1 00:00:04,720 --> 00:00:11,120 This is identity at the center. Welcome to the Identity at the 2 00:00:11,120 --> 00:00:12,840 Center podcast. I'm Jeff, and that's Jim. 3 00:00:12,840 --> 00:00:15,040 Hey, Jim. Hey, Jeff, how are you? 4 00:00:15,440 --> 00:00:18,320 Oh, not so bad yourself. I'm feeling well. 5 00:00:18,960 --> 00:00:25,000 Last episode you actually gave the banter a topic which was the 6 00:00:25,000 --> 00:00:28,000 1,000,000 downloads. I think that was great news. 7 00:00:28,240 --> 00:00:31,800 But back to me and this time, if you don't mind, I'm going to put 8 00:00:31,800 --> 00:00:34,920 you on the spot. So topic we didn't prepare for, 9 00:00:35,280 --> 00:00:37,000 but they give me just some thought. 10 00:00:37,000 --> 00:00:41,480 And I think everybody as part of their maturity of, you know, 11 00:00:41,720 --> 00:00:46,360 learning the space and communicating what we do to 12 00:00:46,360 --> 00:00:50,600 executives and people that really aren't in identity is 13 00:00:50,840 --> 00:00:54,560 taking this thing that we understand and explaining it in 14 00:00:54,560 --> 00:00:57,760 business speak. And I'm wondering kind of what 15 00:00:57,760 --> 00:01:00,720 tips do you have for our listeners? 16 00:01:00,720 --> 00:01:03,240 What do you do? What has your journey been like 17 00:01:03,240 --> 00:01:07,200 to take these complex topics and turn them into business speaks 18 00:01:07,200 --> 00:01:09,000 that other people can understand? 19 00:01:09,920 --> 00:01:12,840 Well, I mean, there's so many topics to cover there. 20 00:01:12,880 --> 00:01:15,560 I think I have to break it down simply so I can understand it, 21 00:01:15,560 --> 00:01:20,280 first of all. So I think that helps, you know, 22 00:01:20,280 --> 00:01:23,200 I don't know, I think without an example, that would probably be 23 00:01:23,400 --> 00:01:25,480 helpful for me to kind of say, OK, how would I approach that? 24 00:01:26,080 --> 00:01:27,920 I think the most important thing is knowing your audience. 25 00:01:28,000 --> 00:01:30,480 Who are you talking to? Are they a technical group? 26 00:01:30,480 --> 00:01:33,200 Are they not a technical group? Is it, you know, executive 27 00:01:33,200 --> 00:01:37,240 speak, which is a more polished version of baby talk just for 28 00:01:37,240 --> 00:01:39,040 for some folks, right? Stuff like that. 29 00:01:39,200 --> 00:01:43,520 It's just use simple language and I think try to use analogies 30 00:01:43,520 --> 00:01:46,800 or examples. That'll be probably my, you 31 00:01:46,800 --> 00:01:50,040 know, tip, I guess without really having a topic to 32 00:01:50,040 --> 00:01:53,000 explain. I think analogies and examples 33 00:01:53,000 --> 00:01:55,640 are great, but sometimes I abuse that. 34 00:01:55,840 --> 00:02:00,080 Sometimes I start trying to come up with an analogy on the fly 35 00:02:00,440 --> 00:02:03,400 and then it doesn't work. And sometimes it can even be 36 00:02:03,400 --> 00:02:07,720 embarrassing. Couple of the tips that I use is 37 00:02:08,000 --> 00:02:11,840 talking about outcomes, talking about objectives, Just trying to 38 00:02:12,200 --> 00:02:15,640 kind of boil it down to like, all right, give me the headline, 39 00:02:15,640 --> 00:02:20,640 give me the story in, you know, something I can relate to and 40 00:02:20,640 --> 00:02:24,800 something that just gives me the the answer doesn't walk me 41 00:02:24,800 --> 00:02:29,400 through all the the details because I think as identity 42 00:02:29,400 --> 00:02:31,920 people, we understand all the details. 43 00:02:32,120 --> 00:02:35,240 And that can be a little bit dangerous, right? 44 00:02:35,240 --> 00:02:38,720 If we dive into details because that's our comfort level, then 45 00:02:38,720 --> 00:02:41,160 we're going to lose people who really don't care about those 46 00:02:41,160 --> 00:02:44,240 details like we do. There's a time for details. 47 00:02:44,240 --> 00:02:47,080 There's a time not for details, and you need to be able to 48 00:02:47,080 --> 00:02:51,400 answer the So what question? So what if I don't do this thing 49 00:02:51,400 --> 00:02:53,320 or So what if we do do this thing, right? 50 00:02:53,320 --> 00:02:55,240 Whatever that is. What is the So what? 51 00:02:55,440 --> 00:02:58,440 That is part of that message. Absolutely. 52 00:02:58,640 --> 00:03:02,280 And I think, you know, final thing that I'll say is that I 53 00:03:02,280 --> 00:03:06,400 think practicing over and over and you know, practice with the 54 00:03:06,400 --> 00:03:09,960 people that are in your life, practice with your Co workers. 55 00:03:10,200 --> 00:03:13,760 Another great thing is like if you go to conferences and you 56 00:03:13,760 --> 00:03:17,200 talk to people who are in the industry who maybe do understand 57 00:03:17,200 --> 00:03:21,680 the details, practice with them. Start talking about things in 58 00:03:21,680 --> 00:03:24,040 terms of what is the overall story? 59 00:03:24,040 --> 00:03:27,560 What are you trying to get at? What are the objectives or the 60 00:03:27,600 --> 00:03:29,720 outcomes that you're driving for the business? 61 00:03:29,720 --> 00:03:32,120 If you can do it in that environment, you should be able 62 00:03:32,120 --> 00:03:34,680 to do it anywhere. Yeah, that's a good tip. 63 00:03:34,680 --> 00:03:36,760 I think there's a lot of practice that takes place behind 64 00:03:36,760 --> 00:03:38,600 the scenes. Know your know your content. 65 00:03:38,960 --> 00:03:41,480 If you know your content, you can confidently answer 66 00:03:41,480 --> 00:03:43,680 questions. Yeah, that's probably the 67 00:03:43,680 --> 00:03:45,120 biggest thing. I think everyone has their own 68 00:03:45,120 --> 00:03:46,880 speaking and communication style. 69 00:03:46,880 --> 00:03:48,880 You'll you'll kind of figure that out eventually. 70 00:03:48,880 --> 00:03:51,760 But know your know your stuff and it's going to be a long way. 71 00:03:51,880 --> 00:03:53,760 Rather than kind of, you know, fake it till you make it. 72 00:03:53,760 --> 00:03:57,200 It's a lot harder to to get a, you know, have a good decent 73 00:03:57,200 --> 00:03:59,280 conversation if you're constantly scrambling or 74 00:03:59,280 --> 00:04:00,440 Googling behind the scenes. Right. 75 00:04:00,440 --> 00:04:02,080 Like, what does that mean? Right. 76 00:04:02,080 --> 00:04:05,080 That kind of thing. Well, in terms of like 77 00:04:05,080 --> 00:04:08,640 summarizing stories and talking about conferences, one thing 78 00:04:08,640 --> 00:04:11,480 that we normally do is go through the laundry list of all 79 00:04:11,480 --> 00:04:14,360 the discount codes. But I think we're entering the 80 00:04:14,360 --> 00:04:19,200 peak season for conferences and rather than spending 20 minutes 81 00:04:19,200 --> 00:04:21,920 just going through all the codes, what should people do? 82 00:04:22,440 --> 00:04:24,320 Yeah. We have way too many conferences 83 00:04:24,320 --> 00:04:26,840 that you and I are going to be at in some, some way, shape or 84 00:04:26,840 --> 00:04:28,920 form. So we're going to talk about 85 00:04:29,000 --> 00:04:32,920 just at a high level, but go to the website, idacpodcast.com, 86 00:04:32,920 --> 00:04:35,760 Scroll down. I've got all of our discounts 87 00:04:35,760 --> 00:04:38,400 there. More coming soon, but we are in 88 00:04:38,400 --> 00:04:41,680 the thick of it. There is 2 official 89 00:04:41,680 --> 00:04:43,520 cybersecurity summits that I'm going to be at. 90 00:04:43,520 --> 00:04:45,600 I'm going to be in Chicago, going to be in Philadelphia. 91 00:04:46,400 --> 00:04:49,160 Then we've got the authenticate conference that is coming up. 92 00:04:49,160 --> 00:04:51,840 That's going to be in October. So we've got some fun things 93 00:04:51,840 --> 00:04:55,240 we're going to do. I am happy to say that Fido Feud 94 00:04:55,240 --> 00:04:59,160 is coming back to authenticate. So I have been cleared to to say 95 00:04:59,160 --> 00:05:02,920 that I am working on the questions and Jim will be a team 96 00:05:02,920 --> 00:05:04,400 captain. Megan is going to be the 97 00:05:04,400 --> 00:05:05,960 returning champion from Fido Lions. 98 00:05:05,960 --> 00:05:08,440 She's going to take Jim on again with a whole new team. 99 00:05:08,960 --> 00:05:11,560 So I'm looking forward to that. Bigger, badder, better than we 100 00:05:11,560 --> 00:05:13,080 did last year. But that's very exciting. 101 00:05:13,080 --> 00:05:15,720 Fido Feud was a lot of fun, the most fun had at the conference. 102 00:05:17,200 --> 00:05:20,080 Let's see then we've got Infosec World, that's a new one that we 103 00:05:20,080 --> 00:05:22,440 just signed up for within the last week or so. 104 00:05:22,440 --> 00:05:24,240 So that's coming up also in October. 105 00:05:24,520 --> 00:05:27,080 We've got Ideniverse in Washington DC, that's in 106 00:05:27,080 --> 00:05:28,720 November. And then to kind of cap things 107 00:05:28,720 --> 00:05:31,360 off the end of the year at Gartner, I am and we're going to 108 00:05:31,360 --> 00:05:34,880 be doing a new game show there tentatively called Majority 109 00:05:34,880 --> 00:05:36,400 Rules. But a lot of audience 110 00:05:36,400 --> 00:05:38,560 participation, people playing their phones. 111 00:05:39,080 --> 00:05:41,200 Jim, you'll be up there on a stage with me and probably 112 00:05:41,200 --> 00:05:43,480 Rebecca from Gartner and kind of doing our thing. 113 00:05:43,480 --> 00:05:46,240 But yeah, we're kind of doing like this whole, you know, game 114 00:05:46,240 --> 00:05:48,920 show stick at different conferences and people seem to 115 00:05:48,920 --> 00:05:51,400 enjoy it quite a bit. Yeah, it totally gets old. 116 00:05:51,400 --> 00:05:54,760 Why not keep going with it? I mean, people seem to enjoy it. 117 00:05:55,040 --> 00:05:59,160 We have fun doing it, and hopefully it continues to draw a 118 00:05:59,160 --> 00:06:00,920 crowd. I think we'll keep doing it as 119 00:06:00,920 --> 00:06:04,280 long as people keep wanting it. Yeah, it's a little counter 120 00:06:04,280 --> 00:06:07,080 probing I think to some of the conferences where you, you know, 121 00:06:07,080 --> 00:06:09,720 it's like, OK, I am or security talk all day long and say, all 122 00:06:09,720 --> 00:06:12,000 right, let's have some fun and, you know, kind of get the pulse 123 00:06:12,000 --> 00:06:14,000 of people. So I like doing weird and 124 00:06:14,000 --> 00:06:17,240 interesting things and you know that that scratches that itch 125 00:06:17,240 --> 00:06:18,240 for me. Let's just put it that way. 126 00:06:18,760 --> 00:06:22,800 Yeah, You know, I, I love what we're doing with this episode 127 00:06:22,800 --> 00:06:24,920 today. Kind of something we started in 128 00:06:24,920 --> 00:06:28,400 the beginning of the year, which was they're trying to take other 129 00:06:28,400 --> 00:06:32,040 areas of cyber and talk about how they intersect with 130 00:06:32,040 --> 00:06:34,640 identity. And we're continuing that 131 00:06:34,640 --> 00:06:39,760 conversation today with two of our colleagues from RSM. 132 00:06:40,640 --> 00:06:43,000 Yeah, We're going to cover the intersection of cloud security 133 00:06:43,000 --> 00:06:44,240 and identity and access management. 