1 00:00:09,700 --> 00:00:12,500 You're listening to the identity of the sender podcast. 2 00:00:12,800 --> 00:00:14,900 This is the show that talks about identity and access 3 00:00:14,900 --> 00:00:18,000 management and making sure you know who has access to what 4 00:00:18,100 --> 00:00:25,300 let's get started. Welcome to the identity of the 5 00:00:25,300 --> 00:00:27,500 center podcast, I'm Jeff. And that's Jim. 6 00:00:27,500 --> 00:00:29,300 Hey, gem. Hey Jeff, how are you? 7 00:00:29,700 --> 00:00:34,300 Oh, not so bad yourself. Hey, I'm living the dream right 8 00:00:34,300 --> 00:00:35,700 now. It's kind of a nightmare. 9 00:00:36,100 --> 00:00:40,400 No, I shouldn't say that. It's really not but I think 10 00:00:40,400 --> 00:00:43,800 everybody's experience those. So, last week we were at the 11 00:00:43,800 --> 00:00:47,800 conference and then this week came home took some time off 12 00:00:47,800 --> 00:00:51,600 because I was moving so it wasn't really a vacation and 13 00:00:51,600 --> 00:00:54,600 then you come back to work and it's like they always say A, the 14 00:00:54,600 --> 00:00:57,700 work will be waiting for you. Yes, it will be waiting for you 15 00:00:57,800 --> 00:00:59,900 plus all the new work that's coming up. 16 00:00:59,900 --> 00:01:04,200 So, yes, like I was on the computer, literally, till 11:30 17 00:01:04,200 --> 00:01:08,200 last night working and I haven't done that in a while. 18 00:01:09,000 --> 00:01:12,500 I mean, it's just was like, a tidal wave came in from like 19 00:01:12,800 --> 00:01:16,400 8:00 a.m. to 11:30 at night. I consider that payback for all 20 00:01:16,408 --> 00:01:18,700 the work you gave me and editing. 21 00:01:19,000 --> 00:01:22,500 All the podcasts that we did for our from Gartner, we put out, I 22 00:01:22,500 --> 00:01:26,200 think nine, Roads in two weeks, which is like a new record for 23 00:01:26,200 --> 00:01:28,500 us which is very cool. It's very cool experience but 24 00:01:29,700 --> 00:01:32,300 yeah so welcome. Welcome to the world of Jeff for 25 00:01:32,300 --> 00:01:35,400 the last two weeks. Yeah, no, I was thinking like, 26 00:01:35,500 --> 00:01:38,800 you know, hey that putting out all those episodes that wasn't 27 00:01:38,800 --> 00:01:41,100 too much work. Was it for me? 28 00:01:41,100 --> 00:01:43,300 It wasn't. But for you, I know it was a 29 00:01:43,300 --> 00:01:45,100 lot. That's a lot of work but it's 30 00:01:45,100 --> 00:01:46,500 fun. We do it as a hobby, right? 31 00:01:46,500 --> 00:01:49,600 We don't really do anything. This is, we don't really, like, 32 00:01:50,400 --> 00:01:52,100 monetize the show in anyway, right? 33 00:01:52,100 --> 00:01:53,900 So we don't do commercials or anything like that. 34 00:01:54,100 --> 00:01:56,200 Your ability to advertise ourselves know, maybe that'll 35 00:01:56,200 --> 00:01:58,800 change at some point in future to kind of figure things out, 36 00:01:58,800 --> 00:02:00,400 but We Do It For the Love of the Game. 37 00:02:00,400 --> 00:02:02,800 And certainly, it's fun. Well, we don't, we don't 38 00:02:02,800 --> 00:02:05,900 advertise for ourselves, but if anybody wants to hire us to do 39 00:02:07,200 --> 00:02:10,000 more than free to do so yeah, definitely come. 40 00:02:10,000 --> 00:02:15,300 Visit us at our SM.com? Yeah, so I mean there's a couple 41 00:02:15,300 --> 00:02:18,600 things actually working out so like we put all the episodes 94 42 00:02:18,600 --> 00:02:20,100 Gartner so you haven't check those out. 43 00:02:20,200 --> 00:02:23,700 You basically did a preview episode of like the day before 44 00:02:23,700 --> 00:02:27,700 of what We thought we would be getting into and then we did 45 00:02:27,700 --> 00:02:31,000 like a daily recap from the three days of the conference. 46 00:02:31,300 --> 00:02:35,500 And then while we were there, we also recorded specific 47 00:02:35,500 --> 00:02:38,200 conversations that we had with five different guests. 48 00:02:38,200 --> 00:02:42,900 So we have Louis Almeida, Jamie Lewis gross, we had head covet 49 00:02:42,900 --> 00:02:47,800 sand, we had Vittorio Bertolucci and bread to me from various 50 00:02:47,800 --> 00:02:50,200 companies. I got them all off memory. 51 00:02:50,200 --> 00:02:53,000 That's how fresh it is, having different conversations and we 52 00:02:53,000 --> 00:02:56,400 rolled that out base. They all this week and for 53 00:02:56,400 --> 00:02:58,000 kicking down and forth. While we're recording this on 54 00:02:58,000 --> 00:03:02,600 Friday, the S as this will become our new our Labor Day. 55 00:03:02,600 --> 00:03:06,800 Episode that goes out on Monday. The down a few nice comments 56 00:03:06,800 --> 00:03:10,100 about people whose lives. We have really good coverage of 57 00:03:10,100 --> 00:03:13,900 the of the conference. I feel like that was kind of 58 00:03:13,900 --> 00:03:16,800 part of the goal was, you know, for people who couldn't be 59 00:03:16,800 --> 00:03:20,000 there, just kind of giving you some kind of inside picture. 60 00:03:20,000 --> 00:03:23,500 Obviously, we're not, you know, news media covering it. 61 00:03:24,400 --> 00:03:27,800 You know, this session did this or the session at that, but more 62 00:03:28,100 --> 00:03:32,500 getting their perspective of us and some of our friends of the 63 00:03:32,500 --> 00:03:36,400 show who work who happened to be there and we're willing to jump 64 00:03:36,400 --> 00:03:39,200 on the jump on the podcast for a little bit. 65 00:03:39,800 --> 00:03:41,700 Yeah, it was pretty cool. I think even some folks and 66 00:03:41,700 --> 00:03:46,100 Garner took notice and re K. Thanks thanked us for our 67 00:03:46,100 --> 00:03:48,500 journalism. I told him, I think journalism 68 00:03:48,500 --> 00:03:52,000 is stretchable is a little bit of a stretch for what we do, but 69 00:03:52,000 --> 00:03:53,800 it's very cool to get some get some nods from that. 70 00:03:54,800 --> 00:03:58,000 Yeah, it was fun again. Think so you know to Gartner 71 00:03:58,000 --> 00:04:00,100 really for putting on a great show but also are some for 72 00:04:00,100 --> 00:04:03,300 hooking us up with that sweet. Sweet as you like to say 73 00:04:03,700 --> 00:04:05,300 anything. Have a great, you break top one 74 00:04:05,300 --> 00:04:07,300 now. I mean, yeah, that was getting 75 00:04:07,300 --> 00:04:08,200 old. Keep them guessing. 76 00:04:08,200 --> 00:04:10,300 That's, that's the way that's the way to roll, but yeah, 77 00:04:10,300 --> 00:04:12,500 having a spot to record was definitely ideal. 78 00:04:12,900 --> 00:04:14,300 And we're actually looking at doing this again. 79 00:04:14,300 --> 00:04:17,800 I think we're looking at being at the authenticate 2022 80 00:04:17,800 --> 00:04:21,300 Conference in October, will be in Seattle. 81 00:04:21,300 --> 00:04:23,600 So we'll be meeting with our friends from the Fido. 82 00:04:23,600 --> 00:04:26,700 I am It's looking forward to maybe getting and Iran and 83 00:04:26,700 --> 00:04:28,400 Russia are the executive director over there. 84 00:04:28,400 --> 00:04:31,700 And if you're going to be at the conference, we'd love to sit 85 00:04:31,700 --> 00:04:34,000 down and have a conversation either on or off the Record 86 00:04:34,500 --> 00:04:35,800 depending on the know how it works. 87 00:04:35,800 --> 00:04:39,400 But that'll be exciting to that. For those who haven't been 88 00:04:39,400 --> 00:04:41,100 following along. That's the one that Jim ditched 89 00:04:41,100 --> 00:04:44,700 me last year and made me present on my own 48. 90 00:04:45,500 --> 00:04:48,500 A talk that was all his idea. I would have been more than 91 00:04:48,500 --> 00:04:52,800 happy to call fall over you but I was sick as a dog at the 92 00:04:52,800 --> 00:04:56,400 middle of a pandemic. Turned out at least a test said 93 00:04:56,400 --> 00:04:58,200 that it did not have covered by it. 94 00:04:58,700 --> 00:05:00,800 I feel like I had covid like 10 times. 95 00:05:01,200 --> 00:05:03,200 Yeah. I was sick a lot during the 96 00:05:03,200 --> 00:05:07,600 pandemic but I'm yeah fight Alliance is definitely one of my 97 00:05:07,600 --> 00:05:12,300 favorite organizations. You know, it's kind of like as 98 00:05:12,300 --> 00:05:15,400 well as idsa in as well as Ida Pro. 99 00:05:15,400 --> 00:05:20,300 And I wanted to mention, I put a message on the ID Pro slack 100 00:05:20,300 --> 00:05:22,700 Channel, but just to mention here as well. 101 00:05:22,900 --> 00:05:27,500 We've got a A special episode plan for Halloween, so Halloween 102 00:05:27,500 --> 00:05:33,500 falls on Monday this year. And so the idea that I came up 103 00:05:33,500 --> 00:05:37,900 with was, what is your? I am Horror Story, So to 104 00:05:37,900 --> 00:05:40,900 participate. So I kind of figured the episode 105 00:05:41,000 --> 00:05:43,500 format with look, like what we did with. 106 00:05:43,700 --> 00:05:47,200 What's the difference between ID and access management and 107 00:05:47,200 --> 00:05:49,700 digital identity. And it's kind of like, you know, 108 00:05:49,800 --> 00:05:54,400 individuals kind of recorded their 3 to 4 minutes or And then 109 00:05:54,400 --> 00:05:57,600 email it to us. So if anybody's down, I am 110 00:05:57,600 --> 00:06:01,500 Horror Story like I've got one that comes to mind my own life 111 00:06:01,500 --> 00:06:05,000 but if any of our listeners have one that they'd want to share, 112 00:06:05,300 --> 00:06:09,300 basically, just sit down record, it send it to us, reach out to 113 00:06:09,300 --> 00:06:11,900 me ahead of time, right? We can't have 20 of them, just 114 00:06:11,900 --> 00:06:14,600 to break it up into. So it's going to be more or less 115 00:06:14,600 --> 00:06:17,700 of a first come first, serve kind of thing you that or send 116 00:06:17,700 --> 00:06:19,100 them in. We'll just try to figure out the 117 00:06:19,100 --> 00:06:23,400 best ones that are podcast friendly or we can, you know, if 118 00:06:23,400 --> 00:06:25,900 there is one Is that maybe aren't safe for work? 119 00:06:26,300 --> 00:06:27,800 Hey, we can maybe talk around it. 120 00:06:27,800 --> 00:06:29,400 I love hearing the stories because I think it's 121 00:06:29,400 --> 00:06:32,200 interesting. So for my perspective, send them 122 00:06:32,200 --> 00:06:34,900 all in and we'll we'll try to pick the best ones. 123 00:06:34,900 --> 00:06:36,800 Maybe I'm thinking of one in my own personal life. 124 00:06:36,800 --> 00:06:41,000 I shared a too long ago, but it could be interesting for sure. 125 00:06:41,500 --> 00:06:44,700 Yeah, definitely. And then, you know, also just 126 00:06:44,700 --> 00:06:47,000 speaking of authenticate coming up. 127 00:06:47,700 --> 00:06:51,400 That's a, you know, the The conference that you went to last 128 00:06:51,400 --> 00:06:56,800 year, we'll have the executive director of The phyto Alliance 129 00:06:56,800 --> 00:07:00,200 and Russia are, hopefully, come on and do a preview. 