:01,560 lot of ports and a lot of lot of IP space that you have. 146 00:07:01,920 --> 00:07:05,000 And no one says, oh you can just have all the IP space in all of 147 00:07:05,000 --> 00:07:07,200 the ports. It's not how the world worked in 148 00:07:07,200 --> 00:07:08,720 networks. And so when we looked at the 149 00:07:08,720 --> 00:07:10,520 permission space, it wasn't terribly different than that. 150 00:07:10,520 --> 00:07:12,240 We were kind of letting the developers do anything they want 151 00:07:12,240 --> 00:07:15,760 and we said can was there a way to flip this on its head to 152 00:07:15,760 --> 00:07:19,800 create a default deny state And he said 43,000 permissions. 153 00:07:19,800 --> 00:07:22,280 Most of these things are insensitive, but there are some 154 00:07:22,280 --> 00:07:23,840 of them that are really sensitive, right? 155 00:07:23,840 --> 00:07:26,080 Like there are permissions in cloud that allow you to take, 156 00:07:26,080 --> 00:07:29,120 and this is one of my favorite ones, take the file system off 157 00:07:29,120 --> 00:07:32,440 of this running workload and make it a URL on the Internet so 158 00:07:32,440 --> 00:07:34,680 that you can share it somewhere. It's like who thought that was a 159 00:07:34,680 --> 00:07:37,960 good idea, But it exists in these clouds and so there's 160 00:07:37,960 --> 00:07:40,440 certain permissions that are super sensitive and how do you 161 00:07:40,440 --> 00:07:44,120 put those in that deny state? The other thing we did to kind 162 00:07:44,120 --> 00:07:48,000 of prove that this was a real benefit in doing it was we 163 00:07:48,000 --> 00:07:50,960 measured like out of everything that has these sensitive 164 00:07:50,960 --> 00:07:54,800 permissions in cloud, how many of them actually used them that 165 00:07:54,800 --> 00:07:57,720 were granted them. And this is what got to be super 166 00:07:57,720 --> 00:08:01,760 interesting, Found out that only like between 5 and 10% of the 167 00:08:01,760 --> 00:08:05,040 identities that had them ever used them across all of our 168 00:08:05,040 --> 00:08:06,360 customers. You know, you're just talking, I 169 00:08:06,360 --> 00:08:09,160 don't know, millions, hundreds of millions of identities, 170 00:08:09,160 --> 00:08:13,800 whatever it is, don't use these. So why is it that we're giving 171 00:08:13,800 --> 00:08:15,360 them to everybody but no one's using them? 172 00:08:15,480 --> 00:08:18,640 And so said, look, there's a way to do this where we can flip the 173 00:08:18,640 --> 00:08:21,640 model on its head. We can make this like a firewall 174 00:08:21,640 --> 00:08:25,640 with a default deny state. But the again, so now the 175 00:08:25,640 --> 00:08:28,560 problems start. If we do that and then someone 176 00:08:28,560 --> 00:08:31,600 needs the permission building a brand new workload that's never 177 00:08:31,600 --> 00:08:33,960 existed before, how are we going to give it to them and not screw 178 00:08:33,960 --> 00:08:37,720 up their work day? And so it's interesting, we used 179 00:08:37,720 --> 00:08:40,880 all cloud native stuff for this. There's no in the firewall 180 00:08:40,880 --> 00:08:44,280 itself, There's no like proxy, There's no, you know, jump box. 181 00:08:44,280 --> 00:08:46,760 There's none of those things. It's all cloud native and it's 182 00:08:46,760 --> 00:08:49,960 programmed cloud natively. But it puts this deny at the top 183 00:08:49,960 --> 00:08:51,320 for the really sensitive permissions. 184 00:08:52,320 --> 00:08:55,880 Everything that needed them from the previous history has access 185 00:08:55,880 --> 00:08:59,240 to them, however, and that's only 5% of the things that were 186 00:08:59,240 --> 00:09:02,560 granted them. And on day two, what happens is 187 00:09:02,560 --> 00:09:06,360 as soon as somebody trips the wire and tries to use one that 188 00:09:06,360 --> 00:09:08,080 never, you know, they never did it before. 189 00:09:08,080 --> 00:09:09,800 But today it happened. And maybe it's a Terraform 190 00:09:09,800 --> 00:09:12,720 script, you know, deploying some infrastructure, maybe it's a 191 00:09:12,720 --> 00:09:15,160 Jeff just trying to, you know, build a crypto miner in the 192 00:09:15,160 --> 00:09:17,760 cloud. Whatever it is, it happens. 193 00:09:17,920 --> 00:09:20,960 They trip this wire and immediately in whatever they use 194 00:09:20,960 --> 00:09:23,440 for chat OPS could be Slack, could be teams, whatever it is 195 00:09:23,880 --> 00:09:26,360 they get in the team that's responsible for that area gets a 196 00:09:26,360 --> 00:09:27,920 notification saying this just happened. 197 00:09:27,920 --> 00:09:31,120 We want to give Jeff access to go and do that sensitive thing. 198 00:09:31,400 --> 00:09:34,720 They hit approve. Jeff gets notified and literally 199 00:09:34,720 --> 00:09:36,960 within one minute they now have access to that sensitive 200 00:09:36,960 --> 00:09:40,560 permission. But it leaves that 95% space 201 00:09:41,080 --> 00:09:44,040 basically never used and never granted and it. 202 00:09:44,680 --> 00:09:45,920 So it's a completely different model. 203 00:09:45,920 --> 00:09:49,120 And So what happens is, is that you kind of learn the history. 204 00:09:49,640 --> 00:09:52,960 You put these firewall controls. They're not actually firewall 205 00:09:52,960 --> 00:09:54,240 controls. They're using, you know, in 206 00:09:54,240 --> 00:09:56,960 Amazon, it's SCP and Google, it's the deny bindings. 207 00:09:56,960 --> 00:09:58,280 There's these other ways of doing it. 208 00:09:58,520 --> 00:10:01,000 It puts these controls in place to create this default deny 209 00:10:01,000 --> 00:10:03,640 scenario. And then immediately after that 210 00:10:03,640 --> 00:10:05,600 goes into this permissions on demand model. 211 00:10:05,720 --> 00:10:10,880 And so you have this immediate contraction of this risk value. 212 00:10:10,880 --> 00:10:13,240 And so now you think about the summary platform measuring risk. 213 00:10:13,760 --> 00:10:17,360 You all of a sudden go from the 75 risk to A50 risk literally in 214 00:10:17,360 --> 00:10:19,760 five days and you want to talk about success. 215 00:10:19,760 --> 00:10:21,920 You know, people can measure that and say, wow, I actually 216 00:10:21,920 --> 00:10:26,120 made a difference in a few days. So again, triggering word again, 217 00:10:26,120 --> 00:10:27,880 love to hear your guys's opinion on it, right. 218 00:10:27,880 --> 00:10:29,800 You know, is firewall the right word for this or not? 219 00:10:30,760 --> 00:10:34,160 You know, we, we said one time, you know, firewalls weren't 220 00:10:34,160 --> 00:10:35,800 embedded for networks. We think of them that way 221 00:10:35,800 --> 00:10:37,800 because we came from that world. But there was a firewall in my 222 00:10:37,800 --> 00:10:39,320 PAN. There was one in an apartment 223 00:10:39,320 --> 00:10:40,760 building between 2:00. You know what I mean? 224 00:10:40,760 --> 00:10:43,760 Like firewalls are not unique to networks, but we as 225 00:10:43,760 --> 00:10:46,320 technologists think about them as a network thing, right? 226 00:10:46,320 --> 00:10:48,200 So again, it's it is this bit of a triggering word. 227 00:10:48,200 --> 00:10:50,160 Love to hear your opinions, what you think, good or bad? 228 00:10:50,320 --> 00:10:54,320 The last point was was spot on. So point number one, you may 229 00:10:54,320 --> 00:10:56,880 know Jeff better than he knows himself. 230 00:10:58,000 --> 00:10:59,520 You know, building a crypto miner. 231 00:10:59,520 --> 00:11:02,440 If he was a hacker, I could totally see him doing that. 232 00:11:02,920 --> 00:11:05,080 All right. Second thing is I'd love that 233 00:11:05,080 --> 00:11:09,240 default deny as a starting point because even when you were 234 00:11:09,240 --> 00:11:11,280 asking like is firewall the right term. 235 00:11:11,560 --> 00:11:15,480 I've seen you back to my networking days and it was the 236 00:11:15,520 --> 00:11:20,320 the death rule on a firewall was allow any to any right. 237 00:11:20,320 --> 00:11:24,200 You remember that does that trigger something And then it 238 00:11:24,200 --> 00:11:27,400 was like the smart firewall people knew that it was the 239 00:11:27,400 --> 00:11:33,400 default rule had to be deny any to any you know and then you 240 00:11:33,400 --> 00:11:37,240 start allowing things rather than working in reverse of allow 241 00:11:37,240 --> 00:11:39,520 any to any and start blocking from there. 242 00:11:39,520 --> 00:11:44,520 So to me it, yeah, it it's sensical. 243 00:11:44,520 --> 00:11:47,240 I like the word firewall. I don't, I don't have a problem 244 00:11:47,240 --> 00:11:48,880 with it. Jeff, do you have anything on 245 00:11:48,880 --> 00:11:51,120 that? No, I think it's, I think it's 246 00:11:51,120 --> 00:11:52,720 appropriate. You know if you're asking me, 247 00:11:52,720 --> 00:11:54,640 I'm in a marketing meeting. I'm always trying to find with 248 00:11:54,640 --> 00:11:57,080 funny names I would think of like you know the cloud 249 00:11:57,080 --> 00:11:59,320 permission ban hammer or something like that. 250 00:12:00,200 --> 00:12:02,520 You know, I'm looking, I'm looking at like Reddit or things 251 00:12:02,520 --> 00:12:05,080 like that to have fun with it and that's why they don't look 252 00:12:05,080 --> 00:12:07,600 at me to to name things. That's they don't. 253 00:12:07,720 --> 00:12:08,960 I don't get the name stuff either. 254 00:12:08,960 --> 00:12:11,280 You know we had a code name of it called Purple for the whole 255 00:12:11,280 --> 00:12:12,920 time it was. It's still really hard to get 256 00:12:12,920 --> 00:12:14,800 that on my head. I may call it Purple sometime 257 00:12:14,800 --> 00:12:17,880 today during this call. But it, you know, it's it's good 258 00:12:17,880 --> 00:12:19,440 to have code names. It's good to have unnames. 259 00:12:19,440 --> 00:12:20,640 Too. That's a good little tidbit for 260 00:12:20,640 --> 00:12:21,680 people who are listening. Right. 