1 00:00:00,040 --> 00:00:04,600 So let's actually turn episode 300 into a real episode where we 2 00:00:04,600 --> 00:00:06,720 talk about identity. Nah, I'm good. 3 00:00:06,720 --> 00:00:10,320 I'm just going to hit stop here and yeah, let's talk about 4 00:00:10,320 --> 00:00:14,000 something. So do you want me to read the 5 00:00:14,000 --> 00:00:16,440 question? So we've got like a mailbag. 6 00:00:16,800 --> 00:00:21,520 We got two really high quality questions that have come in over 7 00:00:21,520 --> 00:00:25,200 the past week or so. Instead of the usual crap we get 8 00:00:25,200 --> 00:00:26,360 from your listeners. And I'm just kind. 9 00:00:27,640 --> 00:00:30,080 Of you had to put it that way. No, I didn't mean it that way, 10 00:00:30,120 --> 00:00:34,560 but I thought like, OK, this someone served us up a really 11 00:00:34,560 --> 00:00:40,400 good question for episode 300. I'll read it, but basically I'm 12 00:00:40,400 --> 00:00:43,720 going to summarize it first. The question was, you know, what 13 00:00:43,720 --> 00:00:45,720 is Identity at the center all about? 14 00:00:46,160 --> 00:00:50,680 And not the podcast necessarily, but the theme, the idea that 15 00:00:50,680 --> 00:00:53,520 went behind the name Identity at the center. 16 00:00:59,120 --> 00:01:04,280 This is identity at the center. If it has anything to do with 17 00:01:04,319 --> 00:01:11,760 IAM, This is the go to podcast now your hosts Jim McDonald and 18 00:01:11,760 --> 00:01:19,880 Jeff Stedman. Welcome to the Identity at the 19 00:01:19,880 --> 00:01:21,800 Center podcast. I'm Jeff, and that's Jim. 20 00:01:21,800 --> 00:01:23,840 Hey, Jim. Hey, Jeff, how are you? 21 00:01:24,560 --> 00:01:26,760 Good, I made you laugh right before we hit record here. 22 00:01:27,480 --> 00:01:30,120 I know I almost couldn't speak normally. 23 00:01:31,240 --> 00:01:33,040 Or as normally as you can speak, anyway. 24 00:01:33,280 --> 00:01:35,080 I was going to say, that's not that normal. 25 00:01:35,080 --> 00:01:37,640 I mean, you left that that was a fastball right down the middle, 26 00:01:37,640 --> 00:01:41,640 Jim and I turned on that one. Episode 300 Jeff, what do you 27 00:01:41,640 --> 00:01:45,040 think? 300 crazy, man, what a year for 28 00:01:45,040 --> 00:01:46,720 milestones. I mean, five years. 29 00:01:47,200 --> 00:01:49,440 This is episode 300. We kind of saved this one for 30 00:01:49,440 --> 00:01:50,760 ourselves, which is the two of us. 31 00:01:51,960 --> 00:01:54,480 But yeah, I mean, crazy the amount of milestones we're 32 00:01:54,480 --> 00:01:56,760 celebrating this year. Totally crazy. 33 00:01:56,800 --> 00:01:58,360 Now. Do you remember what our 34 00:01:58,400 --> 00:02:01,200 original plan was for episode 300? 35 00:02:01,480 --> 00:02:05,080 It was going to be when we started doing YouTube. 36 00:02:05,760 --> 00:02:09,960 Oh yeah, it was so exciting and too much of A opportunity. 37 00:02:09,960 --> 00:02:13,160 So we've been hitting the YouTube thing pretty hard this 38 00:02:13,160 --> 00:02:14,960 year. I think it's official, though. 39 00:02:14,960 --> 00:02:20,760 Now we do YouTube. So if you go to our IDAIDAC, 40 00:02:20,760 --> 00:02:25,040 podcast.tv brings you right to our YouTube page. 41 00:02:25,280 --> 00:02:28,760 Yeah, exactly. So yes, I, I thought about 42 00:02:28,760 --> 00:02:31,720 waiting for episode 300 and then I started, we started recording 43 00:02:31,720 --> 00:02:33,920 in video recently. Like in the last couple months I 44 00:02:33,920 --> 00:02:35,960 was like, let me start practicing stuff because I don't 45 00:02:35,960 --> 00:02:37,800 know how to video at it. It was, it's been a long time 46 00:02:37,800 --> 00:02:40,160 since I did anything in it. And I think it shows in the 47 00:02:40,160 --> 00:02:43,040 production of the videos. It's like, all right, it's kind 48 00:02:43,040 --> 00:02:45,000 of basic, but that's fine. You know, I'm learning it. 49 00:02:45,000 --> 00:02:48,120 I'll get better at overtime. But I started just doing it and 50 00:02:48,280 --> 00:02:50,120 it was just like, well, let me start uploading them just to 51 00:02:50,120 --> 00:02:52,720 kind of get a feel for it and sort of work out my process 52 00:02:52,720 --> 00:02:55,760 because I do have to make this manageable because the podcast 53 00:02:55,760 --> 00:02:58,840 is not our jobs, Jim. We have real jobs in the real 54 00:02:58,840 --> 00:03:01,920 world. Kind of is our job, but it's not 55 00:03:01,920 --> 00:03:05,080 our day job. Our day job is we're consultants 56 00:03:05,080 --> 00:03:07,640 at RSM. We've been doing identity 57 00:03:07,640 --> 00:03:11,880 strategy for over 20 years and that's what puts food on the 58 00:03:11,880 --> 00:03:16,080 table. But this is a a passion of ours 59 00:03:16,080 --> 00:03:19,600 that we've been doing for five years, 300 episodes, and we're 60 00:03:19,600 --> 00:03:22,040 going to continue to do, who knows, maybe we'll make it to 61 00:03:22,040 --> 00:03:23,800 500. Maybe we'll see. 62 00:03:24,160 --> 00:03:26,520 But yeah, it's fun. We're going to keep on doing it. 63 00:03:27,240 --> 00:03:30,920 And yeah, episode 300. So congratulations to us and I 64 00:03:30,920 --> 00:03:33,000 think that's it. That's it, That's it. 65 00:03:33,280 --> 00:03:36,000 That's it, right? As as the great big Bill 66 00:03:36,000 --> 00:03:37,320 Belichick said, we're on to Cincinnati. 67 00:03:38,200 --> 00:03:41,200 We could pop the champagne, but this might be the time we get to 68 00:03:41,200 --> 00:03:45,560 twist off champagne. Yeah, and I was at a bachelor 69 00:03:45,560 --> 00:03:50,440 party weekend for my youngest brother and I'm, I'm good for 70 00:03:50,440 --> 00:03:53,720 right now. You drank your share. 71 00:03:53,960 --> 00:03:56,120 It did. I mean, I didn't have too much 72 00:03:56,120 --> 00:03:59,000 drink, but I drank more than I normally would, that's for sure. 73 00:03:59,640 --> 00:04:01,160 And so did my brother, so he had a good time. 74 00:04:02,480 --> 00:04:04,560 Yeah. Back to dry, Jeff. 75 00:04:04,880 --> 00:04:07,200 Yeah. In more ways than one. 76 00:04:07,200 --> 00:04:09,360 My dry sense of humor, right? That kind of stuff. 77 00:04:10,280 --> 00:04:11,720 Yeah. Let's see. 78 00:04:12,720 --> 00:04:13,960 What else? Another milestone. 79 00:04:13,960 --> 00:04:16,040 Another milestone, right with the five O 1. 80 00:04:16,200 --> 00:04:18,040 Go ahead. I'm Yeah, I'm gonna let you take 81 00:04:18,040 --> 00:04:21,040 that one. Yeah, this is something that I 82 00:04:21,040 --> 00:04:24,600 have been eagerly anticipating since November of last year, but 83 00:04:24,600 --> 00:04:28,640 I am proud to announce that we are now officially A5O1C3 84 00:04:28,640 --> 00:04:32,200 recognized charitable organization or nonprofit. 85 00:04:32,840 --> 00:04:36,760 For those who people who are not aware, I actually with Jim's 86 00:04:36,760 --> 00:04:40,520 help set up a nonprofit organization called IDAC Corp 87 00:04:41,000 --> 00:04:43,400 and the whole intent is to basically help kind of fund the 88 00:04:43,400 --> 00:04:46,120 podcast. So if you've been paying 89 00:04:46,120 --> 00:04:49,080 attention, basically since the start of the year, we've been 90 00:04:49,080 --> 00:04:51,480 starting to do sponsored episodes every so often. 91 00:04:51,480 --> 00:04:53,200 We don't do too many. We don't want to saturate it. 92 00:04:53,200 --> 00:04:55,760 And again, this isn't our job. We kind of have to make it easy 93 00:04:55,760 --> 00:04:58,120 for us to do. We'll do maybe like one or two a 94 00:04:58,120 --> 00:05:01,480 month and hope to kind of offset some of the expenses that we 95 00:05:01,480 --> 00:05:04,680 generate just, you know, through this between, you know, software 96 00:05:04,680 --> 00:05:06,800 services. I mean, hard drive storage is 97 00:05:06,800 --> 00:05:09,880 getting nuts with the video now. So you know, stuff like that. 98 00:05:09,880 --> 00:05:14,520 But yeah, we're officially as of as of now recognized 5O1C3. 99 00:05:14,520 --> 00:05:19,040 So if you sponsored with us in the past, hey, tax deductible 100 00:05:19,040 --> 00:05:21,280 now. So sponsor early and sponsor 101 00:05:21,280 --> 00:05:24,640 often. Absolutely, Yeah, it's a big 102 00:05:24,640 --> 00:05:26,600 mouse. And then Jeff, you put a lot of 103 00:05:26,600 --> 00:05:30,360 work into that. Really appreciate all the, the 104 00:05:30,360 --> 00:05:32,600 hard effort. I I think that's the thing with 105 00:05:32,600 --> 00:05:35,920 the podcast, not just this thing, but all the work that 106 00:05:35,920 --> 00:05:40,160 happens in the background with scheduling, the awesome guests 107 00:05:40,160 --> 00:05:45,080 that we have, the sponsors that we have, all the post production 108 00:05:45,080 --> 00:05:50,920 editing that goes into the LinkedIn posts and now running 109 00:05:50,920 --> 00:05:57,360 it basically like a official charity slash business almost. 110 00:05:57,680 --> 00:06:01,080 I mean, it's the same level of effort is just there's no profit 111 00:06:01,080 --> 00:06:02,560 at the end of the day. Right. 112 00:06:02,960 --> 00:06:07,680 And yeah, we have like to track expenses and reimbursements and 113 00:06:07,680 --> 00:06:09,080 like all that stuff. It's like we're, we're 114 00:06:09,080 --> 00:06:10,480 officially like a real company now. 115 00:06:10,960 --> 00:06:12,640 Yes. Well, the good thing is, though, 116 00:06:12,640 --> 00:06:17,640 I mean, a lot of money went into this over the past five years, 117 00:06:17,640 --> 00:06:20,520 the past 300 episodes. You know, we started out with 118 00:06:20,520 --> 00:06:25,720 like A-team's call and record it to an MP4 file or MP3 file and 119 00:06:26,000 --> 00:06:28,680 throw it up there on on the Potosphere. 120 00:06:30,040 --> 00:06:34,000 But now, you know, we've upped our level, upped our game in 121 00:06:34,000 --> 00:06:37,640 terms of audio quality, you know, these kind of microphones, 122 00:06:37,640 --> 00:06:41,320 things like that. The Riverside platform that we 123 00:06:41,320 --> 00:06:42,600 record on. Yeah. 124 00:06:42,600 --> 00:06:44,520 That would be a good sponsor Riverside. 