130 00:07:00,400 --> 00:07:03,500 He's always a good sport about coming on the show so I think 131 00:07:03,500 --> 00:07:06,500 it's more a matter of just finding a mutually available 132 00:07:06,500 --> 00:07:09,600 time isn't agreed to come on yet but I'm just getting it out to 133 00:07:09,600 --> 00:07:11,200 hit each other. Yeah. 134 00:07:11,200 --> 00:07:13,200 Right. If he did come on I'd be 135 00:07:13,200 --> 00:07:15,400 surprised. Is it good? 136 00:07:15,400 --> 00:07:16,700 Good sport? Yeah. 137 00:07:16,800 --> 00:07:19,000 Anders cool. What else we got? 138 00:07:19,000 --> 00:07:20,000 Octane? Going up. 139 00:07:20,000 --> 00:07:22,700 I think we're planning on doing something out there so octane is 140 00:07:22,700 --> 00:07:26,000 acht has customer conference partner and customer conference 141 00:07:26,300 --> 00:07:29,900 in San Francisco in November. So I think we're tossing around 142 00:07:29,900 --> 00:07:32,500 ideas of how maybe we do something around that. 143 00:07:32,900 --> 00:07:35,600 So yeah, we're kind of like been hitting like, the conference 144 00:07:35,600 --> 00:07:38,700 circuit here pretty, pretty hard over the last couple of months. 145 00:07:39,100 --> 00:07:40,500 Yeah. What I love about the cover, 146 00:07:40,500 --> 00:07:42,400 like, just take the photo coppers. 147 00:07:42,400 --> 00:07:46,200 For example, if you onto the photo Alliance of the 148 00:07:46,200 --> 00:07:51,300 authenticate conduct calm, and look at the Agenda and you just 149 00:07:51,300 --> 00:07:56,500 look at the sessions as like, so many good topics and so many 150 00:07:56,500 --> 00:07:58,600 good speakers. So what does that mean? 151 00:07:58,600 --> 00:08:01,700 For the podcast means we can have all these people in one 152 00:08:01,700 --> 00:08:03,900 place. Is a, hey, can you carve an hour 153 00:08:03,900 --> 00:08:05,800 out of your schedule or you're already going to be there in 154 00:08:05,800 --> 00:08:11,500 Seattle and just join us in the in the podcasting sweet and, you 155 00:08:11,500 --> 00:08:13,700 know, lay down the track? Well, I don't know if we'll have 156 00:08:13,700 --> 00:08:18,600 a sweet but some area, hopefully the table and chairs that makes 157 00:08:18,600 --> 00:08:20,600 it. This will be convenient. 158 00:08:20,600 --> 00:08:24,000 So yeah, like a broom closet. Yeah, I mean that, you know, 159 00:08:24,000 --> 00:08:26,000 that's funny you say that but a lot of people when they first 160 00:08:26,000 --> 00:08:29,000 start podcast, they start in their closet because it has all 161 00:08:29,000 --> 00:08:31,400 of their clothes in it. And the clothes do a really good 162 00:08:31,400 --> 00:08:33,900 job of like minimizing Echoes and things like that. 163 00:08:33,900 --> 00:08:35,900 So yeah, there's a pro tip for you. 164 00:08:35,900 --> 00:08:38,900 If you're looking to start a podcast, you know maybe take a 165 00:08:38,908 --> 00:08:41,100 look at your closet and that might help. 166 00:08:41,400 --> 00:08:43,600 Yeah. Because, you know, that'll be 167 00:08:43,600 --> 00:08:46,500 the cheapest moment in your podcasting history. 168 00:08:46,500 --> 00:08:51,100 At some point, you'll by mixers and And some microphones and 169 00:08:51,100 --> 00:08:54,800 sound treatments for your walls. All kinds of Av services for 170 00:08:54,800 --> 00:09:00,500 editing and noise, clean up, and nothing beats having good clean 171 00:09:00,500 --> 00:09:03,700 audio to begin with, like that's where you should make the 172 00:09:03,700 --> 00:09:05,200 investment. So, if you're doing a podcast, 173 00:09:05,200 --> 00:09:06,700 that's where that's where I would spend the money. 174 00:09:07,300 --> 00:09:11,200 Yeah, I mean, people don't want to look, we started early on, we 175 00:09:11,200 --> 00:09:16,500 did not use this cool software. We use zoom and, you know, 176 00:09:16,500 --> 00:09:18,700 people had poor internet connections. 177 00:09:19,500 --> 00:09:24,500 It sounded horrible or if they had, you know, as you know, just 178 00:09:24,500 --> 00:09:27,800 like behind the curtain. The reason is like, with zoom, 179 00:09:27,800 --> 00:09:29,700 it's recording it at this happening. 180 00:09:30,000 --> 00:09:33,300 Whereas, with the software that we use, now is called Riverside, 181 00:09:33,300 --> 00:09:37,200 it does the local recording, and then you mergers look recordings 182 00:09:37,200 --> 00:09:41,300 together. But if your internet is spotty, 183 00:09:41,900 --> 00:09:45,100 you're going to get the local recording and it'll sound good. 184 00:09:45,400 --> 00:09:47,800 Yeah, it's we've definitely upped our game for sure. 185 00:09:47,800 --> 00:09:52,300 I'm satisfied with Mr. Rat for what about Auntie website? 186 00:09:52,500 --> 00:09:53,900 Yeah. I mean some updates and so we're 187 00:09:53,900 --> 00:09:55,700 going to get to listener questions here in a minute. 188 00:09:55,700 --> 00:09:58,700 But yeah, I made some updates to the website, put out a brand 189 00:09:58,700 --> 00:10:03,300 new, listen page, that has all of our episodes that used to be, 190 00:10:03,300 --> 00:10:06,200 just our most recent one. But now, all of our episodes are 191 00:10:06,200 --> 00:10:08,000 listed there in chronological order. 192 00:10:08,000 --> 00:10:11,300 Most recent first, as all of our show notes on each individual 193 00:10:11,300 --> 00:10:13,700 page. So when we say like, check out 194 00:10:13,700 --> 00:10:16,000 the show notes or they'll be a link in the show notes, now, 195 00:10:16,000 --> 00:10:17,700 there's actually a place to go instead of trying to do it on 196 00:10:17,700 --> 00:10:21,300 your phone to your podcast app or you know, ever might be a 197 00:10:21,300 --> 00:10:23,800 little more convenient if you want to link directly to a show. 198 00:10:23,800 --> 00:10:27,200 There's now a permanent web link for each episode and most 199 00:10:27,200 --> 00:10:33,000 importantly we have joined 1999 and added a search to the to the 200 00:10:33,000 --> 00:10:36,500 podcast list and page. So you can now actually type in, 201 00:10:36,500 --> 00:10:39,300 you know, a couple key words and I'll pull back episodes that 202 00:10:39,500 --> 00:10:42,200 where it's either in the title or in the show notes, so kind of 203 00:10:42,208 --> 00:10:45,100 a simple approach, but it works. I was really impressed for the 204 00:10:45,100 --> 00:10:48,100 search feature and it's because even though it's like, we joined 205 00:10:48,100 --> 00:10:52,100 1999, How many apps do you use? Including I am. 206 00:10:53,200 --> 00:10:56,000 Platforms, where the search feature stinks? 207 00:10:56,800 --> 00:11:00,300 Like, you have to get us failed. Just write something guns, like 208 00:11:00,600 --> 00:11:01,800 this works. Really good. 209 00:11:01,900 --> 00:11:04,300 Yeah, I'm looking at you Microsoft Dynamics. 210 00:11:05,100 --> 00:11:08,000 Yes, exactly. The one that that I was thinking 211 00:11:08,000 --> 00:11:09,300 of. Yeah, exactly. 212 00:11:09,500 --> 00:11:12,300 So yeah, check it out. Idac podcast.com. 213 00:11:12,500 --> 00:11:14,800 There is a listen Banner right on the front page or link on the 214 00:11:14,800 --> 00:11:19,700 top and yeah, it's I'm proud of the work that wasn't into it so 215 00:11:19,700 --> 00:11:22,500 hopefully people enjoy it. All right, should we get to 216 00:11:22,500 --> 00:11:25,800 actually, Talking some identity. We spent 10 minutes like talking 217 00:11:25,800 --> 00:11:29,600 about everything except it. Yeah well we needed that mental 218 00:11:29,600 --> 00:11:31,200 break. Yes. 219 00:11:31,200 --> 00:11:32,700 Let's do it. Let's go for it. 220 00:11:33,000 --> 00:11:34,600 All right. So how did this come about? 221 00:11:34,600 --> 00:11:38,000 Basically this is a LinkedIn post that you put out there to 222 00:11:38,000 --> 00:11:42,300 ask questions from folks around you know what is what I'd any 223 00:11:42,300 --> 00:11:44,700 questions they have was kind of loosey-goosey. 224 00:11:44,700 --> 00:11:46,500 We got a bunch of different things, from a few different 225 00:11:46,500 --> 00:11:50,000 folks will go through these kind of one by one. 226 00:11:50,300 --> 00:11:52,800 We pick sort of the best ones that we or ones. 227 00:11:53,000 --> 00:11:55,200 We think we can answer the best at least, or at least have an 228 00:11:55,200 --> 00:11:57,000 opinion on and just kind of go back and forth. 229 00:11:57,400 --> 00:11:59,500 I'll go ahead and give a give you the first one here. 230 00:11:59,500 --> 00:12:03,700 This is from Eric Woodruff and he writes since it's a long 231 00:12:03,700 --> 00:12:06,900 weekend and one could bet the threat, actors will hope all the 232 00:12:06,900 --> 00:12:09,600 admins are out on a boat somewhere drinking, perhaps 233 00:12:09,600 --> 00:12:11,400 credential theft and fishing resistant. 234 00:12:11,400 --> 00:12:15,800 MFA may be diving into how traditional MFA like OTP 235 00:12:15,800 --> 00:12:18,100 one-time. Password is no match for things 236 00:12:18,100 --> 00:12:22,900 like evil Jinx to or modish car, which are basically open. 237 00:12:23,300 --> 00:12:26,700 Apps that people can use to run like a reverse proxy or a 238 00:12:26,700 --> 00:12:28,700 man-in-the-middle sort of attack that would intercept those 239 00:12:28,700 --> 00:12:30,800 codes. So, I think the question here 240 00:12:30,800 --> 00:12:34,100 really is, you know, what do we think about fishing resistant 241 00:12:34,100 --> 00:12:37,500 MFA and things like that, that might help people enjoy their 242 00:12:37,500 --> 00:12:40,300 time on a boat drinking. Yeah, for sure. 243 00:12:40,300 --> 00:12:44,300 And I think it's, you know, the consultant in me wants to take a 244 00:12:44,300 --> 00:12:47,700 people process and Technology approach of this, because I 245 00:12:47,700 --> 00:12:51,800 think that the first part of his question was geared towards it's 246 00:12:51,800 --> 00:12:54,000 a holiday weekend. And the hackers. 247 00:12:54,000 --> 00:13:00,200 Like we think the hackers like to try to exploit the fact that 248 00:13:00,400 --> 00:13:02,900 admins are not going to be around, I mean, that's always 249 00:13:02,900 --> 00:13:06,900 been something we've said, I don't know if the data actually 250 00:13:06,900 --> 00:13:11,800 supports that that more hacks happened before a three-day 251 00:13:11,800 --> 00:13:14,600 weekend or something, but let's assume that that's correct. 