261 00:12:21,680 --> 00:12:23,320 Hey, show me, show me your purple. 262 00:12:23,440 --> 00:12:25,040 Oh, Sandy's going to know what that means. 263 00:12:25,040 --> 00:12:26,720 I don't know anyone else. So maybe it might be weird if 264 00:12:26,720 --> 00:12:29,000 you take something else. But that could be a way to 265 00:12:29,000 --> 00:12:31,200 approach it. I do want to get into this a 266 00:12:31,200 --> 00:12:32,720 little bit. I know that you we're going to 267 00:12:32,720 --> 00:12:35,960 try something a little bit different here and look at it on 268 00:12:35,960 --> 00:12:38,840 an audio podcast and we're going to try our best to kind of step 269 00:12:38,840 --> 00:12:42,400 through it. But the goal here is to see it 270 00:12:42,400 --> 00:12:46,120 in action so that Jim and I can ask some questions but also 271 00:12:46,360 --> 00:12:48,960 encourage people. You know go to the website and 272 00:12:48,960 --> 00:12:51,160 if you want to check out this and other things you can go to 273 00:12:51,520 --> 00:12:58,800 sunri.co slash IDACSONRA, i.co/IDAC and you can actually 274 00:12:58,800 --> 00:13:01,400 see the demo there and try it out and and so forth. 275 00:13:01,400 --> 00:13:03,760 We'll talk about that a little bit, but I think maybe the talk 276 00:13:03,760 --> 00:13:07,720 track of us and you showing it to us for the first time would 277 00:13:07,720 --> 00:13:10,040 be helpful for us to ask questions and hopefully people 278 00:13:10,040 --> 00:13:13,560 find it valuable out there. See Internet First, an audio 279 00:13:13,560 --> 00:13:16,120 only demo. Of a of a visual. 280 00:13:16,120 --> 00:13:19,480 Concept yeah we're we're all about first you know we were the 281 00:13:19,480 --> 00:13:21,880 first sponsor Pocket. Now we're going to try the first 282 00:13:22,160 --> 00:13:26,040 you know visual, audio only demos and we'll we'll see how 283 00:13:26,040 --> 00:13:28,440 this works out. I think we're we're going to try 284 00:13:28,440 --> 00:13:31,840 to be somewhat descriptive if all has worked well in the audio 285 00:13:31,840 --> 00:13:34,560 world. You can see my stuff, though 286 00:13:34,560 --> 00:13:36,640 Jeff and Jim correct. You can actually see a screen. 287 00:13:36,640 --> 00:13:38,040 Yes, can. So I see a let's. 288 00:13:38,040 --> 00:13:40,000 See a dashboard. Yeah, I see the interface. 289 00:13:40,000 --> 00:13:42,040 I see. Let's see a few different 290 00:13:42,040 --> 00:13:43,800 metrics here. So talking about sort of like 291 00:13:43,800 --> 00:13:47,960 how you measure success, right? 3.1000 IM users and roles with 292 00:13:47,960 --> 00:13:49,640 excessive privilege, that sounds bad. 293 00:13:49,760 --> 00:13:53,000 How do we fix that? Over 1100 zombies? 294 00:13:53,000 --> 00:13:56,360 That sounds even worse. So yeah, walk us through what 295 00:13:56,360 --> 00:13:58,880 we're looking at here. Look we're we're going to do it. 296 00:13:58,880 --> 00:14:01,600 So you kind of getting it right at the top of the interface. 297 00:14:01,600 --> 00:14:04,960 There are these great statistics in four areas that you know 298 00:14:04,960 --> 00:14:07,960 we're we're going to, we're going to look at and you know 299 00:14:07,960 --> 00:14:10,520 the most complex one is kind of that first one you you talked 300 00:14:10,520 --> 00:14:14,080 about where you have some number of identities that have been 301 00:14:14,080 --> 00:14:17,320 granted these really sensitive permissions and then you know 302 00:14:17,440 --> 00:14:19,400 they're not using them. So we should take it away. 303 00:14:19,560 --> 00:14:22,440 And there's, there's these great buttons underneath of them that 304 00:14:22,440 --> 00:14:25,760 people can't see, but you guys can see called like protect 305 00:14:25,760 --> 00:14:28,080 identities or quarantined zombies. 306 00:14:28,560 --> 00:14:31,440 And you know, those ones are actually quite useful. 307 00:14:31,440 --> 00:14:34,000 But we even do things, simple things like regions. 308 00:14:34,000 --> 00:14:35,640 And so if you come all the way over to this side of the 309 00:14:35,640 --> 00:14:39,560 interface, you know, if you're not using certain regions, you 310 00:14:39,560 --> 00:14:42,800 can actually just come in, click one or click disable these 311 00:14:42,800 --> 00:14:45,160 regions and we will actually disable those regions. 312 00:14:45,160 --> 00:14:49,680 Or if you have unused services, we can show you the services 313 00:14:49,680 --> 00:14:53,120 that you're not using and you know you can disable those. 314 00:14:53,760 --> 00:14:55,840 This is the thing that's really interesting with these cloud 315 00:14:55,840 --> 00:14:59,480 providers though. Like every one of them has 300 316 00:14:59,480 --> 00:15:03,600 unique services, but any given account or project that you're 317 00:15:03,600 --> 00:15:07,040 working on probably only uses 20 or 30 of them. 318 00:15:07,880 --> 00:15:10,240 And there's a whole bunch of dormant permissions in them that 319 00:15:10,280 --> 00:15:13,600 are not being used that are latent that if when Jeff breaks 320 00:15:13,600 --> 00:15:16,480 into uses crypto miner, you know, maybe you've never used 321 00:15:16,480 --> 00:15:19,240 Lambda before, but Jeff can use Lambda to prank that thing, 322 00:15:19,240 --> 00:15:21,360 right? And so we want to try to reduce 323 00:15:21,360 --> 00:15:24,920 that attack surface, you know, as we can through some of these. 324 00:15:25,160 --> 00:15:29,600 And there's there's obvious Security benefits to that. 325 00:15:29,600 --> 00:15:34,240 But is it the potential cost savings to say, OK, we have all 326 00:15:34,240 --> 00:15:36,680 these unused services, let's make sure we're not paying for 327 00:15:36,680 --> 00:15:39,440 them? I I think there is now. 328 00:15:39,440 --> 00:15:42,640 I always I always remind myself, you know you have to solve the 329 00:15:42,640 --> 00:15:45,320 use cases you build stuff for and not try to make it too wide, 330 00:15:45,320 --> 00:15:47,280 because then things get complicated for a while. 331 00:15:47,280 --> 00:15:50,440 Do you solve this use case for cost and you solve this one, But 332 00:15:50,440 --> 00:15:54,200 there's no doubt that, and this is the regions and the services 333 00:15:54,200 --> 00:15:56,960 are exactly as you're saying, Jim, are the ones that 334 00:15:57,000 --> 00:15:58,760 accidental things happen in, right? 335 00:15:58,760 --> 00:16:02,360 Like, I think AWS intentionally makes it so that if you 336 00:16:02,360 --> 00:16:05,000 accidentally spin something up in a region that you don't use, 337 00:16:05,000 --> 00:16:06,560 you never see it again. And. 338 00:16:06,560 --> 00:16:08,560 But it shows up on the bill every month at the end of the 339 00:16:08,560 --> 00:16:11,200 month, right. And you know, the same thing 340 00:16:11,200 --> 00:16:13,640 with services. Oh, I was experimenting using, I 341 00:16:13,640 --> 00:16:16,880 remember this very well from our own sales engineering team. 342 00:16:17,360 --> 00:16:19,640 You know some customer wanted to test something with that. 343 00:16:19,800 --> 00:16:22,080 It was called a hyperscaler in Azure. 344 00:16:22,440 --> 00:16:24,560 So they dropped one into the account and of course it ran the 345 00:16:24,560 --> 00:16:25,560 demo account for a couple of other. 346 00:16:25,560 --> 00:16:28,800 And I think the thing started at like $1000 a month, right. 347 00:16:29,160 --> 00:16:32,440 And you know, until we caught it on the bill much later, you 348 00:16:32,440 --> 00:16:34,000 know, no one even knew that was happening. 349 00:16:34,000 --> 00:16:36,600 So absolutely there's a cost benefit there, Not our main 350 00:16:36,600 --> 00:16:39,800 target market by any means, but certainly it's going to help in 351 00:16:39,800 --> 00:16:45,000 those, in those areas so. So as I look at the interface 352 00:16:45,000 --> 00:16:48,720 here, yeah, so I look at the interface here, I'm, I'm seeing 353 00:16:48,720 --> 00:16:51,640 a list of services, right? So EC2 and this, these look like 354 00:16:51,720 --> 00:16:54,920 AWS type things, right? EC2, Cognito, Alexa for 355 00:16:54,920 --> 00:16:57,480 Business. And you've got different 356 00:16:57,480 --> 00:17:01,040 categories across the type, account usage things say like 4 357 00:17:01,040 --> 00:17:04,680 out of 10, a sensitive access of 15, the sensitive permissions of 358 00:17:04,680 --> 00:17:07,200 eight. And then you've got a status 359 00:17:07,200 --> 00:17:09,359 column that says, well, there's a couple of them, but 360 00:17:09,400 --> 00:17:13,119 unprotected, partially protected, disabled, pending, 361 00:17:13,440 --> 00:17:15,760 and then protected. And then there's like a little 362 00:17:15,760 --> 00:17:18,359 button over the right that says protect, which looks like it's 363 00:17:18,359 --> 00:17:20,640 for things that have not yet been protected maybe or 364 00:17:20,640 --> 00:17:23,119 disabled. Can you walk me through kind of 365 00:17:23,119 --> 00:17:27,040 left to right what we're seeing and what those figures and data 366 00:17:27,040 --> 00:17:30,040 mean? Yeah, we wanted to make sure 367 00:17:30,040 --> 00:17:34,680 that we could break these kind of default denies up in a way 368 00:17:34,680 --> 00:17:38,720 where when you enable things, groups of things came back 369 00:17:38,720 --> 00:17:41,280 'cause if you're, and I use the example, if you're going to 370 00:17:41,280 --> 00:17:44,920 update security group rules, you're probably going to do 371 00:17:44,920 --> 00:17:46,400 something with subnets as well, right? 