1 00:00:00,040 --> 00:00:02,560 The right way to look at this problem is that identity is a 2 00:00:02,560 --> 00:00:05,680 data problem. What I mean by that is because 3 00:00:05,680 --> 00:00:08,320 we have so much fragmented data, there is so much context out 4 00:00:08,320 --> 00:00:09,880 there. If you can put all of that 5 00:00:09,880 --> 00:00:12,920 together in a single data lake. And that's what Andromeda does, 6 00:00:13,160 --> 00:00:18,080 ingest all data from all the data sources, IDPHR systems, 7 00:00:18,640 --> 00:00:21,680 cloud providers, most importantly activity logs. 8 00:00:22,080 --> 00:00:24,600 And then once you have everything in a single space, 9 00:00:24,600 --> 00:00:28,000 you can run models on top of it. So we done machine learning 10 00:00:28,000 --> 00:00:33,280 models around risk scoring or behavioural analysis, peer 11 00:00:33,280 --> 00:00:35,520 behaviour, your past behaviour and so on. 12 00:00:35,960 --> 00:00:40,440 And then all the use cases really come out of that data and 13 00:00:40,440 --> 00:00:43,080 the models. So what does Andromeda do? 14 00:00:43,280 --> 00:00:47,440 Well to start with, it gives you visibility. 15 00:00:47,440 --> 00:00:50,680 So it discovers all identities, human and non human, and builds 16 00:00:50,680 --> 00:00:54,640 a risk model, a score across posture, behavior and 17 00:00:54,640 --> 00:00:58,720 permissions and tells you which identities to focus on, which 18 00:00:58,720 --> 00:01:01,080 are your high risk identities, and gives you built in 19 00:01:01,080 --> 00:01:10,320 remediation steps. This is identity at the center. 20 00:01:11,040 --> 00:01:16,720 If it has anything to do with IAM, this is the go to podcast 21 00:01:17,200 --> 00:01:21,360 now your hosts Jim McDonald and Jeff Steadman. 22 00:01:27,600 --> 00:01:29,280 Welcome to the Identity at the Center podcast. 23 00:01:29,280 --> 00:01:30,800 I'm Jeff, and that's Jim. Hey, Jim. 24 00:01:31,240 --> 00:01:33,720 Hey, Jeff, how are you? Not so bad yourself. 25 00:01:34,760 --> 00:01:38,960 Happy 2025 is our first Sponsor Spotlight episodes of of the 26 00:01:38,960 --> 00:01:41,000 year. It is, and we're starting off 27 00:01:41,000 --> 00:01:42,480 with a bang. Like you mentioned, this is a 28 00:01:42,480 --> 00:01:46,760 sponsored episode, so we're very fortunate to have one of the key 29 00:01:46,760 --> 00:01:49,120 members of the Andromeda Security team here with us. 30 00:01:49,880 --> 00:01:52,560 They are. So it's Andromeda Security. 31 00:01:52,560 --> 00:01:55,000 You saw that in title as we were as we're rolling this out. 32 00:01:55,240 --> 00:01:57,800 They're an AI powered identity security platform. 33 00:01:57,800 --> 00:02:01,600 You can find out more about them at andromedasecurity.com/idac. 34 00:02:02,520 --> 00:02:05,240 And I mentioned it, we've got one of the Co founders here, Co 35 00:02:05,240 --> 00:02:07,440 founder and chief product officer of Andromeda, Ashish 36 00:02:07,440 --> 00:02:08,919 Shah. Welcome to the show, Ashish. 37 00:02:10,000 --> 00:02:13,600 Thanks, Jeff and Jim, really excited to be participating in 38 00:02:13,600 --> 00:02:14,280 that. Thank you. 39 00:02:14,960 --> 00:02:17,480 Well, thanks for joining us. We definitely appreciate it. 40 00:02:18,320 --> 00:02:21,960 You know, we have a lot of stuff going on in the identity space 41 00:02:21,960 --> 00:02:25,040 and I always love to hear origin stories of where did people come 42 00:02:25,040 --> 00:02:27,000 from when it comes to their digital identity journey. 43 00:02:27,000 --> 00:02:29,160 So why don't you tell us about yourself? 44 00:02:29,160 --> 00:02:32,800 How did you get into the digital identity or IM space? 45 00:02:32,960 --> 00:02:35,360 Is it something that you chose or did it choose you? 46 00:02:37,080 --> 00:02:40,160 Great question. So most of the founding team at 47 00:02:40,600 --> 00:02:43,400 Andromeda came from a company called Avi Networks. 48 00:02:44,000 --> 00:02:48,400 Avi was a software load balancer web application firewall company 49 00:02:48,920 --> 00:02:52,320 founded in 2013, acquired by VM Red in 2019. 50 00:02:52,880 --> 00:02:57,920 And we saw the journey of our customers at Avi into cloud and 51 00:02:57,920 --> 00:03:01,200 SAS and we saw identity, especially permissions 52 00:03:01,200 --> 00:03:04,440 management was a key problem that our customers were facing 53 00:03:04,800 --> 00:03:07,120 as they moved to cloud. It's very different than what's 54 00:03:07,160 --> 00:03:11,320 on Prem versus cloud. So that's where the the genesis 55 00:03:11,320 --> 00:03:14,920 of the company started. And then as we started looking 56 00:03:14,920 --> 00:03:20,400 into the problem space, we saw that a lot of unsolved problems 57 00:03:20,400 --> 00:03:21,800 out there. There are lots of vendors there 58 00:03:21,880 --> 00:03:24,760 of course, but there are lots of problems out there that are 59 00:03:24,760 --> 00:03:27,400 unsolved. And so if you just when we 60 00:03:27,400 --> 00:03:30,200 started and Ramadan, we started looking at, OK, what are the top 61 00:03:30,200 --> 00:03:33,920 challenges that we have to that are still unsolved. 62 00:03:34,520 --> 00:03:38,240 I think the biggest one that I think all we know about is 63 00:03:38,640 --> 00:03:42,480 identity is at the center of attack, no pun intended, but 64 00:03:42,680 --> 00:03:44,960 it's it's a primary attack vector today. 65 00:03:46,120 --> 00:03:49,080 It's not if it's when it'll get compromised. 66 00:03:49,480 --> 00:03:54,760 And so the attack surface really is determined by the over 67 00:03:54,760 --> 00:03:57,720 privileges of the permissions that any identity has, human and 68 00:03:57,720 --> 00:04:00,760 non human. So that was the biggest problem 69 00:04:00,760 --> 00:04:03,440 we want to solve this. Can we get to a state where even 70 00:04:03,440 --> 00:04:07,360 if you have a compromise that is 0 or minimal business impact? 71 00:04:08,120 --> 00:04:09,680 So that was the first problem we wanted to solve. 72 00:04:09,680 --> 00:04:12,920 But there are other day-to-day problems such as even today, the 73 00:04:13,400 --> 00:04:17,240 access management is manual. When somebody joins or leaves or 74 00:04:17,240 --> 00:04:21,320 moves, the manual work flows and and especially in cloud, people 75 00:04:21,320 --> 00:04:24,400 don't have patience to wait for hours to get that accesses 76 00:04:25,240 --> 00:04:29,080 compliance is a pain today. Frankly, there's a lot of rubber 77 00:04:29,080 --> 00:04:31,880 stamping going on. And all of these issues are 78 00:04:31,880 --> 00:04:33,760 relevant for both human and non human identity. 79 00:04:33,960 --> 00:04:37,760 And I'll just leave with one last thing, which is NHI, a non 80 00:04:37,760 --> 00:04:41,520 human identity has a additional unique problem, especially with 81 00:04:41,520 --> 00:04:47,280 the automation and and and and adoption of cloud and DevOps is 82 00:04:47,400 --> 00:04:51,880 discovery what's out there. So this was the kind of the 83 00:04:51,880 --> 00:04:54,640 landscape with which we saw that. 84 00:04:55,400 --> 00:04:59,280 We realized that this is a problem space that we can, it's 85 00:04:59,280 --> 00:05:02,360 a hard problem space, but it's a problem space that we can add 86 00:05:02,360 --> 00:05:05,160 value to and differentiate. And so that's where we started 87 00:05:05,160 --> 00:05:08,160 Andromeda. Give me some ideas of what the 88 00:05:08,160 --> 00:05:11,320 Andromeda platform does, because I'm sure there's a lot of 89 00:05:11,320 --> 00:05:13,720 different problem solved. You mentioned NHI or non human 90 00:05:13,720 --> 00:05:15,600 identities. You mentioned the human aspect 91 00:05:15,600 --> 00:05:18,120 of things like rubber stamping when it comes to, you know, 92 00:05:18,120 --> 00:05:20,600 compliance and access reviews and everyone's favorite, you 93 00:05:20,600 --> 00:05:22,280 know, IGA activities and things like that. 94 00:05:22,680 --> 00:05:23,840 Tell me a lot about the platform. 95 00:05:23,840 --> 00:05:25,440 I know we're going to dig a little bit more detail, but give 96 00:05:25,440 --> 00:05:27,800 me just kind of a quick high level to to whet my appetite. 97 00:05:28,680 --> 00:05:31,400 Sure, sure. So if you want to see a tagline 98 00:05:31,400 --> 00:05:34,240 Andromeda as an identity security platform for both human 99 00:05:34,240 --> 00:05:37,880 and non human identities, right? And the the ultimate goal is 100 00:05:38,360 --> 00:05:42,080 that we automate your permissions and life cycles of 101 00:05:42,080 --> 00:05:46,000 human and non human based on risk context and behavioral 102 00:05:46,000 --> 00:05:49,800 analysis so that even if your identity is compromised, that is 103 00:05:49,840 --> 00:05:51,520 minimal to 0 business impact, right? 104 00:05:51,520 --> 00:05:54,120 That's what we started with. But but what does that mean? 105 00:05:54,360 --> 00:05:57,800 So before I answer the questions, what Andromeda does 106 00:05:57,800 --> 00:06:02,120 in detail, let let's understand why it's broken today. 107 00:06:02,480 --> 00:06:06,280 So if you look at the the vendor landscape today, they're very 108 00:06:06,280 --> 00:06:08,800 fragmented. They're NHI only vendors. 109 00:06:09,240 --> 00:06:11,960 And then there are even within human identities, you hear the 110 00:06:11,960 --> 00:06:20,240 buzzwords ITDR or ISPN or Kim Jit and IGAI think the right way 111 00:06:20,240 --> 00:06:23,080 to look at this problem is that identity is a data problem. 112 00:06:24,040 --> 00:06:26,320 What I mean by that is because you have so much fragmented 113 00:06:26,320 --> 00:06:28,200 data, there is so much context out there. 114 00:06:28,440 --> 00:06:31,400 If you can put all of that together in a single data lake. 115 00:06:31,400 --> 00:06:35,000 And that's what Andromeda does, ingest all data from all the 116 00:06:35,000 --> 00:06:39,720 data sources, IDPHR systems, cloud providers, most 117 00:06:39,720 --> 00:06:43,080 importantly activity logs. And then once you have 118 00:06:43,080 --> 00:06:46,160 everything in a single space, you can run models on top of it. 119 00:06:46,160 --> 00:06:50,000 So we done machine learning models around risk scoring or 120 00:06:50,360 --> 00:06:54,680 behavioral analysis, peer behavior, your past behavior and 121 00:06:54,680 --> 00:06:57,320 so on. And then all the use cases 122 00:06:57,480 --> 00:07:00,600 really come out of that data and the models. 123 00:07:00,600 --> 00:07:05,600 So what does Andromeda do? Well to start with, it gives you 124 00:07:06,360 --> 00:07:08,480 visibility. So it discovers all identities, 125 00:07:08,720 --> 00:07:12,960 human and non human, and builds a risk model, A score across 126 00:07:12,960 --> 00:07:17,000 posture, behavior and permissions and tells you which 127 00:07:17,000 --> 00:07:19,560 identities to focus on, which are your high risk identities 128 00:07:19,560 --> 00:07:21,720 and gives you built in remediation steps. 