134 00:06:44,240 --> 00:06:46,200 This is, I think, Part 5 in a series. 135 00:06:46,200 --> 00:06:50,200 We started early off in 2025, started off the year with Ghazi 136 00:06:50,560 --> 00:06:53,160 in January. We recorded that one at last 137 00:06:53,160 --> 00:06:55,280 year's Gartner. And you can go back and look at 138 00:06:55,280 --> 00:06:57,240 Jim and his cowboy hat and cowboy attire. 139 00:06:57,520 --> 00:06:59,280 So that's, you know, the hook for that one. 140 00:06:59,760 --> 00:07:02,480 But yeah, you and I work with some just really smart, good 141 00:07:02,480 --> 00:07:04,720 people, which is one of the strengths, I think of our 142 00:07:04,720 --> 00:07:06,920 organization. And so let me go ahead and take 143 00:07:06,920 --> 00:07:08,640 a second here to introduce Justin Devine. 144 00:07:08,640 --> 00:07:10,400 He's a cloud transformation director. 145 00:07:10,680 --> 00:07:12,920 Welcome, Justin. Thanks, Jeff. 146 00:07:13,760 --> 00:07:15,880 Appreciate it. Yeah, I'm glad to have you here. 147 00:07:15,880 --> 00:07:18,160 And then one of our colleagues in the digital identity practice 148 00:07:18,160 --> 00:07:21,320 here at RSM, we've got Vishnavi Vadi, Nathan, she's a Digital 149 00:07:21,320 --> 00:07:23,200 Identity Director alongside Jim and myself. 150 00:07:23,200 --> 00:07:25,040 Welcome Vishnavi. Thank you, Jeff. 151 00:07:25,600 --> 00:07:27,920 Hello, Jen. All right, so we have tradition 152 00:07:27,920 --> 00:07:30,720 around here. First time anyone joins us, we 153 00:07:30,720 --> 00:07:32,880 talk about their backgrounds, you know, how they got into 154 00:07:32,880 --> 00:07:35,520 identity, in this case, maybe how we got into infosec kind of 155 00:07:35,520 --> 00:07:37,880 at large. Vishnabi, I'm going to start 156 00:07:37,880 --> 00:07:40,160 with you. How did you get into the 157 00:07:40,160 --> 00:07:42,600 wonderful world of identity and access management? 158 00:07:44,040 --> 00:07:48,040 Yeah, at 10 years ago, I began my journey in the identity world 159 00:07:48,040 --> 00:07:50,840 with the basic authentication and authorization. 160 00:07:50,840 --> 00:07:54,280 At that time, most of the organization relied on custom 161 00:07:54,280 --> 00:07:58,440 built solutions or tightly coupled identity modules with 162 00:07:58,440 --> 00:08:02,840 the legacy applications. My work centred on building the 163 00:08:02,840 --> 00:08:07,400 login workflows, directory services, moving towards the 164 00:08:08,360 --> 00:08:11,760 governance identity and governance world where 165 00:08:11,880 --> 00:08:14,400 automating from the manual account creation to the 166 00:08:14,400 --> 00:08:18,480 automated provisioning, road based access controls, audit 167 00:08:18,480 --> 00:08:21,080 compliance. That's how my journey began 18 168 00:08:21,080 --> 00:08:24,240 years back and gradually I progressed towards the 169 00:08:24,240 --> 00:08:27,360 privileged access management with governance under waiters 170 00:08:27,440 --> 00:08:31,680 spotlight gradually shifted those days from to the high risk 171 00:08:31,720 --> 00:08:34,400 accounts, administrators, privileged accounts. 172 00:08:34,679 --> 00:08:39,799 So I evolved my focus into the area and automated password 173 00:08:39,799 --> 00:08:42,080 rotation. That's where I sharpened my 174 00:08:42,320 --> 00:08:45,360 skills from the authentication authorization or access 175 00:08:45,360 --> 00:08:48,960 management gradually to identity governance, then to the 176 00:08:48,960 --> 00:08:52,720 privileged access management. And also I have seen the journey 177 00:08:52,720 --> 00:08:57,240 of identity world from custom and legacy to the next Gen. 178 00:08:57,320 --> 00:09:02,760 identity solutions, heavily customized identity world ID and 179 00:09:02,760 --> 00:09:08,160 systems, on premise systems and directory services, hardcoded 180 00:09:08,160 --> 00:09:10,720 role, role models to the next Gen. 181 00:09:10,800 --> 00:09:14,640 SAS, first identity platforms, pretty much all the key players 182 00:09:14,640 --> 00:09:17,920 in the market. I have been part of the 183 00:09:17,920 --> 00:09:20,480 evolution and the journey adaptive authentication, 184 00:09:20,480 --> 00:09:23,440 password less. That's how my journey has been 185 00:09:23,440 --> 00:09:26,400 for the 18 years. That's a lot of stuff to cover. 186 00:09:26,400 --> 00:09:30,520 Do you have a favorite? I am technology or you know, I 187 00:09:30,520 --> 00:09:33,160 am vertical? Like is it IGA, is it Pam, is it 188 00:09:33,160 --> 00:09:35,920 authentication? Like, what's your favorite part 189 00:09:35,920 --> 00:09:39,240 of identity? Access management is something 190 00:09:39,240 --> 00:09:45,520 that always excites me because it gives the flavour of login, 191 00:09:45,720 --> 00:09:50,160 password layers, biometric the I've seen how access management 192 00:09:50,160 --> 00:09:55,720 has evolved 18 years back where we had everything custom 193 00:09:55,720 --> 00:09:59,800 developed login modules, we and it was all the traditional 194 00:09:59,800 --> 00:10:03,560 directory services. Many most of those ages we had 195 00:10:03,560 --> 00:10:05,120 everything as an L dab directories. 196 00:10:05,560 --> 00:10:11,320 Now things have evolved a lot. I come from a generation where 197 00:10:11,320 --> 00:10:13,000 I've seen everything in the passwords. 198 00:10:13,880 --> 00:10:17,680 We used to make sure that protection, everything is taken 199 00:10:17,680 --> 00:10:20,640 care of as part of customization. 200 00:10:20,640 --> 00:10:23,360 Now everything just happens with the click or a small 201 00:10:23,360 --> 00:10:26,240 configuration. So that really excites me. 202 00:10:26,240 --> 00:10:29,680 And consumer access management is also something that I always 203 00:10:29,720 --> 00:10:34,240 enjoy working coming from a financial organization 204 00:10:34,240 --> 00:10:38,560 background in the past where that B2C part of the world plays 205 00:10:38,560 --> 00:10:42,600 a very important role and that's where most of the business lies 206 00:10:42,600 --> 00:10:46,280 for the financial organization or healthcare organization or be 207 00:10:46,280 --> 00:10:50,480 it retail organizations. So I really enjoy that side of 208 00:10:50,480 --> 00:10:54,560 the world and all the tools that are in the market really excites 209 00:10:54,560 --> 00:10:56,800 me. And I have had wonderful 210 00:10:56,800 --> 00:11:00,400 experience in this 18 years working with almost all the top 211 00:11:00,400 --> 00:11:02,840 leading products in the Gartner quadrants. 212 00:11:03,800 --> 00:11:06,720 So does that bug you as much as it bugs me? 213 00:11:06,720 --> 00:11:09,760 When you go to like as a consumer, you go to a website 214 00:11:09,760 --> 00:11:12,480 and they just have a terrible identity experience and they're 215 00:11:12,480 --> 00:11:14,920 like, Oh my gosh, come on, like fix this thing. 216 00:11:15,520 --> 00:11:17,600 Just want to reach through like, all right, why does my, you 217 00:11:17,640 --> 00:11:19,680 know, the, the password is probably the most classic 218 00:11:19,680 --> 00:11:22,040 example, right? OK, my password's not working 219 00:11:22,280 --> 00:11:25,160 and let me go to reset it. New password can't be the same 220 00:11:25,160 --> 00:11:27,880 as old password. What what is going on here? 221 00:11:28,240 --> 00:11:30,760 Like, it drives me crazy. Does it drive you similarly 222 00:11:30,760 --> 00:11:32,880 crazy, or are you a little more cooler and calm with it? 223 00:11:33,720 --> 00:11:35,680 No, no, I would say sometimes it's both. 224 00:11:36,960 --> 00:11:41,440 As a consumer, sometimes it is really frustrating when I'm 225 00:11:41,720 --> 00:11:45,640 asked to reset my password or do certain things, but when I view 226 00:11:45,680 --> 00:11:48,920 my identity hack it saves me. No, this is right. 227 00:11:48,920 --> 00:11:51,360 You have to do this. You have to configure your MFA, 228 00:11:51,360 --> 00:11:56,520 you have to make sure it's secured and you reset, or you 229 00:11:56,520 --> 00:12:00,720 change your password frequently, or go with the biometric, or go 230 00:12:00,720 --> 00:12:03,600 with the certificate based authentic. 231 00:12:04,120 --> 00:12:10,600 It just, it just prompts me to keep up with the standards. 232 00:12:11,360 --> 00:12:14,280 Well, I'm glad that you know it. It similarly drives you crazy, 233 00:12:14,280 --> 00:12:17,000 but it seems like you got a little bit cooler approach to 234 00:12:17,000 --> 00:12:19,440 it, which I could appreciate. All right, Justin, let's hear 235 00:12:19,440 --> 00:12:22,280 about your background. How did you get into information 236 00:12:22,280 --> 00:12:24,280 security? And do you consider yourself an 237 00:12:24,280 --> 00:12:25,640 identity and access management person? 238 00:12:25,640 --> 00:12:28,040 Are we going to have to, like, award you an honorary title here 239 00:12:28,040 --> 00:12:30,840 as part of this conversation? Yeah, I think, I think you could 240 00:12:30,840 --> 00:12:34,400 deputize me. I, I, I guess I would say that 241 00:12:34,400 --> 00:12:37,760 the first time I touched identities is probably the, the 242 00:12:37,760 --> 00:12:40,760 local user accounts on the computers I used to take apart 243 00:12:40,760 --> 00:12:45,040 and put back together as a, as a kid to my parents dismay. 244 00:12:45,520 --> 00:12:47,920 And then that moved on to a lot of Active Directory as I 245 00:12:47,920 --> 00:12:50,320 supported a lot of application implementations. 246 00:12:50,680 --> 00:12:54,400 And then as I got into cloud, when cloud was being born, it 247 00:12:54,400 --> 00:12:57,440 was about Active Directory migrations into the cloud, into 248 00:12:57,440 --> 00:13:01,240 other identity providers. And that now that I'm mostly 249 00:13:01,240 --> 00:13:02,960 involved in cloud transformations and cloud 250 00:13:02,960 --> 00:13:06,720 security transformations, I, I generally run into an interface 251 00:13:06,720 --> 00:13:13,600 with identity as a prerequisite or a dependency that we need to 252 00:13:13,600 --> 00:13:16,560 solve before we can transform some things in the cloud, before 253 00:13:16,560 --> 00:13:19,760 we can do migrations, things such as, such as that. 254 00:13:20,640 --> 00:13:24,400 So I'm not a, I'm not a dyed in the wool identity pro the way 255 00:13:24,400 --> 00:13:26,200 Vishnavi was. There's no way I can follow 256 00:13:26,200 --> 00:13:28,600 that. But I have written that e-mail 257 00:13:29,160 --> 00:13:32,640 about a website that doesn't work right and then sat in shame 258 00:13:33,280 --> 00:13:35,760 about writing that e-mail because I know it just goes to 259 00:13:35,760 --> 00:13:39,680 some some poor person who is is not going to not going to be 260 00:13:39,680 --> 00:13:42,720 able to do much with it. But it feels good to vent a 261 00:13:42,720 --> 00:13:44,080 little bit, right? Like, all right, fix your 262 00:13:44,080 --> 00:13:46,280 process like this is not a good user experience. 