372 00:17:46,400 --> 00:17:49,160 There's, there's, there's these things that go together kind of 373 00:17:49,160 --> 00:17:50,880 when you start to do them. And so it wanted to group them. 374 00:17:50,880 --> 00:17:53,680 So you have the service as an example, you may have EC2 or the 375 00:17:53,680 --> 00:17:56,680 IM service and it will have a group of these sensitive 376 00:17:56,680 --> 00:18:00,000 permissions associated with it. And so you probably want to 377 00:18:00,000 --> 00:18:02,280 protect all of those at once because the types of identities 378 00:18:02,280 --> 00:18:06,680 that accidentally get granted EC2 star have all of the 379 00:18:06,680 --> 00:18:09,720 permissions, but again, very few of them need them. 380 00:18:09,720 --> 00:18:11,760 But the ones that need them probably need more than one, 381 00:18:11,760 --> 00:18:14,320 right. And so we kind of group those up 382 00:18:14,640 --> 00:18:17,760 the the sensitive, you know, you've got this kind of, you 383 00:18:17,760 --> 00:18:19,960 know, sensitive permissions call and kind of tells you how many 384 00:18:19,960 --> 00:18:24,080 in that service, you know, have sensitive or how many sensitive 385 00:18:24,080 --> 00:18:27,160 permissions are in that service. And we did a lot of work on 386 00:18:27,160 --> 00:18:29,240 this. This is where you know, we spent 387 00:18:29,240 --> 00:18:32,400 time. Again, if you know enough about 388 00:18:32,480 --> 00:18:35,160 AWS, as an example, an SCP space, it's limited. 389 00:18:35,280 --> 00:18:37,560 You can't write SCPS that are massive. 390 00:18:37,560 --> 00:18:39,800 There's all these limits you run into in terms of the size of the 391 00:18:39,800 --> 00:18:42,040 SCP and how many you can have and all these things. 392 00:18:42,600 --> 00:18:44,560 And so we had to be pretty selective about what we are 393 00:18:44,560 --> 00:18:46,120 putting into those sensitive permissions. 394 00:18:46,960 --> 00:18:50,240 And so we did all this work on, you know is this thing really 395 00:18:50,240 --> 00:18:52,800 sensitive or not. And I, you know we got lots of 396 00:18:52,800 --> 00:18:56,200 examples that way. And so again each one of those, 397 00:18:56,200 --> 00:18:57,840 that's how many sensitive services you have and then you 398 00:18:57,840 --> 00:19:01,600 have how many identities have access to that in those 399 00:19:01,600 --> 00:19:03,120 sensitive services. And we can drill in. 400 00:19:03,120 --> 00:19:05,360 We may do that in a minute. We'll drill in a little bit 401 00:19:05,360 --> 00:19:08,600 deeper in a few of these, but that will tell you you know out 402 00:19:08,600 --> 00:19:13,200 of the 75 that have access how many really use it 234 you may 403 00:19:13,360 --> 00:19:15,760 we'll drill into that in a minute and then when you hit 404 00:19:15,760 --> 00:19:19,480 that protect button, it doesn't actually protect instantly. 405 00:19:19,480 --> 00:19:22,320 What happens is you click protect and it stages the 406 00:19:22,440 --> 00:19:25,520 changes into like a pending changes state and that's why you 407 00:19:25,520 --> 00:19:27,360 see that disabled pending, right. 408 00:19:27,360 --> 00:19:30,040 So if somebody's made a a change, they put it into that 409 00:19:30,040 --> 00:19:33,160 mode. What we actually do is we build 410 00:19:33,160 --> 00:19:36,880 up this piece of infrastructure as code that actually deploys 411 00:19:36,880 --> 00:19:40,440 all the cloud native mechanisms for you that actually implement 412 00:19:40,440 --> 00:19:42,920 this firewall. And I think that's so important 413 00:19:42,920 --> 00:19:46,040 because it's not like we wanted to be in the middle of you know 414 00:19:46,040 --> 00:19:49,200 the the cloud intercepting every API call. 415 00:19:49,840 --> 00:19:52,400 We actually wanted to use the cloud native mechanisms that 416 00:19:52,400 --> 00:19:55,200 they've given you for putting these things in place and 417 00:19:55,200 --> 00:19:56,760 utilizing those. So what we've done is 418 00:19:56,760 --> 00:19:59,560 programmatically created that piece of infrastructure as code, 419 00:20:00,120 --> 00:20:03,080 you as the customer then go and deploy that and so. 420 00:20:04,000 --> 00:20:06,480 It's a way that you can kind of test this in one area of the 421 00:20:06,480 --> 00:20:09,240 network, should call it a network. 422 00:20:09,240 --> 00:20:11,520 We're now right into the firewall world, one area of the 423 00:20:11,520 --> 00:20:13,840 cloud and account, you know, a project that you're working on, 424 00:20:13,840 --> 00:20:15,440 you can protect it there and do that. 425 00:20:15,800 --> 00:20:18,600 And so that's kind of all the calls we may drill into one in a 426 00:20:18,600 --> 00:20:22,200 minute, you know, and then you know, we can go from there. 427 00:20:22,440 --> 00:20:26,640 Again, I love those zombies and I I wanted to show you guys this 428 00:20:26,640 --> 00:20:28,160 thing on zombies 'cause I think it's pretty neat. 429 00:20:29,040 --> 00:20:34,360 Just like the services we can find every identity that's 430 00:20:34,360 --> 00:20:37,920 basically unused, We use 90 days to start, you know? 431 00:20:37,960 --> 00:20:39,960 Again, some people may want it to be longer. 432 00:20:40,080 --> 00:20:42,200 We can have a big long discussion about how long 433 00:20:42,400 --> 00:20:44,640 something has to be unused for before you think it's unused. 434 00:20:45,840 --> 00:20:48,000 But what's neat about this is we can take every account, every 435 00:20:48,000 --> 00:20:50,240 project, every subscription, and we can tell you in there like 436 00:20:50,240 --> 00:20:54,240 what identities are unused. And when you actually click the 437 00:20:54,400 --> 00:20:59,440 quarantine button, we don't actually delete those identities 438 00:20:59,440 --> 00:21:02,040 at all. What we do is we basically short 439 00:21:02,040 --> 00:21:04,880 circuit their permissions so that they can't use any of them 440 00:21:04,880 --> 00:21:08,560 anymore. And why we do that is is again 441 00:21:08,560 --> 00:21:10,880 back to history after years of doing this with customers. 442 00:21:10,880 --> 00:21:13,960 What we discovered was people were scared to delete this stuff 443 00:21:14,560 --> 00:21:17,720 because what happens is, is that maybe they have a a process that 444 00:21:17,720 --> 00:21:20,520 runs every year and it does something or they have a 445 00:21:20,560 --> 00:21:23,440 infrequently used device and they've used something in their 446 00:21:23,440 --> 00:21:27,000 cloud to configure it. But if you delete that identity 447 00:21:27,440 --> 00:21:29,440 and then you have to put it back, you don't know what 448 00:21:29,440 --> 00:21:31,760 permissions it needs. You don't need what the don't 449 00:21:31,760 --> 00:21:32,960 know what the identity was called. 450 00:21:32,960 --> 00:21:35,520 Maybe that's connected to a resource policy so you can't put 451 00:21:35,520 --> 00:21:38,520 it back the way it was. Maybe it had an access access 452 00:21:38,520 --> 00:21:42,160 key, and I hope you didn't do this, but you hard coded the 453 00:21:42,160 --> 00:21:45,160 access key in your code and now if you've deleted that key 454 00:21:45,160 --> 00:21:47,520 material, you're going to have to generate a new one and then 455 00:21:47,520 --> 00:21:49,720 you know, have somebody fix the code before the thing would work 456 00:21:49,720 --> 00:21:51,640 yet. And so we had this scenario with 457 00:21:51,640 --> 00:21:53,480 zombies where people just wouldn't delete them. 458 00:21:53,480 --> 00:21:56,440 And you know, this is a a great demo environment. 459 00:21:56,440 --> 00:22:00,840 We look at this, but we had customers that have 10s of 460 00:22:00,880 --> 00:22:03,880 thousands of unused identities sitting in their cloud and they 461 00:22:03,880 --> 00:22:05,880 won't delete any of them because of the sphere. 462 00:22:06,280 --> 00:22:07,640 And we think this is a better way. 463 00:22:07,720 --> 00:22:11,040 We can basically clamp them down and say you cannot do anything 464 00:22:11,040 --> 00:22:14,560 with this identity. But if you do come to the point 465 00:22:14,560 --> 00:22:18,000 that you need to and we see it try to wake up, it gets a deny 466 00:22:18,000 --> 00:22:21,440 for the first time in seven months, send the team a message 467 00:22:21,440 --> 00:22:24,040 saying do you want to reanimate the zombie? 468 00:22:24,480 --> 00:22:26,880 You can reanimate it and the thing comes back to life with 469 00:22:26,880 --> 00:22:30,320 exactly the same permissions it had, exactly the same access key 470 00:22:30,320 --> 00:22:31,840 it had. All of those things are still in 471 00:22:31,840 --> 00:22:33,560 town. So you know, I love the zombie 472 00:22:33,560 --> 00:22:35,280 story. Again, curious what you guys 473 00:22:35,280 --> 00:22:37,720 think about that. But it it really is a way to 474 00:22:37,720 --> 00:22:40,760 kind of clamp down a lot of this risk pretty fast. 475 00:22:40,760 --> 00:22:42,280 It's. In these environments, it's 476 00:22:42,280 --> 00:22:44,160 super cool. I hope that instead of 477 00:22:44,160 --> 00:22:46,400 reactivate, it just says reanimate zombie. 478 00:22:47,240 --> 00:22:50,000 There's there's a there's my marketing for you on that. 479 00:22:50,200 --> 00:22:51,560 I want to go back to a couple things. 480 00:22:51,560 --> 00:22:54,920 You you you pointed out, you mentioned, and I wanna make sure 481 00:22:54,920 --> 00:22:58,040 I heard it right. If I click protect to do 482 00:22:58,040 --> 00:22:59,800 something, you're not actually do anything. 483 00:22:59,800 --> 00:23:02,520 You you mentioned you're staging a change and that you're using 484 00:23:02,520 --> 00:23:08,080 native infrastructure basically as code to stage that change. 