252 00:13:14,600 --> 00:13:20,600 I think it is that, you know, the first thing is you have ever 253 00:13:20,600 --> 00:13:25,200 if everybody goes out on a boat and Shrinking and nobody's going 254 00:13:25,200 --> 00:13:28,500 to be able to take the call and jump on it and that's a problem, 255 00:13:28,500 --> 00:13:31,400 right? So that people standpoint has to 256 00:13:31,400 --> 00:13:36,500 be that somebody's ready to jump in, if you know, the world goes 257 00:13:36,500 --> 00:13:40,300 to hell in a handbasket, you know? 258 00:13:40,300 --> 00:13:43,700 Then I think that the process, I'd really what we're getting at 259 00:13:43,700 --> 00:13:49,700 here with the fishing campaigns is people keep falling for 260 00:13:49,700 --> 00:13:53,500 fishing campaigns. They're clicking links in emails 261 00:13:53,500 --> 00:13:56,800 to go to what it looks like Instagram or there. 262 00:13:57,000 --> 00:13:59,800 You know. And look, I understand some of 263 00:13:59,800 --> 00:14:02,600 these things are getting really sophisticated. 264 00:14:02,600 --> 00:14:06,500 You know, they send you an email looks legit, you click the link 265 00:14:06,800 --> 00:14:12,100 and the login page looks legit. However, if you were smart 266 00:14:12,100 --> 00:14:15,200 enough or I should leave smart enough, let's say educated 267 00:14:15,200 --> 00:14:18,900 enough for you. Have this built-in And you go 268 00:14:18,900 --> 00:14:23,700 and look at the URL bar, you can see you're not on the real 269 00:14:23,700 --> 00:14:27,400 instagram.com or whatever the pages that they're trying to 270 00:14:27,400 --> 00:14:30,300 fool you when you look at this. But even that's assuming that 271 00:14:30,300 --> 00:14:32,300 you've got your browser configure to actually show the 272 00:14:32,300 --> 00:14:36,300 full URL I guess I'm gonna bug me about Safari is by default it 273 00:14:36,300 --> 00:14:39,400 hides, the full You full URL. It just shows the first part of 274 00:14:39,400 --> 00:14:41,100 it or maybe just the base of the domain. 275 00:14:41,800 --> 00:14:43,300 You know. I think these are things that 276 00:14:43,700 --> 00:14:46,900 yes, you know, we hope that we wouldn't fall for fishing but 277 00:14:47,000 --> 00:14:49,800 there is a reason it is So popular because it works. 278 00:14:50,600 --> 00:14:54,600 Yeah, I kind of feel like I have to built this little fish. 279 00:14:54,600 --> 00:14:58,100 I'm in this industry and everything, but I've also worked 280 00:14:58,100 --> 00:15:01,000 for a few companies now that I've really had, you know, 281 00:15:01,200 --> 00:15:05,100 awareness campaigns and I feel like I'm more aware because of 282 00:15:05,100 --> 00:15:08,400 this awareness campaigns, I'm more suspicious when I see 283 00:15:08,400 --> 00:15:11,100 something less likely to click on the link. 284 00:15:11,100 --> 00:15:17,500 So that's kind of the process. I'd and I think what what Eric 285 00:15:17,500 --> 00:15:22,200 is also Up in terms of technology is there's some 286 00:15:24,300 --> 00:15:28,800 there's some multi-factor authentication methods that are 287 00:15:28,800 --> 00:15:32,200 stronger than others. Obviously leveraging a one-time 288 00:15:32,200 --> 00:15:37,500 password through SMS or email that's like the that's the low 289 00:15:37,500 --> 00:15:43,500 end of the spectrum versus doing some kind of certificate based 290 00:15:43,500 --> 00:15:47,600 or you know, biometric or something. 291 00:15:47,600 --> 00:15:51,400 That That can't be captured with a man in the middle attack. 292 00:15:52,500 --> 00:15:56,300 We don't have the monkey like how one-time passwords are. 293 00:15:56,400 --> 00:15:59,500 Look any MFA is still better than no one will say, right. 294 00:16:00,300 --> 00:16:04,800 But things like SMS for example has been specifically called out 295 00:16:04,800 --> 00:16:08,000 as like the Bottom Rung of the MFA tree. 296 00:16:08,000 --> 00:16:12,200 It is probably the most easily intercepted breached you know 297 00:16:12,400 --> 00:16:14,400 cracked whatever you know whatever term you want to use. 298 00:16:14,400 --> 00:16:16,900 The basically say yeah, the MFA went to the wrong person or was 299 00:16:16,900 --> 00:16:21,900 intercepted. When do you think SMS as a 300 00:16:21,900 --> 00:16:25,400 one-time one-time password approach, or MFA approach 301 00:16:26,000 --> 00:16:30,200 becomes no longer prevalent, because I feel like it's still 302 00:16:30,200 --> 00:16:32,500 the number one method like every single app seems like, yeah, 303 00:16:32,500 --> 00:16:35,000 that's like it defaults to is, like, the minimum viable 304 00:16:35,000 --> 00:16:37,600 product. When people are rolling out MFA, 305 00:16:38,200 --> 00:16:40,600 when do you think it will be that? 306 00:16:40,600 --> 00:16:43,500 That is no longer the case. Are we talking two years? 307 00:16:43,500 --> 00:16:49,200 Five years, ten years, never, oh, no, Kind of feels like that 308 00:16:49,200 --> 00:16:52,700 never because I don't think it's in the foreseeable future but I 309 00:16:52,700 --> 00:16:56,600 think what could get it there as kind of the that 52 approach 310 00:16:57,500 --> 00:17:04,400 where if the device makers make it so easy to use the biometric? 311 00:17:04,400 --> 00:17:07,700 I mean it's kind of gotten there, but I I think so. 312 00:17:07,700 --> 00:17:12,700 Look in terms of MFA to me, there's different levels, 313 00:17:12,700 --> 00:17:15,599 there's the low rung, like we talked about the one-time 314 00:17:15,599 --> 00:17:21,400 password all the way up to something like You became, but 315 00:17:21,400 --> 00:17:25,599 you can't expect people to use a UV key to go shopping on Amazon 316 00:17:26,000 --> 00:17:28,200 or, you know, something like that. 317 00:17:28,200 --> 00:17:31,200 So, you know, per carry one around and plug it into their 318 00:17:31,200 --> 00:17:33,100 phone. Like that's not normal. 319 00:17:33,100 --> 00:17:35,900 People don't do that, right, but could you? 320 00:17:35,900 --> 00:17:38,400 Yeah, exactly. But could you do that for 321 00:17:39,300 --> 00:17:45,100 high-stake transactions, connecting to a VPN or doing 322 00:17:45,100 --> 00:17:48,000 some kind of online banking for it. 323 00:17:48,100 --> 00:17:51,200 In certain scenarios, I think it is reasonable, but I think 324 00:17:51,200 --> 00:17:54,300 there's always going to be those lower risks use cases. 325 00:17:54,300 --> 00:17:58,800 And I mean, heck, we know, there are still sites out there that 326 00:17:58,800 --> 00:18:01,500 aren't even at that level of using it as mess. 327 00:18:01,500 --> 00:18:07,100 So I think it's really the level of assurance that's required. 328 00:18:07,300 --> 00:18:09,900 And there's always gonna be there's low level Assurance use 329 00:18:09,900 --> 00:18:16,800 cases, where SMS will be good enough I guess as that's kind of 330 00:18:16,800 --> 00:18:19,900 a pessimistic View. I think that's the the 331 00:18:19,900 --> 00:18:23,700 technology side is that you got to go up the ladder in terms of 332 00:18:23,700 --> 00:18:27,100 level of assurance, if they use cases higher and I think they 333 00:18:27,100 --> 00:18:28,600 need to think about a critically. 334 00:18:28,600 --> 00:18:33,300 Like if getting into the VPN is low level Assurance then 335 00:18:33,300 --> 00:18:36,000 somebody could escalate to a higher level account. 336 00:18:36,000 --> 00:18:40,500 So if only requiring like a higher level account for our 337 00:18:40,500 --> 00:18:44,700 higher level of assurance for an admin account, what if somebody 338 00:18:44,700 --> 00:18:48,900 gets into the vpm as a low-level account and then Then somehow is 339 00:18:48,900 --> 00:18:52,800 able to elevate their privileges or Elevate to another account. 340 00:18:53,700 --> 00:18:54,900 Yeah. I mean, you were talking. 341 00:18:55,300 --> 00:18:56,700 You know what? Take a risk-based approach. 342 00:18:56,700 --> 00:18:59,200 I think to it again. MFA still better than nothing. 343 00:18:59,300 --> 00:19:03,100 Yes, traditional MFA. Which is really the question, 344 00:19:03,100 --> 00:19:06,200 right? Is that as good as stronger, 345 00:19:06,200 --> 00:19:10,000 what versions know. Is it more fishing resistant? 346 00:19:10,000 --> 00:19:12,400 MFA, yes, but I don't know if we're there yet. 347 00:19:12,400 --> 00:19:14,300 So like, you talk about my certificates and really, I think 348 00:19:14,300 --> 00:19:17,900 now, we're starting again to like pass keys on devices, which 349 00:19:17,900 --> 00:19:19,800 is sort of a new kind of Fido standard. 350 00:19:19,800 --> 00:19:22,100 I don't remember the exact technical term Vittorio. 351 00:19:22,100 --> 00:19:24,500 Helped us out. Yeah, Last week when recording, 352 00:19:24,500 --> 00:19:26,400 but there are certainly a lot, it's a mouthful. 353 00:19:26,400 --> 00:19:31,000 So I prefer passkeys as a name, it's still better than nothing 354 00:19:31,000 --> 00:19:34,200 it. But the end the day, you know, 355 00:19:34,200 --> 00:19:35,700 how do these man-in-the-middle attacks work? 356 00:19:36,000 --> 00:19:39,100 Is they trick you into going to a nefarious website. 357 00:19:39,400 --> 00:19:41,400 So security awareness training for sure. 358 00:19:41,500 --> 00:19:45,000 Right, making where that doing random fishing camp, simulated 359 00:19:45,000 --> 00:19:46,000 fishing campaigns. Right? 360 00:19:46,000 --> 00:19:49,000 Kind of checking up on your, on your employees and things like 361 00:19:49,000 --> 00:19:50,500 that dry. If you are a customer 362 00:19:50,500 --> 00:19:54,200 environment, making them aware of where they Can and can't get 363 00:19:54,200 --> 00:19:57,200 help from what they should be looking for, you know, giving 364 00:19:57,200 --> 00:20:00,600 tips on looking at the, you know, the full URL watching for 365 00:20:00,900 --> 00:20:03,300 misspelled or, you know, domain squatters right. 366 00:20:03,300 --> 00:20:06,100 Things like that. I think is always a concern, but 367 00:20:07,800 --> 00:20:09,100 that, I think, I think it's my two cents about. 368 00:20:09,100 --> 00:20:10,900 I think we, I think we've beaten that one up. 369 00:20:10,900 --> 00:20:14,100 Pretty good. Okay, so let's move on to the 370 00:20:14,100 --> 00:20:16,500 next question. I was submitted by Ian saying, 371 00:20:17,400 --> 00:20:21,800 and it goes like this. Why does modernization always 372 00:20:21,800 --> 00:20:26,200 seem to stop at today's Standards preparing for what's 373 00:20:26,200 --> 00:20:29,300 next. Seems to be punted to the next 374 00:20:29,300 --> 00:20:32,200 round of quote-unquote modernization. 