263 00:13:46,280 --> 00:13:51,320 And look, the, the identity space is a, a warm, inviting 264 00:13:51,320 --> 00:13:53,760 place, you know, come on in. It's great. 265 00:13:54,520 --> 00:13:55,880 You know, Jim, and I've been doing this for a long time, 266 00:13:55,880 --> 00:13:58,040 Vishnavi as well. So, you know, I'm going to, we 267 00:13:58,040 --> 00:14:00,240 can start the, you know, the one of us chant if we want to do 268 00:14:00,240 --> 00:14:02,920 that. This is why I team up with the 269 00:14:02,920 --> 00:14:06,240 three of you though. It's because I know that in 270 00:14:06,240 --> 00:14:09,440 order to make cloud migrations and transformations go well and 271 00:14:09,440 --> 00:14:13,920 to keep things in the cloud secure, I need folks like 272 00:14:13,920 --> 00:14:18,560 yourselves who are pros to, to help me get into all the gory 273 00:14:18,560 --> 00:14:19,920 details that you were talking about. 274 00:14:19,920 --> 00:14:22,200 And at the beginning of this call, right when you were 275 00:14:22,200 --> 00:14:25,200 talking about how you translate for, for business users. 276 00:14:25,440 --> 00:14:29,240 I know I need AI need a a diagonal wool identity pro like 277 00:14:29,240 --> 00:14:32,040 yourselves to to work with to make it go well. 278 00:14:33,840 --> 00:14:37,080 So there shall be, you know, one of the things that Jeff and I 279 00:14:37,080 --> 00:14:41,520 talked about when we decided to come up with an episode to 280 00:14:41,520 --> 00:14:45,640 connect cloud security and identity is, you know, what is 281 00:14:45,640 --> 00:14:49,560 the the right approach? Is it to have your identity 282 00:14:49,560 --> 00:14:54,120 strategy or cloud strategy or do the both of those at the same 283 00:14:54,120 --> 00:14:56,600 time to make sure? The cordon seems like it's the 284 00:14:56,600 --> 00:15:02,560 latter, but it seems also like a lot of times those pieces kind 285 00:15:02,560 --> 00:15:07,880 of run separately until there's a problem more until something 286 00:15:07,880 --> 00:15:11,240 needs to be done about it. And then it's like, OK, well, we 287 00:15:11,240 --> 00:15:14,320 need to fix this. What is the approach that you 288 00:15:14,320 --> 00:15:18,440 recommend? Great question, Jim. 289 00:15:18,560 --> 00:15:22,720 Cloud and IAM are inseparable in today's enterprise because cloud 290 00:15:22,840 --> 00:15:27,760 amplifies both opportunity and risk and IMS the control plane 291 00:15:27,760 --> 00:15:31,120 for governing that risk while enabling business agility. 292 00:15:31,120 --> 00:15:33,640 That's how I look at it in simple terms, if you want me to 293 00:15:33,640 --> 00:15:38,240 explain it, what I can explain like why I, why cloud and IM 294 00:15:38,240 --> 00:15:44,720 must be considered together. Cloud expands widely and the 295 00:15:44,720 --> 00:15:48,520 traditional IM was focused on primarily on employees accessing 296 00:15:48,520 --> 00:15:52,200 internal system. Whereas cloud introduced SaaS, 297 00:15:52,200 --> 00:15:57,920 Paas, IAS, each with their own identity layer without central 298 00:15:57,920 --> 00:16:03,320 IAM identity sprawls, policies, fragment, attackers exploit 299 00:16:03,560 --> 00:16:07,560 weakest links. All this actually brings in or 300 00:16:07,560 --> 00:16:10,480 in or gets embedded into the cloud migration. 301 00:16:11,000 --> 00:16:14,880 So according to me we have to we should consider both cloud and 302 00:16:14,880 --> 00:16:18,000 IAM together. I would call it like identity 303 00:16:18,000 --> 00:16:22,160 becomes the new perimeter in because in cloud there is no 304 00:16:22,160 --> 00:16:25,520 firewall around everything. The perimeter is what identity 305 00:16:25,520 --> 00:16:27,680 is. So when we think about cloud 306 00:16:27,680 --> 00:16:31,520 migration, we should also think about IM together. 307 00:16:32,080 --> 00:16:36,120 Cloud agility definitely requires IM agility to when our 308 00:16:36,120 --> 00:16:41,560 developers pins up workloads or SAS tool at speed just and can 309 00:16:41,560 --> 00:16:45,440 definitely add on top of this, IM must automate the 310 00:16:45,440 --> 00:16:50,920 provisioning governance federation, MFA and how to 311 00:16:50,920 --> 00:16:55,160 handle the privileged accounts like administrators and 312 00:16:55,160 --> 00:16:58,880 everything. And also with cloud and IM 313 00:16:58,880 --> 00:17:02,640 getting together, compliance and zero trust plays a very 314 00:17:02,640 --> 00:17:05,359 important role that can be definitely achieved. 315 00:17:05,440 --> 00:17:09,839 When we think or bring in IM flavours with the cloud beat, we 316 00:17:09,839 --> 00:17:15,240 talk about GDPR, HIPAA, PCIDSSCC, P/E, everything that 317 00:17:15,240 --> 00:17:20,319 could be cannot go separate. It has to bring together with 318 00:17:20,319 --> 00:17:24,280 cloud migration, but we have to bring in IM as well. 319 00:17:25,000 --> 00:17:27,640 That's all I think about. It yeah, I know that's very 320 00:17:27,640 --> 00:17:30,040 thoughtful. And Justin, I think the same 321 00:17:30,040 --> 00:17:35,400 question to you. I mean, you probably, but by the 322 00:17:35,400 --> 00:17:38,000 time folks are already talking to you, they're like, all right, 323 00:17:38,000 --> 00:17:40,840 we need to do some kind of migration to the cloud. 324 00:17:40,840 --> 00:17:44,960 We need to get the cloud right. Is there kind of an education 325 00:17:44,960 --> 00:17:49,120 process or some kind of readiness evaluation that you go 326 00:17:49,120 --> 00:17:51,640 through from an identity perspective? 327 00:17:52,720 --> 00:17:57,600 Absolutely. So generally when I've, I've LED 328 00:17:58,080 --> 00:18:01,120 cloud migrations and, and transformations, we have kind of 329 00:18:01,120 --> 00:18:04,480 readiness checklist and identities always a big part of 330 00:18:04,480 --> 00:18:08,320 it. Because I, I have seen multiple 331 00:18:08,320 --> 00:18:11,680 instances where a client, for example, wants to migrate an 332 00:18:11,680 --> 00:18:15,560 application and then as they dig into it, it turns out, oh, it's 333 00:18:15,560 --> 00:18:19,480 using an authentication method that we haven't extended to the 334 00:18:19,480 --> 00:18:21,800 cloud yet. So it's definitely something you 335 00:18:21,800 --> 00:18:26,760 have to knock out early, right, to make sure that you have all 336 00:18:26,760 --> 00:18:30,000 of the capabilities you need where you're going, not just 337 00:18:30,000 --> 00:18:36,240 where you are. And then that often influences 338 00:18:36,240 --> 00:18:38,880 migration, sequencing, grouping, things like that. 339 00:18:38,880 --> 00:18:42,200 So one thing that Vishnavi said that I, I keyed up that I, I 340 00:18:42,200 --> 00:18:46,400 really, it really resonated with me was about the opportunity and 341 00:18:46,400 --> 00:18:48,960 the risk, right? And I always tell clients you're 342 00:18:48,960 --> 00:18:52,960 not going to be able to keep up at the speed and scale of cloud 343 00:18:52,960 --> 00:18:57,360 without automation. And identities are really great 344 00:18:57,360 --> 00:18:59,880 example of that because every time you're spinning something 345 00:18:59,880 --> 00:19:02,600 up in the cloud, you're creating identities, sometimes privileged 346 00:19:02,600 --> 00:19:04,960 ones. And you you really need to get 347 00:19:04,960 --> 00:19:09,040 that under control early or it will get out of control and 348 00:19:09,040 --> 00:19:12,240 you'll have a a very bad, very bad time in cloud. 349 00:19:13,880 --> 00:19:16,000 So let's stay with that speed question real quick, because I 350 00:19:16,000 --> 00:19:18,760 think that is something that is so prevalent among cloud 351 00:19:18,760 --> 00:19:20,840 services. You're talking about services 352 00:19:20,840 --> 00:19:23,320 that spin up and down sometimes with a milliseconds, right? 353 00:19:23,320 --> 00:19:26,400 Or even shorter nanoseconds. What are some tips that people 354 00:19:26,400 --> 00:19:28,640 might out there to think about? And I don't, we're not going to 355 00:19:28,640 --> 00:19:29,720 solve all the problems now, right? 356 00:19:29,960 --> 00:19:32,680 Because it's too much. But speed is the problem. 357 00:19:32,800 --> 00:19:36,200 How do we How do we, you know, contemplate or think about? 358 00:19:36,200 --> 00:19:41,120 That my the, the the most straightforward answer I can 359 00:19:41,120 --> 00:19:44,680 give you is leveraging automation and standardization, 360 00:19:44,920 --> 00:19:47,400 right? Because you can't keep up with 361 00:19:47,400 --> 00:19:50,600 that speed as a human. You can't, you can't have an 362 00:19:50,600 --> 00:19:55,400 army of humans doing access reviews on or entitlement 363 00:19:55,400 --> 00:19:57,760 reviews on every identity in your cloud. 364 00:19:57,760 --> 00:20:00,920 But as you said, Jeff has things, identities are created, 365 00:20:01,600 --> 00:20:05,880 destroyed, left, left and right or every last thing you spin up 366 00:20:05,880 --> 00:20:08,120 has an identity right, it has an identity. 367 00:20:08,120 --> 00:20:12,400 And that identity has privileges sometimes across your, your 368 00:20:12,400 --> 00:20:15,400 cloud. So that's probably the number 369 00:20:15,400 --> 00:20:19,000 one thing I would say is the quicker you can get a system in 370 00:20:19,000 --> 00:20:23,160 place that doesn't rely on humans double checking 371 00:20:23,160 --> 00:20:26,800 everything. The happier you'll be and the 372 00:20:26,800 --> 00:20:30,640 less of a mess you'll end up in, and you know, the more secure 373 00:20:30,640 --> 00:20:35,360 you'll be overall. So this sounds an awful lot to 374 00:20:35,360 --> 00:20:38,680 me like orchestration and being able to say, hey, let's pull 375 00:20:38,680 --> 00:20:41,480 together some sort of identity infrastructure. 376 00:20:41,960 --> 00:20:44,920 Vishnavi, I guess this is an area that you're probably have a 377 00:20:44,920 --> 00:20:46,040 lot of, you know, experience with. 378 00:20:46,040 --> 00:20:50,160 Is this kind of idea of how do we, how do we address the speed, 379 00:20:50,200 --> 00:20:51,160 right? We need automation. 380 00:20:51,200 --> 00:20:54,600 Like to Justin's point, humans there, it's it's we're too slow. 381 00:20:54,600 --> 00:20:58,360 Unfortunately, even if we're the Usain Bolt of identity and 382 00:20:58,360 --> 00:20:59,960 access management, it would still be too slow. 383 00:21:00,520 --> 00:21:04,040 So how do we look at things like orchestration and especially in 384 00:21:04,040 --> 00:21:06,960 this type of area where we're in like hybrid modes, right? 