485 00:23:08,360 --> 00:23:11,960 Does that mean I can as an engineer look at that code and 486 00:23:11,960 --> 00:23:13,840 inspect it and make sure everything looks OK? 487 00:23:13,840 --> 00:23:16,400 The way I can double check it and have that level of 488 00:23:16,400 --> 00:23:20,280 transparency it it's exactly true and we. 489 00:23:20,880 --> 00:23:23,560 We did it this way again, we had a bunch of design part. 490 00:23:23,560 --> 00:23:26,080 We've been working on this for, I don't know, nine months, maybe 491 00:23:26,080 --> 00:23:28,200 a year now. And we've had all these design 492 00:23:28,200 --> 00:23:30,600 partners all on the path with us that have been kind of helping 493 00:23:30,600 --> 00:23:33,640 us with this. And what we found was the 494 00:23:33,680 --> 00:23:36,200 editing. These parts of the cloud are 495 00:23:36,200 --> 00:23:39,440 super sensitive, like SCPS at Amazon are a great way to break 496 00:23:39,440 --> 00:23:40,840 something. You know if you deny everything, 497 00:23:40,840 --> 00:23:42,640 all of a sudden you can't do anything in your whole cloud, 498 00:23:42,640 --> 00:23:44,120 right? Or if you create a deny by any 499 00:23:44,120 --> 00:23:45,720 GCP, it, it overrides everything. 500 00:23:45,720 --> 00:23:49,200 So basically the customers are like, you know this is a super 501 00:23:49,200 --> 00:23:51,400 sensitive thing for us. We don't want a third party 502 00:23:51,400 --> 00:23:54,280 vendor like Sundry having direct access to going to change these 503 00:23:54,280 --> 00:23:57,400 things. And some of them had really 504 00:23:57,400 --> 00:24:01,040 strict policies that said, OK, all of our changes to this part 505 00:24:01,040 --> 00:24:04,760 of the cloud must be checked into GitHub, they must be PR Ed 506 00:24:04,960 --> 00:24:08,160 and then they must be deployed using some mechanism they had. 507 00:24:08,840 --> 00:24:11,960 And so we set it up this way so that when you do that, you know, 508 00:24:12,040 --> 00:24:16,120 set of pending changes, you can actually get this template, you 509 00:24:16,120 --> 00:24:18,960 can check it into GitHub if you want, you can, you know have APR 510 00:24:18,960 --> 00:24:22,240 on it, somebody can inspect every line of that code and then 511 00:24:22,240 --> 00:24:24,520 go and deploy it into the cloud and make it active. 512 00:24:24,520 --> 00:24:27,200 And so we separated the permissions of the product being 513 00:24:27,200 --> 00:24:30,440 able to actually go in and make the changes versus automating 514 00:24:30,440 --> 00:24:32,640 how that gets done for the customer to go do it. 515 00:24:33,040 --> 00:24:37,320 And it was it was where all the design partners settled with a 516 00:24:37,320 --> 00:24:39,400 good experience, right. You know, there's a few of them. 517 00:24:39,400 --> 00:24:40,760 That said, I just want a button to press. 518 00:24:40,880 --> 00:24:43,160 OK, well, you can automate the button and make it pressable if 519 00:24:43,160 --> 00:24:45,040 you want. But for the people that wanted 520 00:24:45,040 --> 00:24:48,480 those checks and balances, it was a great intermediary for 521 00:24:48,480 --> 00:24:54,520 doing that. So, yeah, all right, let me show 522 00:24:54,520 --> 00:24:56,800 you guys a couple other things. I'm going to, I'm going to skip 523 00:24:56,800 --> 00:25:00,840 ahead here a little bit and I'm going to, I'm going to show what 524 00:25:00,840 --> 00:25:03,160 it looks like when you get into one of those individual 525 00:25:03,160 --> 00:25:05,160 services. And it's the first time, by the 526 00:25:05,160 --> 00:25:06,480 way, we have light mode and dark. 527 00:25:06,480 --> 00:25:09,480 Mode, which again you guys are. Thank you, thank you, thank you. 528 00:25:09,560 --> 00:25:11,640 Dark mode should be the default everywhere. 529 00:25:12,040 --> 00:25:13,640 And that is a hill. I will Zion. 530 00:25:14,440 --> 00:25:16,720 You know Zion, Yeah, we had, we definitely have developers that 531 00:25:16,720 --> 00:25:18,720 are in the same hill as you and then we have a few of our 532 00:25:18,720 --> 00:25:21,160 support guys that like Light Mode, so it's a weird, you know. 533 00:25:21,280 --> 00:25:23,160 So much easier on your eyes, especially at night. 534 00:25:23,320 --> 00:25:25,360 You have this, you know nobody likes just layering light 535 00:25:25,360 --> 00:25:27,320 screen. At least you know a dark. 536 00:25:27,320 --> 00:25:30,400 Ray, can you notice? We can talk about this on this 537 00:25:30,400 --> 00:25:32,520 podcast. You notice we snuck the purple 538 00:25:32,520 --> 00:25:34,400 color into the cloud, which is Firewall. 539 00:25:34,440 --> 00:25:35,560 Yeah, yeah, yeah. Yeah. 540 00:25:35,720 --> 00:25:36,880 It's all about branding name somehow. 541 00:25:36,880 --> 00:25:41,160 Yeah, exactly like so. Everybody uses. 542 00:25:41,320 --> 00:25:43,080 There's certain services you can't turn off, right? 543 00:25:43,080 --> 00:25:44,760 So it's nice to talk about unused services. 544 00:25:44,760 --> 00:25:49,280 But then like if we go into EC2 as an example, every account's 545 00:25:49,280 --> 00:25:51,920 probably going to use those and you know you'll have some set of 546 00:25:51,920 --> 00:25:54,160 sensitive permissions with it. But when you look at an 547 00:25:54,160 --> 00:25:58,120 individual account, we could actually find automatically the 548 00:25:58,160 --> 00:26:03,520 identities that are using that. And so this is an exam. 549 00:26:03,520 --> 00:26:06,560 This happens to be an AWS reserved SSO role that's using, 550 00:26:06,560 --> 00:26:08,760 you know, in this particular case, one of those those 551 00:26:08,760 --> 00:26:12,000 sensitive permissions. But you can actually look at 552 00:26:12,000 --> 00:26:15,080 every service individually and see everything that is using 553 00:26:15,080 --> 00:26:18,120 them versus you know what you know has access to it. 554 00:26:18,120 --> 00:26:19,840 And so I think it's an interesting way you think about 555 00:26:19,840 --> 00:26:22,280 that first screen with like 75 identities and then you come in 556 00:26:22,280 --> 00:26:25,480 and you find out there's really only 5 using it or 10 using it. 557 00:26:26,120 --> 00:26:30,560 You really are compressing that open space of of permissions 558 00:26:30,560 --> 00:26:32,720 that you have very, very quickly. 559 00:26:32,920 --> 00:26:37,440 So anyway, just another neat part of the product in in that 560 00:26:37,440 --> 00:26:39,040 side. I know we've been looking at a 561 00:26:39,040 --> 00:26:43,360 lot of AWS resources. I guess from a capability 562 00:26:43,360 --> 00:26:46,760 standpoint, is it similar for both Azure and for GCP? 563 00:26:46,760 --> 00:26:48,720 Are there differences in functionality? 564 00:26:49,600 --> 00:26:54,840 There, there we tried to make it as close to the same experience 565 00:26:54,840 --> 00:26:59,120 as possible in all three clouds. I will say there's this, and I 566 00:26:59,120 --> 00:27:02,040 think we may have talked about this on the first podcast we 567 00:27:02,040 --> 00:27:07,160 did. AWS and GCP are deny first 568 00:27:07,160 --> 00:27:12,040 models, so when you put a deny anywhere's on an identity, it's 569 00:27:12,040 --> 00:27:13,960 denied to do whatever that permission is. 570 00:27:14,840 --> 00:27:18,480 No matter how many allows you give it, you can never override 571 00:27:18,480 --> 00:27:21,400 that. Deny Azure is not that case. 572 00:27:21,720 --> 00:27:25,200 Azure is an allow first model which you can put as many denies 573 00:27:25,200 --> 00:27:28,360 into Azure as you want. But if there's one thing that 574 00:27:28,360 --> 00:27:31,320 says rather through an inherited entitlement or a direct 575 00:27:31,320 --> 00:27:34,440 entitlement, if it says that you can do it, then you can do it. 576 00:27:34,680 --> 00:27:39,480 And so we had to change the experience just slightly for 577 00:27:39,480 --> 00:27:45,000 Azure because unlike AWS and GCP where truly it was a centralized 578 00:27:45,000 --> 00:27:47,280 control at the top that we just said, you know, clamp this down 579 00:27:47,280 --> 00:27:51,040 and deny it, in Azure we had to actually do some fiddling with 580 00:27:51,040 --> 00:27:54,600 the real policies that people were using to change them from 581 00:27:54,600 --> 00:27:57,000 and allow to deny in that scenario. 582 00:27:57,400 --> 00:28:00,080 But we were able to actually, again, infrastructures code's 583 00:28:00,080 --> 00:28:02,680 amazing, we were able to actually write the state into 584 00:28:02,680 --> 00:28:07,440 the the RBAC assignments that we were doing to keep it a similar 585 00:28:07,440 --> 00:28:09,240 experience. It looks the same when you're 586 00:28:09,240 --> 00:28:13,320 doing it, It feels the same to the end user, but under the 587 00:28:13,320 --> 00:28:15,760 covers it's quite different what it's actually doing. 588 00:28:15,960 --> 00:28:19,680 So anyway, always the things that you run into in in these. 589 00:28:21,280 --> 00:28:22,400 What is it? OK, I'm gonna. 590 00:28:22,720 --> 00:28:25,240 I I I'm just curious what does it take to set this up? 591 00:28:25,640 --> 00:28:29,520 I just connect it similar to I guess other services where I 592 00:28:29,520 --> 00:28:33,360 feed it my an admin credential, I'm assuming of of each of 593 00:28:33,360 --> 00:28:35,400 these. We we deploy it with 594 00:28:35,400 --> 00:28:39,640 infrastructures code as well. So in AWS we use cloud 595 00:28:39,640 --> 00:28:42,440 formation, in the other two we use Terraform. 596 00:28:42,440 --> 00:28:44,240 Again there's there's different ways of doing it. 597 00:28:45,560 --> 00:28:48,440 What's interesting is, is that it kind of goes in in monitor 598 00:28:48,440 --> 00:28:50,360 mode by default. So when you when you deploy 599 00:28:50,360 --> 00:28:53,920 this, it's going to learn all the things about your cloud, how 600 00:28:53,920 --> 00:28:56,520 big that space is between what's been granted sensitive 601 00:28:56,520 --> 00:28:59,440 permissions and what's used at how many zombies you have, what 602 00:28:59,440 --> 00:29:03,280 services you've used. And it does that using really 603 00:29:03,400 --> 00:29:06,040 light permissions. Think of like security auditor 604 00:29:06,040 --> 00:29:09,440 style permissions that can list and describe things but don't 605 00:29:09,440 --> 00:29:11,320 have any ability to change anything. 