129 00:07:22,000 --> 00:07:25,520 So that's step one. Think of it as a journey of your 130 00:07:25,520 --> 00:07:30,160 identity security maturity to start with visibility, 131 00:07:30,160 --> 00:07:33,960 recommendations, remediations. The next thing we do is real 132 00:07:33,960 --> 00:07:38,600 time visibility into who has access to what roles and 133 00:07:38,600 --> 00:07:43,680 permissions and more importantly who's using what so that you can 134 00:07:43,680 --> 00:07:48,040 right size the roles based on not just usage, but more 135 00:07:48,040 --> 00:07:51,800 importantly risk. Because our theory is that only 136 00:07:51,800 --> 00:07:54,240 frequently used permissions that are low risk should be part of 137 00:07:54,240 --> 00:07:57,000 somebody standing privilege. Everything else moves to just in 138 00:07:57,000 --> 00:07:58,840 time access. So the least privilege is the 139 00:07:58,840 --> 00:08:03,440 second set of use cases that we do that moves us to just in time 140 00:08:03,440 --> 00:08:04,960 access. There are lots of JIT vendors 141 00:08:04,960 --> 00:08:07,080 out there. The way we differentiate in JIT 142 00:08:07,080 --> 00:08:10,360 is use context. Use behavioral analysis. 143 00:08:10,360 --> 00:08:15,400 If Jim requests a privilege role and if he's always done it, same 144 00:08:15,400 --> 00:08:17,720 location, same devices, why ask Jeff? 145 00:08:17,720 --> 00:08:19,200 Who's going to rubber stamp it anyways? 146 00:08:19,680 --> 00:08:21,760 Automatically approve it, take the human out of the loop and 147 00:08:21,760 --> 00:08:24,320 the risk is low. But if Jeff is asking for this 148 00:08:24,320 --> 00:08:28,040 for the first time or is in a different location, then add 149 00:08:28,040 --> 00:08:31,320 friction, ask Jeff and tell Jeff what to look for so you can make 150 00:08:31,320 --> 00:08:34,000 a more informed decision. That's how we do intelligent 151 00:08:34,000 --> 00:08:36,159 jet. And then the final piece is IGA 152 00:08:36,159 --> 00:08:40,240 user access reviews based on activities, past behavior and 153 00:08:41,640 --> 00:08:43,240 life cycle management of identity. 154 00:08:43,240 --> 00:08:46,680 So it's a platform and we can go into the each of these in 155 00:08:46,680 --> 00:08:49,480 detail, but hopefully that gives you an idea on what we do. 156 00:08:50,600 --> 00:08:53,240 I think it's helpful because it, it really kind of, I guess it 157 00:08:53,240 --> 00:08:55,800 spans the Galaxy, pardon the pun on that. 158 00:08:57,040 --> 00:09:01,000 You know, there's this this concept of being data-driven for 159 00:09:01,000 --> 00:09:04,000 an IAM program. When I say program, I mean the, 160 00:09:04,120 --> 00:09:06,480 the way the program itself operates, the people, the 161 00:09:06,480 --> 00:09:08,080 process, the governance, etcetera. 162 00:09:08,520 --> 00:09:11,760 A lot of organizations are sitting on a treasure trove of 163 00:09:11,760 --> 00:09:15,680 data that sits in a system and really never gets used for 164 00:09:15,680 --> 00:09:18,120 anything beyond, oh, great, we got a new onboarder, a new 165 00:09:18,120 --> 00:09:19,760 joiner, a new believer, things like that. 166 00:09:20,080 --> 00:09:22,040 I feel like there's so much more that could be done with that 167 00:09:22,040 --> 00:09:25,720 data, especially if you're able to contextualize it, bring it 168 00:09:25,720 --> 00:09:28,760 into the system and then combine it with automation and say, oh, 169 00:09:28,760 --> 00:09:31,840 OK, because X, here's what's going to happen. 170 00:09:31,880 --> 00:09:35,000 Why, right? And or else Z, right, Whatever 171 00:09:35,000 --> 00:09:36,720 that looks, you know what that pseudo logic looks like. 172 00:09:36,720 --> 00:09:40,360 So I love this idea of it. I want to let Jim ask some 173 00:09:40,360 --> 00:09:41,800 questions instead of me hogging all the time. 174 00:09:41,800 --> 00:09:44,040 But I've got one last question before I turn it over to Jim. 175 00:09:44,240 --> 00:09:48,080 How do people measure success with Andromeda? 176 00:09:48,200 --> 00:09:50,280 Because it feels like there's a lot of different ways it could 177 00:09:50,280 --> 00:09:52,520 be done, but I'd love to hear straight from from you. 178 00:09:53,760 --> 00:09:58,040 Excellent question. So customers buy a solution to 179 00:09:58,040 --> 00:10:00,840 solve a problem, they don't buy a platform, right? 180 00:10:00,840 --> 00:10:03,160 We have a platform doesn't mean we sell a platform, right? 181 00:10:03,160 --> 00:10:07,520 We sell use cases. So we meet our customers in 182 00:10:07,680 --> 00:10:10,760 whichever step of their journey they are in, right. 183 00:10:10,760 --> 00:10:13,280 So we have customers who are in the early stage of the journey 184 00:10:13,280 --> 00:10:17,480 where well I don't have visibility into how many 185 00:10:17,480 --> 00:10:20,160 identities are there and who are the risky ones especially than 186 00:10:20,160 --> 00:10:22,800 NHI side, right. And the other extreme of the 187 00:10:22,800 --> 00:10:26,080 maturity curve is, well, I am implementing JET. 188 00:10:26,680 --> 00:10:30,400 I need something that is automated based on intelligence 189 00:10:30,400 --> 00:10:35,280 and context and everything in between, from role right sizing 190 00:10:35,280 --> 00:10:38,120 to least privilege or access reviews and so on. 191 00:10:38,480 --> 00:10:43,560 So we meet our customers based on the current pain points, help 192 00:10:43,560 --> 00:10:46,240 them solve those pain points better than anybody else. 193 00:10:46,600 --> 00:10:49,560 And once that's done, then expand into a second use case 194 00:10:49,560 --> 00:10:52,080 and 3rd use case. So success is frankly measured 195 00:10:52,080 --> 00:10:55,680 by, well, what is the current problem statement that you're 196 00:10:55,680 --> 00:10:58,840 trying to solve? How can we help you do that? 197 00:10:59,480 --> 00:11:01,440 Let's take an example for just in time access. 198 00:11:01,640 --> 00:11:06,920 Well, there's a customer who's do decided to deploy Jet and 199 00:11:06,920 --> 00:11:09,240 they look at multiple vendors and decide an Andromeda. 200 00:11:09,520 --> 00:11:12,280 So let's operationalize that in a phased manner. 201 00:11:12,280 --> 00:11:15,920 Let's make sure Jet is deployed. Once that hits a certain 202 00:11:15,920 --> 00:11:19,200 maturity curve, let's look at let's for example NHI use case 203 00:11:19,240 --> 00:11:21,360 and so on. And we have a different customer 204 00:11:21,360 --> 00:11:23,560 who says I'll get to JET in future. 205 00:11:24,240 --> 00:11:26,080 I want to first solve my NHI use case. 206 00:11:26,280 --> 00:11:28,600 Let's start there, right and then go on. 207 00:11:28,600 --> 00:11:31,280 So that's how we we measure success based on the specific 208 00:11:31,280 --> 00:11:34,000 use case the customers wants to deploy in and then land and 209 00:11:34,000 --> 00:11:37,840 expand. So Ashish, you are were 210 00:11:37,840 --> 00:11:42,200 tremendously popular. You're boothless popular at 211 00:11:42,200 --> 00:11:46,120 ideniverse at Gardner, which was the most recent one we saw. 212 00:11:46,120 --> 00:11:49,440 You and Jeff and I are regulars at this conferences every year. 213 00:11:49,480 --> 00:11:52,440 You're hard to get much more than a handshake from, but you 214 00:11:52,440 --> 00:11:54,920 had a lot of people. We wanted to hear your story, 215 00:11:54,920 --> 00:11:58,080 understand what is it that you guys bring to the table. 216 00:11:58,280 --> 00:12:05,120 Here's my perspective is that as customers, we want to put 217 00:12:05,120 --> 00:12:08,960 everyone in a box. It's a, you know, we want to be 218 00:12:08,960 --> 00:12:11,800 able to relate that to something we understand. 219 00:12:12,000 --> 00:12:15,840 And when we have budget line items as practitioners, we have 220 00:12:15,840 --> 00:12:19,880 a budget for IGA replacement or IDP replacement. 221 00:12:21,080 --> 00:12:23,880 Where is it? Does Andromeda fit? 222 00:12:24,640 --> 00:12:28,320 What's the closest bucket? Is it IGA is a privileged access 223 00:12:28,320 --> 00:12:33,560 management? Is it ITDR Keem, you tell me, 224 00:12:34,040 --> 00:12:38,360 you know, if somebody's going out and saying I got money for 225 00:12:38,360 --> 00:12:42,760 IGA, is the Andromeda on that list? 226 00:12:43,240 --> 00:12:45,320 Great. Question Jim and I, I understand 227 00:12:45,320 --> 00:12:49,720 totally how we all like to bucket solutions, right? 228 00:12:49,720 --> 00:12:53,160 Because it simplifies how we think about it, right? 229 00:12:53,160 --> 00:12:55,480 Because there's so many vendors out there and you need a 230 00:12:55,480 --> 00:12:59,920 structured way to bucket these and say, OK, this is this 231 00:12:59,920 --> 00:13:01,400 category and this is that category. 232 00:13:01,400 --> 00:13:06,240 So it's a fair question. We like to flip the question 233 00:13:06,240 --> 00:13:08,560 slightly and say, OK, what is the current problem you're 234 00:13:08,560 --> 00:13:09,920 trying to solve? OK, you're trying to solve an 235 00:13:09,920 --> 00:13:12,440 IGA problem. Does Andromeda have a solution 236 00:13:12,440 --> 00:13:13,920 in IGA? Yes, it does. 237 00:13:14,680 --> 00:13:16,640 You are trying to solve a JIT use case. 238 00:13:16,640 --> 00:13:19,640 So I'm looking for a JIT vendor. Does Andromeda fit into that 239 00:13:19,640 --> 00:13:21,960 category? The answer is yes and so on. 240 00:13:21,960 --> 00:13:26,320 So rather than putting Andromeda in one bucket, we like to think 241 00:13:26,320 --> 00:13:30,640 that we had a platform that spans multiple use cases across 242 00:13:30,640 --> 00:13:34,080 multiple of these buckets. And depending on what is the 243 00:13:34,440 --> 00:13:37,360 current pin point, as I mentioned earlier, we would be 244 00:13:37,360 --> 00:13:39,600 able to, if you're able to address that, then the customers 245 00:13:39,600 --> 00:13:42,520 would would buy that. So, so that's why we look at it. 246 00:13:43,160 --> 00:13:45,800 The, the reason this is an important distinction is that 247 00:13:45,800 --> 00:13:51,680 because because of these bucketed vendors, we have this 248 00:13:51,680 --> 00:13:55,840 fragmented landscape and we think that the right way to do 249 00:13:55,840 --> 00:13:59,240 that is put everything in a single data lake and build 250 00:13:59,240 --> 00:14:01,360 models on that. Let me give you a specific 251 00:14:01,360 --> 00:14:03,880 example. One of the most common thing 252 00:14:03,880 --> 00:14:07,280 today you see is lots of NHI vendors, which is great. 253 00:14:07,560 --> 00:14:10,560 And I'm sure we'll, we'll talk more about NHI later on this 254 00:14:10,560 --> 00:14:14,640 podcast. But our contention is that NHI 255 00:14:14,640 --> 00:14:16,720 itself cannot be solved in isolation. 