375 00:20:33,500 --> 00:20:36,500 I think it's because we are still playing catch-up for the 376 00:20:36,500 --> 00:20:38,100 most part. Like, if you're doing 377 00:20:38,100 --> 00:20:42,900 modernization, I think that is a thinly veiled, excuse to bring 378 00:20:42,900 --> 00:20:46,600 your whatever you're trying to modernize technology process. 379 00:20:46,600 --> 00:20:49,200 Whatever might be into something that you probably should have 380 00:20:49,200 --> 00:20:53,800 done like five years ago, maybe even 10 years ago, say feel like 381 00:20:53,800 --> 00:20:57,800 organizations are for the most part, not on The Cutting Edge of 382 00:20:57,800 --> 00:21:00,700 the technology. They are doing, just enough to 383 00:21:00,700 --> 00:21:04,300 get by to either make the business run at the most cost 384 00:21:04,300 --> 00:21:06,800 efficient way possible because bleeding edge is usually 385 00:21:06,800 --> 00:21:11,200 expensive usually introduces more risk you know it would be 386 00:21:11,200 --> 00:21:16,600 nice to be you know more modern I think as a as an organization 387 00:21:16,600 --> 00:21:18,800 when it comes to the technology and services you're putting out 388 00:21:18,800 --> 00:21:21,500 there but I think of things like password list that we're seeing 389 00:21:21,500 --> 00:21:25,900 such rapid iteration. Roo not only the use cases of 390 00:21:25,900 --> 00:21:28,400 how it actually works and keep things secure, but also the 391 00:21:28,400 --> 00:21:32,300 methods of delivery, you know, things like that, where you 392 00:21:32,300 --> 00:21:33,400 could call it modern. Yeah. 393 00:21:33,400 --> 00:21:35,600 We were modern two years ago when we first started. 394 00:21:35,600 --> 00:21:38,700 Look at password list. And now, what are we looking at 395 00:21:38,700 --> 00:21:39,900 now? We're get past keys. 396 00:21:40,100 --> 00:21:44,000 So, okay, so what's your definition of modern because it 397 00:21:44,000 --> 00:21:48,700 keeps changing and how often do you continually upgrade the 398 00:21:48,800 --> 00:21:51,100 technology that you've got to stay modern. 399 00:21:51,100 --> 00:21:55,200 It's too expensive to do that. So I feel like you know, the 400 00:21:55,200 --> 00:21:56,500 reason it doesn't happen is money. 401 00:21:57,300 --> 00:22:00,800 Most organizations don't have budgets to install. 402 00:22:00,800 --> 00:22:06,400 A brand new ID P, MF a conditional adaptive password 403 00:22:06,400 --> 00:22:09,400 lists identity governance privileged access management, 404 00:22:09,400 --> 00:22:12,400 Cloud infrastructure and title that management, like all this 405 00:22:12,400 --> 00:22:14,200 stuff. They can't do this every year so 406 00:22:14,200 --> 00:22:16,100 you go in Cycles. It's basically okay, you're 407 00:22:16,100 --> 00:22:18,000 buying a product. Let's hope to get five years out 408 00:22:18,000 --> 00:22:21,300 of it before we even think about trying to do a replacement or to 409 00:22:21,300 --> 00:22:23,200 do a major upgrade or something like that. 410 00:22:23,400 --> 00:22:26,300 Unless there is a very clear, reason I clear and present 411 00:22:26,300 --> 00:22:31,500 danger or some sort of unmitigated evil risk or audit 412 00:22:31,500 --> 00:22:35,200 finding where it forces you to do it it comes down to money. 413 00:22:35,400 --> 00:22:39,500 What do you think? Yeah, I think I think 414 00:22:39,500 --> 00:22:44,100 improvements and standards the way I took those was, you know, 415 00:22:44,700 --> 00:22:49,200 I think it's very reliant on upgrades to Hardware. 416 00:22:50,500 --> 00:22:54,800 So for talking about like, you know, Omer Technologies like 417 00:22:54,800 --> 00:22:58,200 iPhones and things like that. Think about how fast they move 418 00:22:58,200 --> 00:23:01,400 from version to version, but then there are still people who 419 00:23:01,400 --> 00:23:05,100 are on older iPhones back. There are some people, like I 420 00:23:05,600 --> 00:23:07,800 had a painter, come and paint my house. 421 00:23:08,200 --> 00:23:13,300 I asked him if we could use like cash app or then know, I was 422 00:23:13,300 --> 00:23:16,800 pretty much open to whatever your I don't have any of that. 423 00:23:16,800 --> 00:23:19,600 And he had a flip phone and he's taking pictures of the place of 424 00:23:19,608 --> 00:23:21,400 the flip phone. I'm thinking, oh my goodness, 425 00:23:21,600 --> 00:23:24,700 this guy. So out of date, the Is like, you 426 00:23:24,700 --> 00:23:28,900 know the bank that I go to wants to do business with him just as 427 00:23:28,900 --> 00:23:32,100 much as they want to do business with me even those Technologies 428 00:23:32,100 --> 00:23:35,200 out of date. So they, you know, the standards 429 00:23:35,200 --> 00:23:40,000 have to take into account all the folks who have the old 430 00:23:40,000 --> 00:23:45,300 technology and then I think the I think the other thing is that, 431 00:23:45,700 --> 00:23:49,400 you know, the responsibility to be secure. 432 00:23:50,100 --> 00:23:53,000 Generally does not fall on the end-user. 433 00:23:53,300 --> 00:23:55,600 Al's on the company, providing the service. 434 00:23:55,600 --> 00:23:59,400 So you know if you say whose responsibility is it to keep my 435 00:23:59,400 --> 00:24:04,000 account at Wells Fargo secure is it my responsibility or Wells 436 00:24:04,000 --> 00:24:05,800 Fargo? Most people say it's Wells, 437 00:24:05,800 --> 00:24:09,000 Fargo's responsibility, my password needs to be as long as 438 00:24:09,000 --> 00:24:12,700 what they say, it needs to be. And my multi-factor has got to 439 00:24:12,700 --> 00:24:16,700 be whatever they say, it needs to be and I'm going to, I have 440 00:24:16,700 --> 00:24:20,900 to follow those rules if I went access but they try to keep my 441 00:24:21,100 --> 00:24:23,200 data secure, it's not my responsibility. 442 00:24:23,700 --> 00:24:26,100 Now you and I may see it differently because we're in 443 00:24:26,100 --> 00:24:28,900 this industry. I think, you know, the 444 00:24:29,200 --> 00:24:32,200 quote-unquote man on the street and it feels like the 445 00:24:32,200 --> 00:24:37,400 responsibility lies on the company, that's providing it 446 00:24:37,400 --> 00:24:39,000 now. So they've got the 447 00:24:39,000 --> 00:24:42,400 responsibility for security and they don't want to alienate 448 00:24:42,400 --> 00:24:44,500 customers that don't have the technology. 449 00:24:44,500 --> 00:24:47,600 So if Wells Fargo, all of a sudden said, the only people who 450 00:24:47,600 --> 00:24:50,600 can access their account are people who have, you know, this 451 00:24:50,600 --> 00:24:52,800 biometric support from this version. 452 00:24:53,300 --> 00:24:56,300 So basically if you have an iPhone 7, you can't be a 453 00:24:56,300 --> 00:24:58,700 customer here anymore. You need to withdraw your 454 00:24:58,900 --> 00:25:01,200 millions of dollars from our bank because we don't want you 455 00:25:01,200 --> 00:25:03,000 here. That's not going to happen. 456 00:25:03,300 --> 00:25:04,700 So that's good. That's that's that. 457 00:25:04,700 --> 00:25:06,900 That is not going to fly. That's not going to happen. 458 00:25:06,900 --> 00:25:09,400 So that's my feeling is, like, that's the holding back 459 00:25:09,400 --> 00:25:14,400 modernization is old Hardware. Old Hardware. 460 00:25:15,100 --> 00:25:16,900 I can see that. I mean, I still think money is 461 00:25:16,900 --> 00:25:20,400 the answer. Well, yeah, I mean it always 462 00:25:20,400 --> 00:25:22,700 ties back to mommy's home. All right. 463 00:25:22,700 --> 00:25:24,800 Sure, do the next one. Yeah, let's do the next one. 464 00:25:25,700 --> 00:25:28,300 Okay, so this is from our guy. Chris power, who we actually 465 00:25:28,300 --> 00:25:29,700 we're able to meet out at Gartner. 466 00:25:30,600 --> 00:25:34,000 Chris is a big Sox fan meeting like actually on your feet 467 00:25:34,000 --> 00:25:37,100 socks. So kudos to him for that and 468 00:25:37,100 --> 00:25:40,000 collecting socks off by Gartner. He actually came up with a 469 00:25:40,000 --> 00:25:41,500 bunch. So I'm going to try to 470 00:25:41,500 --> 00:25:44,500 paraphrase some of these can Jumping on the socks thing 471 00:25:44,500 --> 00:25:45,900 before you go any further, I got. 472 00:25:45,900 --> 00:25:48,900 So I kind of felt like after that conversation with him was 473 00:25:48,900 --> 00:25:52,400 like this is the first time that I've ever heard somebody going 474 00:25:52,400 --> 00:25:54,700 to the vendor Hall. I kind of like scoping the place 475 00:25:54,700 --> 00:25:57,000 out to find something wear socks. 476 00:25:57,200 --> 00:26:01,500 So if you're listening and you do a booth at a conference, you 477 00:26:01,500 --> 00:26:03,300 know Sox, might be a good giveaway. 478 00:26:04,400 --> 00:26:07,800 Yeah, I think it's interesting because I know he is, it sounds 479 00:26:07,800 --> 00:26:10,700 like he's into it. I think Ian Glaser from 480 00:26:10,700 --> 00:26:14,300 Salesforce has also into it and then Someone else I read his. 481 00:26:14,300 --> 00:26:16,900 I was all unlike my LinkedIn or Twitter feeds and stuff like 482 00:26:16,900 --> 00:26:18,800 that. Where I saw people comparing 483 00:26:19,300 --> 00:26:22,300 security-related socks. So there is definitely a market 484 00:26:22,300 --> 00:26:25,000 out there for socks now. Didn't we? 485 00:26:25,000 --> 00:26:28,100 Look at like the possibility of socks that they're, you know, 486 00:26:28,100 --> 00:26:31,900 getting custom Sox's not a trivial matter right there, 487 00:26:31,900 --> 00:26:34,100 expensive. Any type of merchandise is 488 00:26:34,100 --> 00:26:36,600 expensive weave. We are looking at it. 489 00:26:36,600 --> 00:26:40,700 I think trying to figure out how that would work, but at least of 490 00:26:40,700 --> 00:26:42,500 decent quality. Can you get some paper thin 491 00:26:42,500 --> 00:26:47,800 socks from Some low quality type thing probably, but it's going 492 00:26:47,800 --> 00:26:48,900 to do it. Do it right man. 493 00:26:48,900 --> 00:26:50,500 Spend the money. That's right. 494 00:26:50,600 --> 00:26:54,300 Anyway, so shout-out to Chris. So his question is really 495 00:26:54,300 --> 00:26:58,700 looking at the best ways to manage layered access. 496 00:26:59,300 --> 00:27:02,500 So, by layered access, what he means and he gives an example is 497 00:27:02,700 --> 00:27:06,100 application. A is managed by the I am team to 498 00:27:06,100 --> 00:27:08,100 get into it. Initially let's say something 499 00:27:08,100 --> 00:27:08,900 your single sign. Alright. 