125 00:06:44,520 --> 00:06:47,880 Products until they sponsor us, you know, whatever platform we 126 00:06:47,880 --> 00:06:49,560 use. You didn't hear what Jim just 127 00:06:49,560 --> 00:06:50,880 said? Yeah, yeah. 128 00:06:51,160 --> 00:06:53,160 But it it wasn't, it wasn't cheap. 129 00:06:53,240 --> 00:06:54,800 And we've been doing it for a few years. 130 00:06:54,800 --> 00:06:59,120 So yeah, it's definitely. It cost more than I thought, 131 00:06:59,360 --> 00:07:01,120 Yeah. And you know, going forward, I 132 00:07:01,120 --> 00:07:03,520 think we hope to make at least enough to cover the podcast 133 00:07:03,520 --> 00:07:07,000 expenses and, you know, hopefully maybe fun travel to 134 00:07:07,240 --> 00:07:10,640 fun conferences like Europe next year, maybe for EIC, stuff like 135 00:07:10,640 --> 00:07:11,440 that. So we'll see. 136 00:07:12,000 --> 00:07:14,840 But we do it primarily for for the for the walls. 137 00:07:15,040 --> 00:07:19,760 And yeah, yeah, that's it. Yeah, so let's actually turn 138 00:07:19,920 --> 00:07:24,400 episode 300 into a real episode where we talk about identity. 139 00:07:24,640 --> 00:07:26,320 Nah, I'm good. I'm just going to hit stop here. 140 00:07:26,320 --> 00:07:32,440 Now let's talk about something. So do you want me to read the 141 00:07:32,440 --> 00:07:34,840 question? So we've got like a, a mailbag. 142 00:07:34,840 --> 00:07:39,960 We got two really high quality questions that have come in over 143 00:07:39,960 --> 00:07:43,800 the past week or so instead. Of the usual crap we get from 144 00:07:43,800 --> 00:07:44,800 your listeners. And I'm just kind. 145 00:07:46,080 --> 00:07:48,520 Of you had to put it that way. No, I didn't mean it that way, 146 00:07:48,560 --> 00:07:52,640 but right, I thought like, OK, this someone served us up a 147 00:07:52,640 --> 00:07:55,280 really good question for episode 300. 148 00:07:56,240 --> 00:07:59,960 I'll read it, but basically I'm going to summarize it first. 149 00:07:59,960 --> 00:08:03,680 The question was, you know, what is identity at the center all 150 00:08:03,680 --> 00:08:06,600 about? And not the podcast necessarily, 151 00:08:06,600 --> 00:08:11,360 but the theme, the idea that went behind the name identity at 152 00:08:11,360 --> 00:08:14,040 the center. And so I'm going to read this 153 00:08:14,040 --> 00:08:17,920 off. And we did protect the identity 154 00:08:17,920 --> 00:08:20,560 of the of the person who submitted the question they 155 00:08:20,560 --> 00:08:22,280 asked us to. We put them in a witness 156 00:08:22,280 --> 00:08:24,520 protection program. Exactly. 157 00:08:24,880 --> 00:08:30,360 So I'm the director of. I am at XYZ organization in 158 00:08:30,360 --> 00:08:34,600 phase Zero in the Phase zero assessment to modernize our 159 00:08:34,600 --> 00:08:39,039 legacy identity system. Myself and engineers have been 160 00:08:39,039 --> 00:08:43,480 listening to your show for quite some time and so many topics 161 00:08:43,480 --> 00:08:46,320 resonate. Thank you very much, Cha Ching. 162 00:08:46,320 --> 00:08:49,320 Thank you, Cha. Ching yeah, my problem is we 163 00:08:49,320 --> 00:08:52,400 don't have IDAC and we want IDAC. 164 00:08:53,040 --> 00:08:56,400 We have identities coming in from the business side, 165 00:08:56,600 --> 00:09:00,880 students, affiliate side and Federated partner sides. 166 00:09:01,200 --> 00:09:05,200 This creates significant issues across enterprise systems. 167 00:09:05,720 --> 00:09:09,680 The question, what does the center actually look like? 168 00:09:10,400 --> 00:09:15,720 All identities created and are all identities created and 169 00:09:15,720 --> 00:09:19,040 managed in one place. I would love to see a simple 170 00:09:19,040 --> 00:09:25,040 design for what right looks like and understand and understood 171 00:09:25,040 --> 00:09:29,920 that looks different everywhere from the consultant perspective, 172 00:09:30,120 --> 00:09:33,280 but still need the ability to explain the concept to 173 00:09:33,280 --> 00:09:37,000 executives. So what is identity at the 174 00:09:37,000 --> 00:09:38,680 center? So first of all, well, and 175 00:09:38,680 --> 00:09:41,640 thanks for listening and engineers and clearly this is an 176 00:09:41,640 --> 00:09:43,400 education side of things. We're talking about students. 177 00:09:43,400 --> 00:09:47,040 So I think we've said this before, education tends to be 178 00:09:47,040 --> 00:09:49,920 one of the most complex identity and access management scenarios 179 00:09:49,920 --> 00:09:53,280 you can have, especially when you consider the number of roles 180 00:09:53,320 --> 00:09:56,360 and the dynamic context switching that people go 181 00:09:56,360 --> 00:09:58,760 through. You can be a student who is all 182 00:09:58,760 --> 00:10:02,280 of a sudden a part of the, you know, an employee who could 183 00:10:02,280 --> 00:10:06,280 potentially also be a parent. They could be a teacher and 184 00:10:06,280 --> 00:10:08,280 everything in between and sometimes all in the same day. 185 00:10:08,600 --> 00:10:11,680 So very complex, which I don't know if a lot of people 186 00:10:11,680 --> 00:10:16,400 recognize just how how difficult sometimes managing all that can 187 00:10:16,400 --> 00:10:18,560 be on the education. So kudos to you for for thinking 188 00:10:18,560 --> 00:10:23,200 about that. What does the center look like? 189 00:10:24,960 --> 00:10:27,160 I mean, this is now we're starting to get a little bit 190 00:10:27,160 --> 00:10:29,520 into philosophy, I think of how you want to manage this. 191 00:10:29,560 --> 00:10:33,680 But I'm going to throw this idea out there because here's what I 192 00:10:33,680 --> 00:10:37,880 think. The center of the universe from 193 00:10:37,880 --> 00:10:43,280 an identity perspective in my mind is whatever your identity 194 00:10:43,280 --> 00:10:47,480 and access management system or identity governance, whatever 195 00:10:47,480 --> 00:10:50,400 those collection of technologies look like is, you're going to 196 00:10:50,400 --> 00:10:53,560 have the center of the universe somewhere that's tracking and 197 00:10:53,560 --> 00:10:56,960 storing all that information. Maybe it's one system like an 198 00:10:56,960 --> 00:11:00,200 IGA or maybe it's a couple systems like you've got some 199 00:11:00,200 --> 00:11:03,520 people in IGA and maybe some other people in, in a, you know, 200 00:11:03,520 --> 00:11:05,320 IDP directory or something like that. 201 00:11:06,040 --> 00:11:09,880 But my, it, it's, it's really the philosophical construct of 202 00:11:10,200 --> 00:11:14,120 where am I centralizing as much of that data as possible to then 203 00:11:14,120 --> 00:11:17,040 do stuff with it. So if I have, you know, in the 204 00:11:17,040 --> 00:11:21,560 orbit around it, maybe there is a student system and maybe there 205 00:11:21,560 --> 00:11:27,640 is an employee, you know, like a HRIS type system, like a work 206 00:11:27,640 --> 00:11:29,600 day maybe, right. All of a sudden you start to 207 00:11:29,600 --> 00:11:31,720 pull in some of that data and you're going into the middle. 208 00:11:32,120 --> 00:11:33,240 And then what do you do with that? 209 00:11:33,320 --> 00:11:36,720 Well, let's create accounts and you spin off into other planets 210 00:11:37,080 --> 00:11:40,200 that are maybe systems, you know, or maybe other use cases 211 00:11:40,200 --> 00:11:43,560 and things like that. So I think the it's the idea of 212 00:11:43,680 --> 00:11:47,400 you are trying to centralized as much of the identity controls as 213 00:11:47,400 --> 00:11:50,600 possible, not just provisioning, could be authentication, could 214 00:11:50,600 --> 00:11:55,080 be privileged access, it could be analytics, you know, audit 215 00:11:55,160 --> 00:11:58,080 like kind of all that stuff. That's what I think of when I 216 00:11:58,080 --> 00:12:01,320 think of like identity, the center, it's the identities are 217 00:12:01,320 --> 00:12:03,240 at the center of your organization. 218 00:12:03,240 --> 00:12:06,840 You are providing as many governments or governments or 219 00:12:06,840 --> 00:12:10,920 risk controls as needed to make sure you're protecting the 220 00:12:10,920 --> 00:12:14,120 organization and the data you're collecting around that. 221 00:12:15,400 --> 00:12:18,000 That's true. No, that's really cool all. 222 00:12:18,520 --> 00:12:19,280 Right. Next question. 223 00:12:19,920 --> 00:12:24,080 No, no, I want to add a few things, but I think that's a a 224 00:12:24,080 --> 00:12:27,320 big picture look at it. And I made some notes that I 225 00:12:27,320 --> 00:12:31,960 wanted to go through and I think I kind of took it almost from 226 00:12:32,120 --> 00:12:36,000 the standpoint of like when we first started, what did Identity 227 00:12:36,000 --> 00:12:39,400 Center mean to me? And it was always that identity 228 00:12:39,400 --> 00:12:42,880 was at the center of information security. 229 00:12:43,240 --> 00:12:48,200 And I kind of took the idea that it's really when they talk about 230 00:12:48,200 --> 00:12:50,960 identity being the new perimeter, what does that mean? 231 00:12:50,960 --> 00:12:55,920 It's that, you know, we're having less of a focus on the 232 00:12:55,920 --> 00:12:59,120 perimeter and kind of keeping the bad guys out. 233 00:12:59,360 --> 00:13:04,080 And now we're saying that the individual resources, IT 234 00:13:04,080 --> 00:13:08,920 resources inside the network, we have to take kind of a zero 235 00:13:08,920 --> 00:13:13,200 trust approach that whether you're inside or outside that 236 00:13:13,200 --> 00:13:20,080 firewall you have, you know, you can't basically infer trust. 237 00:13:20,400 --> 00:13:24,960 And so identity essentially becomes the key to the door to 238 00:13:24,960 --> 00:13:28,720 get to use that asset or not to use that asset. 239 00:13:29,120 --> 00:13:35,720 And I also think it's kind of like it's identity versus IP or 240 00:13:36,360 --> 00:13:42,480 information protocol like TCPIP. So I think IT security prior to 241 00:13:42,480 --> 00:13:48,880 identity becoming so popular, TCPIP became the way that you 242 00:13:48,880 --> 00:13:51,000 controlled security for much of your network. 