256 00:14:17,080 --> 00:14:21,080 I'll give you 2 reasons. The risks of Nhis and the 257 00:14:21,080 --> 00:14:25,160 corresponding human users are intertwined and the life cycles 258 00:14:25,160 --> 00:14:28,920 are intertwined. If I left the organization, all 259 00:14:28,920 --> 00:14:33,080 the Nhis that I managed or owned or used have to be the deleted 260 00:14:33,160 --> 00:14:37,320 if they're no longer in use or re keyed and reassigned to 261 00:14:37,320 --> 00:14:39,400 somebody else. Otherwise there is a Latin risk 262 00:14:40,400 --> 00:14:44,080 of that NHI by the by the now exited employee. 263 00:14:44,920 --> 00:14:49,680 So the life cycles and intertwine same thing around the 264 00:14:49,720 --> 00:14:53,760 the risk right and a risk of a human user is not just 265 00:14:53,760 --> 00:14:57,080 identified by the rules and the access to the application that 266 00:14:57,080 --> 00:15:01,360 he or she has, but also the relevant roles and permissions 267 00:15:01,360 --> 00:15:05,160 all the Nhis that he or she is managing right. 268 00:15:05,520 --> 00:15:09,360 And finally, I would say that other than the discovery 269 00:15:09,360 --> 00:15:13,000 component of NHI, which is unique because human identities 270 00:15:13,000 --> 00:15:16,960 have a directory service and HR systems, Nhis don't. 271 00:15:17,600 --> 00:15:21,800 Other than that, the permissions management, the governance, the 272 00:15:21,800 --> 00:15:25,280 privilege access management are common to both human and non 273 00:15:25,280 --> 00:15:28,560 human. So why have separated solutions 274 00:15:28,960 --> 00:15:32,640 when you're trying to solve the same kind of problems? 275 00:15:33,320 --> 00:15:36,840 So, so that's, that's why we don't like to bucket ourselves 276 00:15:37,280 --> 00:15:41,640 that we are IGA or PIM or Pam or or Kim or so on. 277 00:15:42,200 --> 00:15:44,920 We like to say, what is the use case you're trying to solve? 278 00:15:45,240 --> 00:15:47,960 Let me let us show you whether we can address that better than 279 00:15:47,960 --> 00:15:49,800 anybody else. And then if so, you can use 280 00:15:49,800 --> 00:15:52,120 Andromeda. OK, that's a really cool 281 00:15:52,120 --> 00:15:54,680 perspective. So let me ask the question then, 282 00:15:54,680 --> 00:15:59,720 what is the ideal customer type? Because I work with some clients 283 00:15:59,720 --> 00:16:03,800 who were mature or were very mature at one time and they kind 284 00:16:03,800 --> 00:16:08,120 of reached some of the sticking points with the technology 285 00:16:08,120 --> 00:16:11,720 solutions they have. They can't take on some of these 286 00:16:11,720 --> 00:16:14,720 newer use cases that are presented from cloud 287 00:16:14,720 --> 00:16:17,640 environments or maybe their scale has grown. 288 00:16:17,840 --> 00:16:21,160 I also work with clients who, you know, they've really just 289 00:16:21,160 --> 00:16:24,360 haven't invested in IM in the past decade. 290 00:16:24,800 --> 00:16:27,280 And so they're more or less a Greenfield. 291 00:16:27,280 --> 00:16:30,960 Even if they have an IGA solution, it might not be one 292 00:16:30,960 --> 00:16:34,320 that, you know, people commonly talk about it anymore, might be 293 00:16:34,320 --> 00:16:38,880 that old, right. So what is the ideal client who 294 00:16:38,880 --> 00:16:42,720 comes to? Is it the the savvy client or 295 00:16:42,720 --> 00:16:44,840 the client who's just getting their feet wet? 296 00:16:44,840 --> 00:16:48,960 Or maybe it's a savvy practitioner who took a job and 297 00:16:48,960 --> 00:16:51,840 it's, like I said, Greenfield. Yeah. 298 00:16:52,320 --> 00:16:56,280 That's a great question. So I'll, I'll answer it with two 299 00:16:56,280 --> 00:16:58,520 perspectives. What is an ultimate vision? 300 00:16:59,280 --> 00:17:01,840 But as a start up, what is their current focus, right? 301 00:17:01,840 --> 00:17:04,359 Because the end of the day, it's a matter of physics, right? 302 00:17:04,359 --> 00:17:07,720 So as a start up to be successful, you have to make 303 00:17:07,720 --> 00:17:11,359 sure that you are addressing the use cases in the right order and 304 00:17:12,000 --> 00:17:17,119 not trying to boil the ocean. So let's start with the with, 305 00:17:17,119 --> 00:17:19,720 with what, what, what we support today and what our ideal 306 00:17:19,720 --> 00:17:24,319 customer today looks like our ideal customer today is anybody 307 00:17:24,319 --> 00:17:27,440 who's trying to solve an identity security problem for 308 00:17:27,440 --> 00:17:33,520 cloud and SAS. And whether and in each of the 309 00:17:33,520 --> 00:17:37,080 buckets that we talked about, whether it's around visibility 310 00:17:37,160 --> 00:17:40,640 and risk scoring of your identities, human or non human, 311 00:17:41,360 --> 00:17:44,640 it's around least privilege, it's around just in time access 312 00:17:44,640 --> 00:17:47,440 in cloud or IGA for cloud and SAS. 313 00:17:49,120 --> 00:17:53,080 So in any of these buckets, if you're focused on your cloud and 314 00:17:53,080 --> 00:17:57,320 SAS environment, that's our ideal customer today. 315 00:17:58,000 --> 00:18:01,000 We do not have an on Prem solution today and so that's 316 00:18:01,000 --> 00:18:05,320 that's the current focus. But segwaying into where we are 317 00:18:05,320 --> 00:18:10,800 going, well absolutely we will scale into on premises as well 318 00:18:10,800 --> 00:18:15,640 and that's a longer term story as we matured our product, our 319 00:18:15,640 --> 00:18:20,640 integrations and so on. And so our vision is to be able 320 00:18:20,640 --> 00:18:24,480 to be the identity security platform across human and non 321 00:18:24,480 --> 00:18:28,920 human based on risk and context and behavioral analysis across 322 00:18:28,920 --> 00:18:31,760 all of the use case. We talked about cloud SAS on 323 00:18:31,760 --> 00:18:36,000 Prem today it's cloud and SAS you. 324 00:18:36,000 --> 00:18:39,240 Mentioned non human identities said maybe we'll get it. 325 00:18:39,720 --> 00:18:41,440 Yeah, we're definitely going to get to that. 326 00:18:41,440 --> 00:18:46,880 Your website screams human and non human, but I would say 2024 327 00:18:47,320 --> 00:18:51,920 was the year that we woke up and said, oh, if these non human 328 00:18:51,920 --> 00:18:54,800 identities, they're a problem that we should deal with. 329 00:18:55,080 --> 00:18:57,800 I've been an identity for over 20 years. 330 00:18:58,280 --> 00:19:01,240 It's been there the whole time. The problem has been there. 331 00:19:01,240 --> 00:19:02,800 But now everybody's talking about it. 332 00:19:03,040 --> 00:19:08,440 Maybe 2025 is going to be the year that you know, you know, 333 00:19:08,800 --> 00:19:12,480 all heck breaks loose. But my question to you, Ashish, 334 00:19:12,480 --> 00:19:16,880 is why now? Why is it that everyone's waking 335 00:19:16,880 --> 00:19:20,280 up to this problem now? It's, it's a great question. 336 00:19:21,120 --> 00:19:24,840 You're right. I think my thesis there is that 337 00:19:25,200 --> 00:19:30,160 we hit that, that maturity curve, we hit that inflection 338 00:19:30,160 --> 00:19:35,920 point off NHI usage. So if you think about it, Nhi's 339 00:19:35,920 --> 00:19:37,200 were there. It's not that the machine 340 00:19:37,200 --> 00:19:40,000 identities or Nhi's were not there on premises, right? 341 00:19:40,360 --> 00:19:45,680 It's that the cloud and SAS has increased the a use of 342 00:19:45,800 --> 00:19:50,720 automation, DevOps and that has proliferated the use of Nhis. 343 00:19:51,040 --> 00:19:54,880 And I think we try to bucket ourselves or we try to bucket 344 00:19:54,880 --> 00:19:58,800 Nhis into all Nhis are equal. They are not that different 345 00:19:58,800 --> 00:20:02,400 kinds of Nhis from service accounts to API keys, tokens to 346 00:20:02,640 --> 00:20:06,720 even AD credentials used for on premises, right. 347 00:20:06,720 --> 00:20:11,080 So I think. That's a podcast on Albert's 348 00:20:11,120 --> 00:20:12,800 own. We just said that, right? 349 00:20:13,680 --> 00:20:15,240 Yes, that's right. That's right. 350 00:20:16,880 --> 00:20:21,640 But the reason I think the NHIS has taken up is because I think 351 00:20:21,640 --> 00:20:26,360 we've hit that inflection point where the adoption of dev OPS in 352 00:20:26,360 --> 00:20:29,400 cloud and automation has gone to a point where it's become a 353 00:20:29,400 --> 00:20:34,760 serious problem. And the one of the biggest 354 00:20:34,760 --> 00:20:38,400 challenges with NHIS that I think we referenced earlier is 355 00:20:38,400 --> 00:20:41,400 there is no single source of truth that is not directly 356 00:20:41,400 --> 00:20:46,120 service or an IDP equivalent for NHIS. 357 00:20:46,160 --> 00:20:48,720 And so I think it's even a harder problem because you can't 358 00:20:48,720 --> 00:20:51,920 gate all Nhis through a single funnel like we could do through 359 00:20:51,920 --> 00:20:55,560 SSO and MFA for human users and look at HR as a single source of 360 00:20:55,560 --> 00:20:57,840 truth. So I think that's the reason why 361 00:20:59,680 --> 00:21:02,120 all of these things coming together, we are seeing a lot of 362 00:21:02,120 --> 00:21:06,480 focus on NHI, yeah. And you know, I feel like we are 363 00:21:06,480 --> 00:21:11,080 now experts in managing it's human identity, right? 