500 00:27:08,900 --> 00:27:12,000 So basically like the authentication is controlled by 501 00:27:12,000 --> 00:27:14,700 one team. But once you're inside the 502 00:27:14,700 --> 00:27:17,800 application, the application and once you're inside that 503 00:27:17,800 --> 00:27:21,000 application, there are other entitlements or access controls, 504 00:27:21,300 --> 00:27:23,600 maybe your administrator or powers or something like that, 505 00:27:23,600 --> 00:27:27,200 where you can gain additional access within that application. 506 00:27:28,000 --> 00:27:31,200 So, you know, the perspective he's taking here is we've taken 507 00:27:31,200 --> 00:27:34,000 the position that business owners and vendors who have this 508 00:27:34,000 --> 00:27:36,300 ability to take on the responsibility. 509 00:27:38,200 --> 00:27:41,600 Meaning the ability to escalate within a specific application, 510 00:27:42,000 --> 00:27:44,700 take on the responsibility. And the audit findings that come 511 00:27:44,700 --> 00:27:48,200 from adding access, when they surpass or go around the I am 512 00:27:48,200 --> 00:27:52,300 team, this release is me and this case Chris from the 513 00:27:52,300 --> 00:27:55,100 response from that responsibility on paper, but not 514 00:27:55,100 --> 00:27:59,300 from the threat and the risk that these business and vendors 515 00:27:59,300 --> 00:28:03,000 these businesses and vendors making changes on their own, if 516 00:28:03,000 --> 00:28:06,500 something would happen to occur the call to resolve, it would 517 00:28:06,500 --> 00:28:09,400 start with the IM team, of course rights like, hey, why 518 00:28:09,400 --> 00:28:11,700 does someone have incorrect access to your application? 519 00:28:11,700 --> 00:28:13,200 Well, let's start with the top of the chain. 520 00:28:13,300 --> 00:28:16,000 Jane and then you start doing this, you know, root cause 521 00:28:16,000 --> 00:28:19,200 analysis and said, oh well we only control one part of the 522 00:28:19,200 --> 00:28:21,300 authentication. Someone else is controlling it. 523 00:28:21,900 --> 00:28:25,600 What are your thoughts on the management of that layering of 524 00:28:25,600 --> 00:28:30,900 access? So my thoughts on managing I am 525 00:28:31,000 --> 00:28:35,100 managing access period. Is that the business makes the 526 00:28:35,100 --> 00:28:41,400 decision on who gets access to what and I am team provides the 527 00:28:41,400 --> 00:28:44,500 tools to do that in a Controlled fashion. 528 00:28:44,700 --> 00:28:49,100 So even the example he gave is saying, okay well I am team 529 00:28:49,100 --> 00:28:53,600 manages the single sign-on so ultimately you know to get 530 00:28:53,600 --> 00:28:55,800 single sign-on to an app. They don't give everybody a 531 00:28:55,800 --> 00:28:57,900 single sign-on to every app, right? 532 00:28:57,900 --> 00:29:00,300 Ellie Give the apps that you need. 533 00:29:00,400 --> 00:29:03,000 Well, who's going to decide who would apps? 534 00:29:03,000 --> 00:29:07,400 Jeff Steadman needs access to what groups he goes into an 535 00:29:07,400 --> 00:29:11,000 active directory. That enable him to see that icon 536 00:29:11,000 --> 00:29:14,400 in his single sign-on. That's Would be the business. 537 00:29:16,000 --> 00:29:21,300 What I also think is like when you gets to entitlements, it's 538 00:29:21,300 --> 00:29:24,400 really then finer grain. Either groups in active 539 00:29:24,400 --> 00:29:29,100 directory or maybe is provision into the application with 540 00:29:29,100 --> 00:29:32,900 certain entitlements. Whether it's groups or some 541 00:29:32,900 --> 00:29:37,600 other attributes that drive access typically use a tool like 542 00:29:37,600 --> 00:29:40,500 identity governance and administration like a South 543 00:29:40,500 --> 00:29:45,000 points, avian omata, you know, along those lines, I'll Amos or 544 00:29:45,200 --> 00:29:48,400 clear sky. I that can narrow name every 545 00:29:48,400 --> 00:29:51,200 single idea by somebody else, right? 546 00:29:51,400 --> 00:29:58,500 But the idea being that it goes to the business and the business 547 00:29:58,900 --> 00:30:02,900 I person in the business decide? Yes, you get access or no, you 548 00:30:02,900 --> 00:30:07,000 don't get access and then the system ideally if it's fully, 549 00:30:07,000 --> 00:30:09,200 automated, would provision that backs us. 550 00:30:09,500 --> 00:30:13,300 It doesn't, it's going to issue a ticket, but then ultimately, 551 00:30:13,300 --> 00:30:15,600 if there's a breakdown, like, somebody gets a ticket. 552 00:30:15,700 --> 00:30:19,500 It and doesn't follow the ticket or they provide access. 553 00:30:19,500 --> 00:30:22,900 That shouldn't be given, if you have the right Tools in place 554 00:30:22,900 --> 00:30:26,900 from, I am perspective that have that automation or issue a 555 00:30:26,900 --> 00:30:29,200 ticket. And someone breaks process, you 556 00:30:29,200 --> 00:30:33,500 have to be able to identify who broke process, but it sounds to 557 00:30:33,500 --> 00:30:38,300 me, like what Chris is saying is that they've got a single 558 00:30:38,300 --> 00:30:42,000 sign-on tool, but they don't have an IGA system in place. 559 00:30:42,300 --> 00:30:45,300 While could be that but I think what happens in the real world, 560 00:30:45,300 --> 00:30:46,900 too. You might have the single 561 00:30:46,900 --> 00:30:49,900 sign-on tool but you don't actually control the permissions 562 00:30:49,900 --> 00:30:53,700 within the application itself. Like sap might be a good example 563 00:30:53,700 --> 00:30:57,000 where there's like an sap team who is responsible for 564 00:30:57,300 --> 00:31:01,200 maintaining access within sap but the front door might be 565 00:31:01,200 --> 00:31:03,500 controlled through an active directory authentication. 566 00:31:03,500 --> 00:31:06,000 For example. So I think that's the risk. 567 00:31:06,000 --> 00:31:07,400 Right? Is okay. 568 00:31:07,400 --> 00:31:08,900 Well the I am team is doing the right thing. 569 00:31:08,900 --> 00:31:12,500 They have like defined processes but somewhere along the way the 570 00:31:12,500 --> 00:31:15,200 business decided that they did not want to hand over. 571 00:31:15,700 --> 00:31:19,800 The provisioning of the actual entitlements within the specific 572 00:31:19,800 --> 00:31:23,700 application to a centralized team that does that work, or 573 00:31:23,700 --> 00:31:27,900 that centralized team doesn't have policies or standards or 574 00:31:27,900 --> 00:31:30,100 things like that, that align with sort of the organizational. 575 00:31:30,100 --> 00:31:33,400 I am policies. So I see Chris's Point here is 576 00:31:33,400 --> 00:31:36,500 like, okay, well, we can only control so far because we're 577 00:31:36,500 --> 00:31:39,200 only doing this part. We're only really doing the 578 00:31:39,200 --> 00:31:41,900 authentication part of it. The authorizations are being 579 00:31:41,900 --> 00:31:45,600 managed by someone else in their own application that we do not. 580 00:31:45,600 --> 00:31:49,600 Have connectivity to into or integration, for example. 581 00:31:49,600 --> 00:31:53,500 So I can have an IGA tool, but I might not have a connector that 582 00:31:53,500 --> 00:31:57,100 is provisioning, the actual permissions within the account, 583 00:31:57,100 --> 00:31:58,100 they happens quite a bit. Right. 584 00:31:58,100 --> 00:32:01,400 So I think you know, from a risk perspective the risk doesn't go 585 00:32:01,400 --> 00:32:04,200 away, it becomes a business decision to say. 586 00:32:04,200 --> 00:32:06,800 Okay well how do we want to manage the risk to your point? 587 00:32:06,800 --> 00:32:08,300 I think the business owns the risk. 588 00:32:08,300 --> 00:32:12,700 They have made the decision not to integrate with the Enterprise 589 00:32:12,700 --> 00:32:15,200 standard identity and access management. 590 00:32:15,700 --> 00:32:19,600 Meant system to the, to the degree, that absolves the 591 00:32:19,608 --> 00:32:22,000 business from complying with their audit requirements. 592 00:32:22,400 --> 00:32:24,800 Like, that's something about was take back to say, okay, well, 593 00:32:25,100 --> 00:32:27,400 you know, if you want an easy button, put it in active, 594 00:32:27,400 --> 00:32:29,300 directory, or Azure active directory. 595 00:32:29,500 --> 00:32:33,000 And because my IJ platform is fully managing active directory, 596 00:32:33,000 --> 00:32:35,700 or Azure active directory, I will control both the 597 00:32:35,700 --> 00:32:37,700 authentication and the authorization. 598 00:32:38,200 --> 00:32:41,400 But if you've got an application that sits outside of that, out 599 00:32:41,400 --> 00:32:44,200 of sight of that management chain, I'm not going to be 600 00:32:44,200 --> 00:32:45,600 responsible for it because I can't control. 601 00:32:45,700 --> 00:32:47,700 What? And I would never agree to say, 602 00:32:47,700 --> 00:32:49,600 I will own the audit responsibility for an 603 00:32:49,600 --> 00:32:52,500 application that I cannot control the authorizations in. 604 00:32:53,700 --> 00:32:55,400 So I think that's where the business comes in. 605 00:32:55,600 --> 00:32:57,400 And is I think it's part of the, I am program. 606 00:32:57,400 --> 00:32:59,100 I think this is, you know, an agreement that gets made 607 00:32:59,100 --> 00:33:01,400 somewhere. Maybe, you know, executive 608 00:33:01,400 --> 00:33:04,700 levels or some other management levels to, basically say, okay, 609 00:33:04,700 --> 00:33:07,200 here's what we're responsible for, but by the way, because 610 00:33:07,200 --> 00:33:11,000 you're not using the, I am easy button that we've created, you 611 00:33:11,000 --> 00:33:13,000 are going to take on these responsibilities. 612 00:33:13,000 --> 00:33:16,700 You need to show your audit Trail for Who requested access 613 00:33:16,700 --> 00:33:21,100 was, it approved keep that for, you know, X number of months 614 00:33:21,100 --> 00:33:24,500 years, whatever you know regulation you need to comply 615 00:33:24,500 --> 00:33:27,400 with things. For example, if you ever decide 616 00:33:27,400 --> 00:33:30,600 that you do want to hop on the I am trained and become fully 617 00:33:30,600 --> 00:33:32,200 managed. Great, let's talk about that. 618 00:33:32,400 --> 00:33:35,000 But until that happens, I will not accept ownership of your 619 00:33:35,000 --> 00:33:37,800 audit findings. Have a good day application 620 00:33:37,800 --> 00:33:39,900 owner team. That that's the way that I would 621 00:33:39,900 --> 00:33:42,600 look at it. No, I mean you made a lot of 622 00:33:42,600 --> 00:33:46,000 great points certain when you fart at escp example we Seen 623 00:33:46,000 --> 00:33:49,200 that over and over again. I think what It ultimately comes 624 00:33:49,200 --> 00:33:54,100 down to is if an application or platformer how we want to look 625 00:33:54,100 --> 00:33:57,300 at is going to do their own identity and access management. 