Showing 4 episodes for Identity And Access
#188
September 2, 2024
EP188 Beyond the Buzzwords: Identity's True Role in Cloud and SaaS Security
Guest:
- Dor Fledel, Founder and CEO of Spera Security, now Sr Director of Product Management at Okta
Topics covered:
- We say “identity is the new perimeter,” but I think there’s a lof of nuance to it. Why and how does it matter specifically in cloud and SaaS security?
- How do you do IAM right in the cloud?
- Help us with the acronym soup - ITDR, CIEM also ISPM (ITSPM?), why are new products needed?
- What were the most important challenges you found users were struggling with when it comes to identity management?
- What advice do you have for organizations with considerable identity management debt? How should they start paying that down and get to a better place? Also: what is “identity management debt”?
- Can you answer this from both a technical and organizational change management perspective?
- It’s one thing to monitor how User identities, Service accounts and API keys are used, it’s another to monitor how they’re set up. When you were designing your startup, how did you pick which side of that coin to focus on first?
- What’s your advice for other founders thinking about the journey from zero to 1 and the journey from independent to acquisition?
#182
July 22, 2024
EP182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy?
Topics covered:
- What is Identity Threat Detection and Response (ITDR)? How do you define it?
- What gets better at a client organization once ITDR is deployed?
- Do we also need “ISPM” (parallel to CDR/CSPM), and what about CIEM?
- Workload identity ITDR vs human identity ITDR? Do we need both? Are these the same?
- What are the alternatives to using ITDR? Can’t SIEM/UEBA help - perhaps with browser logs?
- What are some of the common types of identity-based threats that ITDR can help detect?
- What advice would you give to organizations that are considering implementing ITDR?
#166
April 1, 2024
EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!)
Topics covered:
- Today we have IAM, zero trust and security made easy. With that intro, could you give us the 30 second version of what a workload identity is and why people need them?
- What’s so spiffy about SPIFFE anyway?
- What’s different between this and micro segmentation of your network–why is one better or worse?
- You call your book “solving the bottom turtle” could you tell us what that means?
- What are the challenges you’re seeing large organizations run into when adopting this approach at scale?
- Of all the things a CISO could prioritize, why should this one get added to the list? What makes this, which is so core to our internal security model–ripe for the outside world?
- How people do it now, what gets thrown away when you deploy SPIFFE? Are there alternative?
- SPIFFE is interesting, yet can a startup really “solve for the bottom turtle”?
#162
March 4, 2024
EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler
Topics covered:
- What is your reaction to “in the cloud you are one IAM mistake away from a breach”? Do you like it or do you hate it?
- A lot of people say “in the cloud, you must do IAM ‘right’”. What do you think that means? What is the first or the main idea that comes to your mind when you hear it?
- How have you seen the CSPs take different approaches to IAM? What does it mean for the cloud users?
- Why do people still screw up IAM in the cloud so badly after years of trying?
- Deeper, why do people still screw up resource hierarchy and resource management?
- Are the identity sins of cloud IAM users truly the sins of the creators? How did the "big 3" get it wrong and how does that continue to manifest today?
- Your best cloud IAM advice is “assign roles at the lowest resource-level possible”, please explain this one? Where is the magic?