385 00:21:06,960 --> 00:21:11,320 So we've got on Prem AD and then Entra and then Octas and pings 386 00:21:11,320 --> 00:21:12,400 and all kinds of stuff like that. 387 00:21:12,760 --> 00:21:16,400 How do you address that? Yeah, I can start with giving an 388 00:21:16,400 --> 00:21:22,680 example Jeff, since it is very. This answer would also add 389 00:21:22,680 --> 00:21:25,800 flavors to the previous question which me and Justin tried to 390 00:21:25,800 --> 00:21:29,600 answer. I was part of one of the major 391 00:21:30,480 --> 00:21:36,640 migration, cloud migration which involved IAM concepts or IAM 392 00:21:36,680 --> 00:21:39,480 components as well. It was for a financial 393 00:21:39,480 --> 00:21:42,640 organization where they decided to lift and shift some of the 394 00:21:42,640 --> 00:21:45,560 critical applications into Azure and AWS. 395 00:21:45,720 --> 00:21:48,680 It was the conscious choice they made for both. 396 00:21:49,720 --> 00:21:53,720 They they left the access management to the cloud native 397 00:21:53,760 --> 00:21:56,600 IAM without integrating it with the corporate IAM. 398 00:21:56,600 --> 00:22:00,120 So it was like leave it as it is, take it, adapt a new. 399 00:22:01,320 --> 00:22:07,760 At some point we saw a user had a bitter experiences 400 00:22:08,000 --> 00:22:11,120 specifically with duplicate across accounts, across 401 00:22:11,120 --> 00:22:13,600 environments, orphaned accounts getting piled up. 402 00:22:14,040 --> 00:22:17,320 Auditors started flagging certain violation when it comes 403 00:22:17,320 --> 00:22:21,160 to least privileges just to speeding up the process. 404 00:22:21,280 --> 00:22:25,440 The decision was taken light, just leave it and shift it, lift 405 00:22:25,440 --> 00:22:27,560 and shift and leave things behind. 406 00:22:28,880 --> 00:22:34,120 We had to take a pause there, make a right decision like let's 407 00:22:34,120 --> 00:22:37,640 consolidate IAM for the organization. 408 00:22:37,640 --> 00:22:42,480 Be it you have cloud, you have partially on Prem if it is 5050% 409 00:22:42,480 --> 00:22:47,200 or 8020% or 3070% whatever percentage it could be, but 410 00:22:47,760 --> 00:22:52,840 bring it as a centralised IAM. We Federated their on Prem with 411 00:22:52,840 --> 00:22:56,840 cloud platforms. There are now we have lot of 412 00:22:56,840 --> 00:23:02,600 orchestration products available in the market or skin is very 413 00:23:02,600 --> 00:23:06,320 commonly seen in the market. We used it for SSO, automating, 414 00:23:06,360 --> 00:23:09,280 automated provisioning, deprovisioning, enforced MFA 415 00:23:09,280 --> 00:23:14,320 across all cloud services. To give you a quick statistics 416 00:23:14,320 --> 00:23:19,000 that reduced 80 percentage of the issues we faced immediately 417 00:23:19,000 --> 00:23:24,520 after the migration, just take a pause and unify the IAM for both 418 00:23:25,520 --> 00:23:31,000 since we started about this. Definitely for organizations, 419 00:23:31,000 --> 00:23:35,240 orchestration plays a very important role when or when they 420 00:23:35,240 --> 00:23:37,760 are caught up as part of the transformation, we will have 421 00:23:37,760 --> 00:23:41,600 legacy and modern cloud. We definitely need a connective 422 00:23:41,600 --> 00:23:44,360 tissue to unify them without breaking the business 423 00:23:44,360 --> 00:23:47,120 operations. Yes, it becomes very difficult 424 00:23:47,120 --> 00:23:50,080 for the business and also the technology team be the cloud 425 00:23:50,080 --> 00:23:54,920 team and our IM team or the so-called service desk feed will 426 00:23:54,920 --> 00:23:57,800 be piled with tickets. So identity orchestration is the 427 00:23:57,800 --> 00:24:00,720 integration layer that connects the IEM system. 428 00:24:01,080 --> 00:24:04,840 It has an ability to talk to the legacy directories, home grown 429 00:24:04,840 --> 00:24:09,200 provisioning engines, cloud IEM platforms, SAS apps, privileged 430 00:24:09,200 --> 00:24:13,360 access tools in and act like a cohesive identity fabric. 431 00:24:14,240 --> 00:24:18,000 I usually name it like bridging old and new models, automating 432 00:24:18,000 --> 00:24:21,480 identity workflows, abstracting complexity away from the end 433 00:24:21,480 --> 00:24:24,000 users. This is exactly what the 434 00:24:24,000 --> 00:24:26,360 middleware or the orchestration layer does. 435 00:24:26,760 --> 00:24:30,320 And there are now we have N number of orchestration layers 436 00:24:30,600 --> 00:24:34,320 or the tools that are available readily available for us to pick 437 00:24:34,320 --> 00:24:38,320 up and embed it into the system for as part of the migration. 438 00:24:39,640 --> 00:24:43,320 So what I'm hearing is that it's not a technology problem per SE, 439 00:24:43,320 --> 00:24:44,520 right? There's plenty of tools out 440 00:24:44,520 --> 00:24:46,200 there that can kind of do the thing. 441 00:24:46,600 --> 00:24:48,320 So now I'm thinking maybe this is a governance thing. 442 00:24:48,320 --> 00:24:50,840 And Justin, I kind of want you to weigh in on this is if I'm 443 00:24:50,840 --> 00:24:53,920 looking at things from the cloud perspective, I am pulling at a 444 00:24:53,920 --> 00:24:55,280 whole bunch of new services, right? 445 00:24:55,280 --> 00:24:59,200 That could be AWS, Azure, GCP, you name it. 446 00:24:59,200 --> 00:25:01,280 And those are just the platform providers, but I probably have a 447 00:25:01,280 --> 00:25:04,480 whole bunch of other SAS solutions, right, that I'm using 448 00:25:04,640 --> 00:25:06,800 from that. I imagine governance has to be 449 00:25:06,800 --> 00:25:08,800 part of this as well. Say, OK, what are the rules of 450 00:25:08,800 --> 00:25:09,880 the road that we're going to follow here? 451 00:25:10,080 --> 00:25:12,560 Are we going to agree on, yes, everything should be single 452 00:25:12,560 --> 00:25:14,880 signed on through, you know, whatever, right? 453 00:25:15,760 --> 00:25:18,000 Talk to me a little bit about the governance approach because 454 00:25:18,080 --> 00:25:21,000 what I got from Vishnavi, and feel free to contradict if you 455 00:25:21,000 --> 00:25:24,800 want or or or emphasize it is that the technology isn't the 456 00:25:24,800 --> 00:25:26,360 problem. There are plenty of tools that 457 00:25:26,360 --> 00:25:28,360 will do this. It's the people in the process 458 00:25:28,600 --> 00:25:30,320 that needs to come along with this as well. 459 00:25:31,400 --> 00:25:33,920 I mean, I think it depends on where you start, right? 460 00:25:33,920 --> 00:25:37,480 I've been a part of a couple cloud transformations and a 461 00:25:37,480 --> 00:25:40,960 couple cloud security transformations where the 462 00:25:41,600 --> 00:25:50,200 clients had significant legacy identity entrenched providers. 463 00:25:50,400 --> 00:25:53,040 I was with one client that I think had eight or 10 464 00:25:53,040 --> 00:25:55,640 authentication methods that they had let their apps use. 465 00:25:56,040 --> 00:25:59,520 And they kind of had to do an approach where they sequenced 466 00:26:00,000 --> 00:26:04,680 what they were moving very, very much back to one of the earlier 467 00:26:04,680 --> 00:26:06,560 questions with how do you consider these things? 468 00:26:06,800 --> 00:26:10,520 They had to sequence things out to say, OK, we're going to get 469 00:26:10,520 --> 00:26:13,640 down from 8 authentication methods to 4, right? 470 00:26:13,640 --> 00:26:15,840 That's the big plan. But we can't do that all at 471 00:26:15,840 --> 00:26:17,920 once, right, 'cause we have apps using them, we have to move them 472 00:26:17,920 --> 00:26:19,960 off. We have to update those apps. 473 00:26:20,160 --> 00:26:22,360 And some of them were just, we're just, we can't update. 474 00:26:22,360 --> 00:26:25,360 We just got to live with keeping, you know, one or two 475 00:26:25,360 --> 00:26:27,520 methods open because they're crown jewel apps. 476 00:26:27,760 --> 00:26:30,840 But they actually took the identity road map and the cloud 477 00:26:30,840 --> 00:26:36,560 road map and, and I, I helped them sequence them right so that 478 00:26:36,560 --> 00:26:40,520 they could move the apps that use the authentication methods 479 00:26:40,680 --> 00:26:43,320 that would be available early on. 480 00:26:43,600 --> 00:26:47,120 And then as they deprecated some and modernized some, they could 481 00:26:47,120 --> 00:26:50,920 move, move those. So I do think sometimes 482 00:26:50,920 --> 00:26:53,360 technology can be the problem, but I think that's more often 483 00:26:53,360 --> 00:26:59,440 true when you're trying to rationalize an existing kind of 484 00:26:59,440 --> 00:27:02,320 untangle a knot right, where you might have hundreds of apps, 485 00:27:02,640 --> 00:27:05,400 then sometimes the tech can be an issue and you have to figure 486 00:27:05,400 --> 00:27:09,280 out your path forward, right? I think if you're fortunate 487 00:27:09,280 --> 00:27:13,720 enough to be in a Greenfield, then then that's less true 488 00:27:13,720 --> 00:27:15,560 because you the tools are available, right? 489 00:27:15,560 --> 00:27:20,400 You just pick them up and and use them and start from a a nice 490 00:27:20,560 --> 00:27:22,640 cleanish slate right from the beginning. 491 00:27:22,800 --> 00:27:24,440 I think it depends. Where I think it depends where 492 00:27:24,440 --> 00:27:27,760 you're starting is a typical consultant answer it it depends. 493 00:27:29,040 --> 00:27:31,320 You know, I'm glad you called me out on that one because I, I 494 00:27:31,320 --> 00:27:34,960 certainly hadn't, you know, I meant to talk about, you know, 495 00:27:35,320 --> 00:27:37,520 difference between Greenfield and legacy. 496 00:27:37,600 --> 00:27:40,680 And I think that definitely is a part where, you know, legacy 497 00:27:40,680 --> 00:27:44,480 technology is, is a pain. It may not be worth doing 498 00:27:44,480 --> 00:27:46,480 anything with it because it is such a pain. 499 00:27:46,520 --> 00:27:49,640 So I think we have to know when to say, you know, sayonara, see 500 00:27:49,640 --> 00:27:50,920 you later. We're not going to do that. 501 00:27:51,240 --> 00:27:54,120 And that might be either getting rid of it or it might mean 502 00:27:54,720 --> 00:27:56,880 that's just something we don't want to tackle and doesn't make 503 00:27:56,880 --> 00:27:59,880 sense to like incorporate as part of the plan. 504 00:27:59,880 --> 00:28:01,720 That's always going to be an exception or a one off or 505 00:28:01,720 --> 00:28:05,880 something like that. This idea of saying goodbye and 506 00:28:05,880 --> 00:28:09,200 knowing when to move things around and you know, when to, 507 00:28:09,680 --> 00:28:11,960 you know, take what you've got. Everyone would love to have the 508 00:28:11,960 --> 00:28:13,520 Greenfield, but that's not the real world, right? 509 00:28:13,800 --> 00:28:16,400 For the most part is you're dealing with legacy decisions 510 00:28:16,400 --> 00:28:18,680 that were, you know, I'll be generous and say they were 511 00:28:18,680 --> 00:28:21,560 probably a good decision five years ago, 10 years ago, we 512 00:28:21,560 --> 00:28:23,520 hope, right? But things change. 513 00:28:23,760 --> 00:28:26,400 And so we need to get better. How do you have a conversation, 514 00:28:26,400 --> 00:28:29,040 Justin, with those people that need to make that decision? 