626 00:33:57,400 --> 00:34:02,200 They still need to be in compliance with the information 627 00:34:02,200 --> 00:34:04,600 security policies. Essentially, they have to do 628 00:34:04,600 --> 00:34:09,800 what the I am platforms are doing with the same level of 629 00:34:09,800 --> 00:34:15,199 adherence, to controls and being tested and, But ultimately comes 630 00:34:15,199 --> 00:34:18,300 back. 24. The decision-maker standpoint to 631 00:34:18,300 --> 00:34:23,600 decision makers, should be the business and the IM system, 632 00:34:23,800 --> 00:34:28,800 whether Central or its sap GRC, they need to be able to show the 633 00:34:28,800 --> 00:34:32,600 audit Trail and who approve the access and collecting all the 634 00:34:32,600 --> 00:34:36,500 same information that's required of the IGA system. 635 00:34:38,000 --> 00:34:40,500 I think it's kind of feeds also to hit the second question. 636 00:34:40,500 --> 00:34:44,400 He sent us, which is around work audit balance, which is a pun 637 00:34:44,400 --> 00:34:48,400 off, work life balance very In a regulated Industries, it's hard 638 00:34:48,400 --> 00:34:51,500 to balance the work I have because I don't want an audit 639 00:34:51,500 --> 00:34:55,300 finding against the work. I have to assure our identities 640 00:34:55,300 --> 00:34:57,200 are safe. So, now, basically, what we're 641 00:34:57,200 --> 00:35:00,900 saying is balancing water what, you know, the stuff I have to do 642 00:35:00,900 --> 00:35:03,200 that is going to be an audit finding or maybe was not in 643 00:35:03,207 --> 00:35:06,500 funding versus the thing that I know I should be doing from a 644 00:35:06,500 --> 00:35:09,800 general identity and access management hygiene perspective. 645 00:35:09,800 --> 00:35:11,100 There are certainly some overlap. 646 00:35:11,600 --> 00:35:14,700 But what ends up happening is this prioritization that? 647 00:35:14,700 --> 00:35:17,600 If every, if Every time an audit finding comes out, that becomes 648 00:35:17,600 --> 00:35:21,400 like the fire and it wins, when you're trying to, you know, 649 00:35:21,500 --> 00:35:25,100 versus all the things we should be doing and this is almost like 650 00:35:25,100 --> 00:35:26,300 the modernization question earlier. 651 00:35:26,300 --> 00:35:28,200 It's like, there's a bunch of things that you should be doing, 652 00:35:28,400 --> 00:35:31,700 but if you're constantly playing catch up on stuff, you know, 653 00:35:31,800 --> 00:35:33,400 what is that balance? Look like where. 654 00:35:33,600 --> 00:35:35,200 I have a list of a lot of things I need to correct. 655 00:35:35,200 --> 00:35:38,300 Every year, hopefully, you're making progress and it's not the 656 00:35:38,300 --> 00:35:40,900 same audit findings. Otherwise you've got problems 657 00:35:40,900 --> 00:35:42,900 but I think it goes along with that as well. 658 00:35:42,900 --> 00:35:44,900 Which is, you know, what is that mindset? 659 00:35:44,900 --> 00:35:48,700 That that If that needs to take place from basically walkable 660 00:35:49,000 --> 00:35:50,500 and say, okay, well we're just going to dress these Auto 661 00:35:50,500 --> 00:35:53,700 findings and not really solve the bigger picture versus trying 662 00:35:53,700 --> 00:35:55,700 to be more strategic for my New Perspective. 663 00:35:55,700 --> 00:35:59,700 That would solve potentially audit findings in the future. 664 00:35:59,800 --> 00:36:03,600 That would arise from not having a strategy or a program in 665 00:36:03,600 --> 00:36:05,000 place. What do you think? 666 00:36:05,600 --> 00:36:07,800 Well, I think the thing that comes to mind to such act to 667 00:36:07,800 --> 00:36:11,700 know what is the source of the audit findings and is a 668 00:36:11,700 --> 00:36:15,400 predictable because if the source of the audit findings is, 669 00:36:15,600 --> 00:36:19,000 Is hey, we've got an ancient access management system or an 670 00:36:19,000 --> 00:36:21,700 ancient, you know, provisioning tool. 671 00:36:21,700 --> 00:36:25,100 That's not really doing what a modern IGA does. 672 00:36:25,700 --> 00:36:28,200 Or we don't have a good privileged access management 673 00:36:28,200 --> 00:36:31,200 tool or we're shifting to the cloud and we don't have her 674 00:36:31,200 --> 00:36:34,500 framework for managing access there or maybe it's all the 675 00:36:34,500 --> 00:36:37,700 above were completely under invested that. 676 00:36:37,700 --> 00:36:41,100 Maybe you can attack it by saying we need to make these 677 00:36:41,100 --> 00:36:42,800 shows. You can vestments as an 678 00:36:43,100 --> 00:36:46,600 organization. Now, you also have to That some 679 00:36:46,600 --> 00:36:50,400 were, his ations it's almost like their strategy is to stay 680 00:36:50,400 --> 00:36:54,900 under invested and on this very unfortunate because we from the 681 00:36:54,900 --> 00:36:59,400 clients in the past that they call us after they paid a major 682 00:36:59,400 --> 00:37:03,600 Ransom, you know, to rent somewhere gangs because they 683 00:37:03,600 --> 00:37:08,900 were under invested and very vulnerable to being attacked, or 684 00:37:08,900 --> 00:37:12,100 they have some kind of major incident or major audit finding 685 00:37:12,100 --> 00:37:15,400 and, you know, it's like, okay now the house is on fire. 686 00:37:15,600 --> 00:37:19,700 Now we're going to call in the big guns and usually the 687 00:37:19,700 --> 00:37:23,200 situation is they've gone, 10 years and under invested. 688 00:37:23,300 --> 00:37:26,700 Now I think a big reason is of fish. 689 00:37:26,700 --> 00:37:30,000 Strategic decision was made like we're going to Outsource. 690 00:37:30,000 --> 00:37:34,400 I am as just a function we don't want to run and then it gets 691 00:37:34,400 --> 00:37:37,100 into this mode of just maintenance just maintain what 692 00:37:37,100 --> 00:37:39,700 we have. I mean five years in the I am 693 00:37:39,700 --> 00:37:42,700 industry is an eternity. I'd say five years ago. 694 00:37:42,900 --> 00:37:45,400 It wasn't even Baseline standard that you need that. 695 00:37:45,600 --> 00:37:48,700 Mme everywhere. I would say anybody would argue 696 00:37:48,700 --> 00:37:52,700 that you don't need them. If they everywhere now is crazy 697 00:37:53,400 --> 00:37:54,600 right? You have to look at your 698 00:37:54,600 --> 00:37:56,700 environment from a zero trust perspective. 699 00:37:57,300 --> 00:37:59,300 So I guess that's you know to Chris's. 700 00:38:01,100 --> 00:38:05,000 If you can kind of like predict what those audit was going to 701 00:38:05,000 --> 00:38:09,600 cost us on a findings and is due to, you know, things that can be 702 00:38:10,200 --> 00:38:12,900 addressed with investment. I think you have to push to make 703 00:38:12,900 --> 00:38:17,400 that investment and If your organization is cotton, 704 00:38:17,400 --> 00:38:21,500 critically underinvested in molten vest, I think your 705 00:38:21,500 --> 00:38:24,200 options are one. You've got to figure out how to 706 00:38:24,800 --> 00:38:28,900 convince people that is worth, carry about and worth investing 707 00:38:28,900 --> 00:38:32,600 in or, you know, potentially just think like this 708 00:38:32,600 --> 00:38:34,900 organization never going to invest, and we're just going to 709 00:38:34,900 --> 00:38:38,000 continue on this cycle. And, you know, you question 710 00:38:38,000 --> 00:38:40,500 whether or not, that's what the place you want to be. 711 00:38:41,200 --> 00:38:42,100 Yeah. If you're not investing, you're 712 00:38:42,100 --> 00:38:44,300 accepting the risk. That's the bottom line. 713 00:38:44,400 --> 00:38:46,600 Like that's that's pretty much Even when you are investing, 714 00:38:46,600 --> 00:38:49,500 your you're accepting certain levels of risk, but you should 715 00:38:49,500 --> 00:38:53,400 be investing to reduce risk, but anytime you don't spend money to 716 00:38:53,500 --> 00:38:58,400 fix something that's risk and you know, that's just no way 717 00:38:58,400 --> 00:39:00,300 around it. Let's shift a little bit because 718 00:39:00,300 --> 00:39:03,000 he he came up another one tools and Technology. 719 00:39:03,300 --> 00:39:05,900 He's looking for a tool. That will tell him at the 720 00:39:05,900 --> 00:39:10,000 entitlement layer when the last time it was used in order to 721 00:39:10,000 --> 00:39:14,200 reduce aging access his requirements, at least in a base 722 00:39:14,200 --> 00:39:17,800 level is it has to An active directory and third-party 723 00:39:17,800 --> 00:39:21,000 applications. I think a tool like that sounds 724 00:39:21,000 --> 00:39:23,500 really nice. I don't know if something like 725 00:39:23,500 --> 00:39:27,200 that exists because I feel like this is extremely dependent on 726 00:39:27,900 --> 00:39:34,400 logging and what logs are kept by the entitlements applicator 727 00:39:34,400 --> 00:39:36,300 the application that has the entitlements in it. 728 00:39:36,300 --> 00:39:37,900 So active directory, obviously has logs. 729 00:39:38,300 --> 00:39:40,800 I would feel probably okay with that the third party 730 00:39:40,800 --> 00:39:43,100 applications though, you just don't know what you're going to 731 00:39:43,100 --> 00:39:47,800 get from a log in perspective. Hey was this do they even track 732 00:39:47,800 --> 00:39:50,500 1? Entitlement is used beyond the 733 00:39:50,500 --> 00:39:52,500 initial authentication or authorization chain? 734 00:39:54,000 --> 00:39:59,100 Yeah I mean you're right on like you know there are some well I 735 00:39:59,100 --> 00:40:04,000 don't think there's going to be one tool that that kind of you 736 00:40:04,000 --> 00:40:07,400 know pulls all this together without logs and I think the 737 00:40:07,400 --> 00:40:13,300 ultimate answer is having a Sim tool like a Splunk or elastic 738 00:40:13,300 --> 00:40:17,200 stack that can pull this data. It in and you create reports 739 00:40:17,200 --> 00:40:22,100 that can make sense of it. I think there are some access 740 00:40:22,100 --> 00:40:28,900 management tools that you know can filter at a coarse-grained 741 00:40:28,900 --> 00:40:32,500 authentication level and but ultimately it still comes back 742 00:40:32,500 --> 00:40:35,900 to spitting out, there's logs and when you throw active 743 00:40:35,900 --> 00:40:39,300 directory into the scope I think there's so many different ways 744 00:40:39,300 --> 00:40:41,200 to authenticate to active directory. 