243 00:13:51,000 --> 00:13:54,720 And it's still that that perimeter concept, but now it's 244 00:13:55,440 --> 00:14:01,400 we can't rely on just using TCPIP as a method for whether or 245 00:14:01,400 --> 00:14:03,600 not we trust somebody to come through the door. 246 00:14:04,800 --> 00:14:07,160 So that was kind of point number one. 247 00:14:09,000 --> 00:14:17,280 I think that, you know, identity is also at the Center for the 248 00:14:17,880 --> 00:14:20,400 architecture of those applications now, right? 249 00:14:20,400 --> 00:14:23,280 So it needs to be kind of like built into whether it's 250 00:14:23,280 --> 00:14:28,680 infrastructure or applications that there's an expectation that 251 00:14:28,680 --> 00:14:33,080 identity becomes a, a key way to secure them. 252 00:14:33,280 --> 00:14:38,960 And that identity is usually external to the application or 253 00:14:39,000 --> 00:14:42,240 the device. So identity is, you know, 254 00:14:42,240 --> 00:14:45,800 potentially like coming like from the IDP like you mentioned. 255 00:14:46,720 --> 00:14:49,400 So that was point number one. I'm actually going to be 256 00:14:49,400 --> 00:14:53,360 flipping pages. So identity at the center of 257 00:14:53,360 --> 00:14:58,160 information security, I think is point #1 identity at the center 258 00:14:58,160 --> 00:15:01,360 of business. So there's a couple concepts 259 00:15:01,360 --> 00:15:04,320 here. First is I'm going to say 260 00:15:04,320 --> 00:15:08,480 identity is the person, right? Identity isn't the account. 261 00:15:08,840 --> 00:15:11,440 So if you're. Doing I don't always agree with 262 00:15:11,440 --> 00:15:13,360 that, but go ahead. I know you don't always agree 263 00:15:13,360 --> 00:15:15,960 with that, but but to me this is an important thing. 264 00:15:15,960 --> 00:15:21,640 So if you are doing business with one person, but they have 265 00:15:21,640 --> 00:15:23,920 accounts over multiple applications. 266 00:15:24,320 --> 00:15:28,280 So a lot of this has to do with especially on the business side, 267 00:15:28,480 --> 00:15:31,400 has to do with what is the use case that you're trying to 268 00:15:31,400 --> 00:15:34,360 solve. But now let's say you have 269 00:15:34,760 --> 00:15:38,640 you're an association or university, you've got all these 270 00:15:38,640 --> 00:15:42,480 applications, you have all these accounts and they each have 271 00:15:42,920 --> 00:15:47,640 metadata about the account, which from their perspective 272 00:15:47,640 --> 00:15:51,480 that is the identity. But now you want to take as an 273 00:15:51,480 --> 00:15:55,440 organization, you have a bigger picture of that person across 274 00:15:55,440 --> 00:15:59,440 all these applications. You need to have a way to 275 00:15:59,440 --> 00:16:04,720 recognize that uncorrelate that they are one identity, one 276 00:16:04,720 --> 00:16:08,440 person owns all of these accounts and that if there are 277 00:16:09,200 --> 00:16:12,960 deltas in the metadata, those need to be worked out. 278 00:16:13,200 --> 00:16:19,200 So I kind of see the ability to connect those accounts as kind 279 00:16:19,200 --> 00:16:23,320 of very powerful and very important to the business to be 280 00:16:23,320 --> 00:16:27,480 able to recognize that identity across all these systems. 281 00:16:27,680 --> 00:16:32,560 And that could be from a marketing perspective, you know, 282 00:16:32,560 --> 00:16:36,920 for example, being able to tell buying patterns and predict what 283 00:16:37,040 --> 00:16:42,400 that user might want to do next. Ultimately, you need to tie that 284 00:16:42,400 --> 00:16:44,600 back to an identity. A lot of that marketing data 285 00:16:44,600 --> 00:16:49,480 also is not an identity data like you're buying patterns, I 286 00:16:49,480 --> 00:16:52,040 don't think are part of your identity. 287 00:16:52,040 --> 00:16:55,760 I think the identity like ties back to who you are. 288 00:16:55,760 --> 00:17:00,440 But we can't just have an open an open book to say everything 289 00:17:00,440 --> 00:17:01,880 is identity. You know, you're buying 290 00:17:01,880 --> 00:17:04,960 patterns. All of your privacy and context 291 00:17:04,960 --> 00:17:08,480 information like those need to be stored in separate systems 292 00:17:08,680 --> 00:17:11,400 and the identity needs to tie all those things together. 293 00:17:12,440 --> 00:17:17,640 What are your thoughts I. Mean yeah, yes to everything. 294 00:17:18,359 --> 00:17:20,040 I feel like we're talking kind of the same language. 295 00:17:20,040 --> 00:17:23,400 We definitely started with this idea of, you know, identity is 296 00:17:23,400 --> 00:17:25,319 the new perimeter. OK well that was like five years 297 00:17:25,319 --> 00:17:28,640 ago at least, so it can't really be called the new perimeter 298 00:17:28,640 --> 00:17:30,320 anymore. I would say identity is the 299 00:17:30,320 --> 00:17:33,400 current perimeter. So people need to update their, 300 00:17:33,600 --> 00:17:35,520 you know, their vernacular around that. 301 00:17:35,560 --> 00:17:40,280 But yeah, I mean, I hate to say it, but, you know, it also 302 00:17:40,280 --> 00:17:41,520 depends on the new organization too. 303 00:17:41,520 --> 00:17:43,600 Like, what is what does center mean for them? 304 00:17:43,600 --> 00:17:47,040 Because center could be, yeah, we have a centralized team 305 00:17:47,040 --> 00:17:50,640 that's doing that versus we're a very decentralized organization 306 00:17:50,640 --> 00:17:52,040 that doesn't have a central team do that. 307 00:17:52,360 --> 00:17:56,240 So I like everything you said. I feel like it echoes a lot of 308 00:17:56,240 --> 00:17:58,720 stuff that I said, so good answer. 309 00:17:59,200 --> 00:18:01,960 I've got a couple more. OK, I'm going to keep going if 310 00:18:01,960 --> 00:18:02,120 I. Can. 311 00:18:02,120 --> 00:18:03,600 All right. Yeah, you're very clearly 312 00:18:03,600 --> 00:18:06,000 prepared. And very clearly prepared. 313 00:18:06,000 --> 00:18:10,720 So first thing was really like the internal security concept of 314 00:18:10,840 --> 00:18:15,680 like identities at the center of your security tooling and the 315 00:18:15,680 --> 00:18:20,200 way you should approach securing your infrastructure. 316 00:18:20,240 --> 00:18:23,800 The second thing is around building business models based 317 00:18:23,800 --> 00:18:26,360 on identity. So you know, I was talking about 318 00:18:26,640 --> 00:18:30,520 identity as kind of the the center point of connecting 319 00:18:30,520 --> 00:18:34,560 accounts and connecting data that ties back to a person. 320 00:18:35,200 --> 00:18:39,480 I also think on that same business channel that identity 321 00:18:39,480 --> 00:18:42,120 is now creating new business models. 322 00:18:42,480 --> 00:18:47,840 And so the first one that comes to mind is decentralized ID and 323 00:18:48,560 --> 00:18:54,400 organizations wanting to become the the focal point for an 324 00:18:54,400 --> 00:18:58,600 identity and basically have that identity information and look at 325 00:18:58,600 --> 00:19:04,880 that as an asset and a way to differentiate themselves in the 326 00:19:04,880 --> 00:19:07,760 market and get ahead of their competition. 327 00:19:07,760 --> 00:19:09,760 But. When you say decentralized 328 00:19:09,760 --> 00:19:12,840 identity, that leads me to believe like things like 329 00:19:13,640 --> 00:19:17,240 blockchain based rate or things like that where there is no 330 00:19:17,320 --> 00:19:21,000 center by design. It's a bunch of nodes that sync 331 00:19:21,000 --> 00:19:24,120 up somehow to each other, but you're still working off of the 332 00:19:24,120 --> 00:19:28,240 same platform or chain or whatever you want to call it. 333 00:19:29,240 --> 00:19:32,040 So how does that work from a centralization standpoint? 334 00:19:32,600 --> 00:19:36,200 So I'm not really thinking about the that technology per SE, but 335 00:19:36,200 --> 00:19:42,000 I am thinking of even let's imagine a scenario where, you 336 00:19:42,000 --> 00:19:46,640 know, say a credit card company becomes a decentralized identity 337 00:19:46,640 --> 00:19:51,360 provider. And if you're to present that 338 00:19:51,360 --> 00:19:59,800 identity, you need to come back to that center to validate that 339 00:19:59,800 --> 00:20:03,280 that data is, you know, issued by them. 340 00:20:03,280 --> 00:20:05,840 Right. Yeah, I mean. 341 00:20:05,840 --> 00:20:09,640 So what, what's the difference between that scenario that you 342 00:20:09,640 --> 00:20:11,640 described, right, where you have, let's say you've got a 343 00:20:11,640 --> 00:20:14,960 bunch of decentralized platforms, right? 344 00:20:14,960 --> 00:20:18,800 One's finance, one's medical, another might be education, 345 00:20:18,800 --> 00:20:22,400 another might be government. It really looks, feels and 346 00:20:22,400 --> 00:20:26,360 smells like to me, it's just another version of a social IDP, 347 00:20:27,000 --> 00:20:28,480 right? We, we had this process like, 348 00:20:28,480 --> 00:20:30,800 OK, well, I'll stop creating accounts and let's, you know, 349 00:20:30,800 --> 00:20:33,560 use your Google account to log in or your Facebook account or 350 00:20:33,560 --> 00:20:36,640 your LinkedIn account or XYZ. I feel like we're headed down 351 00:20:36,640 --> 00:20:39,760 that same path again, where it's like, OK, use my, you know, 352 00:20:40,000 --> 00:20:43,360 finance account chain to log into financing, use my 353 00:20:43,360 --> 00:20:46,840 government account login to log into that chain, right? 354 00:20:46,840 --> 00:20:48,680 Things like that. Does it? 355 00:20:48,680 --> 00:20:52,800 Does it feel familiar at all? It totally does to me. 356 00:20:52,800 --> 00:20:55,880 There's kind of like the stickiness of the identity. 357 00:20:55,880 --> 00:21:00,320 I remember a bunch of years back when Facebook bought WhatsApp 358 00:21:01,000 --> 00:21:03,680 and it was like the amount of money they paid for it was like 359 00:21:03,960 --> 00:21:07,000 stunning, shocking everybody. And it wasn't, I don't think 360 00:21:07,000 --> 00:21:12,840 because they were buying the technology, the ability to make 361 00:21:12,840 --> 00:21:16,760 phone calls and video calls, right, that that technology 362 00:21:16,760 --> 00:21:18,520 could have been had for a lot less money. 