364 00:21:11,080 --> 00:21:14,080 I mean, it's, it's kind of boiled down to it's simple, 365 00:21:14,080 --> 00:21:17,960 Simon, there's some authoritative stores, normally 366 00:21:17,960 --> 00:21:22,200 the HR system for who works here, maybe there's a contractor 367 00:21:22,200 --> 00:21:25,680 database. And then we have a IGA system 368 00:21:25,680 --> 00:21:29,320 and this fits out Access. It's really these MH is that 369 00:21:29,640 --> 00:21:34,000 they're hard to manage and with kind of what you were describing 370 00:21:34,000 --> 00:21:37,160 earlier, sounds like you went right after the probably you 371 00:21:37,160 --> 00:21:40,200 took on the hard stuff. What makes this so hard to to 372 00:21:40,200 --> 00:21:41,520 manage these? Yeah. 373 00:21:42,400 --> 00:21:45,520 I'll answer the questions, but I would also contend to your point 374 00:21:45,520 --> 00:21:48,840 that HI is a solved problem, but human identity is a solved 375 00:21:48,840 --> 00:21:49,800 problem. I don't think so. 376 00:21:49,800 --> 00:21:53,440 It's not a solved problem because it's all manual and not 377 00:21:53,440 --> 00:21:59,560 really based on context. I think the Igas today are just 378 00:22:00,000 --> 00:22:02,560 mostly rubber stamps. They all the roles are over 379 00:22:02,560 --> 00:22:05,600 provision, like 95% of roles are over provision even for human 380 00:22:05,600 --> 00:22:07,520 users. So I don't think it's a solved 381 00:22:07,520 --> 00:22:10,240 problem. But let's let's let's part that 382 00:22:10,240 --> 00:22:12,000 for a second. Let's come back to an NHI 383 00:22:12,000 --> 00:22:15,000 question, which is what makes the NHI hard. 384 00:22:15,040 --> 00:22:21,920 So let's start with what are the aspects of NHS security that are 385 00:22:21,920 --> 00:22:25,080 relevant? I think we all focus on the 386 00:22:25,080 --> 00:22:29,400 first one, which is discovery, credentials management, life 387 00:22:29,400 --> 00:22:32,280 cycle management. I like to put all that under the 388 00:22:32,280 --> 00:22:35,200 authentication, roughly authentication bucket, which is 389 00:22:35,480 --> 00:22:39,320 OK, what are all the Nhis? So do discovery because there is 390 00:22:39,320 --> 00:22:42,320 no central place. What are the key rotation or 391 00:22:42,320 --> 00:22:45,120 credential rotation hygiene? How often should we rotate them 392 00:22:45,880 --> 00:22:51,440 and how should we cycle them? When somebody with the NHI is 393 00:22:51,440 --> 00:22:54,640 deleted or, or the passwords are rotated or keys are rotated and 394 00:22:54,640 --> 00:22:57,480 so on? That's what most of the vendors 395 00:22:57,480 --> 00:22:59,400 are focused on. It's an important problem, but 396 00:22:59,400 --> 00:23:03,080 that's not the only problem. There are two other aspects of 397 00:23:03,120 --> 00:23:08,920 Nhis that are often overlooked. The the the the next one being 398 00:23:08,920 --> 00:23:13,360 the permissions management. They're all right sizing because 399 00:23:13,880 --> 00:23:18,160 just like human users, NHI has a role and a set of permissions 400 00:23:18,160 --> 00:23:21,920 and if they're over privileged you have a large attack surface. 401 00:23:22,720 --> 00:23:26,640 In fact, I would argue that there are types of NH is where 402 00:23:26,640 --> 00:23:30,080 key management is irrelevant. I'll give an example. 403 00:23:30,200 --> 00:23:37,600 Think of AWS EC2A. VMAVM has an inherent EC2 404 00:23:37,600 --> 00:23:41,000 instance profile. It's a temporary credential that 405 00:23:41,200 --> 00:23:45,200 AWS manages on your behalf. You as an enterprise don't have 406 00:23:45,200 --> 00:23:48,680 to worry about key rotations for these kind of workload 407 00:23:48,680 --> 00:23:52,080 identities. However, you absolutely have to 408 00:23:52,080 --> 00:23:53,720 worry about the roles it's assigned. 409 00:23:53,840 --> 00:23:57,600 Because if that VM is compromised, the attacker can 410 00:23:57,800 --> 00:24:02,000 assume the role that that workload identity is able to 411 00:24:02,000 --> 00:24:05,680 take, and if it has additional excessive privileges, all hell 412 00:24:05,680 --> 00:24:08,840 can break loose. So the permissions, the role 413 00:24:08,840 --> 00:24:13,840 rightsizing parts of NHI is equally important, in some cases 414 00:24:13,840 --> 00:24:17,320 more important than the credential piece for some kinds 415 00:24:17,320 --> 00:24:20,440 of identities. That's what makes it hard. 416 00:24:20,720 --> 00:24:24,240 The four and final piece I will talk about a third type of 417 00:24:24,920 --> 00:24:29,600 security is securing the client. Let me give you an example. 418 00:24:29,600 --> 00:24:32,680 Let's say you have, let's focus on AWS. 419 00:24:32,880 --> 00:24:37,120 You have a role in my, I'm an enterprise in my enterprise 420 00:24:37,120 --> 00:24:42,280 account, I have an AWS role. I'm trusted a third party, it's 421 00:24:42,280 --> 00:24:48,000 a another SAS service, their AWS role in their account and 422 00:24:48,000 --> 00:24:50,960 there's a client applications that using the role to access my 423 00:24:51,280 --> 00:24:55,160 my, my enterprise role. There is no credential exchange 424 00:24:55,160 --> 00:24:56,840 here. It's a role to role trust. 425 00:24:58,080 --> 00:25:01,920 What should you protect? Two things, the permissions in 426 00:25:01,920 --> 00:25:05,800 the role so that there is Nexus, a privilege and the client 427 00:25:05,800 --> 00:25:09,160 application, the third party applications which is using the 428 00:25:09,160 --> 00:25:11,400 role, so protecting the client itself. 429 00:25:12,520 --> 00:25:15,920 We often overlook this component, this part of NHS 430 00:25:15,920 --> 00:25:18,800 security as well. So I think we're still in our 431 00:25:18,800 --> 00:25:22,400 early phases of NHS security. There are multiple aspects, we 432 00:25:22,400 --> 00:25:24,880 all focus on one, but there are many things, many hidden 433 00:25:24,880 --> 00:25:28,280 dimensions to NHS security and that's what makes it hard, good. 434 00:25:28,320 --> 00:25:32,840 Answer and I want to come back for the follow up on #2 but this 435 00:25:32,840 --> 00:25:35,360 was a triggered question so bonus question. 436 00:25:36,760 --> 00:25:40,240 I asked this one a lot Jeff and I don't agree on the answer. 437 00:25:41,120 --> 00:25:47,080 Is there a nuance between non human identity and non human 438 00:25:47,080 --> 00:25:51,000 account or do they basically mean the same thing it? 439 00:25:51,000 --> 00:25:54,400 Is a tricky question because account word is so overloaded 440 00:25:55,280 --> 00:25:58,320 right? And AWS account is an Azure 441 00:25:58,320 --> 00:26:01,720 subscription is AGCP project right where the traditional 442 00:26:01,720 --> 00:26:06,080 account means an identity. So we we think of account and 443 00:26:06,080 --> 00:26:10,560 identity almost synonymously because the way to think about 444 00:26:10,560 --> 00:26:17,320 it is that it doesn't have a set of permissions roles, which 445 00:26:17,440 --> 00:26:20,720 allows it to do something. Then you need to worry about as 446 00:26:20,720 --> 00:26:25,120 an identity. And and I think, I think, I 447 00:26:25,120 --> 00:26:28,520 think if you if you apply those first principles, then you can 448 00:26:28,520 --> 00:26:32,040 think that NHI and the non human account are are equivalent. 449 00:26:32,240 --> 00:26:33,520 I was. Kind of thinking of the term 450 00:26:33,520 --> 00:26:37,320 account in terms of, you know, the kind of the traditional 451 00:26:37,320 --> 00:26:41,600 sense of they username and password kind of thing. 452 00:26:41,920 --> 00:26:47,040 Not so much the AWS account, but I, I kind of feel like there's a 453 00:26:47,040 --> 00:26:49,480 future and I don't want to think it's too far off track. 454 00:26:49,720 --> 00:26:55,400 A future where you have AI worker robots and they can make 455 00:26:55,920 --> 00:27:00,000 security decisions on what they're not account or, you 456 00:27:00,000 --> 00:27:01,800 know, accounts. I'm called using the term 457 00:27:01,800 --> 00:27:06,360 accounts again should have the permissions that they have. 458 00:27:07,160 --> 00:27:09,560 I can basically make decisions like people. 459 00:27:09,760 --> 00:27:14,440 So that is a an area where a non human to me would be an 460 00:27:14,440 --> 00:27:16,360 identity. I digress. 461 00:27:16,880 --> 00:27:19,200 Well, but I, I want to get to this because you, because we 462 00:27:19,200 --> 00:27:20,880 definitely don't agree on this one. 463 00:27:20,880 --> 00:27:23,000 And that's fine, right? We're, we're exchanging ideas 464 00:27:23,000 --> 00:27:26,080 here. Where does account stop and 465 00:27:26,080 --> 00:27:29,240 identity begin and vice versa? I think that's really kind of 466 00:27:29,240 --> 00:27:32,320 the crux of the question is you have an identity. 467 00:27:32,360 --> 00:27:34,760 I have an identity. We also have accounts. 468 00:27:35,240 --> 00:27:39,760 Can a non human also have an identity because it also has 469 00:27:39,760 --> 00:27:42,400 accounts or maybe it's its own entity, right? 470 00:27:42,400 --> 00:27:45,120 Or whatever we want to call it. You know, Jim, in your example, 471 00:27:45,360 --> 00:27:48,280 a worker bot, right? Or AI bot or chat bot or 472 00:27:48,280 --> 00:27:49,800 whatever it may be. There's going to come to the 473 00:27:49,800 --> 00:27:55,600 point where you're going to effectively hire AI workers to 474 00:27:55,600 --> 00:27:59,600 do things. Do they, do they have their own 475 00:27:59,680 --> 00:28:02,400 identity because they have account? 476 00:28:02,400 --> 00:28:04,120 I don't know, right? I think that it's, it's an 477 00:28:04,120 --> 00:28:07,160 interesting discussion in my mind because it's very semantic 478 00:28:07,480 --> 00:28:09,800 and almost kind of like, you know, philosophical. 479 00:28:10,400 --> 00:28:12,520 So so we have a perspective one I was. 480 00:28:12,520 --> 00:28:16,080 Just going to say, I think we should have an episode and tap 481 00:28:16,080 --> 00:28:21,200 into smart people like Ashish to answer that question in under 3 482 00:28:21,200 --> 00:28:23,280 minutes. And then kind of like we did 483 00:28:23,280 --> 00:28:26,640 with I Am versus digital identity, What's the difference 484 00:28:26,680 --> 00:28:29,560 and make an episode out of that, yeah. 485 00:28:29,640 --> 00:28:32,960 So if I may add one thing, we actually see some of the 486 00:28:32,960 --> 00:28:35,840 practical implications on this even today. 487 00:28:35,840 --> 00:28:41,120 So for example, I'm Ashish, but I'm logging into AWS through 488 00:28:41,120 --> 00:28:44,320 SSO. OK, so that's an identity right? 489 00:28:44,560 --> 00:28:49,680 But I might also have a local break class account within an 490 00:28:49,680 --> 00:28:53,800 AWS account. Is it the same Ashish or is it a 491 00:28:53,800 --> 00:28:57,960 different account? We, we, what we do is we put all 492 00:28:57,960 --> 00:28:59,880 of that under a hierarchical umbrella. 493 00:28:59,880 --> 00:29:05,640 We call it in we, we, we call it an I'm looking for the right 494 00:29:05,640 --> 00:29:10,520 word here. It's an instance or it's, it's 495 00:29:10,520 --> 00:29:14,560 an incarnation. So Ashish is the ultimate 496 00:29:14,560 --> 00:29:16,600 identity. Ashish has multiple 497 00:29:16,600 --> 00:29:20,680 incarnations. 1 is an SSO incarnation, 1 is a break class 498 00:29:20,680 --> 00:29:26,640 incarnation. That helps us because you can 499 00:29:26,640 --> 00:29:28,880 use the incarnation when it's makes sense. 500 00:29:28,880 --> 00:29:32,880 Like who logged in, the specific incarnation logged in, Who does 501 00:29:32,880 --> 00:29:34,680 it belong to? It belongs to Ashish. 