515 00:28:29,040 --> 00:28:33,280 Because sometimes things aren't broken or they don't appear to 516 00:28:33,280 --> 00:28:35,360 be broken. So why fix it? 517 00:28:35,480 --> 00:28:37,160 Like, how do you have a conversation behind the scenes 518 00:28:37,160 --> 00:28:41,400 to say, hey, we do need to change this and here's why? 519 00:28:43,120 --> 00:28:45,000 Well, I I can kind of pull on that. 520 00:28:45,000 --> 00:28:47,840 The same example I was mentioning before, a lot of it 521 00:28:47,960 --> 00:28:50,240 came down to supportability, right? 522 00:28:51,000 --> 00:28:55,040 If you're supporting 10 legacy things, it is an enormous drag 523 00:28:55,120 --> 00:29:00,840 on your IT and cloud and you know your innovation, right? 524 00:29:00,840 --> 00:29:02,800 You're just not going to be able to innovate. 525 00:29:03,160 --> 00:29:06,840 A lot of your bandwidth, your velocity is going to be tied up 526 00:29:06,840 --> 00:29:08,640 with supporting 10 legacy things. 527 00:29:08,640 --> 00:29:13,200 So I, I mean, I guess I kind of jumped right into how I, how 528 00:29:13,200 --> 00:29:17,440 I've encouraged clients to, to do this, but generally that's 529 00:29:17,440 --> 00:29:20,800 the driver, right? It's your, you're not going to 530 00:29:20,800 --> 00:29:25,040 be able to really take off and go at cloud speed like you want 531 00:29:25,160 --> 00:29:28,960 to while these 10 things are hanging around your neck, right? 532 00:29:28,960 --> 00:29:32,560 It's it's tough for it's tough for your team to support you. 533 00:29:32,680 --> 00:29:35,880 You, you have people on your staff that they're on your staff 534 00:29:35,880 --> 00:29:38,880 just 'cause they know this, this one thing, for example, right? 535 00:29:39,200 --> 00:29:42,720 Or, and, and they could be repurposed to do, do better 536 00:29:42,720 --> 00:29:45,600 things. So maybe you get down from 2:50, 537 00:29:45,600 --> 00:29:48,720 right? Maybe you can't get down A11 IDP 538 00:29:48,720 --> 00:29:51,800 or authentication method to rule them all, right, because that 539 00:29:51,800 --> 00:29:56,760 may be too ambitious for a, a very large enterprise. 540 00:29:57,120 --> 00:30:01,240 But you try to show them how getting down to a couple could 541 00:30:01,240 --> 00:30:04,840 really free up a lot of resources and unlock a lot of 542 00:30:04,920 --> 00:30:06,480 innovation and velocity elsewhere. 543 00:30:06,920 --> 00:30:09,520 Yeah, that's a that's a really great point. 544 00:30:10,120 --> 00:30:14,120 There's a whole area in the identity space called identity 545 00:30:14,120 --> 00:30:17,120 orchestration. A big part of that is making 546 00:30:17,120 --> 00:30:22,160 these different generations of identity technologies kind of 547 00:30:22,160 --> 00:30:26,000 work together. One of the things that I find, 548 00:30:26,000 --> 00:30:29,680 and I'm going to take it back to Vishnabi here to get her take on 549 00:30:29,680 --> 00:30:34,680 this, is that the practitioners who are, you know, experiencing 550 00:30:34,680 --> 00:30:40,880 this rapid movement from the traditional on Prem data center 551 00:30:41,160 --> 00:30:47,280 kind of approach to the cloud is they've got identity tools that 552 00:30:47,280 --> 00:30:50,520 were built for the traditional approach, OK? 553 00:30:50,520 --> 00:30:54,160 And now they're trying to stretch the functionality to do 554 00:30:54,160 --> 00:30:57,760 this thing to treat the cloud a lot like traditional, one, 555 00:30:57,760 --> 00:31:01,560 because that's what they know, But two, it's also how the tools 556 00:31:01,560 --> 00:31:04,280 were designed. Is that the right approach? 557 00:31:04,360 --> 00:31:06,880 How far can you get with that approach Vishnavi? 558 00:31:07,320 --> 00:31:09,960 As part of when we talk about identity and cloud 559 00:31:09,960 --> 00:31:16,920 transformation and legacy and the new modern tools, definitely 560 00:31:16,920 --> 00:31:19,800 that's where the identity modernization also plays a very 561 00:31:19,800 --> 00:31:24,440 important role, Jim. So when we speak about identity 562 00:31:24,440 --> 00:31:30,040 modernization, identity as cloud moves fast, identities with the 563 00:31:30,040 --> 00:31:34,320 modern IEM model, who gets in and how, when, with what 564 00:31:34,320 --> 00:31:39,600 privileges, the cloud adaption becomes more easy to handle. 565 00:31:39,600 --> 00:31:42,600 The shadow ID or orphaned accounts and complaint risk 566 00:31:43,160 --> 00:31:45,920 cloud requires modern IEM capabilities. 567 00:31:46,040 --> 00:31:49,560 So we should definitely think about IEM modernisation. 568 00:31:49,960 --> 00:31:55,480 Having legacy tools can be accommodated using orchestration 569 00:31:55,480 --> 00:31:59,040 layer or whatever. But definitely IM modernization 570 00:31:59,080 --> 00:32:01,560 is required. When an organization starts 571 00:32:01,560 --> 00:32:06,120 thinking about cloud transformation, it is OK to hold 572 00:32:06,120 --> 00:32:09,800 on to legacy IAM as a directory specifically, that is something 573 00:32:09,800 --> 00:32:13,760 we cannot within over a very short frame. 574 00:32:13,760 --> 00:32:17,600 We cannot come out of Active Directory or any anything as 575 00:32:17,600 --> 00:32:23,120 such moving away from the legacy directory structures or the 576 00:32:24,760 --> 00:32:29,920 Federated mode SSO models or it could be even and header based 577 00:32:29,920 --> 00:32:34,560 or cookie based applications. It is very difficult to just get 578 00:32:34,560 --> 00:32:38,240 away with it, but identity modernization is required. 579 00:32:38,280 --> 00:32:43,720 We have to think about solutions that will serve both dear cloud 580 00:32:43,800 --> 00:32:49,960 as well as hybrid or an on Prem environment effectively keeping 581 00:32:49,960 --> 00:32:53,960 the focus that the organization has taken the cloud journey and 582 00:32:53,960 --> 00:32:58,360 they are going to adapt the cloud to 100% in at least in the 583 00:32:58,360 --> 00:33:02,200 next 5 years. So I would say take start the 584 00:33:02,200 --> 00:33:04,280 identity modernization. Yeah. 585 00:33:04,280 --> 00:33:07,960 Justin, I, I kind of wanted to pull you into the same kind of 586 00:33:07,960 --> 00:33:13,000 topic here because one I wanted to clarify, right, I'm not 587 00:33:13,000 --> 00:33:16,120 talking about old vendors versus new vendors. 588 00:33:16,120 --> 00:33:18,680 It's not really about the vendor, it's about the 589 00:33:18,680 --> 00:33:22,000 technology, but also the approach. 590 00:33:22,880 --> 00:33:26,960 Can the approach be the same for managing the cloud as you took 591 00:33:26,960 --> 00:33:30,560 with the on Prem? And I think identity kind of 592 00:33:30,560 --> 00:33:34,040 follows technology, so clouds the advancement. 593 00:33:34,480 --> 00:33:38,760 And does identity need to change to support that advancement? 594 00:33:39,840 --> 00:33:46,080 I, I think it does, you know, fortunately there are a lot of 595 00:33:46,080 --> 00:33:49,400 tools out there now to help manage the complexity that gets 596 00:33:49,400 --> 00:33:53,160 introduced via cloud. But one thing that I heard from 597 00:33:53,240 --> 00:33:57,120 Vishnavi that resonated with me and I wanted to point out is I 598 00:33:57,120 --> 00:34:01,600 think the more sophisticated, the more leading edge your cloud 599 00:34:01,600 --> 00:34:05,680 implementation, the more important your identity becomes 600 00:34:05,680 --> 00:34:11,040 to have solid beforehand, right? So I, I was thinking about this 601 00:34:11,040 --> 00:34:13,400 while I was listening to her. And for example, if you're just 602 00:34:13,400 --> 00:34:17,400 lifting and shifting some VMS, well, the identity universe 603 00:34:17,400 --> 00:34:21,400 isn't that complicated. If you're in a all Terraform, 604 00:34:21,400 --> 00:34:25,880 all infrastructure is code land, automated landing zone 605 00:34:26,920 --> 00:34:31,080 subscription or account isolation where developers have 606 00:34:31,080 --> 00:34:35,880 to interact with CICD pipelines and the pipelines touch assets 607 00:34:35,880 --> 00:34:39,239 and do deployments. I mean, just from how long I 608 00:34:39,239 --> 00:34:41,719 spoke, think, think about everything in that sentence 609 00:34:41,719 --> 00:34:45,840 having an identity, right? So what I've seen really be 610 00:34:45,840 --> 00:34:49,639 really important is getting your RBAC rolls down in cloud is one 611 00:34:49,639 --> 00:34:53,840 thing that's super important, especially when you have this 612 00:34:54,080 --> 00:34:59,320 multi persona cloud program, right, where you have end users 613 00:34:59,320 --> 00:35:01,880 who mostly just interface through whatever endpoint the 614 00:35:01,880 --> 00:35:05,000 app has, like a web page, which is the most the most common, 615 00:35:05,000 --> 00:35:08,040 right? And then you have architects, 616 00:35:08,480 --> 00:35:12,440 engineers, developers, and they're all interacting with 617 00:35:13,680 --> 00:35:16,960 potentially pipelines and cloud infrastructure directly. 618 00:35:17,040 --> 00:35:19,480 Well, things just got a lot more complicated, right, because you 619 00:35:19,480 --> 00:35:22,840 need you, you need those developers to have the roles 620 00:35:22,840 --> 00:35:25,680 they need to do their work. And you want to try to make that 621 00:35:25,680 --> 00:35:28,120 as frictionless as possible with some kind of self-service. 622 00:35:28,560 --> 00:35:31,720 Well, now you've got something you need to set up and manage. 623 00:35:31,720 --> 00:35:35,160 And hopefully the way you do that is make it as easy as them 624 00:35:35,160 --> 00:35:40,800 for as easy for them as possible without introducing risk to the 625 00:35:40,800 --> 00:35:44,080 organization, right? So you they can move at at cloud 626 00:35:44,080 --> 00:35:45,800 speed. Yeah. 627 00:35:45,800 --> 00:35:49,960 I think a lot of that resonates with me because I think every 628 00:35:49,960 --> 00:35:54,440 organization does some element of kind of lift and shift and 629 00:35:54,440 --> 00:35:59,200 then it really becomes a matter of, OK, I am as middleware is 630 00:35:59,200 --> 00:36:03,760 very infrastructure sensitive. But if you update the IP 631 00:36:03,760 --> 00:36:07,240 addresses and things like that, the firewall rules, generally 632 00:36:07,240 --> 00:36:09,240 you can get things working in that model. 633 00:36:09,520 --> 00:36:13,000 But when you talk about kind of re engineering the way you 634 00:36:13,520 --> 00:36:15,840 manage that infrastructure, which is what I think you're 635 00:36:15,840 --> 00:36:18,760 getting at. And that's where and almost 636 00:36:18,760 --> 00:36:20,560 every organization ends up there, right? 637 00:36:20,560 --> 00:36:23,440 Because it's like you're not getting the true value of the 638 00:36:23,440 --> 00:36:25,400 cloud. You're just paying one bill 639 00:36:25,400 --> 00:36:30,320 instead of the other if you're just lifting is shifting, right? 