363 00:21:18,720 --> 00:21:20,680 It was all the identities that they had. 364 00:21:21,200 --> 00:21:24,800 And the more identities they could pull into the platform, 365 00:21:25,400 --> 00:21:28,440 the more it became central to their business that they could 366 00:21:28,440 --> 00:21:32,040 grow their business because basically their business is 367 00:21:32,280 --> 00:21:34,560 putting advertisers in front of eyeballs. 368 00:21:36,200 --> 00:21:40,040 I think the stickiness of the identity becomes central to a 369 00:21:40,040 --> 00:21:45,760 lot of business models. You know, Federated identity is 370 00:21:45,760 --> 00:21:49,040 a big driver that as well. So you know, if you're using 371 00:21:49,040 --> 00:21:52,480 your Google account or your Microsoft account to log in 372 00:21:52,480 --> 00:21:57,160 across multiple platforms, you know, that's that's feeding into 373 00:21:57,160 --> 00:21:59,400 that business model. It's more people on that 374 00:21:59,400 --> 00:22:01,360 platform. And that's why you can get so 375 00:22:01,360 --> 00:22:05,640 many free services from different providers like 376 00:22:05,640 --> 00:22:09,560 Microsoft, like Google paying for. 377 00:22:09,560 --> 00:22:12,400 Yeah, it's not. If it's free, what do you 378 00:22:12,400 --> 00:22:14,160 always? You're the product if it's free. 379 00:22:15,080 --> 00:22:18,640 Exactly. So that was my my next angle. 380 00:22:19,160 --> 00:22:23,400 You know that I think identities at the center of business for 381 00:22:23,400 --> 00:22:26,080 certain businesses. The last thing I think you 382 00:22:26,080 --> 00:22:29,360 touched on, which is it's becoming at the Center for 383 00:22:29,640 --> 00:22:32,760 governments. So especially like government to 384 00:22:32,760 --> 00:22:36,960 citizen communication, more and more delivery of those services 385 00:22:36,960 --> 00:22:40,600 and management of those services is happening online. 386 00:22:41,040 --> 00:22:45,680 If you're a like a county government, for example, you're 387 00:22:45,680 --> 00:22:50,840 providing a number of services through different departments 388 00:22:51,000 --> 00:22:54,360 within your within your government. 389 00:22:54,600 --> 00:22:57,640 Now you don't want your citizens to have to have a different ID 390 00:22:57,640 --> 00:22:59,720 for each one of those services, right? 391 00:22:59,720 --> 00:23:05,560 You want to have one central ID and then all of those services, 392 00:23:05,760 --> 00:23:09,760 they know their their web delivery to leverage that common 393 00:23:09,760 --> 00:23:11,560 identity. So I think that's important. 394 00:23:11,800 --> 00:23:16,160 And then also from the back end, now that you have that tie, even 395 00:23:16,160 --> 00:23:21,520 though you might not have different identities in the in 396 00:23:21,520 --> 00:23:24,280 the back end, you want to be able to pull that data and say, 397 00:23:24,480 --> 00:23:29,000 what is John Q public doing with XY and ZA service? 398 00:23:29,000 --> 00:23:32,080 Now I know there's privacy implications, all that, but 399 00:23:32,080 --> 00:23:34,360 let's just put that aside for the moment. 400 00:23:34,680 --> 00:23:38,040 You have the ability to now report across different 401 00:23:38,320 --> 00:23:40,880 platforms all tied together with the identity. 402 00:23:41,560 --> 00:23:44,040 Yeah, Well, I think the government side is definitely 403 00:23:44,800 --> 00:23:47,160 it's coming along, doesn't move as quickly as I think people 404 00:23:47,160 --> 00:23:49,800 hope, right? You everybody has like X number 405 00:23:49,800 --> 00:23:52,600 of government accounts. I think at least in the US, 406 00:23:52,600 --> 00:23:56,400 you've got login.gov. You also got things like ID dot 407 00:23:56,400 --> 00:24:00,240 me, which are kind of at the top level from a government, a 408 00:24:00,240 --> 00:24:03,240 federal government perspective. And then you've got your state 409 00:24:03,240 --> 00:24:04,760 government. And then you might have, you 410 00:24:04,760 --> 00:24:08,000 know, your local governments and wherever you're at, it'd be nice 411 00:24:08,000 --> 00:24:11,240 to have, you know, a single account, like, you know, my 412 00:24:11,240 --> 00:24:14,560 North Carolina ID or for you, my Georgia ID or something like 413 00:24:14,560 --> 00:24:16,960 that. Why not just use login.gov at 414 00:24:16,960 --> 00:24:19,200 that point? I mean, it's just, you know, you 415 00:24:19,200 --> 00:24:20,920 have that probably already for your taxes anyway. 416 00:24:21,800 --> 00:24:25,640 Right, others computing services, right and so, but I 417 00:24:25,640 --> 00:24:28,000 think what you're seeing happening like we're going to be 418 00:24:28,000 --> 00:24:33,080 at Identity Week America in just a couple weeks now, maybe a 419 00:24:33,080 --> 00:24:36,560 month. And I was looking at the agenda 420 00:24:36,560 --> 00:24:39,080 today. There are several sessions about 421 00:24:39,080 --> 00:24:42,760 mobile driver's licenses. I think the state organizations 422 00:24:42,760 --> 00:24:48,200 are communicating with one another, and there's central 423 00:24:48,200 --> 00:24:51,520 organizations that are trying to drive the adoption of Sanders. 424 00:24:51,520 --> 00:24:57,000 So even given the decentralized nature of our government, of the 425 00:24:57,000 --> 00:25:01,760 Federated system, it's amazing to me to see how much progress 426 00:25:01,760 --> 00:25:05,520 they've actually made. Yeah, I feel like mobile drivers 427 00:25:05,520 --> 00:25:07,920 license sounds exciting. And then I were like, Oh yeah, 428 00:25:08,040 --> 00:25:09,960 it's not in my state. And then I just forgot about it 429 00:25:09,960 --> 00:25:11,280 because I can't take advantage of it. 430 00:25:11,880 --> 00:25:13,320 Right. Well, it's one of those things 431 00:25:13,320 --> 00:25:16,520 that it's probably like AI. It's kind of like an idea, an 432 00:25:16,520 --> 00:25:18,320 idea and then all of a sudden it hits. 433 00:25:18,720 --> 00:25:21,400 Yeah. So in 5-10 years, whatever the 434 00:25:21,400 --> 00:25:24,520 cycle is where OK, now more people are using. 435 00:25:24,520 --> 00:25:27,160 It's kind of like the REAL ID switch here in the US where 436 00:25:27,400 --> 00:25:29,440 everybody had to go and get your driver's license if they want to 437 00:25:29,440 --> 00:25:33,360 fly basically. And I think the cut off is, is 438 00:25:33,360 --> 00:25:34,920 it over already or is it in the next couple months? 439 00:25:34,920 --> 00:25:36,240 I don't know. They've shifted a bunch of times 440 00:25:36,240 --> 00:25:38,160 because it's taken a long time to roll out. 441 00:25:39,320 --> 00:25:41,680 I never worried about it too much because it didn't affect me 442 00:25:41,680 --> 00:25:44,160 because I was on one for for a long time. 443 00:25:44,280 --> 00:25:46,000 Yeah, I've had mine for a while too. 444 00:25:46,000 --> 00:25:48,360 Just for how much as as you know, I fly. 445 00:25:49,080 --> 00:25:50,440 Wanted to get that taken care of right away. 446 00:25:50,840 --> 00:25:53,720 Yeah, exactly. But if can you use a mobile 447 00:25:53,720 --> 00:25:56,920 driver's license at at TSA checkpoint or do you still have 448 00:25:56,920 --> 00:25:58,480 to have the the physical card with you? 449 00:26:00,960 --> 00:26:01,720 I don't know, I. Don't know. 450 00:26:01,720 --> 00:26:04,600 I have to look that up. Yeah, I have to have to research 451 00:26:04,600 --> 00:26:06,320 that one. But there's a use case where 452 00:26:06,320 --> 00:26:10,480 it's like if if I still need it to fly the the value is 453 00:26:10,480 --> 00:26:15,320 extremely limited for me. Yeah, you'll be happy. 454 00:26:15,320 --> 00:26:19,480 How when you get pulled over? I rarely I I can't remember the 455 00:26:19,480 --> 00:26:21,560 last time I was pulled over. I probably was like a teenager. 456 00:26:22,160 --> 00:26:26,680 Yeah, you know, I got pulled over maybe 10 years ago 'cause I 457 00:26:26,920 --> 00:26:30,720 rode right near my house. And the weird thing was the 458 00:26:30,720 --> 00:26:33,600 police officer asked me like, why were you speeding? 459 00:26:34,320 --> 00:26:36,520 And I said, well, I've been having problems with my 460 00:26:36,520 --> 00:26:40,920 transmission wasn't shifting And, and this is a true story, 461 00:26:41,600 --> 00:26:45,960 Like, so I was like stepping on the gas to see what the the 462 00:26:45,960 --> 00:26:49,160 shifting points were. Yeah, yeah. 463 00:26:49,280 --> 00:26:52,000 Doesn't sound very likely. They went back and roomed me a 464 00:26:52,000 --> 00:26:53,960 ticket. I was like, great, that's fine. 465 00:26:54,040 --> 00:26:56,720 Do that out on a country Rd. somewhere versus I. 466 00:26:56,760 --> 00:26:58,680 Guess so. Or something, I don't know. 467 00:26:59,040 --> 00:27:01,120 I was doing it where it was happening. 468 00:27:01,120 --> 00:27:05,320 So, OK. So that is all I have for that 469 00:27:05,320 --> 00:27:08,160 question, Jeff. I hope we, I hope we addressed 470 00:27:08,160 --> 00:27:11,880 it right. I don't know if I mean, maybe I 471 00:27:11,880 --> 00:27:14,120 feel like he gave us an out with understanding that looks 472 00:27:14,120 --> 00:27:15,960 different from different consultant perspective. 473 00:27:15,960 --> 00:27:20,560 But I guess from an education standpoint, I still think trying 474 00:27:20,560 --> 00:27:26,240 to centralized as much of that data identity data to do stuff 475 00:27:26,240 --> 00:27:29,040 with provisioning, deprovisioning, you know, single 476 00:27:29,040 --> 00:27:32,280 sign on adaptive MFA, right, all the bells and whistles. 477 00:27:32,720 --> 00:27:35,200 I think as much as that as you can pull into the middle 478 00:27:35,200 --> 00:27:37,720 somewhere, again, doesn't have to be 1 system. 