745 00:40:41,600 --> 00:40:45,200 Ultimately, you're pulling the active directory security logs. 746 00:40:45,500 --> 00:40:48,600 I think, you know, to me, the logging to make sure you're 747 00:40:48,600 --> 00:40:52,200 capturing the data that you want, centralizing, the logs, 748 00:40:52,300 --> 00:40:57,700 and then building reports to, you know, make sense of the of 749 00:40:57,700 --> 00:41:02,000 the log data to help filter it, to just what's important and 750 00:41:02,000 --> 00:41:07,600 potentially setting up alerts so that you know anything that's 751 00:41:07,600 --> 00:41:11,900 like really bad, you're getting alerted on, this sounds like a 752 00:41:11,900 --> 00:41:16,300 lot of custom work to me to try them, get all All the logs and 753 00:41:16,300 --> 00:41:20,900 then, you know, basically, you're looking through all the 754 00:41:20,900 --> 00:41:23,100 authentications that take place that's almost like this needs to 755 00:41:23,100 --> 00:41:25,900 be at the authentication level for each application. 756 00:41:26,400 --> 00:41:28,900 Suck up, all those authentication transactions. 757 00:41:28,900 --> 00:41:32,100 So to speak into that log and then try to come up with some 758 00:41:32,100 --> 00:41:35,300 sort of logic or tree that says, hey, look for this specific 759 00:41:35,300 --> 00:41:37,900 authorization chain. And if you see this specific 760 00:41:37,900 --> 00:41:41,500 word, which should map back to an entitlement name somewhere, 761 00:41:41,500 --> 00:41:44,200 or maybe it's even a word, it could be some sort of primary 762 00:41:44,200 --> 00:41:48,200 key that if, you know, Slate's from one thing to another you 763 00:41:48,200 --> 00:41:50,000 know, maybe this is an untapped space, maybe there's already 764 00:41:50,000 --> 00:41:52,500 products out there that exist. So if you know of something, you 765 00:41:52,500 --> 00:41:55,200 know, hit us up here, you know, ahead and send a message just on 766 00:41:55,200 --> 00:41:57,700 LinkedIn. We'd love to like talk and 767 00:41:57,700 --> 00:41:59,100 figure it out. Maybe it helps Chris out as 768 00:41:59,100 --> 00:42:03,600 well, but I feel like this is a very custom a custom thing that 769 00:42:03,600 --> 00:42:06,500 needs to be built, which to me, sounds like it's going to be 770 00:42:06,500 --> 00:42:08,700 pretty expensive. Yeah, yeah. 771 00:42:08,700 --> 00:42:11,400 Sounds like something. Maybe the FBI has just something 772 00:42:11,500 --> 00:42:13,600 but it sounds to me, like, premise question. 773 00:42:13,600 --> 00:42:17,000 He's talking about the The entire winter and entitlement is 774 00:42:17,000 --> 00:42:23,200 actually used, then you not only have to say, okay, Jeff logged 775 00:42:23,200 --> 00:42:26,900 in as an administrator but here actually use the administrator 776 00:42:26,900 --> 00:42:30,300 access. So I, you know what, I kind of 777 00:42:30,300 --> 00:42:34,000 think we're one place that we do, see that is with Kim 778 00:42:34,000 --> 00:42:39,100 software. So it's going in to Amazon, for 779 00:42:39,100 --> 00:42:43,900 example, and finding out when a role was actually used, and if 780 00:42:43,900 --> 00:42:48,200 that rolls not being, Stanley says you Jeff is now using that 781 00:42:48,200 --> 00:42:52,300 role but that's you know basically that's leveraging data 782 00:42:52,300 --> 00:42:55,400 that Amazon has and brawl the cloud providers have. 783 00:42:55,600 --> 00:43:00,300 So it's almost doing like log analysis from this Cloud vendor 784 00:43:00,300 --> 00:43:03,200 so it kind of goes back to our answer but it's also very 785 00:43:03,200 --> 00:43:05,000 specific to Cloud infrastructure. 786 00:43:05,000 --> 00:43:11,800 I don't think a similar tool set exists for you know non Cloud 787 00:43:12,000 --> 00:43:15,000 platforms. Yeah, that's a good point. 788 00:43:15,000 --> 00:43:17,300 You know, the Kim space might offer some solution. 789 00:43:17,300 --> 00:43:21,100 There are they think about too is just because it entitlement 790 00:43:21,100 --> 00:43:24,100 isn't being used, doesn't mean it should go away. 791 00:43:24,200 --> 00:43:27,300 I think of things like fire call or other sets of like emergency 792 00:43:27,300 --> 00:43:31,100 break glass type accesses where you hope that the you never have 793 00:43:31,100 --> 00:43:35,600 to use them or they use very sparingly, you know, if that if 794 00:43:35,600 --> 00:43:38,600 you have, you know, I'm, I would imagine go to some sort of 795 00:43:38,600 --> 00:43:40,500 portal say, oh, yeah, that's you know, that's the emergency 796 00:43:40,500 --> 00:43:41,500 access. Don't worry about that. 797 00:43:41,500 --> 00:43:43,300 That's fine to leave where it is, or whatever. 798 00:43:43,400 --> 00:43:47,500 B versus taking more like an automated process. 799 00:43:47,500 --> 00:43:51,200 I know there's there's one one client that we're kind of 800 00:43:51,200 --> 00:43:55,100 talking with in our professional life where like things like 801 00:43:55,100 --> 00:43:57,800 out-of-band access. For example, like how do you 802 00:43:57,800 --> 00:44:01,300 detect accesses and entitlements that are being granted? 803 00:44:01,500 --> 00:44:04,900 And you know we're looking at a combination of our PA robotic 804 00:44:04,900 --> 00:44:08,400 process automation, you know logging things like that to try 805 00:44:08,400 --> 00:44:11,700 to come up with some ways to kind of address that that unique 806 00:44:11,700 --> 00:44:14,100 use case, which is emitted. Ooh, pretty advancement. 807 00:44:14,100 --> 00:44:15,900 A lot of, I think a lot of organizations still trickling 808 00:44:15,900 --> 00:44:20,900 the basics but it is something that, you know, that that we're 809 00:44:20,900 --> 00:44:22,900 working on in our professional life. 810 00:44:23,700 --> 00:44:25,600 Let's get to the next one, which is a culture question. 811 00:44:25,600 --> 00:44:29,100 I like this one because it's gets more to the people side of 812 00:44:29,100 --> 00:44:31,800 identity. Chris works with a wonderful 813 00:44:31,800 --> 00:44:34,200 team. Now mostly virtual and spend a 814 00:44:34,200 --> 00:44:36,600 lot of time grinding provision requests. 815 00:44:36,600 --> 00:44:40,000 I feel your pain. Chris, how do you remind them of 816 00:44:40,000 --> 00:44:41,900 the importance of the work they do. 817 00:44:42,200 --> 00:44:43,700 How do you reward them? Away. 818 00:44:44,200 --> 00:44:47,600 So I think the idea here is that, you know, I'll go back to 819 00:44:47,600 --> 00:44:50,700 my old id admin days and kind of how I got into identity was. 820 00:44:51,000 --> 00:44:54,300 You're basically processing requests tickets emails, 821 00:44:54,600 --> 00:44:58,700 walk-ups maybe not so many walk-ups recently you know, Iams 822 00:44:59,000 --> 00:45:01,800 where there's you know you have to create accounts for some 823 00:45:01,800 --> 00:45:05,100 reason or add permissions are entitlements and it's, You Know, 824 00:45:05,100 --> 00:45:08,600 It's a Grind, e work, sometimes, especially if you're in a big 825 00:45:08,600 --> 00:45:11,800 organization, or you have a lot of tickets or requests coming 826 00:45:11,800 --> 00:45:14,000 in. You know, how do you You how do 827 00:45:14,000 --> 00:45:15,800 you a stress, the importance of what they do? 828 00:45:16,000 --> 00:45:18,400 I mean, really, you're talking about the first line of defense 829 00:45:19,000 --> 00:45:22,300 for an organization. It all starts with identity, but 830 00:45:22,500 --> 00:45:26,800 when you working on, you know, 100 tickets a day, or maybe 10 831 00:45:26,800 --> 00:45:28,600 tickets today is really matter. Right. 832 00:45:28,600 --> 00:45:31,600 How do you keep the focus for a team that that's sort of their 833 00:45:31,600 --> 00:45:34,900 primary primary role is to just do that permissioning for 834 00:45:34,900 --> 00:45:39,100 people? I think it's also comes back to 835 00:45:39,100 --> 00:45:42,300 kind of people management what I want, which is make sure that 836 00:45:42,300 --> 00:45:45,400 you are In touch with their people, you're having the water 837 00:45:45,400 --> 00:45:48,400 once, they have an opportunity new, you care about them. 838 00:45:48,900 --> 00:45:53,400 They know that the work that they're doing is important to 839 00:45:53,400 --> 00:45:59,800 the organization and they know that if they have a concern or 840 00:45:59,900 --> 00:46:02,500 something, coming up in their life that you're going to listen 841 00:46:02,500 --> 00:46:05,300 to them and do what you can to help them. 842 00:46:05,600 --> 00:46:09,600 I mean, so to me, it's kind of like, if you talk about the work 843 00:46:09,600 --> 00:46:12,300 culture and how do you keep people from going crazy, it's 844 00:46:12,600 --> 00:46:15,300 know that they're not. Alone, even though there may be 845 00:46:15,300 --> 00:46:19,300 physically alone at home and but that they're part of something 846 00:46:19,300 --> 00:46:23,300 bigger and they're valued and that you're going to be there 847 00:46:23,300 --> 00:46:25,600 for them. If they have, if they need a 848 00:46:25,900 --> 00:46:29,600 mirror, I think I feel like the last couple years because of the 849 00:46:29,600 --> 00:46:34,400 pandemic organizations, have gotten better at this of helping 850 00:46:34,400 --> 00:46:37,000 people understand their role with the organization. 851 00:46:37,000 --> 00:46:40,400 Why they're important because such a such a focus was paid on 852 00:46:40,400 --> 00:46:43,300 the mental health side of things, you know, for folks. 853 00:46:43,500 --> 00:46:46,300 I think is a good thing. I think it starts a lot of it as 854 00:46:46,300 --> 00:46:49,700 that messaging from the top you know and making sure that you 855 00:46:49,700 --> 00:46:52,800 know as a manager of a team like that for example promoting the 856 00:46:52,800 --> 00:46:57,900 success of my team to other managers and people that might 857 00:46:57,900 --> 00:46:59,300 be above me and the organization. 858 00:46:59,500 --> 00:47:02,500 Here's what we do. Here's why it's important and 859 00:47:02,500 --> 00:47:06,100 getting that message to them and having those folks help Cascade 860 00:47:06,100 --> 00:47:10,800 that message back down to folks, this is a lesson I took from a 861 00:47:10,800 --> 00:47:13,300 few of the Cecil's that I've worked for in the past. 862 00:47:13,600 --> 00:47:19,500 And Burt where that thank you of what we're doing, you know is a 863 00:47:19,500 --> 00:47:22,900 powerful motivator, you know. Not everyone is motivated by 864 00:47:23,800 --> 00:47:26,800 money or tokens of thing. Whatever that might look like 865 00:47:26,800 --> 00:47:29,100 gifts. Sometimes I love will tokens. 