502 00:29:35,240 --> 00:29:38,280 So you can answer these questions depending on what 503 00:29:38,280 --> 00:29:39,480 you're trying to. You can you can. 504 00:29:39,480 --> 00:29:42,160 You can get to the right answers based on what you're looking 505 00:29:42,160 --> 00:29:44,720 for. Similarly to AAI bot question, 506 00:29:46,160 --> 00:29:50,840 the AI bot can be an NHI itself with its own incarnations, but 507 00:29:50,840 --> 00:29:54,600 the ownership is Ashish's because Ashish manages it. 508 00:29:54,760 --> 00:29:59,080 So you can do a combination of human and non human ownership 509 00:29:59,080 --> 00:30:04,400 relationship and within the identities incarnation notion 510 00:30:04,600 --> 00:30:09,680 where it's just one one identity but has multiple accounts, 511 00:30:09,680 --> 00:30:12,760 multiple incarnations depending on which system it's used in. 512 00:30:13,160 --> 00:30:16,800 That helps us in general, but it's a larger conversation. 513 00:30:17,720 --> 00:30:22,600 It is and it I feel so, so, so semantic around this, right, 514 00:30:22,840 --> 00:30:26,160 because you're right, we use accounts, we use identities, we 515 00:30:26,160 --> 00:30:29,040 use IAM to mean a whole bunch of different things that probably 516 00:30:29,040 --> 00:30:31,360 shouldn't. And words matter, especially 517 00:30:31,360 --> 00:30:32,840 when you're talking to people and make sure you have the, you 518 00:30:32,840 --> 00:30:34,520 know, you're using the same language, the same definitions 519 00:30:34,520 --> 00:30:36,840 of those types of things. But I'm going to I'm going to 520 00:30:36,840 --> 00:30:41,040 lay my, my, my Infinity gauntlet down here and I'm going to I'm 521 00:30:41,040 --> 00:30:43,520 going to drop the mic on Jim real quick. 522 00:30:44,080 --> 00:30:46,280 We don't call it non human accounts. 523 00:30:46,480 --> 00:30:48,920 We we've been calling it this entire conversation, human 524 00:30:48,920 --> 00:30:51,080 identities and non human identities. 525 00:30:51,600 --> 00:30:54,480 So there you go, Jim. That's how that's so my my 526 00:30:54,480 --> 00:30:57,360 comeback if you. Came to work at my company. 527 00:30:57,760 --> 00:31:01,480 You just said man I gave you here's your login for your 528 00:31:01,480 --> 00:31:06,880 e-mail, here's your login for the application 123, and here's 529 00:31:06,880 --> 00:31:11,200 your login for application ABC. Would you say you have 3 530 00:31:11,200 --> 00:31:14,520 identities or three accounts? I would say I have 3 accounts 531 00:31:14,520 --> 00:31:18,960 that map back to my identity, my mastery record, whatever you 532 00:31:18,960 --> 00:31:21,200 want to call it, Incarnation as she mentioned, like things like 533 00:31:21,200 --> 00:31:25,480 that is you've got an identity, and then if you think about as a 534 00:31:25,480 --> 00:31:27,960 tree underneath, if you double click an identity, you'll see 535 00:31:27,960 --> 00:31:31,000 three folders for three different accounts there. 536 00:31:31,040 --> 00:31:34,640 There's one Jeff Sedman and the world. 537 00:31:34,640 --> 00:31:37,320 Doesn't need any more. And also, I think with with 538 00:31:37,320 --> 00:31:41,480 identity, using the term identity when it comes to, you 539 00:31:41,480 --> 00:31:45,800 know, hey, Terraform spins up 500 accounts a day. 540 00:31:46,560 --> 00:31:50,560 It doesn't have 500 identities, doesn't create 500 Jeff 541 00:31:50,560 --> 00:31:54,200 Steadman. So it creates 500, you know, 542 00:31:54,200 --> 00:31:58,360 accounts that exemplify Jeff Steadman. 543 00:32:01,680 --> 00:32:05,760 We're going off the deep end here and I have a better 544 00:32:05,760 --> 00:32:10,000 question. I I think it's better, it's more 545 00:32:10,000 --> 00:32:14,640 in target because you talked about this is a data problem. 546 00:32:14,640 --> 00:32:19,160 And I totally agree, especially when it comes to authorization. 547 00:32:19,600 --> 00:32:24,640 I mean, that's the the hard problem, right, is understanding 548 00:32:25,120 --> 00:32:29,920 what an account or an identity has access to in total, what it 549 00:32:29,920 --> 00:32:33,560 should have access to, which is usage patterns. 550 00:32:34,600 --> 00:32:39,000 I mean, you think on this hard problem, talk to us about why. 551 00:32:39,000 --> 00:32:42,920 I mean, to me it's like it gets down to like exactly what the 552 00:32:42,920 --> 00:32:46,720 issue is. It's trying to drive toward some 553 00:32:47,160 --> 00:32:50,240 some instantiation of least privilege, right 100. 554 00:32:50,240 --> 00:32:54,320 Percent and and you can also call it zero trust for identity 555 00:32:54,600 --> 00:32:57,000 right? What is the definition of least 556 00:32:57,000 --> 00:32:58,640 privilege? What is the definition of 0 557 00:32:58,640 --> 00:33:07,000 trust to us to at Andromeda? It means that any identity 558 00:33:07,000 --> 00:33:10,920 should only have those set of permissions on it's standing 559 00:33:11,320 --> 00:33:15,120 basis, on the standing basis that are frequently used and low 560 00:33:15,120 --> 00:33:20,280 risk and why that matters that remember we said it's not if 561 00:33:20,280 --> 00:33:21,360 it's when you'll get compromised. 562 00:33:21,360 --> 00:33:24,760 So when you're compromised, if your tax surface is defined by 563 00:33:24,760 --> 00:33:26,640 low risk permissions, then you don't have nothing to worry 564 00:33:26,640 --> 00:33:31,480 about, right? And and everything else that 565 00:33:31,480 --> 00:33:35,520 moves out goes to just in time access, which is again automated 566 00:33:35,520 --> 00:33:39,160 based on context. But to achieve this true zero 567 00:33:39,160 --> 00:33:41,840 trust or true least privilege, you have to understand two 568 00:33:41,840 --> 00:33:43,320 things. You have to understand risk and 569 00:33:43,320 --> 00:33:47,000 you have to understand usage. Usage is based on the actual 570 00:33:47,000 --> 00:33:50,640 activity that that identity is doing, but not just that 571 00:33:50,640 --> 00:33:53,200 identity, the peers. So that's where some of the 572 00:33:53,200 --> 00:33:56,720 machine learning models come in. Well, if Jeff and Jim are part 573 00:33:56,720 --> 00:34:00,440 of the same team, is there a peer behavioural model that can 574 00:34:00,440 --> 00:34:03,120 also influence what should be part of standing privilege or 575 00:34:03,120 --> 00:34:04,280 not? Because the end of the day, 576 00:34:04,560 --> 00:34:07,400 remember we are trying to achieve two things at the same 577 00:34:07,400 --> 00:34:12,440 time, security and agility or productivity anytime, especially 578 00:34:12,440 --> 00:34:15,440 in cloud and SAS, if you slow down your developers and users, 579 00:34:15,600 --> 00:34:16,760 they're not going to adopt the tool. 580 00:34:17,120 --> 00:34:20,040 So we always trying to strike the balance and to do that. 581 00:34:20,400 --> 00:34:24,360 Coming back to a data problem, Jim, if you can analyse the user 582 00:34:24,360 --> 00:34:29,480 behaviour, the peer behaviour, the context, the locations, the 583 00:34:29,480 --> 00:34:34,480 devices, the past history and then combine that with the risks 584 00:34:34,480 --> 00:34:37,920 of the permissions. So each of AWSGCP Azure have 585 00:34:37,920 --> 00:34:40,000 1520 thousand individual permissions. 586 00:34:40,280 --> 00:34:43,159 They're not equal. There are view level permissions 587 00:34:43,159 --> 00:34:46,080 and list level permissions to read, write and I am level 588 00:34:46,080 --> 00:34:49,040 permissions. Can you give a different risk 589 00:34:49,040 --> 00:34:54,520 levels, combine that the usage models and then derive the zero 590 00:34:54,520 --> 00:34:58,240 trust or this least privilege? That's the Holy Grail and that's 591 00:34:58,240 --> 00:35:04,120 what we are doing at Andromeda based on the data lake and 592 00:35:04,120 --> 00:35:06,280 that's where the machine learning models, the AI models 593 00:35:06,280 --> 00:35:09,160 come into play. That's why the hard problem, and 594 00:35:09,160 --> 00:35:12,120 that's why it's more exciting. All right, so I smelled an AI 595 00:35:12,120 --> 00:35:15,240 conversation. I knew it was coming and look, 596 00:35:15,280 --> 00:35:18,440 I'm, I'm a little bit sceptical because now I start to see a 597 00:35:18,440 --> 00:35:22,080 whole bunch of applications and products and vendors, you know, 598 00:35:22,160 --> 00:35:27,320 jumping on AI and I guess help me understand, right. 599 00:35:27,480 --> 00:35:31,480 You know, we had AI and I think of AI now as generative AI, not 600 00:35:31,840 --> 00:35:33,680 machine learning, which is also AI. 601 00:35:33,680 --> 00:35:36,600 Yes, but it's sort of like the what I'll call the legacy 602 00:35:36,600 --> 00:35:38,040 definition, if you want to call it that. 603 00:35:39,400 --> 00:35:43,560 Help me understand where does AI come into the Andromeda 604 00:35:43,560 --> 00:35:46,240 platform? What is it used for? 605 00:35:46,760 --> 00:35:50,800 You know, is it, is it really generative AI? 606 00:35:50,800 --> 00:35:56,240 Is it ML or some mix of the two? Help frame that for me from a 607 00:35:56,240 --> 00:36:01,080 contextual perspective. Definitely short answer, it's a 608 00:36:01,080 --> 00:36:04,040 combination and it's not AI for the sake of AI. 609 00:36:04,040 --> 00:36:08,760 It's not AI washing right. We we are genuinely trying to 610 00:36:08,760 --> 00:36:11,960 figure out what is the best way to solve a problem. 611 00:36:12,000 --> 00:36:15,160 So to give you an example, right, once you have all the 612 00:36:15,160 --> 00:36:19,280 data in a single data like it's a graph based database, what are 613 00:36:19,280 --> 00:36:21,160 the questions we're trying to answer? 614 00:36:21,360 --> 00:36:24,120 So first is a risk scoring. So we have a three-part risk 615 00:36:24,120 --> 00:36:27,760 model based on posture. So posture, risk configurations, 616 00:36:27,760 --> 00:36:32,240 MFA, etcetera, key hygiene, behavioural risk, past activity, 617 00:36:32,240 --> 00:36:35,760 behaviour, applications, logins, locations, etcetera and 618 00:36:35,760 --> 00:36:39,280 privilege risk analysing the riskiness of the permissions and 619 00:36:39,280 --> 00:36:43,280 the accesses and so on. So this is where as we use some 620 00:36:43,280 --> 00:36:48,000 of the machine learning models to define the risk score in the 621 00:36:48,000 --> 00:36:50,360 best possible way. Mathematical models, some of 622 00:36:50,360 --> 00:36:53,960 their machine learning models for assigning risk score to 623 00:36:54,040 --> 00:36:58,680 every role, every AWS account, every identity, every 624 00:36:58,680 --> 00:37:02,720 application and so on. We also use behavioural machine 625 00:37:02,720 --> 00:37:08,240 learning models for looking for anomalies, anomalies of a given 626 00:37:08,240 --> 00:37:11,960 user compared to its past behaviour, anomalies of a given 627 00:37:11,960 --> 00:37:14,640 user compared to its peers and so on. 628 00:37:15,040 --> 00:37:17,400 And these are well defined machine learning models, 629 00:37:17,400 --> 00:37:19,640 clustering models, anomaly models and so on. 630 00:37:21,280 --> 00:37:26,520 We use models for so. So one place we do use 631 00:37:26,520 --> 00:37:31,680 generative AI is for summarizing session activity locks. 