640 00:36:30,480 --> 00:36:33,680 But it's when you can like optimize that infrastructure, 641 00:36:33,680 --> 00:36:36,600 when you can do infrastructure as code is, you know, I know 642 00:36:36,600 --> 00:36:40,200 that's kind of a buzzer, but it gets to the point of we're 643 00:36:40,200 --> 00:36:44,360 dynamic and we're not doing things the way we did them in 644 00:36:44,880 --> 00:36:48,120 the old days. You'd need different IAM tools, 645 00:36:48,120 --> 00:36:50,600 right? Because all that nothing happens 646 00:36:50,600 --> 00:36:56,320 without identity and access. I mean, I agree very, very 647 00:36:57,040 --> 00:37:00,280 enthusiastically with what you said about lifting and shifting. 648 00:37:00,280 --> 00:37:03,680 I call it, you know, data center C like you just moved into a new 649 00:37:03,680 --> 00:37:05,880 data center. You're not getting the value of 650 00:37:05,880 --> 00:37:08,240 cloud. But if you want to introduce 651 00:37:08,240 --> 00:37:12,160 those more sophisticated engineering approaches, you are 652 00:37:12,160 --> 00:37:15,200 taking on a, a burden of managing them. 653 00:37:15,200 --> 00:37:18,080 And identity's a huge, a huge part of that. 654 00:37:18,840 --> 00:37:22,600 And you need to be, you need to have a fulsome understanding of 655 00:37:22,600 --> 00:37:25,400 what you're taking on, especially from the identity 656 00:37:25,680 --> 00:37:29,600 perspective to, to really get the ROI from that, I think. 657 00:37:29,600 --> 00:37:33,560 One thing that I'm not sure how familiar you are with this 658 00:37:33,880 --> 00:37:37,520 identity security. So it's not just that all of a 659 00:37:37,520 --> 00:37:39,920 sudden we're calling ourselves identity security. 660 00:37:40,160 --> 00:37:44,440 To me, it implies something which is that kind of this 661 00:37:44,440 --> 00:37:47,480 merger of cybersecurity and identity. 662 00:37:47,840 --> 00:37:53,120 And really it's the incorporation of identity into a 663 00:37:53,120 --> 00:37:56,320 lot of cybersecurity tools. At least that's how I see it 664 00:37:56,320 --> 00:38:02,160 manifesting. And these tools are very data 665 00:38:02,160 --> 00:38:04,400 hungry. They're very data dependent, 666 00:38:04,600 --> 00:38:08,840 including logging dependent. I mean, primarily logging 667 00:38:08,840 --> 00:38:14,840 dependent and having logs that support what they need from an 668 00:38:14,840 --> 00:38:17,360 identity perspective so they can start to correlate. 669 00:38:17,640 --> 00:38:21,880 OK, Justin Devine is in the system and he's doing all these 670 00:38:21,880 --> 00:38:25,440 things and that doesn't match with his normal access patterns. 671 00:38:25,440 --> 00:38:29,520 And maybe we've, you know, maybe the Socs should look at this. 672 00:38:29,520 --> 00:38:33,640 And I think the next generation is going to be maybe we need to 673 00:38:33,640 --> 00:38:37,480 shut off the Justin's access for a little bit because his account 674 00:38:37,480 --> 00:38:41,680 may have been compromised. I guess what I'm, I'm getting at 675 00:38:41,680 --> 00:38:46,600 with that question is, you know, I, I, I kind of feel like on the 676 00:38:46,600 --> 00:38:49,760 cloud side, it's kind of more easy to set up monitoring. 677 00:38:50,320 --> 00:38:54,520 But on the other hand, it's like the amount of monitoring that 678 00:38:54,520 --> 00:38:57,520 you can do and you should do is starting to explode. 679 00:38:57,800 --> 00:39:02,120 I'm wondering kind of what those implications are that, you know 680 00:39:03,000 --> 00:39:08,000 you're seeing today and like how are you advising people in terms 681 00:39:08,000 --> 00:39:11,320 of setting up their monitoring to kind of support everything I 682 00:39:11,320 --> 00:39:13,880 talked about? Well, I do think that there's a 683 00:39:13,880 --> 00:39:17,320 lot of truth to something that was said earlier, you know, on 684 00:39:17,320 --> 00:39:20,800 the on the pod, which is that identity is kind of becoming the 685 00:39:20,800 --> 00:39:23,240 new perimeter, right? If you look at all the big hacks 686 00:39:23,240 --> 00:39:26,520 that take place, it's a lot easier to get in by getting a 687 00:39:26,520 --> 00:39:30,520 password than, you know, going super hacker and hacking the 688 00:39:30,520 --> 00:39:34,320 firmware on a firewall, right? It's a, it's a lot easier to 689 00:39:34,320 --> 00:39:37,120 just convince someone to give you their password 'cause they 690 00:39:37,120 --> 00:39:39,160 think you're from the help desk, right? 691 00:39:40,320 --> 00:39:43,960 And I also think that the next generation of identity tools, it 692 00:39:43,960 --> 00:39:48,680 is going to incorporate a lot of AI. 693 00:39:49,400 --> 00:39:53,040 And we're working on something like that right now using AI to 694 00:39:53,440 --> 00:39:56,960 analyze one of our clients authentication data and provide 695 00:39:57,120 --> 00:39:59,120 the kind of thing you were talking about where oh, this 696 00:39:59,120 --> 00:40:03,400 doesn't look right, this doesn't match the user's previous 697 00:40:03,400 --> 00:40:05,920 pattern. I would say in the cloud, one 698 00:40:05,920 --> 00:40:10,080 thing that's good is if you're using one of the major CSPS, the 699 00:40:10,080 --> 00:40:16,280 ability to do certain things is. Easier sometimes because they 700 00:40:16,280 --> 00:40:19,640 have those capabilities you just flip them on right you say, OK, 701 00:40:19,640 --> 00:40:22,960 I've decided doing this is worth it right like automated access 702 00:40:22,960 --> 00:40:24,600 reviews. I'm, I'm just thinking of some 703 00:40:24,600 --> 00:40:29,360 of the, the features in Entra or you know, I am right, for Azure 704 00:40:29,360 --> 00:40:32,400 and AWS respectively. So it makes it easier to kind of 705 00:40:32,400 --> 00:40:35,240 get started, which is a good thing. 706 00:40:36,160 --> 00:40:42,000 The complexity comes when you go multi cloud and add other 707 00:40:42,000 --> 00:40:45,720 platforms in, right? That's when you probably, you 708 00:40:45,720 --> 00:40:48,560 often end up going back to some of the more third party 709 00:40:48,560 --> 00:40:52,960 solutions that can cut across a layer across multiple platforms 710 00:40:52,960 --> 00:40:54,760 and clouds. But I do think it's a good thing 711 00:40:54,760 --> 00:40:58,480 that the set of capabilities that are available to people 712 00:40:58,480 --> 00:41:02,400 running in the cloud from an identity security perspective 713 00:41:02,640 --> 00:41:04,920 grows all the time, right? Every couple of months, 714 00:41:05,600 --> 00:41:09,360 Microsoft and AWS are adding some, some secure identity 715 00:41:09,360 --> 00:41:11,520 security features to their stack, right? 716 00:41:11,520 --> 00:41:14,400 So I think, I think overall that's a positive thing that 717 00:41:14,400 --> 00:41:19,800 they're within reach and and sometimes fairly easy to enable. 718 00:41:20,000 --> 00:41:22,640 Now, the CSPS can't help with the complexity of your 719 00:41:22,640 --> 00:41:28,920 situation, your enterprise, but at least they're there and and I 720 00:41:28,920 --> 00:41:32,600 think that's very useful and probably a good thing for 721 00:41:32,600 --> 00:41:36,760 identity security overall. I feel like in the beginning of 722 00:41:36,760 --> 00:41:40,160 our conversation, we're kind of at the point where we're 723 00:41:40,160 --> 00:41:46,160 recommending, yeah, you should have this identity strategy and 724 00:41:46,160 --> 00:41:49,600 you should really put together your identity tooling and 725 00:41:49,600 --> 00:41:52,920 processes in advance of going to the cloud, right? 726 00:41:52,920 --> 00:41:57,200 So that when you go to the cloud IT you can take advantage of 727 00:41:57,200 --> 00:42:01,000 these great things. I'm sure there's practitioners 728 00:42:01,000 --> 00:42:04,120 listening to the podcast right now like, yeah, wouldn't that be 729 00:42:04,120 --> 00:42:06,600 nice? Because probably the voice on 730 00:42:06,600 --> 00:42:10,680 high says we're going to move everything to the cloud in 12 731 00:42:10,680 --> 00:42:16,600 months, so get her done. And so I think it's kind of the 732 00:42:16,840 --> 00:42:19,840 classic dilemma. I guess my question. 733 00:42:19,840 --> 00:42:25,040 Let me start with Vishnavi. So is that, is it realistic to 734 00:42:25,040 --> 00:42:29,160 do these things in parallel or given that reality of the 735 00:42:29,160 --> 00:42:32,640 situation they just laid out? And, and feel free to disagree, 736 00:42:33,440 --> 00:42:37,960 but in that scenario, you know, what should the practitioner do? 737 00:42:37,960 --> 00:42:40,000 Is it? Take these things on, be 738 00:42:40,000 --> 00:42:47,120 pragmatic and try to do both. Yes, when an organization 739 00:42:47,160 --> 00:42:50,440 decides that they have to start their cloud journey, they should 740 00:42:50,440 --> 00:42:53,600 start thinking about identity access management as well. 741 00:42:55,080 --> 00:42:58,320 So make a decision. I would look at it or I would 742 00:42:58,320 --> 00:43:00,120 recommend. This is how I have been 743 00:43:00,120 --> 00:43:03,240 recommending my customers when I didn't. 744 00:43:03,440 --> 00:43:05,240 Cloud transformation has to happen. 745 00:43:05,400 --> 00:43:07,080 Think about identity transformation. 746 00:43:07,200 --> 00:43:10,760 Start the identity transformation little earlier. 747 00:43:11,120 --> 00:43:15,920 Decide on how your identity fabric has to be, how your data, 748 00:43:15,960 --> 00:43:19,800 where your identity data sets, how it is going to be in future. 749 00:43:20,320 --> 00:43:22,320 How is your application landscape? 750 00:43:22,560 --> 00:43:25,640 How are the application currently secured? 751 00:43:25,640 --> 00:43:29,680 Be it authentication or authorization, they will be 752 00:43:29,680 --> 00:43:32,600 definitely having a fine grain authorization or a coarse grain 753 00:43:32,600 --> 00:43:34,320 authorization. It could be a custom 754 00:43:34,320 --> 00:43:37,480 authorization. However it is think about all 755 00:43:37,480 --> 00:43:40,040 this. How is the privileged access 756 00:43:40,440 --> 00:43:43,760 then start the journey? I would call it more like a 757 00:43:43,760 --> 00:43:48,360 foundational cloud IAM approach. When we start with the cloud 758 00:43:48,360 --> 00:43:53,400 journey, the foundational cloud IAM also should dig in, date, 759 00:43:53,400 --> 00:43:58,280 federation, MFA, RBAC. I'm not talking about ABAC at 760 00:43:58,280 --> 00:44:01,240 this time. Just think about the RBAC and 761 00:44:01,760 --> 00:44:05,880 least privileges, segregation of duties, life cycle, automation. 762 00:44:05,880 --> 00:44:10,240 These are like the are the foundational cloud IAM that will 763 00:44:10,240 --> 00:44:12,280 make the cloud journey more successful. 764 00:44:12,640 --> 00:44:17,680 Then we can talk about advanced cloud IAM approach like just in 765 00:44:17,680 --> 00:44:23,480 time, conditional access policies, service accounts and 766 00:44:23,480 --> 00:44:27,120 API key management. Because many times we do not 767 00:44:27,120 --> 00:44:32,480 speak about API key management, but just in would agree to this. 768 00:44:32,800 --> 00:44:36,600 When we speak about cloud, API plays a very important role. 769 00:44:37,240 --> 00:44:40,320 API key management has to be taken care of. 770 00:44:40,320 --> 00:44:44,280 So with advanced cloud IMAPI key management is very important 771 00:44:44,680 --> 00:44:49,560 service accounts, then most importantly continuous 772 00:44:49,560 --> 00:44:55,040 monitoring and analytics. The next level I would say is 773 00:44:55,040 --> 00:44:57,240 cloud governance and compliance layer. 