606 00:29:12,360 --> 00:29:15,760 Once you actually go live with this and now you've deployed 607 00:29:15,760 --> 00:29:17,960 that, you know you've gone from that pending state into the 608 00:29:17,960 --> 00:29:21,640 protection state. At that point the thing becomes 609 00:29:21,640 --> 00:29:24,960 live and there are slight different permissions that 610 00:29:24,960 --> 00:29:27,040 happen in the cloud at that point where the system actually 611 00:29:27,040 --> 00:29:28,840 needs to be able to change some resources and stuff. 612 00:29:28,840 --> 00:29:30,280 But they're still really light permissions. 613 00:29:30,280 --> 00:29:33,080 They're not, you know, control the whole organization and 614 00:29:33,080 --> 00:29:35,000 control the SCPS. They're just the light things 615 00:29:35,000 --> 00:29:37,240 that do the permissions on demand work. 616 00:29:37,240 --> 00:29:39,320 We have to turn these permissions on and off on an 617 00:29:39,320 --> 00:29:42,840 individual exception basis. So it's pretty, it's pretty 618 00:29:42,840 --> 00:29:44,080 neat. I've actually got an example 619 00:29:44,080 --> 00:29:49,360 here we can show in AWS where once this has been set up like 620 00:29:49,360 --> 00:29:54,120 and it's in its live mode so again you you've onboarded, it's 621 00:29:54,120 --> 00:29:55,280 all done with infrastructures code. 622 00:29:55,280 --> 00:29:56,560 It's a bit like watching paint dry. 623 00:29:56,560 --> 00:29:59,440 It takes you know some period of time to go and do this but 624 00:29:59,440 --> 00:30:03,200 you've deployed these if a developer's in doing something. 625 00:30:03,200 --> 00:30:07,000 So this is an example. Here you see an AWS console and 626 00:30:07,480 --> 00:30:09,560 you know somebody's editing a security group, so go back on 627 00:30:09,560 --> 00:30:13,080 that network theme again and they were to edit one of these 628 00:30:13,080 --> 00:30:14,080 rules. So they're going in and they 629 00:30:14,080 --> 00:30:17,520 say, look, I want to create an an inbound rule and they want to 630 00:30:17,520 --> 00:30:19,640 open up port 80 and port 22 or something. 631 00:30:20,600 --> 00:30:23,280 When they actually go and click this to do it, they will 632 00:30:23,280 --> 00:30:25,880 immediately get this deny response if they're not in that 633 00:30:25,880 --> 00:30:27,920 exemption list, right. And so the thing's been 634 00:30:27,920 --> 00:30:30,720 deployed. Someone has gone and deployed a 635 00:30:30,720 --> 00:30:33,440 bunch of controls using, you know, their Cloud OPS account. 636 00:30:33,440 --> 00:30:36,080 So it's in the protection mode. They get a message that looks 637 00:30:36,080 --> 00:30:37,640 like this the first time that they do it. 638 00:30:38,400 --> 00:30:41,520 But what happens in our system is immediately after that is 639 00:30:41,520 --> 00:30:42,920 there becomes a request and this. 640 00:30:43,120 --> 00:30:46,840 Like I said, this can come in Slack can come in, teams come in 641 00:30:46,840 --> 00:30:49,840 e-mail however you want. But fundamentally what happens 642 00:30:49,840 --> 00:30:52,200 is we detect you see my example user here. 643 00:30:52,200 --> 00:30:53,880 Sneaky. Jeff I was honored for a second 644 00:30:53,920 --> 00:30:54,440 there. I had. 645 00:30:54,600 --> 00:30:57,120 I saw Jeff contest and then I'm sneaky Jeff. 646 00:30:57,120 --> 00:30:59,080 What? Now you're sneaky Jeff trying to 647 00:30:59,080 --> 00:31:01,760 get those bitcoins. That's right, they said. 648 00:31:01,800 --> 00:31:04,080 You know him better than he knows himself. 649 00:31:05,400 --> 00:31:08,120 Exactly. I so you know Sneaky Jeff's in 650 00:31:08,120 --> 00:31:11,880 here, Sneaky Jeff gets denied. This goes to that team that's 651 00:31:11,880 --> 00:31:15,680 responsible to approve these. They click approve it. 652 00:31:15,680 --> 00:31:18,120 They can, you know document why this is approved and all these 653 00:31:18,120 --> 00:31:20,640 things. And at that point, you know, 654 00:31:20,760 --> 00:31:23,360 Stinky Jeff gets a message back and they can save this and 655 00:31:23,360 --> 00:31:26,360 immediately it works. And it's again, we, we play a 656 00:31:26,360 --> 00:31:28,640 little bit here in the demo to make this faster and speed it up 657 00:31:28,640 --> 00:31:30,160 so that we don't have to log into AWS. 658 00:31:30,160 --> 00:31:33,880 But that the reality of the situation is you go from being 659 00:31:33,880 --> 00:31:37,640 denied to being allowed to do something in minutes. 660 00:31:37,880 --> 00:31:40,840 It's it's literally from the time change and the slack 661 00:31:40,840 --> 00:31:43,640 messages and the people clicking one minute later you have 662 00:31:43,640 --> 00:31:45,680 permission. And it's this is the thing that 663 00:31:45,680 --> 00:31:47,720 the design partners were super excited about. 664 00:31:47,720 --> 00:31:50,600 You know, it's one thing to be able to take all of this risk 665 00:31:50,600 --> 00:31:54,440 out, but it's another thing not to basically block the teams 666 00:31:54,440 --> 00:31:57,080 from doing their work when they needed to get it done. 667 00:31:57,120 --> 00:31:59,880 And so again, that was one of the biggest kind of epiphanies 668 00:31:59,880 --> 00:32:03,320 in building this thing was it's not actually about, you know, 669 00:32:03,320 --> 00:32:06,160 the cloud permissions firewall that's so important in that 670 00:32:06,160 --> 00:32:08,800 default tonight. It's about enabling all of the 671 00:32:08,800 --> 00:32:12,640 teams to keep running at speed and not getting in their way so. 672 00:32:13,400 --> 00:32:17,200 So Sandra, I can imagine like one of the initial objections 673 00:32:17,200 --> 00:32:23,440 you might have from a cloud team is like, well, if they only have 674 00:32:23,920 --> 00:32:28,080 a native US cloud or only have AGCP cloud, couldn't they get by 675 00:32:28,080 --> 00:32:32,160 with the tools that are provided within that cloud to kind of 676 00:32:32,160 --> 00:32:37,360 achieve like you hear this from Amazon customers where it's like 677 00:32:38,560 --> 00:32:43,920 we can use Access Analyzer. Is that like such a poor man's 678 00:32:43,920 --> 00:32:48,640 solution to this problem that it's not really a good question? 679 00:32:50,440 --> 00:32:54,560 It's, it's interesting. I actually think and sometimes I 680 00:32:54,560 --> 00:32:57,800 think about it this way, Jim and I get this a lot in like talking 681 00:32:57,800 --> 00:33:02,280 to customers, especially customers that have not gone 682 00:33:02,280 --> 00:33:05,320 through the pain of trying this with Access Analyzer yet. 683 00:33:05,680 --> 00:33:08,320 So they've seen Access analyzers marketing material or they've 684 00:33:08,320 --> 00:33:11,520 seen sundry securities marketing material from before this point 685 00:33:11,520 --> 00:33:16,280 in time. There's a a perfectionist view 686 00:33:16,280 --> 00:33:18,880 that I want everything to be perfectly least privileged. 687 00:33:19,840 --> 00:33:23,240 So what Access analyzer's doing, it's going back to every 688 00:33:23,240 --> 00:33:26,440 permission that's ever been used by every divinity and you know 689 00:33:26,840 --> 00:33:29,600 AWS 14,000 permissions and Azure 10,000 permissions. 690 00:33:29,600 --> 00:33:32,440 I don't know the numbers exact, but it's it's high and it's 691 00:33:32,440 --> 00:33:37,200 creating that perfect policy to put on that, that identity and 692 00:33:37,920 --> 00:33:39,240 then you need to test that, right. 693 00:33:39,240 --> 00:33:41,120 So if it's a real workload, you now need to test it. 694 00:33:41,160 --> 00:33:44,080 You test it, then you get it to prod and then you do it all over 695 00:33:44,080 --> 00:33:47,680 again and tomorrow there's a new identity, but you got to wait 30 696 00:33:47,680 --> 00:33:50,320 days or 90 days for Access Analyzer to get there. 697 00:33:51,280 --> 00:33:55,520 But I think in that early stages, even myself when we when 698 00:33:55,520 --> 00:33:57,880 we founded Sunray, that's what I wanted. 699 00:33:58,000 --> 00:34:01,280 I wanted the perfect outcome for every identity. 700 00:34:02,040 --> 00:34:04,800 And I think I just maybe have the scars on my back now from so 701 00:34:04,800 --> 00:34:08,560 many years of saying we got to do something a lot faster to get 702 00:34:08,560 --> 00:34:12,560 to a lower risk much quicker. And then go back and apply that 703 00:34:12,560 --> 00:34:16,120 aspect at a much more granular level to the things that are 704 00:34:16,120 --> 00:34:18,480 really important, right. The the things that are really 705 00:34:18,480 --> 00:34:21,280 that are really exposed. But I think the question is 706 00:34:21,280 --> 00:34:23,120 still very valid that you're asking, right? 707 00:34:23,120 --> 00:34:27,520 Like Access analyzer, the Sun Ray solution that we talked 708 00:34:27,520 --> 00:34:29,760 about on the last podcast, whichever that's trying to do 709 00:34:29,760 --> 00:34:32,760 this perfection thing, I think people want to do that. 710 00:34:33,280 --> 00:34:35,760 I don't think we actually give our development teams enough 711 00:34:35,760 --> 00:34:37,719 time to actually do it. You know what I mean? 712 00:34:37,719 --> 00:34:41,239 Like, they're not gold to get their app out the door because 713 00:34:41,239 --> 00:34:43,480 it's at least privileged, right? That doesn't make the money, 714 00:34:43,560 --> 00:34:45,440 right. And so, you know, 715 00:34:45,960 --> 00:34:47,440 vulnerabilities are a great example, right? 716 00:34:47,440 --> 00:34:49,159 You got to patch your vulnerabilities, but you have to 717 00:34:49,159 --> 00:34:51,440 do that because there's an audit team coming behind you to say 718 00:34:51,440 --> 00:34:54,360 are they patched, right. And we all know we probably 719 00:34:54,360 --> 00:34:57,440 have, you know, some, you know, backlog of those that we have to 720 00:34:57,440 --> 00:34:58,560 work at. So what's the chances you're 721 00:34:58,560 --> 00:35:02,240 going to get to this privilege thing in that scenario? 