632 00:37:32,440 --> 00:37:35,600 So what we do is let's say you got a privilege sessions for two 633 00:37:35,600 --> 00:37:39,440 hours. We look at the activity logs, 634 00:37:39,440 --> 00:37:41,640 let's say it's AWS. We look at the cloud trade logs 635 00:37:41,640 --> 00:37:45,320 of what Jim did in the two hour privilege session, every action 636 00:37:45,320 --> 00:37:49,080 Jim performed and then the output of the model is an 637 00:37:49,080 --> 00:37:52,760 English language. Somebody saying Jeff logged in 638 00:37:52,760 --> 00:37:56,240 for two hours, he did these these, these actions, these were 639 00:37:56,240 --> 00:38:01,400 anomalous, these were expected. And here is everything he did, 640 00:38:01,400 --> 00:38:03,440 somethings was successful, something was not successful. 641 00:38:03,560 --> 00:38:06,360 That summarization is where we use Gen. 642 00:38:06,360 --> 00:38:09,080 AI models, but that's a very specific use case. 643 00:38:09,760 --> 00:38:14,160 So again, it's the same data lake with the context, with the 644 00:38:14,160 --> 00:38:15,760 behavior, with the activity logs. 645 00:38:15,760 --> 00:38:18,560 And depending on what we're trying to do, we use different 646 00:38:18,560 --> 00:38:23,080 ML and AI models. So as a as a customer, can I 647 00:38:23,320 --> 00:38:27,040 tune the, you know, the models in a way to say, OK, here is 648 00:38:27,040 --> 00:38:30,480 what I'm looking for or here what it here is What's risky? 649 00:38:30,480 --> 00:38:34,080 I would imagine it takes time to develop whatever the access 650 00:38:34,080 --> 00:38:36,000 patterns might look like, right? How do you know if something's 651 00:38:36,000 --> 00:38:40,200 risky unless there is an outlier of data, right, for it to pick 652 00:38:40,200 --> 00:38:43,360 up on What is, I guess one first question. 653 00:38:44,560 --> 00:38:48,840 How do I tune some of these, you know, models to look for what 654 00:38:48,840 --> 00:38:51,840 I'm looking for or make it more fine-tuned for my application or 655 00:38:51,840 --> 00:38:54,960 whatever it may be? And then how long does it take, 656 00:38:55,160 --> 00:38:59,160 you know, realistically to establish a baseline of what is 657 00:38:59,160 --> 00:39:01,080 normal versus what is not normal? 658 00:39:01,800 --> 00:39:03,440 Great question. Let me start with the second 659 00:39:03,440 --> 00:39:08,680 question first. So when we onboard a customer, 660 00:39:09,320 --> 00:39:13,840 if the customer has the last 90 days of log data, we use that 661 00:39:13,840 --> 00:39:16,800 for baselining. So our, our current training 662 00:39:16,800 --> 00:39:20,800 period is about is 90 days worth of data and we can always go 663 00:39:20,800 --> 00:39:23,640 longer. And for most cases, customers 664 00:39:23,640 --> 00:39:26,760 usually have that 90 days of data in the history. 665 00:39:27,040 --> 00:39:32,000 So we can hit the ground running it with that 90 days of history 666 00:39:32,320 --> 00:39:35,120 immediately, right. If the customers doesn't have 667 00:39:35,120 --> 00:39:38,320 any data, then of course you have to wait for 30, sixty, 90 668 00:39:38,320 --> 00:39:40,360 days for the baseline to be established. 669 00:39:40,360 --> 00:39:47,520 But that's rarely happens. Now how we how we train our 670 00:39:47,520 --> 00:39:51,720 models is we don't use customer data to train our models because 671 00:39:52,400 --> 00:39:55,560 the good news is that especially in cloud and SAS, these are 672 00:39:55,560 --> 00:39:58,560 standard applications and standard behaviour where you 673 00:39:58,560 --> 00:40:03,640 know what is what is a risky behaviour of a certain certain 674 00:40:03,760 --> 00:40:07,520 permissions and what is not. So we can use genetic synthetic 675 00:40:07,520 --> 00:40:11,440 data to train our models. And similarly for the Gen. 676 00:40:11,440 --> 00:40:17,120 AI piece where we send to to the LLM models to translate to an 677 00:40:17,120 --> 00:40:19,880 English language, there is no customer data that's being sent 678 00:40:19,880 --> 00:40:22,880 because. It's, it's the actions which are 679 00:40:22,880 --> 00:40:26,400 generic AWS or Azure actions which are getting translated and 680 00:40:26,400 --> 00:40:28,000 the context is getting translated. 681 00:40:28,120 --> 00:40:29,760 Nothing that's customer specific, right. 682 00:40:29,760 --> 00:40:33,720 So, so that that's a good part in terms of tuning. 683 00:40:34,600 --> 00:40:36,640 There are multiple aspects of the model. 684 00:40:36,640 --> 00:40:41,400 So the risk is impacted by the set of permissions as well as 685 00:40:42,240 --> 00:40:46,040 the type of assets. Is it a production environment 686 00:40:46,040 --> 00:40:49,000 versus a dev environment? Is it does it have PIO data or 687 00:40:49,000 --> 00:40:53,720 not Those are tunable by customers today and that impacts 688 00:40:53,720 --> 00:40:58,120 the risk score and so on the other aspects we will we are in 689 00:40:58,120 --> 00:41:01,480 the process of exploring how we can make some of those models 690 00:41:01,480 --> 00:41:04,120 more tunable, but that's again based on customers needs that 691 00:41:04,120 --> 00:41:06,040 should be fairly straightforward for us to do. 692 00:41:08,000 --> 00:41:15,840 Now, one of the biggest criteria for us to implement any ML or AI 693 00:41:15,840 --> 00:41:20,680 model is explain ability. If we cannot explain what the 694 00:41:20,680 --> 00:41:25,800 model did in an English language in a reasonable way, then we do 695 00:41:25,800 --> 00:41:28,120 not want to put it in the product. 696 00:41:28,120 --> 00:41:30,480 We do not want to offer that, right? 697 00:41:30,720 --> 00:41:34,840 So explainability is a very, very important consideration 698 00:41:35,000 --> 00:41:39,600 when we develop the product. And then finally, no models are 699 00:41:39,600 --> 00:41:43,880 perfect. If we say I'm with 100% 700 00:41:44,560 --> 00:41:48,680 probability, I'm telling you this is what the case is, you're 701 00:41:48,680 --> 00:41:50,360 fooling yourself, you're fooling the customers. 702 00:41:50,360 --> 00:41:51,320 That's not the right thing to do. 703 00:41:51,560 --> 00:41:57,520 So a lot of our recommendations, lot of our summarizations and, 704 00:41:57,520 --> 00:42:03,680 and, and analysis, we put up what we call it confidence 705 00:42:03,680 --> 00:42:07,800 interval saying look, all confidence interval for this 706 00:42:07,800 --> 00:42:12,040 analysis is 60 to 80%. Of course, if it's below a 707 00:42:12,080 --> 00:42:13,600 certain threshold, we won't even show it. 708 00:42:13,720 --> 00:42:16,680 But beyond certain threshold you can, you can configure and say 709 00:42:16,960 --> 00:42:19,760 start showing me your recommendations and analysis as 710 00:42:19,760 --> 00:42:21,120 long as this hits a certain threshold. 711 00:42:21,120 --> 00:42:23,680 And then we'll show you what that threshold we have hit so 712 00:42:23,680 --> 00:42:27,080 that you can tune that and say no, show me only after it's 80% 713 00:42:27,160 --> 00:42:29,600 or show me anything about 50% and so on, right. 714 00:42:29,840 --> 00:42:36,000 And then finally, we take input from the customer saying this is 715 00:42:36,040 --> 00:42:40,080 not true, it's a false positive. So that goes back into the the 716 00:42:40,080 --> 00:42:41,880 product, right? Because we're trying to strike a 717 00:42:41,880 --> 00:42:44,600 balance between false positive and false negative, right? 718 00:42:44,800 --> 00:42:48,240 And every customer has a different level of tolerance for 719 00:42:48,240 --> 00:42:49,720 that. And that is something you can 720 00:42:49,720 --> 00:42:53,440 tune and say, show me even if you're 50% confident, show me or 721 00:42:53,440 --> 00:42:55,120 show me only up for 90% and so on. 722 00:42:55,280 --> 00:42:57,640 And then take the feedback and tune the model again and so on. 723 00:42:58,480 --> 00:42:59,960 Hope that helps. It does. 724 00:42:59,960 --> 00:43:04,160 And I think 11 last question for me will be, I guess the security 725 00:43:04,160 --> 00:43:06,000 of the AI models themselves. And I think you kind of 726 00:43:06,000 --> 00:43:09,000 mentioned is you don't you don't put customer data right into 727 00:43:09,000 --> 00:43:11,120 your model. But what are the what are the 728 00:43:11,120 --> 00:43:16,600 guard lines or guard rails for? What stays, I guess on Prem or 729 00:43:16,600 --> 00:43:21,240 in my specific cloud versus your cloud versus maybe a third party 730 00:43:21,240 --> 00:43:25,600 cloud like an open AI or Anthropic or, you know, Google 731 00:43:25,600 --> 00:43:27,880 or whatever it may be. How do you see those three 732 00:43:27,880 --> 00:43:29,680 things mixing and how do you make sure that data doesn't 733 00:43:29,680 --> 00:43:32,040 cross boundaries? Because I feel like that's an 734 00:43:32,040 --> 00:43:34,880 area that needs to be explained. Anytime someone's saying you 735 00:43:34,880 --> 00:43:39,680 know, AI, no. 100% right. So I think you, you, you, you 736 00:43:39,800 --> 00:43:41,960 outline that framework very well, right. 737 00:43:41,960 --> 00:43:45,720 So first of all, from the customer cloud or customer Prem, 738 00:43:46,120 --> 00:43:51,120 we don't pick any data per SE. The only sensitive information 739 00:43:51,120 --> 00:43:55,720 we are getting is of course user IDs and the emails because it's 740 00:43:55,720 --> 00:44:01,720 it's, it's an identity product. But none of the data is pulled 741 00:44:01,720 --> 00:44:05,680 into Andromeda. All of that, whatever we pull in 742 00:44:05,680 --> 00:44:09,640 stays within Andromeda's cloud environment via SAS product. 743 00:44:10,520 --> 00:44:15,360 And none of that goes into a third party, whether it's Open 744 00:44:15,360 --> 00:44:19,920 AI or Anthropic or any any other model because what we are 745 00:44:19,920 --> 00:44:22,840 sending and again, remember we're using the LLM models only 746 00:44:22,840 --> 00:44:26,120 for a very specific use case, which is session summarization. 747 00:44:26,120 --> 00:44:28,680 And if as a customer says, I don't want that feature, no 748 00:44:28,680 --> 00:44:30,480 problem. It's it's, it's a very modular 749 00:44:30,480 --> 00:44:33,280 product. So they're only the actions are 750 00:44:33,280 --> 00:44:37,360 going in saying some anonymous user, user X perform these 751 00:44:37,360 --> 00:44:40,000 sequence of operations, translate them to an English 752 00:44:40,000 --> 00:44:42,160 language summary for me. So there is no data that's going 753 00:44:42,160 --> 00:44:45,760 into a third party. But I think at a larger point, 754 00:44:45,960 --> 00:44:48,880 this is a very, very important topic to us. 755 00:44:48,880 --> 00:44:51,480 It's very near and dear to us because as I said earlier, if 756 00:44:51,480 --> 00:44:54,880 you can't show the safety and security of our data in the 757 00:44:54,880 --> 00:45:00,280 model and can't explain our our answers, then we can't build 758 00:45:00,280 --> 00:45:02,480 trust in our customers, right, So, so. 759 00:45:02,480 --> 00:45:06,720 Ashish, I wanted to say bravo on the explainability point. 