774 00:44:57,360 --> 00:45:00,320 This is adding on top of what Justin also spoke about. 775 00:45:00,320 --> 00:45:01,520 That's why I wanted to bring this. 776 00:45:01,520 --> 00:45:06,320 This is how the three stages of transformation cloud when it, 777 00:45:06,320 --> 00:45:09,240 when we speak about cloud governance and compliance layer, 778 00:45:09,240 --> 00:45:12,320 that's where our access reviews, certifications, compliance 779 00:45:12,320 --> 00:45:16,840 mapping and the commonly heard term now is CIEN cloud 780 00:45:16,840 --> 00:45:20,880 entitlement management that comes in as part of the cloud 781 00:45:20,880 --> 00:45:24,840 governance and compliance layer. When we are able to achieve all 782 00:45:24,840 --> 00:45:30,960 this, our design is zero trust. So cloud and IAM can be called 783 00:45:31,520 --> 00:45:34,640 or encapsulated under the perfect zero trust model. 784 00:45:35,200 --> 00:45:39,440 This is how I recommend. So just I kind of feel like 785 00:45:39,800 --> 00:45:44,160 sometimes people feel like I am consultants or consultants in 786 00:45:44,160 --> 00:45:48,640 general living in their ivory towers and cannot get pragmatic. 787 00:45:49,080 --> 00:45:52,520 I don't buy that. I think we are very pragmatic. 788 00:45:52,840 --> 00:45:56,480 The practitioners who listen to this podcast are the ultimate 789 00:45:56,480 --> 00:46:00,360 pragmatist because they're living these unrealistic 790 00:46:00,720 --> 00:46:03,200 expectations for identity and for cloud. 791 00:46:03,480 --> 00:46:06,480 So kind of same question to you. You get through in this 792 00:46:06,480 --> 00:46:10,920 situation like all right, we've got we've been under invested in 793 00:46:10,920 --> 00:46:14,280 identity, but we need to get to the cloud in 12 months. 794 00:46:14,760 --> 00:46:19,280 Can you do both? So I mean, I have, I have real 795 00:46:19,280 --> 00:46:23,960 world experience in, in this situation, right, where the CIO 796 00:46:23,960 --> 00:46:28,000 is saying we got to get this app to cloud by, you know, 2026, 797 00:46:28,080 --> 00:46:31,400 right? And oh, but it, it requires an 798 00:46:31,400 --> 00:46:35,280 identity update. So I would say I think everyone 799 00:46:35,280 --> 00:46:39,240 in IT has had this situation before where someone's asking 800 00:46:39,240 --> 00:46:42,240 you to do something. And the truth of the matter is, 801 00:46:42,240 --> 00:46:46,640 is, is you're going to create tech that if you do it the way 802 00:46:46,640 --> 00:46:49,600 you'll need to do it to meet the timeline, right? 803 00:46:50,280 --> 00:46:51,840 To me, there's two ways to handle this. 804 00:46:51,840 --> 00:46:55,240 The first is be upfront about the tech debt. 805 00:46:55,440 --> 00:47:00,800 Don't bury it. Make sure that the people asking 806 00:47:00,800 --> 00:47:04,800 you to get things done by a certain date are aware of what 807 00:47:04,800 --> 00:47:07,800 they're going detect that they're going to incur and the 808 00:47:07,800 --> 00:47:11,360 costs, you know, and the challenges that that's going to 809 00:47:11,360 --> 00:47:14,680 create. You know that that's that's 810 00:47:14,680 --> 00:47:17,760 number one, right, Because sometimes when the boss says you 811 00:47:17,760 --> 00:47:20,200 got to get up there by 2026 because the data center is 812 00:47:20,200 --> 00:47:22,080 shutting down, sometimes you got to do it. 813 00:47:22,080 --> 00:47:25,360 Sometimes you can't make everything perfect before you 814 00:47:25,360 --> 00:47:27,360 move everything. That's that's just the reality. 815 00:47:27,560 --> 00:47:31,400 And I've seen trying to make everything perfect and perfectly 816 00:47:31,400 --> 00:47:36,280 clean before moving to the cloud, like completely stall and 817 00:47:36,400 --> 00:47:39,080 cause failed cloud cloud transformations. 818 00:47:39,440 --> 00:47:42,760 The other piece of advice I I would have is don't make your 819 00:47:42,760 --> 00:47:46,520 life hard. Don't pick the app that needs 820 00:47:46,840 --> 00:47:52,200 for authentication providers to MFA providers and a bunch of 821 00:47:52,200 --> 00:47:55,680 other IM words that I I can't pull off the top of my head, but 822 00:47:55,680 --> 00:47:59,400 Vishnavi and you 2 could. Don't pick that app early you 823 00:47:59,400 --> 00:48:01,240 you're just setting yourself up for pain. 824 00:48:02,080 --> 00:48:05,920 You know, set pick, pick apps early in your cloud journey 825 00:48:06,120 --> 00:48:11,120 where the authentication and the I, I and the IM support you need 826 00:48:11,120 --> 00:48:14,800 is already in the cloud and you can just flip on those those 827 00:48:14,800 --> 00:48:17,160 switches. And then like Vishnavi said, 828 00:48:17,160 --> 00:48:19,680 hopefully if you started thinking about I am early, you 829 00:48:19,680 --> 00:48:23,080 have two product Rd. maps running in parallel and one's 830 00:48:23,080 --> 00:48:25,240 ahead of the other, right. And you're, you're adding this 831 00:48:25,240 --> 00:48:27,360 feature and then you say, OK, we edit that feature. 832 00:48:27,360 --> 00:48:32,040 That means we can move apps 712 and 13, which we couldn't before 833 00:48:32,040 --> 00:48:37,480 we added that, that capability. But, but my, so you know, it 834 00:48:37,480 --> 00:48:41,440 really comes down to tell the truth about tech debt and don't 835 00:48:41,440 --> 00:48:44,960 make your life hard. Pick good pilots and pick, pick 836 00:48:44,960 --> 00:48:49,040 good sequencing in your cloud journey to make your life easy 837 00:48:49,040 --> 00:48:53,600 and learn as you, as you go. Don't don't take on the you know 838 00:48:54,040 --> 00:48:58,520 your your crown jewel app that you know will bring down the 839 00:48:58,520 --> 00:49:02,080 enterprise if something goes wrong as your first as your 840 00:49:02,080 --> 00:49:05,480 first cloud migration. Well, you're taking all the fun 841 00:49:05,480 --> 00:49:07,000 out of this, Justin. I mean, come on. 842 00:49:07,240 --> 00:49:09,120 Whereas, you know, no guts, no glory. 843 00:49:09,520 --> 00:49:12,600 What if the crown jewel app is the one that has to move? 844 00:49:12,920 --> 00:49:16,560 I have been told that, right? If you got to get done, you just 845 00:49:16,560 --> 00:49:20,240 kind of deal with it, right? All right, last question for 846 00:49:20,240 --> 00:49:21,680 both of you. And Justin, I'm going to stay 847 00:49:21,680 --> 00:49:23,960 with you and I'm going to give Vishnabi the final world after 848 00:49:23,960 --> 00:49:26,600 you're done. But let's make this actionable 849 00:49:26,600 --> 00:49:31,040 for people who are out there. What can people be doing over 850 00:49:31,040 --> 00:49:35,280 the next 6090 days, let's say the next quarter, whatever that 851 00:49:35,280 --> 00:49:38,640 looks like, where they can actually improve either their 852 00:49:38,640 --> 00:49:42,280 cloud security or their identity and access management or ideally 853 00:49:42,280 --> 00:49:44,360 both? So Justin, I'll start with you 854 00:49:44,960 --> 00:49:46,920 and then Bishnabi will let you have the final word. 855 00:49:47,400 --> 00:49:51,640 So the number one thing you need to be doing in cloud that we 856 00:49:51,640 --> 00:49:58,200 don't always see is you have to be running automated scanning on 857 00:49:58,200 --> 00:50:02,440 your cloud and you need to have people looking at that dashboard 858 00:50:02,440 --> 00:50:06,080 and responding to misconfigurations just like you 859 00:50:06,080 --> 00:50:09,680 do in a sock for anything on premise. 860 00:50:09,680 --> 00:50:12,880 If, if you're not doing that, if you're not running, that's the 861 00:50:12,920 --> 00:50:15,960 the basics, right? Even before you have a big plan 862 00:50:15,960 --> 00:50:20,920 for cloud security, flip on your CSP Ms. and start burning down 863 00:50:20,960 --> 00:50:23,360 risk. It may not be the most elegant 864 00:50:23,360 --> 00:50:26,320 solution, but whenever I talk to a client and they're not doing 865 00:50:26,320 --> 00:50:31,680 that, I, I say, leave the room and go flip on the CSPM and 866 00:50:31,680 --> 00:50:35,320 start addressing the top things on the list from a risk 867 00:50:35,320 --> 00:50:37,000 perspective. And then we'll figure out the 868 00:50:37,000 --> 00:50:40,240 long term plan. Because if, if you're, if you're 869 00:50:40,240 --> 00:50:42,760 not doing that, you really are leaving yourself exposed. 870 00:50:42,760 --> 00:50:45,480 And it's it's sometimes surprising that those features 871 00:50:45,480 --> 00:50:49,320 aren't turned on when we when we go to all our all our clients. 872 00:50:50,360 --> 00:50:53,280 So just so we don't lose people, you said CSPM, cloud security, 873 00:50:53,280 --> 00:50:55,480 posture management. For people who aren't familiar 874 00:50:55,480 --> 00:50:59,560 with what that is, give me the 32nd definition of what CSPM is. 875 00:51:01,040 --> 00:51:04,360 It it it. It depends on whose definition 876 00:51:04,600 --> 00:51:07,000 you'd like to use, but generally there's two capabilities. 877 00:51:07,000 --> 00:51:10,440 The first is a tool that scans your cloud configuration, 878 00:51:10,440 --> 00:51:12,680 meaning how it is configured right now, it generally pulls 879 00:51:12,680 --> 00:51:16,120 that, you know, via APIs, it comes over in Jason or, or 880 00:51:16,120 --> 00:51:18,480 something like that, and it scans them and compares them to 881 00:51:18,480 --> 00:51:21,840 known good states, right? It often compares them also to 882 00:51:21,840 --> 00:51:26,040 compliance frameworks like CISPCI, things like that. 883 00:51:26,360 --> 00:51:30,240 And it's often a layer that when people are early in the cloud, 884 00:51:30,400 --> 00:51:33,040 they don't think about the configuration of their cloud 885 00:51:33,040 --> 00:51:37,080 infrastructure, right? Some people also include what's 886 00:51:37,080 --> 00:51:41,680 called preventative scanning, or static code analysis on 887 00:51:41,680 --> 00:51:44,840 infrastructure's code, where you can actually scan the code 888 00:51:44,840 --> 00:51:48,160 before anything ever exists in the cloud and pick up potential 889 00:51:48,160 --> 00:51:52,280 vulnerabilities that way. Sometimes the definition include 890 00:51:52,280 --> 00:51:55,760 one includes one, sometimes both, depending on whose website 891 00:51:55,760 --> 00:51:58,240 you're reading. That's fair. 892 00:51:58,600 --> 00:52:01,080 All right, finish. Now the final word for we get to 893 00:52:01,280 --> 00:52:03,080 some wider note conversation here. 894 00:52:03,480 --> 00:52:05,480 What's something that people could be doing over the next 895 00:52:05,480 --> 00:52:08,560 quarter to improve their identity security? 