722 00:35:02,240 --> 00:35:05,400 And so I think, again, your point's valid. 723 00:35:05,440 --> 00:35:08,800 I actually think there's a there's a a reason to do least 724 00:35:08,800 --> 00:35:10,200 privilege. I just don't think people can 725 00:35:10,200 --> 00:35:12,080 execute it and operationalize it fast enough. 726 00:35:12,440 --> 00:35:14,680 So. Yeah, that that's a great 727 00:35:14,680 --> 00:35:17,680 response. You know, I'm kind of trying to 728 00:35:18,360 --> 00:35:21,800 picture this in my head. Like, OK, let's say we take this 729 00:35:21,800 --> 00:35:28,240 permissions firewall and we want to have it work in our AWS cloud 730 00:35:28,240 --> 00:35:32,560 as well as our GCP cloud. Do I kind of like, install 731 00:35:32,560 --> 00:35:33,320 something? How? 732 00:35:33,480 --> 00:35:37,160 How exactly does it work? Where does Where does it go? 733 00:35:38,200 --> 00:35:41,200 Yeah, there's two. And again in both clouds, 734 00:35:41,560 --> 00:35:44,360 slightly different deployment, but it's the same process. 735 00:35:44,360 --> 00:35:46,920 Basically in the initial monitoring mode you're putting 736 00:35:46,920 --> 00:35:50,000 in those security Otter permissions for the sun res, SAS 737 00:35:50,000 --> 00:35:53,760 to look at your cloud. You know in AWS if you're 738 00:35:53,840 --> 00:35:55,920 familiar with these things, you would actually be familiar with 739 00:35:55,920 --> 00:35:59,120 like the the manage policy for security otters, pretty light. 740 00:35:59,560 --> 00:36:03,560 In GCP it's a very similar scenario where it's just looking 741 00:36:03,560 --> 00:36:06,880 at like list, describe permissions, list the service 742 00:36:06,880 --> 00:36:09,760 accounts that are there, list the the roles that they've been 743 00:36:09,760 --> 00:36:14,280 assigned like things like that and then what happens after 744 00:36:14,280 --> 00:36:15,720 that. So that's the first deploy. 745 00:36:15,720 --> 00:36:18,360 But we can see your whole cloud from that and IT and you know it 746 00:36:18,360 --> 00:36:23,960 takes 10 minutes to deploy it maybe in a really big cloud with 747 00:36:23,960 --> 00:36:25,960 like you know, 5 or 600 accounts. 748 00:36:25,960 --> 00:36:29,280 It may take a day to to look backwards in time, 90 days. 749 00:36:29,280 --> 00:36:31,800 So we can get history, but after that day we have that 750 00:36:31,800 --> 00:36:34,680 visibility. Then you actually protect stuff 751 00:36:34,840 --> 00:36:37,240 and you click deploy again. That's another piece of this 752 00:36:37,240 --> 00:36:39,080 infrastructure's code that you're going to go run and put 753 00:36:39,080 --> 00:36:42,280 those controls in place. So you know, you ask like where 754 00:36:42,280 --> 00:36:45,000 does it go? Well, it kind of lives in the 755 00:36:45,000 --> 00:36:46,520 cloud with the rest of your workloads, right. 756 00:36:46,520 --> 00:36:48,880 You know, it becomes another identity with a bunch of 757 00:36:48,880 --> 00:36:51,000 permissions on it, hopefully not too sensitive, right. 758 00:36:51,680 --> 00:36:52,920 That's actually monitoring your cloud. 759 00:36:52,920 --> 00:36:56,440 It's it's all cloud native. You know, there's no, as I say, 760 00:36:56,440 --> 00:36:59,240 no man in the middle, no proxies, no weird boxes. 761 00:36:59,240 --> 00:37:02,800 It's it's a great way to do it. So and no vulnerabilities to 762 00:37:02,800 --> 00:37:05,280 patch 'cause there's no there's no running workloads there, so 763 00:37:05,400 --> 00:37:07,440 even better for you. Yeah, You brought up the, the 764 00:37:07,440 --> 00:37:10,760 point about like no proxy etcetera. 765 00:37:10,760 --> 00:37:17,480 So this is just cloud, right? I mean there is no version for 766 00:37:17,480 --> 00:37:20,440 the on Prem because I would love to have something like this for 767 00:37:20,440 --> 00:37:22,480 on Prem. I'm sure I'm not the first one 768 00:37:22,480 --> 00:37:27,160 who's ever wanted that. Assuming I'm right and it's not 769 00:37:27,160 --> 00:37:30,880 for on Prem, why doesn't anybody built one for on Prem? 770 00:37:30,960 --> 00:37:34,880 So on Prem I and we talked a little bit about this in the 771 00:37:34,880 --> 00:37:38,040 prep call and we did this and I I had this you know whatever 772 00:37:38,040 --> 00:37:40,000 vision like why did Sandy build a company in cloud? 773 00:37:41,040 --> 00:37:45,000 Cloud was this interesting enabler for the first time that 774 00:37:45,000 --> 00:37:49,120 allowed us to see all of the things that people were building 775 00:37:49,120 --> 00:37:52,560 and it was like having a real time CMDB running all the time. 776 00:37:52,560 --> 00:37:55,400 So why is it? Well, in order for Amazon or 777 00:37:55,400 --> 00:37:58,520 Google to charge you for that Lambda function or that virtual 778 00:37:58,520 --> 00:38:02,440 machine or that Bigquery table, they had to have an audit record 779 00:38:02,440 --> 00:38:04,280 that it ran and it had to be on the bill at the end of the 780 00:38:04,280 --> 00:38:07,240 month. And so Cloud gave us this first 781 00:38:07,240 --> 00:38:09,920 time where we could truly see all of the workloads. 782 00:38:09,920 --> 00:38:13,040 There was APIs to find them. We could see all of the activity 783 00:38:13,040 --> 00:38:15,480 that they were doing. Over the last five years, I've 784 00:38:15,560 --> 00:38:17,800 realized not everything is audited and there are some 785 00:38:17,800 --> 00:38:20,120 exceptions to that rule. But the reality is most of it 786 00:38:20,120 --> 00:38:25,080 is. And on Prem and I spent years in 787 00:38:25,080 --> 00:38:28,920 the security information management, SIM space, you know, 788 00:38:28,920 --> 00:38:32,840 doing these types of things, man, CMDS were always so out of 789 00:38:32,840 --> 00:38:33,600 date. You know what I mean? 790 00:38:33,600 --> 00:38:35,440 Like, it's like, yeah, this is what we believe it looks like. 791 00:38:35,440 --> 00:38:36,800 And then tomorrow it was out of date. 792 00:38:36,800 --> 00:38:40,000 And you know, you had the, the, the admin that had the extra 793 00:38:40,000 --> 00:38:42,880 rack beside the rack that had his special gear in it. 794 00:38:42,880 --> 00:38:47,080 And it was like it was so hard to find everything and even 795 00:38:47,080 --> 00:38:50,640 capture the logs all in the central spot that people just 796 00:38:50,960 --> 00:38:53,280 couldn't do it right. It was just too out of control. 797 00:38:53,280 --> 00:38:55,440 The way that you built your VM was different than how the other 798 00:38:55,440 --> 00:38:57,400 guy built his SAP. And you know, how does this 799 00:38:57,400 --> 00:38:59,960 stuff all work? But when you deploy it all in 800 00:38:59,960 --> 00:39:03,360 Amazon or GCP, you know those things are there, we can finally 801 00:39:03,360 --> 00:39:06,880 get to them. And so again, I think there's a 802 00:39:06,880 --> 00:39:09,560 huge benefit to possibly doing this on Prem. 803 00:39:09,560 --> 00:39:12,160 I don't know that that's going to happen anytime soon because 804 00:39:12,160 --> 00:39:15,760 it's just too much the Wild West, the cloud providers gave 805 00:39:15,760 --> 00:39:18,280 us this centralized point with a centralized set of APIs that 806 00:39:18,280 --> 00:39:21,040 could be predictable and allowed us to do this for the first 807 00:39:21,040 --> 00:39:22,520 time. It's interesting. 808 00:39:22,520 --> 00:39:25,720 In GCP, this deny function that we talked about, it was only 809 00:39:25,720 --> 00:39:27,760 released like last year. They didn't even have that 810 00:39:27,760 --> 00:39:29,760 functionality a year ago, so you couldn't have even built the 811 00:39:29,760 --> 00:39:32,080 solution a year ago in GCP. Wow. 812 00:39:32,080 --> 00:39:34,520 So it's it's interesting that they're they're accelerating 813 00:39:34,520 --> 00:39:36,240 this way. Where you'd have to come up with 814 00:39:36,240 --> 00:39:41,560 some kind of like Rube Goldberg type solution to kind of, 815 00:39:41,680 --> 00:39:43,760 because it sounds like that's what you did in Azure. 816 00:39:45,080 --> 00:39:48,920 It the the Azure one and you know somebody would get mad at 817 00:39:48,920 --> 00:39:51,200 me if I said it was a Rube Goldberg machine that we built 818 00:39:51,200 --> 00:39:52,720 for Azure. It's not, it's very it's 819 00:39:52,720 --> 00:39:56,280 programmatic and it does it. But there is definitely there 820 00:39:56,280 --> 00:39:59,160 were some struggles we had in the model in Azure because of 821 00:39:59,160 --> 00:40:02,160 how it is where again up we don't have to demo up anymore. 822 00:40:02,160 --> 00:40:05,160 I'm not showing you guys this, but when you go into the the 823 00:40:05,160 --> 00:40:08,760 Azure and you're looking at a single subscription or single 824 00:40:08,760 --> 00:40:12,000 management group. There's an extra line on it that 825 00:40:12,000 --> 00:40:16,440 says these identities we can't control because at this point in 826 00:40:16,440 --> 00:40:19,680 the tree, because above this point in the tree, they've been 827 00:40:19,680 --> 00:40:21,920 granted permissions that we won't control At this point, 828 00:40:21,920 --> 00:40:24,760 they're just inherited and because it's allow first, they 829 00:40:24,760 --> 00:40:28,440 have access And so if you want to control them, you have to go 830 00:40:28,440 --> 00:40:31,720 higher in the tree with Sunri to control those levels and there's 831 00:40:31,720 --> 00:40:34,080 just no way around that. And it you know, it's because of 832 00:40:34,080 --> 00:40:36,600 how their model works. So anyway, that's why as you 833 00:40:36,600 --> 00:40:39,280 say, it's not a Rube Goldberg machine, but there's definitely 834 00:40:39,280 --> 00:40:42,240 some differences in how that code executes compared to that 835 00:40:42,440 --> 00:40:44,840 the AWS and GCP ones. Yeah, I was going to say I hope 836 00:40:44,840 --> 00:40:47,240 it didn't come off that I said it that way, but I guess that's 837 00:40:47,240 --> 00:40:50,640 exactly who's didn't mean to say it that way. 838 00:40:50,880 --> 00:40:56,720 I just thought I should say, OK, so imagine the scenario, you got 839 00:40:56,720 --> 00:41:03,120 a booth, you're at RSA or you're you're at AWS Reinforce or 840 00:41:03,520 --> 00:41:05,800 you're at Identiverse. I'd love to see you guys go to 841 00:41:05,800 --> 00:41:08,080 Identiverse, but you have a booth. 