479 00:27:37,760 --> 00:27:40,280 It's maybe it's a collection of IM systems that are doing this. 480 00:27:41,800 --> 00:27:45,400 I think that maybe helps articulate it to some degree 481 00:27:45,400 --> 00:27:49,440 because once you've got it there, then you know you can do 482 00:27:49,440 --> 00:27:51,600 whatever you want with it. Let's go off and provision those 483 00:27:51,600 --> 00:27:52,640 accounts. Let's make things that are 484 00:27:52,640 --> 00:27:54,560 self-service. Let's run into analytics and 485 00:27:54,560 --> 00:27:57,120 behavior analysis, right? And all kinds of stuff like 486 00:27:57,120 --> 00:27:59,320 that. Let's let's adopt A single sign 487 00:27:59,320 --> 00:28:03,600 on and provide options where you can switch your, you know, your, 488 00:28:03,600 --> 00:28:05,920 your contacts based on whatever your role is at the time. 489 00:28:06,320 --> 00:28:08,520 OK, I'm logging in as a teacher or faculty. 490 00:28:08,520 --> 00:28:10,960 I'm logging in as a student. I'm logging in as a parent, 491 00:28:10,960 --> 00:28:11,920 right? Whatever that looks like. 492 00:28:12,640 --> 00:28:15,560 I think you're in a better position for success if you can 493 00:28:15,600 --> 00:28:18,800 centralized as much of that data as possible. 494 00:28:20,880 --> 00:28:25,960 The the higher Ed space is very difficult, even if things kind 495 00:28:25,960 --> 00:28:28,520 of just operated like, all right, there's these various 496 00:28:28,520 --> 00:28:33,400 personas and you know, we cut the politics. 497 00:28:33,400 --> 00:28:36,440 You just said we got these various personas and we have to 498 00:28:36,440 --> 00:28:39,320 make them work. That would be hard enough. 499 00:28:39,600 --> 00:28:43,360 But layer on top of it, Someone at a higher Ed client once told 500 00:28:43,360 --> 00:28:48,320 me he's like, what gets confused in the university system is 501 00:28:48,320 --> 00:28:52,360 people confuse academic freedom for administrative freedom. 502 00:28:53,320 --> 00:28:57,720 And so you had people who were responsible for managing IT 503 00:28:57,720 --> 00:29:01,600 systems saying we have to have our own directory, we can't 504 00:29:01,600 --> 00:29:05,440 leverage common directory. I've worked with some higher Ed 505 00:29:05,480 --> 00:29:11,080 clients who put the kibosh on that and insisted that they do 506 00:29:11,080 --> 00:29:16,840 centralized certain things and they've been decades ahead in 507 00:29:16,840 --> 00:29:20,440 terms of their approach. I've seen other clients where 508 00:29:20,440 --> 00:29:24,120 it's like they nobody ever put the kibosh and they're still 509 00:29:24,120 --> 00:29:27,760 dealing with those issues where it's like it's hard to do 510 00:29:27,760 --> 00:29:29,680 anything from a centralized perspective. 511 00:29:29,680 --> 00:29:33,680 It's hard to do a centralized e-mail, e-mail domain even, or 512 00:29:33,680 --> 00:29:38,080 an Active Directory because there's so much administrative 513 00:29:38,080 --> 00:29:43,720 freedom that is allotted to the the colleges that they're just 514 00:29:43,720 --> 00:29:45,160 going off and doing their own thing. 515 00:29:46,440 --> 00:29:48,360 I mean, it's true for you. They allow any organization 516 00:29:48,360 --> 00:29:54,840 where you allow splitting of IM functionality and resources and 517 00:29:55,640 --> 00:29:57,960 you know, different services. You're going to run into that 518 00:29:57,960 --> 00:30:01,720 issue at some point. So we had another question. 519 00:30:01,720 --> 00:30:03,160 We have time for another question. 520 00:30:03,160 --> 00:30:06,120 Yeah, let's roll. All right, So this question was 521 00:30:06,120 --> 00:30:09,680 from our listener, Scott. Jim, it might be interesting to 522 00:30:09,680 --> 00:30:12,520 have a discussion on the Identity at the Center podcast 523 00:30:13,080 --> 00:30:16,520 about how you confirm identity when you have a user on the 524 00:30:16,520 --> 00:30:19,560 phone. We have historically used the 525 00:30:19,560 --> 00:30:24,280 last four of a person's SSN, but with all the recent releases of 526 00:30:24,280 --> 00:30:28,280 SSN data, we're no longer sure that's secure. 527 00:30:28,280 --> 00:30:30,720 A secure method to confirm identity. 528 00:30:31,960 --> 00:30:34,240 I think this is such a good question that highlights 529 00:30:34,400 --> 00:30:38,320 something that I find in almost every client that I work with is 530 00:30:38,320 --> 00:30:41,320 weakness in how do you authenticate callers to the help 531 00:30:41,320 --> 00:30:43,080 desk? Jim, is that you? 532 00:30:43,680 --> 00:30:45,600 Yep. OK, here's your password. 533 00:30:46,800 --> 00:30:48,800 Yeah, that's basically what a lot of organizations do. 534 00:30:48,840 --> 00:30:52,200 I mean, it sounds silly, but it's basically the same thing. 535 00:30:52,200 --> 00:30:54,600 You're asking for public pieces of information that are already 536 00:30:54,600 --> 00:30:58,080 out there, whether it's an SSN or tell me who your manager is 537 00:30:58,080 --> 00:30:59,800 that I can find out on LinkedIn, right? 538 00:30:59,800 --> 00:31:03,000 All kinds of stuff like that. It's a good question because I 539 00:31:03,000 --> 00:31:07,040 think it highlights scenario that is maybe not addressed very 540 00:31:07,040 --> 00:31:08,680 well either by the identity market. 541 00:31:08,760 --> 00:31:12,120 I can think of one or two products maybe that kind of fit 542 00:31:12,120 --> 00:31:17,040 in this space. And I think this is AI think 543 00:31:17,040 --> 00:31:19,280 this is a real challenge for a lot of organizations because 544 00:31:19,280 --> 00:31:24,040 they do fall back on SSN or they fall back on, well, what's your 545 00:31:24,040 --> 00:31:26,480 phone extension, right? Little pieces of information 546 00:31:26,480 --> 00:31:30,120 that are really not, you know, easy or not difficult to to try 547 00:31:30,120 --> 00:31:34,200 and find. Yeah, I know that's you painted 548 00:31:34,200 --> 00:31:39,200 the example perfectly, so I again wrote down a bunch of 549 00:31:39,200 --> 00:31:42,240 notes. I wanted to give these questions 550 00:31:42,520 --> 00:31:47,000 a fair shake, so I went out to the ID Pro, Body of Knowledge, 551 00:31:47,400 --> 00:31:53,560 and by the way, plug for ID Pro Fantastic organization, very 552 00:31:53,560 --> 00:31:58,240 reasonable fee to join and the Slack channel is worth the 553 00:31:58,240 --> 00:32:00,680 money. Just seeing the conversation or 554 00:32:00,920 --> 00:32:04,400 being able to drop your questions on that Slack channel 555 00:32:04,400 --> 00:32:08,840 and get responses, Fantastic. The Body of Knowledge is also 556 00:32:09,000 --> 00:32:12,840 very, very good. And so Dean Sacks. 557 00:32:13,000 --> 00:32:14,960 I hope I get that. Yep, that's Dean. 558 00:32:15,480 --> 00:32:17,320 We're going to have Dean on the show, by the way, because he 559 00:32:18,000 --> 00:32:21,600 we'll, we'll, we'll segue at identifercy had a talk about 560 00:32:21,960 --> 00:32:26,920 what happens to identities after people pass on And we got we 561 00:32:26,920 --> 00:32:29,080 have to like talk about that. It's not it's not a subject to 562 00:32:29,080 --> 00:32:31,560 talk about, but you know what happens that scenario. 563 00:32:31,560 --> 00:32:33,040 So I know that we got to get him on. 564 00:32:33,040 --> 00:32:35,080 So Dean, if you're listening, we haven't forgotten. 565 00:32:35,080 --> 00:32:37,520 We're going to get you on. Oh, go ahead, Dean. 566 00:32:37,680 --> 00:32:40,680 Reach out because I'm giving you major props here. 567 00:32:40,960 --> 00:32:45,480 So I read your body of knowledge article on account recovery and 568 00:32:46,000 --> 00:32:49,440 you had a statement in there that went something like the 569 00:32:49,640 --> 00:32:54,440 account recovery process needs to be stronger than that which 570 00:32:54,440 --> 00:32:57,640 is is recovering. So in other words, if you're 571 00:32:57,640 --> 00:33:00,440 trying to recover a password said stronger than a password, 572 00:33:00,640 --> 00:33:04,440 if you're trying to recover a second factor, it's got to be 573 00:33:04,440 --> 00:33:08,440 stronger than a second, the second factor that you're trying 574 00:33:08,440 --> 00:33:11,280 to recover. So I thought that was pretty 575 00:33:11,280 --> 00:33:14,520 genius and I found that kind of like after I wrote some of these 576 00:33:14,520 --> 00:33:18,320 notes. So hopefully I don't, I don't, 577 00:33:19,560 --> 00:33:22,480 you know, negate anything that I just said, but I thought that 578 00:33:22,480 --> 00:33:25,160 was great. I'd get out there for everybody 579 00:33:25,160 --> 00:33:29,320 and and read that articles in like version three or something. 580 00:33:29,400 --> 00:33:31,200 Which is great because I was going to point that out. 581 00:33:31,200 --> 00:33:34,280 It's it's the account recovery V3. 582 00:33:34,280 --> 00:33:37,440 If you go to idpro.org click the link for body of knowledge. 583 00:33:37,440 --> 00:33:41,080 You'll see one of the articles there is Account Recovery V3, 584 00:33:41,120 --> 00:33:44,200 which is great because a lot of times people write articles and 585 00:33:44,200 --> 00:33:46,560 they just let it sit and then the information comes out of 586 00:33:46,560 --> 00:33:49,200 date. So kudos for for updating. 587 00:33:49,720 --> 00:33:51,280 Yeah, and I'll put a link in our show notes too. 588 00:33:51,880 --> 00:33:53,560 Yeah, put a link that would be great. 589 00:33:53,600 --> 00:34:00,000 So, OK, so common faulty practice I think is what Jeff 590 00:34:00,000 --> 00:34:05,160 just said any kind of KBA. So what's your what's your 591 00:34:05,160 --> 00:34:08,840 mother's middle name? Or what's your favorite? 592 00:34:09,040 --> 00:34:11,120 Podcast, of course, everyone's going to put a day in the center 593 00:34:11,120 --> 00:34:13,080 of. Course it's like what what color 594 00:34:13,080 --> 00:34:15,960 is grass? You know, got to get that right. 595 00:34:16,679 --> 00:34:19,480 So then I came up with kind of good practices. 596 00:34:21,760 --> 00:34:26,199 So First things first is like, I think you the best starting 597 00:34:26,199 --> 00:34:30,000 point is to minimize the number of calls that people are going 598 00:34:30,000 --> 00:34:34,560 to have to make and have to identify themselves in the 1st 599 00:34:34,560 --> 00:34:37,199 place. So this whole space is around 600 00:34:37,239 --> 00:34:40,040 identity verification. If you're getting hundreds of 601 00:34:40,040 --> 00:34:43,400 calls, it's going to overwhelm your help desk and they're going 602 00:34:43,400 --> 00:34:49,040 to be more under the gun to close tickets, etcetera. 