760 00:45:07,200 --> 00:45:11,560 I mean, I love that I, I've been a voice towards us for a while, 761 00:45:11,560 --> 00:45:17,680 which is how can I sit in the witness chair and explain why a 762 00:45:17,680 --> 00:45:19,960 decision was made if I can't explain it? 763 00:45:20,200 --> 00:45:25,640 Some black box AI decided is not going to be an acceptable answer 764 00:45:25,640 --> 00:45:28,720 in my opinion. So bravo on that. 765 00:45:29,800 --> 00:45:34,560 You talked a lot about models and you know, I, I see this 766 00:45:34,560 --> 00:45:38,320 trend that's happening in the market, which is you've got a 767 00:45:38,320 --> 00:45:41,120 more savvy client. I. 768 00:45:41,120 --> 00:45:44,960 Love the data lake concept. I think the client wants to have 769 00:45:44,960 --> 00:45:49,800 a hand in, you know that data lake that their data, they they 770 00:45:49,800 --> 00:45:54,120 want to help design it. They want to say, hey, my 771 00:45:54,120 --> 00:45:59,600 business is a certain business and to us here's a certain data 772 00:45:59,600 --> 00:46:03,000 element that is not important to anybody else in the world. 773 00:46:03,000 --> 00:46:05,160 So you haven't figured out this use case. 774 00:46:05,160 --> 00:46:10,040 This is specific to me. I want to have my product build 775 00:46:10,040 --> 00:46:13,960 that into the risk score, which I'm assuming is part of a model. 776 00:46:14,200 --> 00:46:19,800 So my question to you is like as a customer, do I have any 777 00:46:19,800 --> 00:46:25,640 influence over how that model works or is it a black box to 778 00:46:25,640 --> 00:46:26,840 me? It's a great question. 779 00:46:26,840 --> 00:46:30,360 So I think the answer is in it depends. 780 00:46:30,680 --> 00:46:34,560 We are, we do have certain tunable parameters that you can 781 00:46:34,960 --> 00:46:39,440 influence to adjust the model. Having said that, we will be 782 00:46:39,440 --> 00:46:44,080 looking in future where in your case you know as a customer 783 00:46:44,600 --> 00:46:48,240 based on your data, these are the kind of models that might 784 00:46:48,240 --> 00:46:49,600 make sense. And maybe you already have 785 00:46:49,600 --> 00:46:53,480 developed the model and you are asking can you use this model 786 00:46:53,480 --> 00:46:57,560 for me for example. That is something that we we we 787 00:46:57,560 --> 00:46:59,760 were looking at potentially in the future. 788 00:47:01,440 --> 00:47:03,040 The way we think about this is the following. 789 00:47:03,520 --> 00:47:07,280 We cannot be the be all end all, of all the risk calculations and 790 00:47:07,280 --> 00:47:12,040 all threat detection and so on. We build the product with doing 791 00:47:12,040 --> 00:47:15,520 some of that on our own and ability to inject external 792 00:47:15,520 --> 00:47:18,480 threat signals or external any kind of signals, risk signals 793 00:47:18,480 --> 00:47:21,800 into Andromeda, right. So the product is built with 794 00:47:21,800 --> 00:47:23,400 that capability. I'll give you a specific 795 00:47:23,400 --> 00:47:25,960 example. Let's take an example of an EDR 796 00:47:25,960 --> 00:47:29,800 and XDR solution. We're never going to be, we are 797 00:47:29,800 --> 00:47:33,360 not an XDR solution, but XDR solutions have powerful signals 798 00:47:33,360 --> 00:47:36,440 on devices and locations. Can that be inserted into 799 00:47:36,440 --> 00:47:37,720 Andromeda? Absolutely. 800 00:47:37,720 --> 00:47:40,600 That's something we'll do because the ultimate goal, 801 00:47:40,680 --> 00:47:44,960 remember what is our core? Our core is permissions, right 802 00:47:44,960 --> 00:47:48,240 sizing, automating permissions and life cycle, right? 803 00:47:48,240 --> 00:47:51,600 So for example, if there is an external threat signal that says 804 00:47:51,920 --> 00:47:58,240 this identity is compromised, we can near real time bring all its 805 00:47:58,240 --> 00:48:02,160 permissions down to 0 and make all the JIT approval, the 806 00:48:02,160 --> 00:48:04,400 privilege access go through multiple gates. 807 00:48:05,040 --> 00:48:07,840 That is the power of Andromeda. That's the ultimate, which is 808 00:48:08,440 --> 00:48:10,440 it's not if it's when you'll get compromised, but when you're 809 00:48:10,440 --> 00:48:13,400 compromised, can you eliminate the attack surface as fast as 810 00:48:13,400 --> 00:48:14,520 possible? Yes. 811 00:48:14,720 --> 00:48:16,880 And that's where we shine and that's where we differentiate. 812 00:48:17,240 --> 00:48:21,400 So I know I answered your question in in in a couple of 813 00:48:21,400 --> 00:48:24,800 different ways. But to summarize, we have some 814 00:48:24,800 --> 00:48:26,480 tunable parameters for risk models. 815 00:48:26,520 --> 00:48:30,360 We will enable some more, but we are open to taking additional 816 00:48:30,360 --> 00:48:33,800 signals, external signals into Andromeda to make more 817 00:48:33,800 --> 00:48:36,600 intelligent decisions. Yes, that's the goal I love. 818 00:48:36,600 --> 00:48:38,840 It I love it. I love your passion. 819 00:48:40,400 --> 00:48:45,960 I think what makes identity companies go to that next level 820 00:48:45,960 --> 00:48:49,080 is having somebody like yourself who's passionate and very 821 00:48:49,080 --> 00:48:54,160 intelligent and a deep thinker. I wanted to ask two more 822 00:48:54,160 --> 00:49:00,000 questions before we take it out. So 1, you mentioned earlier that 823 00:49:00,280 --> 00:49:02,280 you set up a landing page. I'm sorry, Jeff may have 824 00:49:02,280 --> 00:49:05,840 mentioned it. Andromeda security slash IDAC. 825 00:49:06,200 --> 00:49:08,800 That's where people can go to get more information. 826 00:49:09,200 --> 00:49:13,200 What, what will they find there? What are you going to have as 827 00:49:13,200 --> 00:49:15,520 that landing page? Great question, Jim. 828 00:49:15,520 --> 00:49:21,680 So it's it's an offer for a free discovery, risk coding and 829 00:49:21,680 --> 00:49:24,280 permissions rightsizing. What does that mean? 830 00:49:24,760 --> 00:49:31,160 We will, as part of this offer, give you full visibility, full 831 00:49:31,160 --> 00:49:34,080 discovery of all your human. That's the relatively easy part. 832 00:49:34,080 --> 00:49:38,240 But non human identities as well in a single dashboard give you a 833 00:49:38,240 --> 00:49:40,640 three-part risk of each of those identities. 834 00:49:40,640 --> 00:49:44,640 So you know which identities are high risk and why with built in 835 00:49:44,640 --> 00:49:48,960 recommendations and remediation steps and right size the rolls 836 00:49:48,960 --> 00:49:52,640 for you for all of those identities based on its activity 837 00:49:52,640 --> 00:49:55,280 pattern and risk. That's the offer. 838 00:49:55,880 --> 00:49:58,920 I love it, I love it. Final question to take you out 839 00:49:58,920 --> 00:50:01,440 from the the hard part and then we'll do our lighter note. 840 00:50:01,440 --> 00:50:06,440 So you're on the identity at this linear podcast and a lot of 841 00:50:06,440 --> 00:50:09,320 our guests always wind up and accidentally falls out of 842 00:50:09,320 --> 00:50:11,920 people's mouth, you know, because identity is at the 843 00:50:11,920 --> 00:50:14,840 center. So when you first heard about 844 00:50:14,840 --> 00:50:18,600 our podcast, relate that back to Andromeda security in your 845 00:50:18,600 --> 00:50:22,000 platform identity of the center, what does that mean to you? 846 00:50:22,360 --> 00:50:23,560 No. It's, it's very relevant. 847 00:50:23,560 --> 00:50:27,400 I think I mentioned in the top of the podcast like identity is 848 00:50:27,400 --> 00:50:31,120 at the center of security today because I think depending on 849 00:50:31,120 --> 00:50:35,880 which you're 2320, four 2/3 to 3/4 of all attacks are related 850 00:50:35,880 --> 00:50:37,880 to identity one way or the other, right. 851 00:50:38,040 --> 00:50:42,240 So especially in cloud and SAS then there is no physical 852 00:50:42,240 --> 00:50:44,800 perimeter. Identity is the perimeter and 853 00:50:44,960 --> 00:50:48,000 your tax surfaces is the list of permissions you have. 854 00:50:48,000 --> 00:50:51,200 So it's very, very relevant. So when I heard IDIC for the 855 00:50:51,280 --> 00:50:54,200 first time, I said, wow, that's so true. 856 00:50:54,200 --> 00:50:57,800 I, I don't think you started it when identity was the primary 857 00:50:57,800 --> 00:51:00,080 attack vector, but that's where we are right now. 858 00:51:00,080 --> 00:51:02,960 So we had. Plenty of foresight. 859 00:51:03,560 --> 00:51:05,760 Yes, and. Luck. 860 00:51:06,520 --> 00:51:09,080 Yeah, No, we knew it. Come on, Let's let's let's. 861 00:51:09,480 --> 00:51:11,680 Help ourselves on ships like. We knew it was at the center. 862 00:51:12,000 --> 00:51:15,560 We bought the domain name, trademarked it, copyrighted, all 863 00:51:15,560 --> 00:51:18,840 that good stuff. So yes, we you're preaching to 864 00:51:18,840 --> 00:51:20,840 the choir here. We feel like identity center. 865 00:51:20,880 --> 00:51:23,600 That's why we named it show as it is. 866 00:51:24,600 --> 00:51:26,520 All right, Jim mentioned. Like that's the hard part. 867 00:51:26,720 --> 00:51:30,040 Now it's the even harder part where we talk about ending on a 868 00:51:30,040 --> 00:51:32,160 lighter note, something that is, you know, maybe not identity 869 00:51:32,160 --> 00:51:34,240 related or maybe it is, I guess, depending on how you look at it. 870 00:51:35,360 --> 00:51:38,600 And we were kind of kind of spawn ideas for on this and I 871 00:51:38,600 --> 00:51:42,080 kind of settled on this idea of books on tape. 872 00:51:42,080 --> 00:51:44,800 And that's how old I am tape, right, Everything's recorded and 873 00:51:44,800 --> 00:51:46,880 how etcetera. And we were kind of talking 874 00:51:46,880 --> 00:51:49,360 about a couple of different sci-fi things that we were into 875 00:51:49,440 --> 00:51:51,720 and stuff like that. You had a recommendation. 876 00:51:51,720 --> 00:51:54,320 So I want to give you an opportunity to sell your 877 00:51:54,320 --> 00:51:56,520 recommendation to everyone else, because you sold me on it. 878 00:51:56,520 --> 00:51:59,960 And it's in my Audible queue waiting for me for my next 879 00:51:59,960 --> 00:52:01,400 flight. And then I'm going to give a 880 00:52:01,400 --> 00:52:03,040 recommendation. And then Jim's going to yell at 881 00:52:03,040 --> 00:52:06,760 us, you know, from his porch, you know, saying get off my lawn 882 00:52:06,760 --> 00:52:09,800 or something like that. Yeah, definitely so. 883 00:52:10,120 --> 00:52:13,880 Before I give my recommendation, I think I got into listening to 884 00:52:13,880 --> 00:52:17,920 books When, when I I love reading books, but I don't have 885 00:52:17,920 --> 00:52:19,600 time. But when do you have time? 886 00:52:19,600 --> 00:52:23,360 When you're commuting? And so that's when I got into 887 00:52:23,360 --> 00:52:27,000 the books and then COVID hit. So when when we started working 888 00:52:27,000 --> 00:52:29,360 from home, so I had to find time to commute. 