842 00:41:08,600 --> 00:41:14,240 Now, who in the organization do you want to stop at that booth? 843 00:41:14,240 --> 00:41:18,400 I mean, who buys? Who's going to buy this product? 844 00:41:18,400 --> 00:41:23,120 Is it the person who says I need this to make my job easier? 845 00:41:23,400 --> 00:41:27,920 Is it the Sisso who comes by and says I need this to make my 846 00:41:27,920 --> 00:41:31,920 environment more secure? Is it the app developer who says 847 00:41:31,920 --> 00:41:35,640 I need something so that I can have the security people get 848 00:41:35,640 --> 00:41:37,600 what they want? Like who? 849 00:41:38,040 --> 00:41:40,920 Who's the ideal person to come by and then who usually does 850 00:41:40,920 --> 00:41:43,760 come by? Yeah, that's, yeah, those are 851 00:41:43,760 --> 00:41:47,760 the great questions. You know the target for us is 852 00:41:47,960 --> 00:41:51,240 and they have different names. It could be the Cloud OPS 853 00:41:51,240 --> 00:41:55,520 engineer, Cloud infrastructure engineer, Cloud Operations 854 00:41:55,720 --> 00:41:59,120 manager, It could be, it could be the cloud center of excellent 855 00:41:59,120 --> 00:41:59,960 lead. I don't know. 856 00:42:00,200 --> 00:42:02,920 It's the person that owns cloud for the whole company. 857 00:42:02,920 --> 00:42:06,200 So if you have 50 teams building, somebody owns the GCP 858 00:42:06,200 --> 00:42:08,520 infrastructure for those fifty teams and they're the ones that 859 00:42:08,520 --> 00:42:10,800 set the golden rules for how everything rolls out. 860 00:42:11,360 --> 00:42:13,720 They're the people that struggle with this and want to put the 861 00:42:13,720 --> 00:42:16,080 controls in but are worried about breaking things, right. 862 00:42:16,080 --> 00:42:18,480 They they want to put the SCP in to block it or they want to put 863 00:42:18,480 --> 00:42:20,600 the deny binding in to block it. They're worried they're going to 864 00:42:20,600 --> 00:42:23,200 break it. So we're they're our perfect 865 00:42:23,200 --> 00:42:25,280 customer to talk to because they feel the pain. 866 00:42:25,520 --> 00:42:27,440 They see how the sols look quick, they love it. 867 00:42:28,160 --> 00:42:30,800 That said, they may not know our system exists and they certainly 868 00:42:30,800 --> 00:42:32,560 may not go to Identiverse, right. 869 00:42:32,800 --> 00:42:36,600 It's more likely at Identiverse you end up with the CISO or the 870 00:42:36,600 --> 00:42:39,120 security lead for IM or something and they're trying to 871 00:42:39,120 --> 00:42:41,200 get things to least privilege and they're talking that way. 872 00:42:41,760 --> 00:42:44,520 We want to talk to those people too because we they may not even 873 00:42:44,520 --> 00:42:47,600 know that much about how cloud works, but they know they have a 874 00:42:47,600 --> 00:42:51,000 big problem, right. And so rather it's a CISO or the 875 00:42:51,000 --> 00:42:53,080 head of Identity or whoever it is that knows they have a 876 00:42:53,080 --> 00:42:55,960 problem around least privilege. We want to talk to them too, 877 00:42:55,960 --> 00:43:00,360 because they're a big help. The you talked about the app 878 00:43:00,360 --> 00:43:03,840 developer, it's interesting to tell them that, But they're not 879 00:43:03,840 --> 00:43:06,080 the person that can procure and buy the solution. 880 00:43:06,080 --> 00:43:09,360 They're they at best would be a sponsor to talk to the next 881 00:43:09,360 --> 00:43:11,440 level. They may find it interesting, 882 00:43:11,440 --> 00:43:13,440 but they don't even have enough power in their accounts to 883 00:43:13,440 --> 00:43:15,360 deploy it. So they're probably not the 884 00:43:15,360 --> 00:43:15,960 right target. Right. 885 00:43:15,960 --> 00:43:19,040 So it's the the person responsible for the cloud or the 886 00:43:19,040 --> 00:43:22,560 person, person or group responsible for security. 887 00:43:23,240 --> 00:43:27,000 They see a demo. When, when does the epiphany 888 00:43:27,000 --> 00:43:34,680 happen that, oh, I need, I need. There's there's there's two 889 00:43:34,680 --> 00:43:37,160 epiphanies that happen which are super interesting right. 890 00:43:37,480 --> 00:43:40,760 You know one is when they see the demo with the permissions on 891 00:43:40,760 --> 00:43:43,200 demand thing, people love that it's like all my land we can we 892 00:43:43,200 --> 00:43:44,680 can grab this stuff back very quickly. 893 00:43:44,960 --> 00:43:48,080 The other one that I find so intriguing is the zombie one, 894 00:43:48,080 --> 00:43:50,760 which is why I gravitate towards it, 'cause people just know that 895 00:43:50,760 --> 00:43:53,240 they have these things and have no clue how they're gonna clean 896 00:43:53,240 --> 00:43:54,280 them up. If they're scared to death to 897 00:43:54,280 --> 00:43:56,040 leave them and they're like, seriously, we could turn those 898 00:43:56,040 --> 00:43:57,160 all off and then turn them back on. 899 00:43:57,160 --> 00:43:59,040 It's like, yeah, and people are like. 900 00:43:59,080 --> 00:44:02,360 Wow, that's great. So those are the epiphanies for 901 00:44:02,360 --> 00:44:04,800 the person walking up to the booth or that first call. 902 00:44:05,240 --> 00:44:08,360 For customers that have been trying to do this, though for a 903 00:44:08,360 --> 00:44:11,480 period of time, this is a relief for them. 904 00:44:11,560 --> 00:44:13,800 They're like only land I I can focus on the right stuff. 905 00:44:13,800 --> 00:44:16,320 I don't have to try to do this for 100,000 identities. 906 00:44:16,320 --> 00:44:19,320 I can get this thing in place and and go about my my work and 907 00:44:19,320 --> 00:44:22,120 those for those people. The epiphany comes more on that 908 00:44:22,120 --> 00:44:25,240 sensitive permission clamp down that happens. 909 00:44:25,440 --> 00:44:29,120 So I'm gonna make the first official feature request. 910 00:44:29,600 --> 00:44:32,840 I want to see either on the website or maybe as part of like 911 00:44:32,840 --> 00:44:37,880 the interface panel, some number in like a bloody font, this 912 00:44:37,880 --> 00:44:41,040 number of zombies killed or something like that, right? 913 00:44:41,160 --> 00:44:43,960 And it just increments up and up over time. 914 00:44:43,960 --> 00:44:47,800 So yeah, some some free feature advice that I'm that I'm willing 915 00:44:47,800 --> 00:44:50,120 to part with. I I love it. 916 00:44:50,120 --> 00:44:52,560 I don't have a clue if I'll ever get that by our design team, but 917 00:44:52,560 --> 00:44:54,440 I love the idea. Well, it's kind of purple 'ser 918 00:44:54,480 --> 00:44:56,760 Egg. Yeah, that's right, purple. 919 00:44:56,760 --> 00:44:59,960 An Easter egg for every time you, like kill a zombie account, 920 00:44:59,960 --> 00:45:02,760 you get to go into a video game world and start killing a 921 00:45:02,760 --> 00:45:05,000 zombie. Still a zombies, exactly. 922 00:45:06,080 --> 00:45:10,840 So I think this sounds great. I love the demo. 923 00:45:11,720 --> 00:45:13,360 You know, we got to see the demo. 924 00:45:13,360 --> 00:45:16,520 Hopefully everybody else got to visualize it in their head. 925 00:45:17,520 --> 00:45:24,400 But for people who want to try this out, Jeff gave a mention of 926 00:45:24,800 --> 00:45:27,760 you know, where you can go to actually visually see the demo, 927 00:45:28,000 --> 00:45:33,680 which I think was sundry.co/idac. 928 00:45:34,800 --> 00:45:40,360 But if someone wants to actually try this out, what's the options 929 00:45:40,360 --> 00:45:43,920 that are available for them? Yeah, there's this and this is 930 00:45:43,920 --> 00:45:47,520 also a fairly large change for Sunroof Security, the company 931 00:45:48,640 --> 00:45:51,760 we're doing basically 14 day kind of free trials of this 932 00:45:51,760 --> 00:45:53,800 thing. You can just try it and if you 933 00:45:53,800 --> 00:45:57,240 like it that's great and where you've actually put all of the 934 00:45:57,240 --> 00:46:00,080 pricing for it on the website cause the concern with some of 935 00:46:00,080 --> 00:46:02,120 these cloud tools are you go is like I don't even know if I can 936 00:46:02,120 --> 00:46:04,680 afford this for my, you know my world and I don't want to try it 937 00:46:04,680 --> 00:46:07,000 if I can't afford it, right. So we've we've opened all of 938 00:46:07,000 --> 00:46:09,120 that up. So again bit of a different 939 00:46:09,120 --> 00:46:11,560 world for us that we're trying but we think that kind of open 940 00:46:11,560 --> 00:46:14,680 pricing model, 14 day free trials just go and try it, see 941 00:46:14,680 --> 00:46:17,000 if it works for you. The great thing about this is, 942 00:46:17,000 --> 00:46:19,920 is that you actually can figure out in 14 days if it works for 943 00:46:19,920 --> 00:46:20,760 you. You know, you can get that 944 00:46:20,760 --> 00:46:23,680 visibility, you can pick a development account, you can put 945 00:46:23,680 --> 00:46:25,560 the controls in, you can try the PODO. 946 00:46:25,560 --> 00:46:28,080 It rather works or it doesn't for you and your organization. 947 00:46:28,960 --> 00:46:32,240 Our previous product was a large, you know, lots of 948 00:46:32,240 --> 00:46:35,120 visibility, lots of things that you could fix. 949 00:46:35,680 --> 00:46:38,280 But to get the full aspect of how you're going to 950 00:46:38,280 --> 00:46:40,280 operationalize that took a lot longer. 