603 00:34:49,440 --> 00:34:54,040 So human, humans will human. So if you can use self-service 604 00:34:54,040 --> 00:34:56,960 password reset, for example, you're going to cut those calls, 605 00:34:56,960 --> 00:34:59,680 you're going to have fewer people calling into the help 606 00:34:59,680 --> 00:35:04,360 desk in the first place. I think the next thing is kind 607 00:35:04,360 --> 00:35:08,000 of like around this subject is training to help desk to the 608 00:35:08,000 --> 00:35:11,440 extent you that you can on social engineering. 609 00:35:11,720 --> 00:35:18,600 So social engineering was behind and I hate like naming breaches 610 00:35:18,600 --> 00:35:21,440 or companies that I have preached but MGM and there was a 611 00:35:21,440 --> 00:35:26,760 big YouTube. We'll swap out any any company 612 00:35:26,760 --> 00:35:28,960 name. Chances are that they the reason 613 00:35:28,960 --> 00:35:30,840 they got breached was probably through social engineering. 614 00:35:31,320 --> 00:35:35,760 Yeah, social engineering, it's like it's not just your one off 615 00:35:35,760 --> 00:35:38,880 teenager hacker. There's whole organization built 616 00:35:38,880 --> 00:35:42,760 around this and they're experts of socially social engineering. 617 00:35:42,760 --> 00:35:46,360 So train your help desk on what to look out for. 618 00:35:46,600 --> 00:35:50,480 If you don't know then get on AI and start asking it like 619 00:35:50,880 --> 00:35:54,360 questions so that you can train your help desk and hopefully 620 00:35:54,360 --> 00:35:56,880 they they recognize as the same as phishing right? 621 00:35:57,240 --> 00:36:01,280 For e-mail you get all these like phishing emails where you 622 00:36:01,280 --> 00:36:03,400 get pretty good at spotting them after a while. 623 00:36:03,920 --> 00:36:06,600 But that's getting harder now with AI writing these a lot 624 00:36:06,600 --> 00:36:09,560 better and people putting more information around out there. 625 00:36:09,560 --> 00:36:12,400 It's becoming difficult to spot. You used to be able to say, OK, 626 00:36:12,400 --> 00:36:15,600 well, this is clearly, you know, doesn't make sense from whatever 627 00:36:15,600 --> 00:36:17,920 language you're you're, you know, fluent in. 628 00:36:17,920 --> 00:36:20,800 This doesn't make sense now. It's almost indistinguishable. 629 00:36:20,800 --> 00:36:22,240 So I don't think you can count on that anymore. 630 00:36:22,320 --> 00:36:26,360 But you're absolutely right, like what to look for, you know, 631 00:36:26,360 --> 00:36:29,160 I, I would also say call your help desk and test them. 632 00:36:30,000 --> 00:36:32,360 Do a little bit of pen testing on your own right and see and 633 00:36:32,360 --> 00:36:34,440 see what you can get away with and start to realize you know 634 00:36:34,440 --> 00:36:37,680 where where some of the issues might be and where you want to 635 00:36:37,680 --> 00:36:40,400 focus training right or or other processes to help with that too. 636 00:36:41,040 --> 00:36:45,080 Yeah, some of these things I'm going to mention or like short 637 00:36:45,080 --> 00:36:48,440 term things you can do like call the person back on the known 638 00:36:48,440 --> 00:36:52,720 number, use caller ID. Hopefully you know you're not 639 00:36:52,720 --> 00:36:57,400 getting spoofed on the caller ID, which is something that a 640 00:36:57,920 --> 00:37:01,000 advanced hacker would probably be probably have in place. 641 00:37:02,440 --> 00:37:06,800 Third party verification tools like Experian, I think is one 642 00:37:06,800 --> 00:37:11,240 where you can start asking questions like, you know, which 643 00:37:11,240 --> 00:37:13,320 of the following cars did you ever own? 644 00:37:15,240 --> 00:37:18,160 Those ones are, you know, you're not going to ask everybody those 645 00:37:18,160 --> 00:37:19,920 ones. But if you start to get somebody 646 00:37:19,920 --> 00:37:23,760 who you know can't answer some of the basic questions, but just 647 00:37:23,760 --> 00:37:28,880 really needs to be unlocked. This is actually one thing that 648 00:37:28,880 --> 00:37:32,040 this triggered for me was there's a difference. 649 00:37:32,040 --> 00:37:35,320 If somebody is calling and they want they need to identify 650 00:37:35,320 --> 00:37:39,800 themselves to change the password to kind of a low risk 651 00:37:39,800 --> 00:37:45,120 thing versus if it's somebody who needs access to an employee 652 00:37:45,120 --> 00:37:48,040 account for example, that's going to put them into the 653 00:37:48,040 --> 00:37:52,360 trusted network and let them start data breach, so. 654 00:37:52,720 --> 00:37:54,360 Yeah, let alone admin accounts, right? 655 00:37:54,360 --> 00:37:57,560 If I'm an ACT to admin calling in for a password reset, that 656 00:37:57,560 --> 00:38:01,320 should immediately set off a different process to to verify 657 00:38:01,320 --> 00:38:02,840 that person. Right. 658 00:38:03,000 --> 00:38:06,640 But your help this has to identify these are you know kind 659 00:38:06,640 --> 00:38:10,880 of a level one type of account or whatever. 660 00:38:12,400 --> 00:38:15,160 And everybody's going to assign their own risk to the some of 661 00:38:15,160 --> 00:38:17,520 these things. But I guess what I'm saying is 662 00:38:17,520 --> 00:38:21,120 not all these processes are appropriate for all levels of 663 00:38:21,120 --> 00:38:23,240 unlock. I think things that are in here 664 00:38:23,240 --> 00:38:26,760 until I got to that last one are things that potentially you 665 00:38:26,760 --> 00:38:32,200 could employ regardless. Now best practices, I think for 666 00:38:32,200 --> 00:38:36,640 identity verification are some biometric based system. 667 00:38:36,920 --> 00:38:41,400 So starting to think about like that selfie thing where you, you 668 00:38:41,400 --> 00:38:46,680 hold up your ID like your, your driver's license or a passport 669 00:38:46,680 --> 00:38:49,800 and you do a, a live selfie test. 670 00:38:50,400 --> 00:38:53,360 Those things, if you can get those in place, like long term, 671 00:38:53,360 --> 00:38:56,240 that's going to put you in a much better position to do 672 00:38:56,240 --> 00:38:58,920 unlocks. But it's relatively advanced and 673 00:38:59,120 --> 00:39:03,640 kind of expensive for what it does, especially when you try to 674 00:39:03,640 --> 00:39:06,320 think about different identity assurance levels. 123, whatever 675 00:39:06,320 --> 00:39:08,480 it might look like, yes, it's the best. 676 00:39:08,960 --> 00:39:12,520 Is it realistic though? For a lot of companies, probably 677 00:39:12,520 --> 00:39:14,440 not. Maybe finance, maybe. 678 00:39:14,840 --> 00:39:17,000 I could definitely see the medical, but medical typically 679 00:39:17,000 --> 00:39:19,720 or health generally don't have as much money to spend on stuff 680 00:39:19,720 --> 00:39:21,480 like that until there's a problem. 681 00:39:21,920 --> 00:39:24,080 Government for sure. I mean, they're, they're kind of 682 00:39:24,120 --> 00:39:25,480 doing that now for a lot of stuff. 683 00:39:26,760 --> 00:39:28,920 Yeah. So, so dialing back to good, I 684 00:39:28,920 --> 00:39:32,120 think even multi factor authentication, being able to 685 00:39:32,120 --> 00:39:37,280 send a code to somebody. Look, I mean if you use you and 686 00:39:37,280 --> 00:39:40,880 I fly Delta a lot, if you use their chat application within 687 00:39:40,880 --> 00:39:44,960 their chat application, they require you to go out and re 688 00:39:44,960 --> 00:39:46,760 authenticate. So anything like that? 689 00:39:46,760 --> 00:39:50,720 Where chat works for you. Usually it's just me trying to 690 00:39:50,720 --> 00:39:54,440 get help on a flight and the the in flight Wi-Fi stinks and so it 691 00:39:54,440 --> 00:39:56,400 doesn't. Know where you go there you go. 692 00:39:57,920 --> 00:40:01,840 So I, I think some of those solutions are certainly things 693 00:40:01,840 --> 00:40:05,920 that you can get value from at a low cost, especially if you're 694 00:40:05,920 --> 00:40:10,080 talking about a, a large customer base when you're 695 00:40:10,080 --> 00:40:13,120 talking about employee access. I think one thing you said 696 00:40:13,120 --> 00:40:15,600 there, it's unfortunate, it's like. 697 00:40:16,680 --> 00:40:19,600 People aren't going to take this seriously until they get hacked. 698 00:40:19,760 --> 00:40:21,440 Yeah, OK. Well, if that's the case, then 699 00:40:21,440 --> 00:40:24,640 we might as well just shut up. Stop doing this podcast. 700 00:40:24,640 --> 00:40:25,920 Let's get rid of let's that's it. 701 00:40:25,920 --> 00:40:27,280 Identity is no longer at the center. 702 00:40:27,680 --> 00:40:30,440 It's just a free for all and you know, have fun with all the 703 00:40:30,440 --> 00:40:31,720 data. Yeah. 704 00:40:32,040 --> 00:40:34,720 But I think the last point I'm going to make on the identity 705 00:40:34,720 --> 00:40:38,400 verification stuff is you said, well, it's very expensive. 706 00:40:38,400 --> 00:40:42,280 It, it might be too expensive for you, but I think it's worthy 707 00:40:42,280 --> 00:40:45,120 of doing the research and going back and see if you can build 708 00:40:45,120 --> 00:40:48,360 the business case, you know, certainly could reduce risk 709 00:40:48,360 --> 00:40:51,080 profile. Yeah, maybe it makes sense for a 710 00:40:51,080 --> 00:40:53,960 certain population too, right? Executives, admins. 711 00:40:55,280 --> 00:40:58,160 This does not have to be a binary, all or nothing type of 712 00:40:58,160 --> 00:41:00,240 approach. I think you need to figure out 713 00:41:00,240 --> 00:41:03,440 where the risk is and how much you know money do you want to 714 00:41:03,440 --> 00:41:07,240 apply to reduce that risk. Amen. 715 00:41:07,680 --> 00:41:12,200 How do you feel about an sending an SMS to an employee? 