889 00:52:29,360 --> 00:52:30,640 So I can listen to the books, right? 890 00:52:30,640 --> 00:52:34,040 But I got into the books a few years ago and I wanted to do 891 00:52:34,040 --> 00:52:36,040 something that's not tech related at all. 892 00:52:36,160 --> 00:52:39,480 Still intellectually stimulating, but nothing to do 893 00:52:39,480 --> 00:52:42,160 with identity, nothing with cloud, nothing with tech. 894 00:52:42,160 --> 00:52:48,760 And so I got into sci-fi and the best book I have listened to is 895 00:52:48,760 --> 00:52:52,480 the Project Hail Mary by Andy Ware, same author who wrote 896 00:52:52,480 --> 00:52:55,920 Martian and a couple other books as well. 897 00:52:56,120 --> 00:53:00,720 But I highly recommend that book not to read, but to listen to. 898 00:53:01,080 --> 00:53:03,800 Because if you see the book has not been read by, it's been 899 00:53:03,800 --> 00:53:06,560 performed by, they've actually done a full production in a 900 00:53:06,560 --> 00:53:10,040 studio with different accents and different dialects and 901 00:53:10,760 --> 00:53:14,720 different sound effects. So highly, highly recommend 902 00:53:14,720 --> 00:53:17,480 Project Hail Mary. So that's my recommendation. 903 00:53:17,800 --> 00:53:18,920 You sold. Me on the performance then, 904 00:53:18,920 --> 00:53:21,360 because I've listened to, you know, several audio books and 905 00:53:21,360 --> 00:53:24,160 you're right, they're usually someone reading and it's usually 906 00:53:24,160 --> 00:53:27,800 one person you know, and hey, more power to them. 907 00:53:27,800 --> 00:53:29,800 They're trying to do different voices maybe sometimes and 908 00:53:29,800 --> 00:53:32,400 things like that. It's like, OK, but you know, if 909 00:53:32,400 --> 00:53:34,000 it's a full on production, sign me up. 910 00:53:34,040 --> 00:53:36,600 I'm in and I'm a big sci-fi guy, so you know, this is kind of 911 00:53:36,600 --> 00:53:38,120 right up my ally. I was like, all right, sheesh, 912 00:53:38,120 --> 00:53:40,040 you got me downloaded. I'm in. 913 00:53:41,160 --> 00:53:42,680 So I had a recommendation for you. 914 00:53:42,800 --> 00:53:46,400 Now it's not produced, like you said, it is definitely someone 915 00:53:46,400 --> 00:53:47,600 reading, but I think it does a good job. 916 00:53:47,600 --> 00:53:50,560 And I think the story is, you know, at least from my mind, 917 00:53:50,760 --> 00:53:53,800 very original at the time I read it several years back, but is 918 00:53:53,800 --> 00:53:55,800 becoming, I think a little more relevant. 919 00:53:55,880 --> 00:54:00,280 And it is a it is a series called, they call it Baba Verse. 920 00:54:00,280 --> 00:54:03,200 And there's five different books and you can certainly listen to 921 00:54:03,200 --> 00:54:05,040 them as well. We are legion. 922 00:54:05,040 --> 00:54:07,200 We are many and kind of something that, you know, other 923 00:54:07,200 --> 00:54:10,440 things like that. And the whole idea is basically 924 00:54:10,440 --> 00:54:15,160 AI is sort of at the center of this conversation, but it's a 925 00:54:15,160 --> 00:54:17,800 little more human type approach to it. 926 00:54:18,360 --> 00:54:20,960 And I don't want to spoil it because they're really it really 927 00:54:20,960 --> 00:54:23,000 does kind of pick up pretty quickly And then sort of like, 928 00:54:23,040 --> 00:54:24,680 oh, you know, there's a lot going on here. 929 00:54:25,320 --> 00:54:27,320 But I have my recommendation is Bob Averse. 930 00:54:27,320 --> 00:54:30,800 It's by Dennis E Taylor, the 1st in the series is We are Legion. 931 00:54:30,800 --> 00:54:34,040 It is my go to recommendation for anybody who is a sci-fi 932 00:54:34,040 --> 00:54:38,240 junkie, you know, like myself. So hopefully people will check 933 00:54:38,240 --> 00:54:40,440 that out. Jim, how about yourself? 934 00:54:40,440 --> 00:54:47,040 Do you have any E audible, you know books on tape or you know 935 00:54:47,080 --> 00:54:50,480 other recommendations? So I've had Audible accounts 936 00:54:50,480 --> 00:54:53,320 over the years. I am not a sci-fi junkie and I 937 00:54:53,320 --> 00:54:58,320 was reminded of that over the holiday break when I admitted to 938 00:54:58,320 --> 00:55:01,520 my son that I've never seen any of the Harry Potter movies. 939 00:55:02,040 --> 00:55:04,280 I don't. I'll make it a I'll admit to 940 00:55:04,280 --> 00:55:06,720 I've never seen one either. And that might really, but I've 941 00:55:06,720 --> 00:55:08,560 never seen one and I just don't have the interest either. 942 00:55:08,840 --> 00:55:10,920 Lord of the Rings, give me, give me that. 943 00:55:10,920 --> 00:55:13,160 I'm all in. But Harry Potter, not my gym. 944 00:55:13,680 --> 00:55:16,640 As you could probably expect, I've never seen any of the Lord 945 00:55:16,640 --> 00:55:20,040 of the Rings either. But I mean, this floored my son 946 00:55:20,040 --> 00:55:23,320 and I was surprised he was a Harry Potter Potter junkie. 947 00:55:23,320 --> 00:55:27,440 But you know, my, my overall recommendation is, and you've 948 00:55:27,440 --> 00:55:30,400 heard me use this term a lot, Jeff, you need to sharpen the 949 00:55:30,400 --> 00:55:33,880 saw. And to me, that's all about 950 00:55:34,160 --> 00:55:36,280 getting outside of your normal zone. 951 00:55:37,280 --> 00:55:44,560 I remember I had a, an Audible subscription to Harvard Business 952 00:55:44,560 --> 00:55:49,560 Review and it's dry, it's pretty boring, but it gets you thinking 953 00:55:49,560 --> 00:55:55,840 about the way the organization runs and a lot of articles on 954 00:55:55,840 --> 00:55:59,600 strategy and you know, heck, now what we do is we help our 955 00:55:59,600 --> 00:56:04,320 clients build their identity strategy and be able to align 956 00:56:04,320 --> 00:56:07,480 that to the business strategy. I think it's so key. 957 00:56:07,480 --> 00:56:13,280 So if you're not staying sharp, you're using old ideas, then 958 00:56:13,280 --> 00:56:15,680 you're not going to be able to remain relevant. 959 00:56:15,680 --> 00:56:19,320 You can take breaks year at a time, 2 years at a time. 960 00:56:19,560 --> 00:56:23,280 You start taking five year at a time, breaks of continuing your 961 00:56:23,280 --> 00:56:25,640 education, continuing to sharpen the saw. 962 00:56:26,120 --> 00:56:29,400 You're going to be irrelevant very quickly. 963 00:56:29,680 --> 00:56:31,360 You're. Always sharpening the saw I 964 00:56:31,360 --> 00:56:34,040 need. I need a break, you know. 965 00:56:34,040 --> 00:56:37,680 Here's the $1,000,000 idea is someone should write an 966 00:56:37,680 --> 00:56:42,720 engaging, you know, story style approach that weaves in some of 967 00:56:42,720 --> 00:56:44,200 those things. I know there was one. 968 00:56:44,200 --> 00:56:46,840 I can't remember it. It's like an IT book that's 969 00:56:46,840 --> 00:56:49,720 pretty famous, and it's the. Phoenix project or something 970 00:56:49,720 --> 00:56:51,520 Phoenix? Project I need to see more 971 00:56:51,520 --> 00:56:54,920 Phoenix Project style books where it's a story and it's, you 972 00:56:54,920 --> 00:56:58,520 know, it's weaving in little parables along the way, you 973 00:56:58,520 --> 00:57:01,000 know, that people can kind of get into then you sign me out 974 00:57:01,080 --> 00:57:03,600 and then Ashish. We do like a full production of 975 00:57:03,600 --> 00:57:07,800 it with like sound effects and, you know, different cast, voice 976 00:57:07,800 --> 00:57:11,040 cast and things like that. Like I need to see more of that 977 00:57:11,040 --> 00:57:15,080 in my sharpening the saw. You know, I think there's more 978 00:57:15,080 --> 00:57:17,360 money in writing a book like Harry Potter. 979 00:57:17,640 --> 00:57:19,600 Who? Knows, I mean, you know, you 980 00:57:19,600 --> 00:57:21,360 were right. The identity at the center, 981 00:57:22,240 --> 00:57:24,200 audio drama. I mean, that's what we produce 982 00:57:24,200 --> 00:57:25,920 basically every week. Yeah. 983 00:57:27,120 --> 00:57:29,280 All right, let's go ahead and leave it there for this week. 984 00:57:29,920 --> 00:57:31,720 Ashish, thank you so much for joining us. 985 00:57:31,920 --> 00:57:34,040 I'm going to have a link in our show notes for people to check 986 00:57:34,040 --> 00:57:37,120 out Andromeda. It's Andromeda 987 00:57:37,120 --> 00:57:40,640 security.com/idac. Take advantage of the offer that 988 00:57:40,640 --> 00:57:42,480 Ashish mentioned that I think that sounds pretty awesome. 989 00:57:42,840 --> 00:57:45,440 And then all the link also to your LinkedIn profile so people 990 00:57:45,440 --> 00:57:47,240 can reach out if they have questions and things like that. 991 00:57:47,240 --> 00:57:48,920 But thank you so much for joining us. 992 00:57:49,280 --> 00:57:52,200 Any parting thoughts before we wrap this up officially? 993 00:57:52,480 --> 00:57:53,840 No. Thank you for having me. 994 00:57:53,840 --> 00:57:58,040 This was a fun and engaging conversation and I'm glad we are 995 00:57:58,520 --> 00:58:01,760 all trying to solve the hard identity security problem in A 996 00:58:01,760 --> 00:58:03,800 and and and having some fun doing that. 997 00:58:03,800 --> 00:58:07,560 So Yep, looking forward to more fun coming up we. 998 00:58:07,560 --> 00:58:10,040 Try to have fun, sometimes it works, sometimes it doesn't, but 999 00:58:10,480 --> 00:58:11,560 we'll leave it there for this week. 1000 00:58:11,640 --> 00:58:13,680 Thank everybody for watching and listening. 1001 00:58:13,680 --> 00:58:17,400 You can find us on the web, idacpodcast.com, reach out, ask 1002 00:58:17,400 --> 00:58:20,320 questions, engage either on YouTube or podcast or LinkedIn 1003 00:58:20,320 --> 00:58:22,880 or wherever you find us. We always appreciate that. 1004 00:58:22,880 --> 00:58:25,800 So with that, thanks everyone again for listening or watching, 1005 00:58:26,080 --> 00:58:27,560 and we'll talk with you all in the next one. 1006 00:58:29,680 --> 00:58:32,760 You've been listening to Identity at the Center. 1007 00:58:33,080 --> 00:58:37,200 We hope you've enjoyed the show. Make sure to like, rate and 1008 00:58:37,200 --> 00:58:40,800 review, and we'll be back soon. But in the meantime, hit the 1009 00:58:40,800 --> 00:58:44,200 website at identity@thecenter.com. 1010 00:58:44,800 --> 00:58:48,920 See you next time on Identity at the Center.