951 00:46:40,280 --> 00:46:43,040 And so it was a thing where it really was a bit of an 952 00:46:43,040 --> 00:46:45,720 enterprise sale where this is a small team can run this. 953 00:46:45,720 --> 00:46:47,760 You know, maybe you only have 10 AWS accounts, but it actually 954 00:46:47,760 --> 00:46:50,520 makes perfect sense for. You so so Jim was talking 955 00:46:50,520 --> 00:46:53,280 earlier about conferences, are you guys going to be at anything 956 00:46:53,280 --> 00:46:55,880 coming up maybe like RSA or or AWS? 957 00:46:57,280 --> 00:46:59,160 Yeah, we. So again a few of our people 958 00:46:59,160 --> 00:47:02,640 will be at RSA. The big one for us is AWS 959 00:47:02,640 --> 00:47:08,120 Reinforce, which is a fun AWS security only conference, right. 960 00:47:08,120 --> 00:47:12,400 If you go to the the Reinvent Conference in Vegas, it has you 961 00:47:12,400 --> 00:47:15,320 know everything under the sun from satellites to whatever the 962 00:47:15,320 --> 00:47:18,240 security conference is. Just how do you secure a cloud? 963 00:47:18,240 --> 00:47:21,680 Great sessions, great speakers. We got a booth there, couple 964 00:47:21,680 --> 00:47:23,520 speaking slots which are which are pretty neat. 965 00:47:24,320 --> 00:47:26,400 So that's a fun one for us. We love that conference. 966 00:47:26,400 --> 00:47:29,840 It's a great conference. Few people at RSAI think we're 967 00:47:29,840 --> 00:47:31,680 doing the Gartner. I am one at the end of the year 968 00:47:31,680 --> 00:47:35,240 which I think you guys go to. So it's lots of places to see us 969 00:47:35,240 --> 00:47:37,040 along the path. So I can come up to a booth and 970 00:47:37,040 --> 00:47:39,080 you'll have people that can kind of walk through this demo, or I 971 00:47:39,080 --> 00:47:43,720 can go online sundry.co Yep slash IDAC to to learn more 972 00:47:43,720 --> 00:47:47,240 about. IDAC exactly, and I believe I'm 973 00:47:47,240 --> 00:47:49,480 going to say if see if the website's ahead of me or not. 974 00:47:49,480 --> 00:47:51,800 I believe there's a click through demo people can try to 975 00:47:51,800 --> 00:47:54,040 which is not dissimilar for what I showed you guys. 976 00:47:54,040 --> 00:47:56,960 So I I think there's a click through demo there that people 977 00:47:56,960 --> 00:47:58,600 can click on and and see how it works. 978 00:47:58,600 --> 00:47:59,200 It's really. Impressive. 979 00:47:59,200 --> 00:48:01,000 Definitely. Want to encourage people, and 980 00:48:01,000 --> 00:48:03,120 thank you for taking the time to kind of walk us through this. 981 00:48:03,480 --> 00:48:06,720 It helped seeing anything, and hopefully people were able to 982 00:48:06,720 --> 00:48:09,200 visualize and sort of their mind's eye as we walk through 983 00:48:09,200 --> 00:48:10,880 it. But definitely encourage people 984 00:48:10,880 --> 00:48:14,560 to go check it out. I love the idea of not only just 985 00:48:14,560 --> 00:48:16,240 taking the day you're collecting, but doing something 986 00:48:16,240 --> 00:48:18,000 with it. And I think this is an area that 987 00:48:18,000 --> 00:48:19,120 a lot of people should be looking at. 988 00:48:19,440 --> 00:48:21,200 It's OK, great. We've got visibility. 989 00:48:21,240 --> 00:48:23,720 Guess what, No more excuses. Now you got to do something 990 00:48:23,720 --> 00:48:26,160 about it. So here's an easy button, 991 00:48:26,280 --> 00:48:27,920 literally right, to help with that. 992 00:48:28,280 --> 00:48:31,680 So thank you for that. I want to wrap up with something 993 00:48:31,680 --> 00:48:34,680 totally unrelated to identity. Or maybe it is, I don't know. 994 00:48:34,680 --> 00:48:36,200 But we want to talk about fishing. 995 00:48:36,200 --> 00:48:39,520 We were talking about you're going on a fishing trip soon and 996 00:48:39,520 --> 00:48:42,760 I gave you kind of a a list of fishing related questions and 997 00:48:42,760 --> 00:48:44,880 you were like everything except that one. 998 00:48:44,880 --> 00:48:50,880 That's why I won't ask that one. So I'll ask and said if you 999 00:48:50,880 --> 00:48:54,720 could go fishing in anybody of water in the world, where would 1000 00:48:54,720 --> 00:48:59,400 it be and why? Look, I've been, I've been 1001 00:48:59,400 --> 00:49:02,840 thinking about this question possibly for years. 1002 00:49:04,560 --> 00:49:07,640 And I if I was gonna do it, anybody in water anywhere in the 1003 00:49:07,640 --> 00:49:12,400 world, I would go, probably the fjords in Norway. 1004 00:49:13,000 --> 00:49:15,280 And I would spend some great time there. 1005 00:49:15,280 --> 00:49:19,440 And I would go because it would be beautiful, it would be 1006 00:49:19,440 --> 00:49:23,160 unique, and I would have a great time regardless if I caught a 1007 00:49:23,160 --> 00:49:25,560 fish or not. And so if I could go anywhere, 1008 00:49:25,600 --> 00:49:27,600 that's the one I would. Pick I'm with you right there. 1009 00:49:27,600 --> 00:49:29,120 I don't even think I would go fishing. 1010 00:49:29,120 --> 00:49:32,120 I would just sit in the boat and just stare up at the giant, you 1011 00:49:32,120 --> 00:49:33,960 know, the the scenery and stuff like that. 1012 00:49:34,200 --> 00:49:36,520 Yeah, I'm not much of A fisherman, so this is really out 1013 00:49:36,520 --> 00:49:38,640 of question for me. And to be fair, the question I 1014 00:49:38,640 --> 00:49:41,560 was that was in the original list was like a gadget related 1015 00:49:41,560 --> 00:49:42,840 question. So I could definitely come up 1016 00:49:42,840 --> 00:49:45,800 with some of that. Jim, if you could go fishing 1017 00:49:46,120 --> 00:49:49,080 anybody of water in the world, where would it be and why? 1018 00:49:50,560 --> 00:49:54,400 So much of A fisherman, but a couple thoughts came to my head. 1019 00:49:54,640 --> 00:49:58,760 So one was, if you haven't seen the show River Monsters, which I 1020 00:49:58,760 --> 00:50:00,480 think was on Netflix for a while. 1021 00:50:01,360 --> 00:50:05,360 Such a cool show, this guy, he's like, he's so entertaining and 1022 00:50:05,360 --> 00:50:09,000 then he goes fishing for these monster fish all over the world, 1023 00:50:09,000 --> 00:50:14,880 like he'll be in the the Amazon, like fishing for these fish and 1024 00:50:14,880 --> 00:50:17,120 they come out and they look like dinosaurs, right? 1025 00:50:17,400 --> 00:50:21,440 So great show. It's reminded me of a story that 1026 00:50:21,440 --> 00:50:25,440 I just heard. So Denise told me that one time 1027 00:50:25,520 --> 00:50:29,680 her, her father and his best friend went for a fishing 1028 00:50:29,680 --> 00:50:32,120 weekend. And instead of fishing, they got 1029 00:50:32,120 --> 00:50:35,160 so drunk and they never went fishing. 1030 00:50:35,480 --> 00:50:38,280 So what did they do? They went to the grocery store, 1031 00:50:38,600 --> 00:50:42,680 bought a bunch of fish, unwrapped it and brought it home 1032 00:50:43,160 --> 00:50:46,160 just so they didn't get in trouble that all they did was 1033 00:50:46,160 --> 00:50:47,720 spend the whole weekend drinking. 1034 00:50:48,480 --> 00:50:50,440 That's a great. I mean, I would do that. 1035 00:50:50,440 --> 00:50:53,400 That's totally legit. Very creative, yeah. 1036 00:50:54,480 --> 00:50:57,520 Unrelated, but I had a roommate when I was growing up, and I 1037 00:50:57,520 --> 00:51:00,800 think probably in the early 20s, late teens, and he was trying to 1038 00:51:00,800 --> 00:51:03,280 impress a girl. So he ordered Italian and 1039 00:51:03,400 --> 00:51:05,680 Italian got delivered, and they took everything out of boxes and 1040 00:51:05,680 --> 00:51:07,640 put it on plates and pretended that he had cooked it all. 1041 00:51:07,640 --> 00:51:12,160 Same kind of idea, Chad, if you're out there, you know who 1042 00:51:12,160 --> 00:51:15,520 I'm talking to. And she was probably like all 1043 00:51:15,520 --> 00:51:18,040 this kind of taste. This is this is just like Olive. 1044 00:51:18,040 --> 00:51:21,080 Garden. Yeah. 1045 00:51:21,360 --> 00:51:24,840 Look, you know, we're young, We're, you know, trying to 1046 00:51:24,840 --> 00:51:27,600 figure things out and whatever you got to do to get by, I 1047 00:51:27,600 --> 00:51:29,440 guess. All right. 1048 00:51:29,440 --> 00:51:30,680 This has been a great conversation. 1049 00:51:30,680 --> 00:51:32,320 Sandy, thank you so much for taking the time. 1050 00:51:32,360 --> 00:51:34,400 Thank you for coming back. Hopefully, you'll come back in 1051 00:51:34,400 --> 00:51:36,880 the future with other cool announcements you guys might 1052 00:51:36,880 --> 00:51:38,600 have. Definitely want to encourage 1053 00:51:38,600 --> 00:51:41,160 people, go check out the Cloud Permission Firewall. 1054 00:51:41,200 --> 00:51:48,920 It's at sunree.co slash IDACSONRA, i.co/IDAC. 1055 00:51:48,920 --> 00:51:51,240 We'll have links in our show notes so people could check it 1056 00:51:51,240 --> 00:51:54,000 out there, our website, etcetera, all that kind of good 1057 00:51:54,000 --> 00:51:55,960 stuff. And of course, you can follow 1058 00:51:55,960 --> 00:51:59,360 Jim and I on LinkedIn, We're on Twitter, Mastodon at IDAC 1059 00:51:59,400 --> 00:52:04,160 Podcast, we're on YouTube, we're on the web, idacpodcast.com. 1060 00:52:04,600 --> 00:52:06,920 And with that, we'll go ahead and leave it for this week. 1061 00:52:07,200 --> 00:52:09,440 Thanks again, Sandy, and we'll talk with everyone else in the 1062 00:52:09,440 --> 00:52:11,040 next one. Thank you guys. 1063 00:52:13,360 --> 00:52:16,440 You've been listening to Identity at the center. 1064 00:52:16,760 --> 00:52:20,880 We hope you've enjoyed the show. Make sure to like, rate and 1065 00:52:20,880 --> 00:52:24,480 review and we'll be back soon. But in the meantime, hit the 1066 00:52:24,480 --> 00:52:27,960 website at identity@thecenter.com. 1067 00:52:28,520 --> 00:52:32,600 See you next time on Identity at the center.