716 00:41:12,720 --> 00:41:14,800 Maybe they've already, Maybe you know what their cell number is 717 00:41:14,800 --> 00:41:20,200 Is Hey, I'm going to text you a code to make sure it's you, I 718 00:41:20,200 --> 00:41:20,680 think. That's. 719 00:41:21,560 --> 00:41:23,600 Better than nothing, right? I mean, we know that we know the 720 00:41:23,640 --> 00:41:26,320 issues with SMS, right? Not the strongest, but better 721 00:41:26,320 --> 00:41:30,320 than an SSNI would say, right? It's definitely better than KBA 722 00:41:30,600 --> 00:41:35,520 because it requires that you either somehow hijack the the 723 00:41:35,680 --> 00:41:40,240 SMS routing or that you have the person's phone, which is a very 724 00:41:40,240 --> 00:41:44,480 real scenario. I'm sure there's also 725 00:41:44,480 --> 00:41:48,320 applications you can use to log into the person's account to 726 00:41:48,320 --> 00:41:52,280 intercept their SMSS if you know there there's cell phone 727 00:41:52,280 --> 00:41:53,960 credentials. They're using WhatsApp. 728 00:41:54,800 --> 00:41:56,480 If you're using WhatsApp. Or Facebook account. 729 00:41:56,680 --> 00:41:59,840 Yeah, yeah. So, but I think if you combine 730 00:41:59,840 --> 00:42:02,080 it maybe with some other options, so maybe it's just as 731 00:42:02,080 --> 00:42:05,480 simple as hey, let's we're going to send you a, a text message 732 00:42:05,480 --> 00:42:09,320 and ask you a couple of questions that kind of validate 733 00:42:09,320 --> 00:42:13,920 it better than nothing and probably better than what most 734 00:42:14,040 --> 00:42:15,960 companies I would argue are probably doing today. 735 00:42:16,520 --> 00:42:18,800 Yeah. I think that if you came up with 736 00:42:18,800 --> 00:42:22,240 a framework that includes a few of these different things like 737 00:42:22,880 --> 00:42:28,200 questions, the KBA, some kind of hardware verification, and then 738 00:42:28,880 --> 00:42:32,840 a framework for like certain accounts, you got to be 10 for 739 00:42:32,840 --> 00:42:37,520 10 before we're going to unlock you other accounts, you know, 740 00:42:37,520 --> 00:42:40,520 maybe if you get 9 out of the hand, if you say, I don't have 741 00:42:40,520 --> 00:42:45,080 my cell, I lost my cell phone, I don't have access to my e-mail. 742 00:42:45,760 --> 00:42:48,840 You know, it's very real scenarios where that actually 743 00:42:48,840 --> 00:42:51,240 could happen. And I think you have to look at 744 00:42:51,240 --> 00:42:54,800 the risk associated with somebody says, I need all that 745 00:42:55,080 --> 00:42:57,560 and you have their account flagged in your database that 746 00:42:57,800 --> 00:43:01,120 they're an administrator. It's like, I'm sorry, you're 747 00:43:01,120 --> 00:43:05,200 going to have to call your your boss and get him to do something 748 00:43:05,880 --> 00:43:07,880 or. Her how do you feel about that 749 00:43:07,920 --> 00:43:10,720 having, you know the person's manager get involved in the 750 00:43:10,720 --> 00:43:14,040 password reset. I think for standard resets is 751 00:43:14,040 --> 00:43:19,640 it's not a great idea, but I think when you're talking about 752 00:43:19,640 --> 00:43:22,800 like an administrator account. I'm thinking like scenarios 753 00:43:22,800 --> 00:43:25,600 where like a lot of companies will maybe have their process 754 00:43:25,600 --> 00:43:28,880 where, you know, they, they, they recognize maybe that they 755 00:43:28,880 --> 00:43:31,200 don't have a good way to validate the caller. 756 00:43:31,840 --> 00:43:36,280 And so they say, I need you to, you know, call your manager or 757 00:43:36,640 --> 00:43:39,200 we've sent it to, we've sent you the new password to your 758 00:43:39,200 --> 00:43:42,080 manager, call them for the password or something like that, 759 00:43:42,080 --> 00:43:44,320 right? Some sort of secondary step that 760 00:43:44,320 --> 00:43:45,960 kind of goes through the process. 761 00:43:46,400 --> 00:43:51,200 Right. I mean, I can see that scenario 762 00:43:51,200 --> 00:43:55,280 getting socially engineered. Anything can be social 763 00:43:55,280 --> 00:43:57,760 engineered but. Yeah, it's better than just 764 00:43:57,760 --> 00:44:00,240 asking a Social Security number and then just send you over the 765 00:44:00,240 --> 00:44:03,720 password, so. Stop using SSN, it's not secret 766 00:44:03,720 --> 00:44:06,800 anymore and it's not secure. And don't use employee number 767 00:44:06,840 --> 00:44:07,840 either. Like I see a lot of 768 00:44:07,840 --> 00:44:10,280 organizations like, oh, employee number and then they print it on 769 00:44:10,280 --> 00:44:11,960 their badge. Like, OK, well that's not secret 770 00:44:11,960 --> 00:44:13,400 anymore either. Right. 771 00:44:14,200 --> 00:44:17,080 Yeah. I mean, I think that, you know, 772 00:44:17,080 --> 00:44:20,760 the primary factor is the risk that you are being socially 773 00:44:20,760 --> 00:44:23,320 engineered. And I think there's certain 774 00:44:23,720 --> 00:44:26,960 accounts and there's quite a few accounts within the organization 775 00:44:26,960 --> 00:44:32,440 that just can't afford that have that happen and inconveniencing 776 00:44:32,440 --> 00:44:36,920 somebody is a big deal. But let's say the scenario is 777 00:44:36,920 --> 00:44:42,320 somebody called you and they said I work for IBM and I need 778 00:44:42,320 --> 00:44:45,880 to, I'm not picking on IBM. I just just the first thing that 779 00:44:45,880 --> 00:44:51,040 came to mind and I manage your servers and I need to unlock 780 00:44:51,040 --> 00:44:53,800 this person's account or I need to unlock my account because I 781 00:44:53,800 --> 00:44:57,840 can't fix this production system that's down right now. 782 00:44:58,560 --> 00:45:02,880 And then they can answer like some basic information about 783 00:45:02,880 --> 00:45:05,440 themselves and who they report to and things like that. 784 00:45:05,440 --> 00:45:09,720 All things that maybe they got off of the company's Yammer site 785 00:45:09,720 --> 00:45:13,240 or something like that. Now the person potentially could 786 00:45:13,240 --> 00:45:15,640 be socially engineered into unlocking that account. 787 00:45:15,640 --> 00:45:19,280 In other words, there's production system down, and if I 788 00:45:19,280 --> 00:45:21,480 don't get this thing fixed, I'm going to be fired. 789 00:45:21,920 --> 00:45:23,640 Yeah. Well, what are the odds of, 790 00:45:24,200 --> 00:45:27,200 Well, I don't say odds, but I mean, that's how attacks work in 791 00:45:27,200 --> 00:45:29,600 the real world as they move up and over and laterally until 792 00:45:29,600 --> 00:45:31,320 they find it. They could have breached a 793 00:45:31,320 --> 00:45:33,800 regular person's account. They had access to the Yammer. 794 00:45:33,800 --> 00:45:35,320 They had access to the corporate directory. 795 00:45:35,680 --> 00:45:39,120 They've done, you know, enough Recon to find the information 796 00:45:39,120 --> 00:45:41,120 who they want to target and get information around it. 797 00:45:41,120 --> 00:45:43,760 And that's how it works. And so they work up and over 798 00:45:43,880 --> 00:45:45,160 right until they get to what they want. 799 00:45:46,480 --> 00:45:49,240 Right. OK, so do we ask? 800 00:45:49,280 --> 00:45:52,760 A question imagine this to even have the person password and 801 00:45:52,760 --> 00:45:57,080 what they're asking you to do is reset the the MFAI just got a 802 00:45:57,080 --> 00:46:00,440 new iPhone today. Yeah. 803 00:46:00,440 --> 00:46:03,320 And they want to re re enroll the device or whatever it may 804 00:46:03,320 --> 00:46:04,440 be, I don't know. There's there's a lot of ways. 805 00:46:04,440 --> 00:46:07,200 To do that, hopefully that adds some color. 806 00:46:07,200 --> 00:46:08,840 I don't think there's a black and white answer. 807 00:46:08,840 --> 00:46:14,280 It depends on your situation, and it's about hardening the 808 00:46:14,280 --> 00:46:16,440 process to the appropriate level. 809 00:46:16,920 --> 00:46:19,320 But I think we can agree that SSN is no longer. 810 00:46:19,480 --> 00:46:23,280 It hasn't been for a long time, but if you're using knowledge 811 00:46:23,280 --> 00:46:27,080 based authentication and especially knowledge that is 812 00:46:27,640 --> 00:46:30,080 leaked or easily obtained, right? 813 00:46:30,080 --> 00:46:33,200 Whether it's an SSN that's part of a massive leak or something 814 00:46:33,200 --> 00:46:35,800 that I can go on LinkedIn and do a little Recon and say, OK, 815 00:46:35,800 --> 00:46:37,520 well, now I know who that person's manager is, right? 816 00:46:37,520 --> 00:46:40,200 Or things like that. It's to move away from stuff 817 00:46:40,200 --> 00:46:43,360 like that and maybe shift to looking at different risk based 818 00:46:43,360 --> 00:46:47,880 models based on the type of user or who's calling in, right? 819 00:46:47,880 --> 00:46:49,840 Or or some of those different kind of options. 820 00:46:50,560 --> 00:46:52,200 Right. But not SSN. 821 00:46:52,200 --> 00:46:54,280 Don't use this. I'm going to draw a line right 822 00:46:54,280 --> 00:46:57,200 there in the sand. Agreed. 823 00:46:57,480 --> 00:46:59,120 All right. Well, thanks to Scott for that 824 00:46:59,120 --> 00:47:01,040 awesome question. Yeah, that was a good question. 825 00:47:01,640 --> 00:47:05,640 And to our anonymous listener, and hopefully we help them out 826 00:47:05,640 --> 00:47:08,280 with the Identity center. If not, let us know, send us 827 00:47:08,280 --> 00:47:09,760 another e-mail. We'll we'll take another crack 828 00:47:09,760 --> 00:47:12,520 at it or we'll hop on a phone and just talk about it. 829 00:47:12,760 --> 00:47:15,200 We could do that too. And Jeff, I'm just sitting here 830 00:47:15,200 --> 00:47:19,080 thinking like anonymous e-mail kind of sounds like we made it 831 00:47:19,080 --> 00:47:21,080 up. I swear we did not make. 832 00:47:21,080 --> 00:47:23,680 No, they asked for, they asked to be anonymous. 833 00:47:23,680 --> 00:47:26,520 And you know, we're we're identity and access management 834 00:47:26,600 --> 00:47:27,760 professional. So of course we're going to, 835 00:47:27,840 --> 00:47:30,400 we're going to honor that. Of course, if they feel like 836 00:47:30,400 --> 00:47:33,480 sharing, they can post on LinkedIn after they hear this 837 00:47:33,520 --> 00:47:35,040 and they can do their own thing. How about that? 838 00:47:35,560 --> 00:47:39,280 That sounds good. OK, we should have a lighter 839 00:47:39,280 --> 00:47:41,040 note. We should end this thing on a 840 00:47:41,040 --> 00:47:43,560 lighter note since we do that every every week. 841 00:47:43,560 --> 00:47:47,320 What do you think? Yeah, so episode 300, this is 842 00:47:47,320 --> 00:47:51,360 it. What does episode 500 look like? 843 00:47:51,440 --> 00:47:56,920 What are we talking about? 