896 00:52:09,720 --> 00:52:12,680 Yeah, from identity and access management, I would take 897 00:52:12,840 --> 00:52:17,480 considering three key towers we have from access management, I 898 00:52:17,480 --> 00:52:19,440 would say start with password hygiene. 899 00:52:19,640 --> 00:52:24,120 If you're still using password, look out for the next two auto 900 00:52:24,120 --> 00:52:27,440 guidelines and make sure we have you have the right password 901 00:52:27,440 --> 00:52:31,080 hygiene. Next, enforce MFA that is very 902 00:52:31,080 --> 00:52:34,720 important and go to fishing resistant if possible at least 903 00:52:34,720 --> 00:52:39,920 for the admins taking to the privileged access management 904 00:52:40,360 --> 00:52:44,440 start enforcing least privileges just in time is readily 905 00:52:44,440 --> 00:52:47,680 available with most of the tools that everyone are using as of 906 00:52:47,680 --> 00:52:51,480 today. Try to leverage that and the 907 00:52:51,480 --> 00:52:56,040 last that the identity governance start enforcing 908 00:52:56,760 --> 00:52:59,560 access reviews. If they are not doing it at 909 00:52:59,560 --> 00:53:03,840 least for their business critical applications, that is 910 00:53:04,000 --> 00:53:06,440 easily doable in the 1st 60 to 90 days. 911 00:53:07,720 --> 00:53:10,280 MFA, all the things and then make sure people have the 912 00:53:10,280 --> 00:53:14,120 appropriate access. You know, 0 standing privilege 913 00:53:14,120 --> 00:53:15,640 is probably great. You know, you want to get there, 914 00:53:15,640 --> 00:53:18,440 but to get to there you have to start to whittle things down, 915 00:53:18,440 --> 00:53:19,280 right? Things like that. 916 00:53:19,640 --> 00:53:22,800 Yeah. OK, so let's go to lighter note 917 00:53:22,800 --> 00:53:25,240 time. I'm going to ask you guys to 918 00:53:25,240 --> 00:53:30,720 bury your your music souls here. And Justin, you've had a little 919 00:53:30,720 --> 00:53:31,880 bit more time to think about this. 920 00:53:31,880 --> 00:53:36,720 So as you're kind of thinking here, what is the last song that 921 00:53:36,720 --> 00:53:41,240 you added to a playlist to your music library, whether that be 922 00:53:41,240 --> 00:53:44,800 Spotify or Apple or whatever it may be? 923 00:53:44,800 --> 00:53:50,240 What's the last song you added? Well, as you might have noticed, 924 00:53:50,720 --> 00:53:52,640 all the things behind me are are music based. 925 00:53:52,640 --> 00:53:56,400 So I'm kind of a a music junkie. So I'm always adding stuff. 926 00:53:56,400 --> 00:54:01,840 I think the last thing I added was the new album from the 927 00:54:01,840 --> 00:54:03,880 National. If you're familiar with that 928 00:54:03,880 --> 00:54:06,040 band, they're one of my favorite bands. 929 00:54:06,320 --> 00:54:09,160 And I think right before that I added the new Tyler, The Creator 930 00:54:09,160 --> 00:54:11,720 album. So as you can tell, my tastes 931 00:54:11,720 --> 00:54:16,440 are extremely diverse. So I'm, I'm always, I'm always 932 00:54:16,440 --> 00:54:19,320 adding things, but those are two of the more recent things I can, 933 00:54:19,800 --> 00:54:22,720 I can remember adding. Oh, and then the new Chance the 934 00:54:22,720 --> 00:54:25,200 Rapper came out recently and I I think I added that too. 935 00:54:26,200 --> 00:54:29,480 OK, all right, that's a that's that's a pretty, pretty healthy 936 00:54:29,480 --> 00:54:32,120 mix there. Vishnavi, how about yourself? 937 00:54:32,120 --> 00:54:35,560 What's the last song or album that you added in? 938 00:54:36,840 --> 00:54:42,640 I just took the latest 2025 and I I added the top 25 list was 939 00:54:42,640 --> 00:54:45,000 there. That is what I started just 940 00:54:45,000 --> 00:54:50,200 recently a few weeks back I added and espresso is something 941 00:54:50,200 --> 00:54:55,360 that I I liked it and I think one of the girls is something 942 00:54:55,360 --> 00:54:58,160 that I've been constantly hearing it. 943 00:54:59,040 --> 00:55:01,760 OK, so I'm not familiar with either of those, either of those 944 00:55:01,760 --> 00:55:03,600 artists. What's the style of music that 945 00:55:03,600 --> 00:55:10,520 that is? I think both are kind of. 946 00:55:11,120 --> 00:55:13,520 It's a mixed feel. I get it. 947 00:55:13,560 --> 00:55:17,040 It's not a particular genre at least I could relate it to. 948 00:55:18,960 --> 00:55:23,280 It's more of a a very happy kind of it. 949 00:55:23,800 --> 00:55:25,800 OK, kind of like a pop type music type. 950 00:55:26,440 --> 00:55:28,160 Uplifting. Feel good. 951 00:55:28,760 --> 00:55:33,400 Yes, and I'm more of an instrument person, so I like to 952 00:55:33,440 --> 00:55:36,200 I I go with a lot of classical genres. 953 00:55:37,200 --> 00:55:41,960 I try to hear instruments because I feel instruments. 954 00:55:42,040 --> 00:55:44,720 I relate more with instruments rather than the words. 955 00:55:45,960 --> 00:55:48,720 OK, that's interesting. So I'm, I'm, I'm similar, except 956 00:55:48,720 --> 00:55:50,360 more on the electronic music side of things. 957 00:55:50,400 --> 00:55:54,720 I, I prefer electronic music. Jim, how about you? 958 00:55:54,720 --> 00:55:58,840 What's the last song or artist or album that you added to a 959 00:55:58,840 --> 00:56:01,720 playlist or your library? So I wouldn't have mentioned 2, 960 00:56:01,720 --> 00:56:06,320 so I'll give you the last one. And little back story is, a 961 00:56:06,720 --> 00:56:09,720 couple years ago I thought, OK, now I'm in my library. 962 00:56:09,720 --> 00:56:13,200 I have every song I like. The only time I'll add songs 963 00:56:13,200 --> 00:56:17,840 from here on out are new songs that come out that I like, but I 964 00:56:17,840 --> 00:56:20,480 still like. You'll be at Applebee's or 965 00:56:20,480 --> 00:56:24,240 Chili's or something like that. And hero songs like, Oh my God, 966 00:56:24,240 --> 00:56:26,360 I haven't heard that song in so long. 967 00:56:26,360 --> 00:56:32,040 And this one was still the one by Orleans, so I added it. 968 00:56:32,480 --> 00:56:36,000 All right, but here's one for you, Jeff, because I know that 969 00:56:36,000 --> 00:56:40,800 you're a grunge guy. Yellow Ledbetter by Pearl Jam. 970 00:56:40,920 --> 00:56:43,920 How is that not already there? Man, Come on, that's sacrilege. 971 00:56:44,480 --> 00:56:46,920 Well, no, I'm thinking it probably was, but maybe. 972 00:56:47,120 --> 00:56:51,040 You know, a lot of times there's like 10 versions on Apple Music. 973 00:56:51,360 --> 00:56:55,360 I am an Apple guy. But here, I want you to do this, 974 00:56:55,360 --> 00:56:56,800 Jeff. I want you to listen to that 975 00:56:56,800 --> 00:57:01,920 song in your car cranked up, and I want you to put the words on 976 00:57:01,920 --> 00:57:04,400 your phone. So you're like looking at the 977 00:57:04,400 --> 00:57:08,560 words and you're thinking to yourself how the Eddie Vedder 978 00:57:08,920 --> 00:57:13,160 look at these words and come up with this way to sing them. 979 00:57:13,480 --> 00:57:18,760 Like he's some kind of musical genius that I just could never 980 00:57:18,760 --> 00:57:22,000 think like that. I mean, he is obviously blessed 981 00:57:22,000 --> 00:57:25,720 with that voice, but he's also a musical genius to take those 982 00:57:26,040 --> 00:57:29,520 lyrics and like, figure out how to sing them that way. 983 00:57:29,520 --> 00:57:32,680 Like it's off the charts. That's like saying what rhymes 984 00:57:32,680 --> 00:57:35,480 with orange and then Eminem goes off and names like 8 different 985 00:57:35,480 --> 00:57:36,600 words that he would do with that. 986 00:57:36,600 --> 00:57:39,000 So definitely a skill and a talent. 987 00:57:39,360 --> 00:57:43,520 I think. I mean all right, so let me do 988 00:57:43,520 --> 00:57:46,760 my I'm going to do 3 just because you know, I'm I'm the 989 00:57:46,760 --> 00:57:50,240 one who called the shot. So Go by The Chemical Brothers 990 00:57:50,240 --> 00:57:52,120 have been on a Chemical Brothers kick recently. 991 00:57:52,120 --> 00:57:54,360 They've been around for a long time, but go has been a good 992 00:57:54,360 --> 00:57:56,600 one. I'm looking at my my Spotify 993 00:57:56,600 --> 00:57:59,560 right now. Nobody's real by power man 5000. 994 00:57:59,560 --> 00:58:02,600 So now we're, you know, stretching genres a little bit. 995 00:58:02,680 --> 00:58:05,960 And then a cover that I discovered recently that I 996 00:58:05,960 --> 00:58:09,720 enjoyed of like a prayer by a band called dogma. 997 00:58:09,920 --> 00:58:14,560 So it's kind of like a rock goth version of like a prayer from 998 00:58:14,600 --> 00:58:16,040 Madonna. You might actually like that, 999 00:58:16,040 --> 00:58:18,600 Jim. So that's those are my. 3. 1000 00:58:19,600 --> 00:58:25,040 Yeah, OK, so this has been just a, a, an action-packed, chock 1001 00:58:25,040 --> 00:58:27,960 full episode of information. I want to thank Vishnavi and 1002 00:58:27,960 --> 00:58:29,680 Justin. Thank you both for being part of 1003 00:58:29,680 --> 00:58:31,840 this. I would say, you know, we'll 1004 00:58:31,840 --> 00:58:33,600 talk to you later, but it's probably Mike, I'll see you 1005 00:58:33,600 --> 00:58:36,360 online on teams or meetings and stuff like that. 1006 00:58:37,080 --> 00:58:39,200 So we'll leave it there for this week. 1007 00:58:39,200 --> 00:58:40,840 I'm going to have a bunch of links in our show notes for 1008 00:58:40,840 --> 00:58:43,160 people to check out. So both Justin and Vishnavi's 1009 00:58:43,200 --> 00:58:46,440 LinkedIn profile. So spruce those up, go out, feel 1010 00:58:46,440 --> 00:58:50,280 free to connect, either share stories on identity or cloud or, 1011 00:58:50,960 --> 00:58:53,880 you know, be polite around musical tastes, right? 1012 00:58:53,880 --> 00:58:55,560 Things like that, suggestions, etcetera. 1013 00:58:56,360 --> 00:58:58,680 And you can always connect with Jim and I and LinkedIn. 1014 00:58:58,680 --> 00:59:01,880 And yeah, I think that's it. So don't forget the website has 1015 00:59:01,880 --> 00:59:03,560 all discount codes, all kinds of stuff. 1016 00:59:03,560 --> 00:59:05,320 I'm constantly updating it. There's just too many to list 1017 00:59:05,320 --> 00:59:08,360 right now. But idacpodcast.com like and 1018 00:59:08,360 --> 00:59:11,080 subscribe and do all that fun stuff to help us great get get 1019 00:59:11,080 --> 00:59:14,800 great guests as it's easy for me to say like Justin and Vishnavi. 1020 00:59:15,240 --> 00:59:16,920 And we'll go ahead and leave it there for this week. 1021 00:59:17,320 --> 00:59:20,480 Thanks everyone for watching and or listening and we'll talk with 1022 00:59:20,480 --> 00:59:25,120 you all in the next one. You've been listening to 1023 00:59:25,120 --> 00:59:29,000 Identity at the Center. We hope you've enjoyed the show. 1024 00:59:29,200 --> 00:59:33,320 Make sure to like, rate and review, and we'll be back soon. 1025 00:59:33,600 --> 00:59:35,840 But in the meantime, hit the website at 1026 00:59:35,840 --> 00:59:42,200 identity@thecenter.com. See you next time on Identity at 1027 00:59:42,200 --> 00:59:43,120 the Center.