866 00:47:29,200 --> 00:47:30,800 I do yeah, I do have tokens of money. 867 00:47:30,800 --> 00:47:34,700 Don't get me wrong, but yeah, a sincere. 868 00:47:34,700 --> 00:47:37,900 Thank you and acknowledgement of the work that was done, is 869 00:47:37,900 --> 00:47:40,300 certainly helpful. And I think that's, you know, 870 00:47:40,300 --> 00:47:45,000 it's not always the end, all be all but At least recognizing, 871 00:47:45,000 --> 00:47:48,100 maybe even seasonal spikes. Okay, we know we're going into a 872 00:47:48,107 --> 00:47:52,300 busy time, you know, maybe it's open enrollment for example or 873 00:47:52,600 --> 00:47:56,000 it's the first day back after holidays and everyone seems to 874 00:47:56,000 --> 00:47:58,700 have forgotten their password. So, you know, you're gonna get a 875 00:47:58,707 --> 00:48:01,100 lot of password calls because they just don't feel like they 876 00:48:01,100 --> 00:48:02,900 want to take advantage of, self-service, password, 877 00:48:02,900 --> 00:48:04,200 whatever, reason, not saying that. 878 00:48:04,200 --> 00:48:06,200 These things haven't happened to me in the past. 879 00:48:06,200 --> 00:48:08,700 I'm just, you know, throwing examples out there, right? 880 00:48:08,700 --> 00:48:12,200 But I think, you know, I think part of it is making sure that I 881 00:48:12,200 --> 00:48:13,400 think the biggest parts were just being aware. 882 00:48:13,500 --> 00:48:16,500 Are of the value making sure that the team understands it, 883 00:48:16,500 --> 00:48:20,000 but also promoting your team, especially for managers and 884 00:48:20,000 --> 00:48:23,300 other folks who are leading people in these types of roles 885 00:48:23,300 --> 00:48:26,700 is, make sure that people know what it is, that your team does 886 00:48:26,700 --> 00:48:29,400 and why it's important and enlist their aid. 887 00:48:29,700 --> 00:48:31,600 And making sure that that message is getting around and 888 00:48:31,600 --> 00:48:33,700 have a Cascade down, is a big thing. 889 00:48:35,400 --> 00:48:38,900 You know, I as you're going through that, I thought of a 890 00:48:38,900 --> 00:48:42,200 session at the five-day conference that I saw listed 891 00:48:42,200 --> 00:48:47,000 that I'm definitely going to sit in this called The Forgotten how 892 00:48:47,000 --> 00:48:50,900 we all started with the contact center then forgot to secure it 893 00:48:50,900 --> 00:48:54,000 properly. You know, it's like we all like 894 00:48:54,000 --> 00:48:57,300 started out in that kind of position and then when we go 895 00:48:57,300 --> 00:49:02,600 through security it's it's not are you no mountain high enough 896 00:49:02,600 --> 00:49:04,900 of a priority for us to get it right? 897 00:49:05,200 --> 00:49:09,900 That's the global security engineer from CVS Health John 898 00:49:09,900 --> 00:49:12,500 Poirier. So reach out to him and see if 899 00:49:12,500 --> 00:49:15,700 maybe we can we can meet up with them while we're at the 900 00:49:15,700 --> 00:49:17,600 conference. Yeah that would be cool. 901 00:49:17,600 --> 00:49:19,400 I didn't say I think it's a really good question. 902 00:49:19,400 --> 00:49:21,500 I'm I think that's probably where we'll go ahead and leave 903 00:49:21,500 --> 00:49:23,800 it for this week. We've it's Labor Day. 904 00:49:23,800 --> 00:49:25,500 We've labored through a bunch of questions. 905 00:49:25,500 --> 00:49:27,000 I feel like our work here is done. 906 00:49:28,100 --> 00:49:30,800 We'll end on a lighter note which was also submitted by 907 00:49:31,000 --> 00:49:32,500 somebody out there. I don't think they knew they 908 00:49:32,500 --> 00:49:35,000 were submitting a letter or note but we're going to treat it as 909 00:49:35,100 --> 00:49:38,200 As such, let's go with it. And it's from Kurt Greening, 910 00:49:38,800 --> 00:49:43,600 what tool program policy or settings that if implemented 911 00:49:43,600 --> 00:49:46,200 would help reduce the chance that you would be called into 912 00:49:46,200 --> 00:49:49,400 work because of an IM emergency on Labor Day. 913 00:49:50,800 --> 00:49:52,100 So what is it that you're going to implement? 914 00:49:52,100 --> 00:49:53,700 That's going to make it. Make sure that you can be on 915 00:49:53,700 --> 00:49:57,400 that boat drinking somewhere or at least, you know, not, not 916 00:49:57,400 --> 00:49:58,700 have to do some work on Labor Day. 917 00:49:59,300 --> 00:50:02,800 Well, I guess the serious answer would be what a talked about 918 00:50:02,800 --> 00:50:05,000 earlier is like, you're going to have to take your turn. 919 00:50:05,200 --> 00:50:08,900 In our recent uptick for turn, but if everybody taking their 920 00:50:08,900 --> 00:50:11,400 turn then it shouldn't be anybody's turn. 921 00:50:11,400 --> 00:50:17,300 Every time of holiday shows up, my funny answer was my 922 00:50:17,300 --> 00:50:20,800 technology would be an airplane and get on that airplane and go 923 00:50:20,800 --> 00:50:23,300 somewhere. If that doesn't have Wi-Fi, like 924 00:50:23,500 --> 00:50:28,600 Belize or Bora Bora, that was my five response to Kurt, he's a 925 00:50:28,607 --> 00:50:30,700 good egg. I met with him out in the 926 00:50:31,200 --> 00:50:35,600 Gartner as well. Uncle how about you Mike Let's 927 00:50:35,600 --> 00:50:40,500 see, I think self-service, you know, reset your own password, 928 00:50:41,800 --> 00:50:44,300 you know, make a wit, make people aware that you know what 929 00:50:44,300 --> 00:50:47,100 they think it is emergency may not be truly an emergency, 930 00:50:47,100 --> 00:50:48,800 right? Don't I remember back to my 931 00:50:48,800 --> 00:50:52,300 pager days of Walgreens, you know, don't page me at 3 a.m. 932 00:50:52,500 --> 00:50:55,000 because you can't get access to the corporate menu you know for 933 00:50:55,000 --> 00:50:56,900 the cafeteria tomorrow because you're trying to plan your 934 00:50:56,900 --> 00:50:59,500 meals, I will not be very happy about that. 935 00:51:00,200 --> 00:51:03,100 You know, I think taking a risk based approach to escalation I 936 00:51:03,107 --> 00:51:07,300 think my fun answer would be Setting an out of office and 937 00:51:07,300 --> 00:51:09,200 making it very clear that you're not checking email. 938 00:51:09,500 --> 00:51:13,600 Good luck, godspeed. And you know notify the next of 939 00:51:13,600 --> 00:51:16,000 kin so to speak is the way that I would look at it. 940 00:51:16,100 --> 00:51:17,800 Yeah. Don't put your cell phone in 941 00:51:17,800 --> 00:51:22,400 your email signature. Yeah, I have mine. 942 00:51:22,400 --> 00:51:25,100 I do. That's the only number that I 943 00:51:25,100 --> 00:51:29,700 use, but yeah, I think that's I, you know, you have to draw 944 00:51:29,700 --> 00:51:31,900 boundaries. Fortunately, I think a lot of 945 00:51:31,908 --> 00:51:34,400 people especially the, it space are aware that they sometimes 946 00:51:34,400 --> 00:51:35,900 get you have. They're in a support position. 947 00:51:35,900 --> 00:51:39,600 You might get called in on days off or weekends or holidays. 948 00:51:40,300 --> 00:51:42,500 I can certainly remember having to create a whole bunch of 949 00:51:42,500 --> 00:51:47,700 accounts because of a mismanaged onboarding, New Years Eve, for 950 00:51:47,700 --> 00:51:51,400 example. So it just I think if you can 951 00:51:51,400 --> 00:51:53,700 plan ahead and try to head off as much of things, you know, 952 00:51:53,700 --> 00:51:56,900 people can enjoy it but and first cats culture question. 953 00:51:56,900 --> 00:52:01,400 So if you have those people who don't respect the boundaries and 954 00:52:01,400 --> 00:52:05,300 they go ahead and like violate the work lifetime, Your 955 00:52:05,300 --> 00:52:09,900 employees just, you know, recognize your employees and to 956 00:52:09,900 --> 00:52:12,100 whatever extent you can kind of stand up for them. 957 00:52:12,100 --> 00:52:15,800 Let people know like, hey, you know, calling them at home just 958 00:52:15,800 --> 00:52:17,300 because you have their phone number. 959 00:52:17,600 --> 00:52:19,000 Yeah. It doesn't make it right. 960 00:52:19,800 --> 00:52:21,400 Yeah. I remember back in the day would 961 00:52:21,400 --> 00:52:24,600 be like okay well just you know work from home today or hey 962 00:52:24,600 --> 00:52:27,100 leave early you know on Friday or whatever it's kind of makeup. 963 00:52:27,100 --> 00:52:29,800 Make it try to make it Equitable I think for both sides right 964 00:52:29,800 --> 00:52:31,600 ever. We all have a part to play in it 965 00:52:31,600 --> 00:52:33,600 so be a good human being is my motto. 966 00:52:33,700 --> 00:52:36,900 That's pretty much it. All right, what do you think? 967 00:52:36,900 --> 00:52:37,800 Should we go ahead and leave it there? 968 00:52:38,500 --> 00:52:41,200 I think so. Okay, hopefully everyone is 969 00:52:41,200 --> 00:52:44,200 enjoying their Labor Day. The end of summer officially 970 00:52:44,200 --> 00:52:46,600 here. At least in the US we'll go 971 00:52:46,600 --> 00:52:49,500 ahead and wrap it up. Check out our website, idac 972 00:52:49,500 --> 00:52:54,100 podcast.com, check us out on Twitter at IDC podcast. 973 00:52:54,100 --> 00:52:56,200 Follow us, always love to engage with folks. 974 00:52:56,200 --> 00:53:00,900 If you got show topics questions, concerns grievances, 975 00:53:01,600 --> 00:53:05,500 you know accolades you can set them all, send us send So us on 976 00:53:05,500 --> 00:53:08,200 LinkedIn after you connect there and we'll be happy to chat. 977 00:53:08,200 --> 00:53:10,000 So hopefully we get to meet some more Folks at some of these 978 00:53:10,000 --> 00:53:13,700 conferences that are coming up. So, authentic 8 2022 in Seattle 979 00:53:13,700 --> 00:53:16,600 by the final group or final lines of should say and then 980 00:53:16,700 --> 00:53:20,300 potentially octane, which is put on by OCTA in San Francisco in 981 00:53:20,300 --> 00:53:22,800 November. And who knows what next year 982 00:53:23,100 --> 00:53:25,600 from it perspective. So with that, we'll go ahead and 983 00:53:25,600 --> 00:53:28,100 leave it for this week. Thanks everyone for listening, 984 00:53:28,200 --> 00:53:30,100 and we'll talk with you all in the next one. 985 00:53:34,400 --> 00:53:36,200 Thanks for listening. Turning to the identity at the 986 00:53:36,200 --> 00:53:38,800 center podcast, if you like what you heard, don't forget to 987 00:53:38,800 --> 00:53:41,800 subscribe and visit us on the web and identity at the 988 00:53:41,800 --> 00:53:42,800 center.com.