200 episodes from now, which is 844 00:47:56,920 --> 00:48:01,400 probably, let's call somewhere between three and four years 845 00:48:01,400 --> 00:48:05,880 from now. So when you say we, do you mean 846 00:48:06,720 --> 00:48:11,120 me and you or AI? Or AI counterparts. 847 00:48:11,120 --> 00:48:15,760 Yeah, whatever. Episode 500 of the Identity 848 00:48:15,760 --> 00:48:19,160 Center Podcast. Sounds like blank will be the 849 00:48:19,160 --> 00:48:21,240 topic that we're addressing, the main topic. 850 00:48:23,760 --> 00:48:26,720 I mean, we talked about the the whole thing with mobile driver's 851 00:48:26,720 --> 00:48:31,360 licenses and I think that's going to be very much our 852 00:48:31,360 --> 00:48:34,440 reality. And we'll probably be having 853 00:48:34,480 --> 00:48:39,160 discussions about whether or not they should be used by more 854 00:48:39,160 --> 00:48:43,640 things, if we should be using mobile driver's licenses as kind 855 00:48:43,640 --> 00:48:48,680 of like a Federated identity capability to authenticate to 856 00:48:48,680 --> 00:48:51,160 more things. So I do think that's a real one. 857 00:48:51,160 --> 00:48:54,400 And I think AI, it's like, what are all the possibilities that 858 00:48:54,600 --> 00:48:59,240 AI can bring to the things we do today? 859 00:48:59,640 --> 00:49:02,880 I don't think that it's AI is going to be at the point where 860 00:49:03,200 --> 00:49:07,040 it's managing large pools of identity implementations. 861 00:49:07,600 --> 00:49:10,480 But I do think that some of the like what we discussed with 862 00:49:10,480 --> 00:49:16,160 Merrill, where you can go into your system and just use human 863 00:49:16,160 --> 00:49:20,640 language models, human language to say what you want it to do. 864 00:49:20,880 --> 00:49:23,760 And we're starting to see the fruition of that come come 865 00:49:23,760 --> 00:49:25,760 forth. What do you think? 866 00:49:26,720 --> 00:49:28,560 I hate to say it, but we're probably going to talk about the 867 00:49:28,560 --> 00:49:32,480 same stupid things. People aren't using MFA or what 868 00:49:32,480 --> 00:49:34,080 are the basics theories of the time. 869 00:49:34,360 --> 00:49:36,880 How do I sell I am to my organization? 870 00:49:36,880 --> 00:49:38,680 People just haven't gotten buy in yet. 871 00:49:38,680 --> 00:49:42,960 Or maybe they sold it once and they need funding again to catch 872 00:49:42,960 --> 00:49:46,240 up because they didn't sustain the investment to stay current. 873 00:49:46,720 --> 00:49:49,240 I hate to say it, but I have a feeling we'll be talking about 874 00:49:49,400 --> 00:49:51,280 still talking about stuff like that. 875 00:49:51,840 --> 00:49:55,240 But AI for sure, I think. I don't think it's going away. 876 00:49:55,240 --> 00:49:58,320 Trying to think what else? Episode 500. 877 00:49:58,320 --> 00:50:01,760 I mean, three to four years from now, hadn't we been like three 878 00:50:01,760 --> 00:50:04,160 to four years away from like blockchain identity? 879 00:50:04,880 --> 00:50:08,000 Now you're like, is is this the next three to four years of sure 880 00:50:08,000 --> 00:50:10,400 it's coming along, right? Or the end of the password? 881 00:50:10,400 --> 00:50:12,280 Will we still be talking about the death of the password at 882 00:50:12,280 --> 00:50:13,240 that point? I think so. 883 00:50:13,320 --> 00:50:14,760 Yeah. Yeah, I do. 884 00:50:15,040 --> 00:50:18,800 Yeah, I, I, I, I and I don't mean it to be pessimistic, 885 00:50:19,000 --> 00:50:21,160 right. These are these are 886 00:50:21,160 --> 00:50:25,120 conversations that take place in every organization is, you know, 887 00:50:25,120 --> 00:50:27,920 yeah, we continue to have to sell the value of identity and 888 00:50:27,920 --> 00:50:29,800 access management. And how do we do that? 889 00:50:30,440 --> 00:50:33,840 Because there's always going to be competition for dollars and 890 00:50:33,840 --> 00:50:37,120 resources to get things done. And no organization is 891 00:50:37,120 --> 00:50:39,360 unlimited. Well, maybe a couple, but there 892 00:50:39,360 --> 00:50:42,880 are the exceptions. So there's always going to be 893 00:50:42,880 --> 00:50:44,600 that conversation of, okay, well, what's new? 894 00:50:44,600 --> 00:50:48,800 How are we staying current or ahead of the curve, right? 895 00:50:49,160 --> 00:50:50,880 What are the new threats that are talking about? 896 00:50:50,960 --> 00:50:52,800 AI, I'm sure is going to introduce things we haven't 897 00:50:52,800 --> 00:50:54,320 thought about. I'm sure somebody's going to get 898 00:50:54,320 --> 00:50:57,120 creative and quantum is going to become a thing we're going to be 899 00:50:57,120 --> 00:50:59,440 talking about. Well, how do we make sure that 900 00:50:59,440 --> 00:51:04,280 quantum is not wrecking all of our our security algorithms, 901 00:51:04,280 --> 00:51:05,080 right? Things like that. 902 00:51:05,320 --> 00:51:08,480 So there will be things, but fundamentally, we're still going 903 00:51:08,480 --> 00:51:09,640 to be talking about the same thing. 904 00:51:10,400 --> 00:51:13,200 Do the right people have the right access to the right thing 905 00:51:13,200 --> 00:51:15,800 at the right time? And is that access appropriate? 906 00:51:18,280 --> 00:51:20,000 There we go. That's good. 907 00:51:20,240 --> 00:51:22,880 That's good. Hey, I just thought of something 908 00:51:22,880 --> 00:51:25,880 else. We never mentioned that we got 909 00:51:25,880 --> 00:51:30,760 accepted to play a part to present A use case at the 910 00:51:30,760 --> 00:51:33,680 Gartner IM Summit in December. Of this year. 911 00:51:33,680 --> 00:51:36,120 It's been a couple weeks, man. It has been, man. 912 00:51:36,120 --> 00:51:39,200 It's like you can barely keep up with the good things happening. 913 00:51:40,280 --> 00:51:45,280 But on that front, I'm working the angle to try to get us a 914 00:51:45,280 --> 00:51:47,640 discount code. And of course, we won't have a 915 00:51:47,640 --> 00:51:50,440 discount code unless it's the best one. 916 00:51:50,720 --> 00:51:54,040 So keep your ears on the podcast. 917 00:51:54,040 --> 00:51:56,920 Hopefully we'll have a discount code for the Gartner I Am Summit 918 00:51:57,200 --> 00:51:59,200 here coming up. Yeah, that's going to be 919 00:51:59,200 --> 00:52:00,800 exciting. I think we had such a good time 920 00:52:00,800 --> 00:52:05,280 at the last one doing the on stage sort of, I sort of us a 921 00:52:05,280 --> 00:52:09,600 mini identity at the center with Becky and Henrique on stage. 922 00:52:09,600 --> 00:52:11,720 And we may try to do something similar to that again. 923 00:52:11,720 --> 00:52:17,160 But yeah, it's it's an honor to be nominated and looking forward 924 00:52:17,160 --> 00:52:18,720 to doing whatever it is we're going to do there. 925 00:52:19,240 --> 00:52:23,840 Yeah, and shout out to Becky because she really shepherded us 926 00:52:23,840 --> 00:52:27,760 through the process here. So very grateful for that. 927 00:52:28,160 --> 00:52:30,040 Becky's good. I am people about that. 928 00:52:30,360 --> 00:52:34,160 That's a good, good point. All right, let's see. 929 00:52:34,600 --> 00:52:35,920 Anything else? I know we're gonna be at a bunch 930 00:52:35,920 --> 00:52:37,680 of conferences. I'll just put all of our 931 00:52:37,920 --> 00:52:39,440 discount codes in the show notes. 932 00:52:39,440 --> 00:52:42,400 It's also on our homepage at idcpodcast.com, so I try to keep 933 00:52:42,400 --> 00:52:43,880 that updated. Now, if you just Scroll down 934 00:52:43,880 --> 00:52:46,360 just a little bit, you'll see the different discount codes for 935 00:52:46,760 --> 00:52:50,400 Identity Week, authenticate conference, the Sempress 936 00:52:50,400 --> 00:52:54,080 conference, hip conf, basically. And then if we end up with 937 00:52:54,080 --> 00:52:55,560 something for Gartner, it'll be there too. 938 00:52:55,560 --> 00:52:57,600 But we'll have all that in our, in our show notes. 939 00:52:57,600 --> 00:53:01,200 And hopefully people come out and either, you know, say hello 940 00:53:01,200 --> 00:53:02,920 or support us. Use the codes is the best way to 941 00:53:02,960 --> 00:53:05,280 to support show show that we can, you know, bring bring a 942 00:53:05,280 --> 00:53:07,040 party to these types of things and have some fun at these 943 00:53:07,040 --> 00:53:08,880 conferences. Heck yeah. 944 00:53:09,200 --> 00:53:14,000 Yep, all right. IDC podcast.com at IDC Podcast 945 00:53:14,000 --> 00:53:19,440 on X or whatever it's called at this point, idcpodcast.tv. 946 00:53:19,680 --> 00:53:21,160 Please give us a like and subscribe. 947 00:53:21,240 --> 00:53:24,240 We are trying to grow that Channel as much as we can. 948 00:53:24,360 --> 00:53:27,440 And if you haven't, if you're listening to this while you're 949 00:53:27,440 --> 00:53:31,200 walking around, which I know some people do, just just click 950 00:53:31,200 --> 00:53:33,960 over to the YouTube real quick and just hit like and subscribe 951 00:53:34,520 --> 00:53:37,400 means a lot for us. Let's see what else. 952 00:53:37,640 --> 00:53:40,280 And yeah, connect with us on LinkedIn, you know, definitely 953 00:53:40,280 --> 00:53:45,040 get questions like we got today and we'll keep bringing it and 954 00:53:45,040 --> 00:53:46,080 hopefully you guys keep listening. 955 00:53:46,120 --> 00:53:48,400 So with that, we'll leave it there for this week. 956 00:53:48,600 --> 00:53:51,320 Thanks everyone for watching or listening and we'll talk with 957 00:53:51,320 --> 00:53:55,600 you all in the next one. You've been listening to 958 00:53:55,640 --> 00:53:59,560 Identity at the Center. We hope you've enjoyed the show. 959 00:53:59,760 --> 00:54:03,840 Make sure to like, rate and review, and we'll be back soon. 960 00:54:04,120 --> 00:54:06,400 But in the meantime, hit the website at 961 00:54:06,400 --> 00:54:12,760 identity@thecenter.com. See you next time on Identity at 962 00:54:12,760 --> 00:54:13,680 the Center.