You're listening to the identity of the center podcast, this is the show that talks about identity and access management and making sure you know who has access to what let's get started. Welcome to the identity of the sender podcast. I'm Jeff Fenton that's Jim. Hey Jim hey Jeff, how are you? Oh not so bad yourself. I'm doing great and giving a lot of thought to a specific topic today which is kind of round what we do, right? We are the, I am strategist that companies bring in to help them
develop their IM strategy. So we're supposed to be the experts, right? And the idea would be that you could take Some very specific area of I am like privileged access management or identity governance and, you know, her role management and be able to dive into any specific area. But what I find, we always have to do is make sure that we still have a very sharp answer on the basics. What is governance? What is an IM program? So Jeff, I've got a question for you.
What is I? Okay, so existential question. Thank you know, who am I? What are you all kinds of different things. Here's my, here's my, my short version of what is I am, it's who has access to, what? That's it. That's it. That's the, that's the distillation of it. More complex. Yes. There are more things that come into it, but that's it, right? I think so. You have to be able to go down the side Paths of there's more things to it because I think
about governance. And I remember some bleep somebody boiling down to me, In these terms, it's who gets to make what decisions like. Yeah, that's pretty much what governance is at the core, but there's so much more to it, right? There's, you know, kind of a framework for formally. How you run your program, how you keep involvement of your stakeholders, things like that. But if starting from a base explanation like who gets to make, what's Visions is really good.
Starting point, just like I am saying who has access to what that's Great. There's more to it though. Well, it's kind of like, you know, it's a racy for real life. Who's accountable signing, my wife and Iraq, same conversation about this last night because we have really great dinner conversations when we're talking about race, he's at dinner but it's the same thing. It's yeah. Who can make what decision ultimately?
You know, it's like Highlander there can only be one who is the A and the decision, you know, rests on and they're accountable for they may not make the decision but there are Honorable, for whatever that decision is, which can be caused from, you know, an important area of I am I think we always focus on who has access to what but what about when that who is not a who or it's a non carbon-based life-forms, we nerds like to say or a silicon-based life-form in other
words it's that machine identity and I think that's one of the topics we're going to dig into today. Yeah, it's pretty interesting where we're getting right here. You know, this there was a news article this week that the US patent office has basically said, AI is not allowed to patent. Thanks. So it has to be a human, so I guess that's good news. Is we've staved off the, the robot Overlord Invasion for at least a little bit of time before they take over.
But machine identity, for example is very difficult. Now we're talking about box now we start to get into, okay, how do we kind of weave these things together between humans? Nonhumans and, you know, at some point there's probably a whole bunch of in-betweens in that and there's this concept of an identity fabric that kind of is the is the pattern or quilt or whatever. So analogy we want to use that is intended to kind of pull all this together in a way that
makes sense. And why don't we bring in our guest for for this week to help us with that conversation? His name is Paul Fisher. He's the lean Analyst at Cooper. Nicole, Welcome to the show. Paul. Hi, thanks for having me. Yeah, thank you so much for joining us and I believe you're coming from the UK and having this conversation with us is that right? I am, I mean area, cooled. Tweaking them in London, greater
London trick them. If you don't know, it is famous for its rugby ground or rugby stadium. I should say it's known as the home of the English rugby, which is great, except I not interested in rugby at all. So that's the only claim to fame. What we have here. So, we have some big rugby matches Internationals and things. But but yeah, great to be here joining you from London. Well, thank you so much for joining us.
And, you know, one of the things that we like to get into here is kind of background of the folks that we have on the show to really kind of understand the Viewpoint that they're coming at this conversation from. So I know we're going to talk about machine identities at any fabrics and all kind of all the stuff in between, but But before we get into that, how did you get into identity and access management? Is it something that you chose or did it choose you?
Yeah, well, I think it kind of chose me really. I mean it's if we go back not going to go back to the entire of my life but appropriately, I used to be an IT journalist for many years up until about the early 2000s and as you probably know it journalism was Fairly insecure occupation then and it's now almost doesn't exist. So after a few are went to some places like AOL which also proved to be less than fruitful.
And then a few years ago, I became the editor of a magazine called SC or secure Computing. So that was my real introduction to I guess the world of cyber security And from then on into, you know, sub areas like identity and access management and then I got into becoming an analyst and it was not a coming a call where I am now. But a previous analyst, firm was where I first started to really start.
Looking at identity and privileged access management and related areas in more detail and started sort of taking it seriously or suppose. So yeah, it's probably not something that I would have chosen if I was given a list of things. To specialize in. I don't know if identity access management would have been right
up there. But as you, it is actually turned out to be the, it sounds like a damning it with faint praise, but it's a lot more interesting than you might think so. So yeah, I'm a leader but I should say I'm a lead analyst. I don't want my colleagues at coping de to get upset when I sound like, I'm the lead analyst only. He one of the few lead analyst we had, that's our hierarchy and of course we have Martin who is our our Overlord and it were the lead lead out and well yeah.
He's the Uber analyst I guess is one way of saying it so yeah. And that's where I am now. And I've been a carpenter for to nearly three years. Paul, what are the areas of I am that? You focus on.
Yeah, so I was given Privileged access management as one of my sort of key topics at coping a. And so I've really focused on that quite a lot in the last two years but it's recently been branching out a lot more into identity and access management in more General. And then looking at things that you mentioned earlier, the top there things like our identity Fabric and dream which is our latest sort of Paradigm for managing identities within multi Cloud.
Infrastructures Etc. So I also do some related stuff. So submitted data governance. Things like that but I think that really everything. One thing I know about it now or or identity is the more you know the kind of the less you know it just gets More complicate just when you think you've kind of cracked it or you don't. Yeah. That that'll solve everything. It did. It gets worse. You start to realize how much you don't know. Yeah, yeah.
And I don't know a lot over well you do know you you do you do know enough to have a good conversation about? I think we're going to get into the privileged access management side of things but this It's like doing the fabric and it's
kind of a new term, right? And it's something that you guys have spun up at KCI believe but let's start with that kind of the basic question like Jeff and I were yammering on about where you know, let's not just assume we know what identity fabric is based on, you know, with the name implies. Let's just ask the question. What is the identity fabric? Yeah, I think people live. The word identity fabric suggests a kind of a cloak almost or something.
You wrap around an infrastructure and almost as an extra layer of security and I think that is probably misleading. The way I describe it is that it puts identity at the center of everything. Not the infrastructure. So instead of making identity and access management have to meet the requirements of the infrastructure, you need to build the infrastructure around identity and access management or more particularly around identity. But that's the kind of
philosophical view. But more what we're talking about is an Adaptive set of capabilities. So your identity and access management platform, we all solutions are adaptive and can be changed and change as your demands change. So I think it's really about modernization of identity access management.
It's about fluidity agility in all those buzzwords but probably are sort of key to our discussion is that we're moving away from a world of just simply human identities or traditional privileged accounts into a world where we don't really know half of the identities that exists in an order or the identities that maybe having some access to the infrastructures that we have. So we need and that obviously includes things like machine identities. Occations little bits of code
and all sorts of stuff. That's now, buzzing around infrastructure and I'm sort of known it cooking a call for coming up with the universe of this and a universe of that and I think that we often see it. Infrastructures as kind of linear structures with things sticking off at right angles and this way and then there's a server there and there's something else there and I think it's becoming much more like Like the Amazon rainforest or or a coral reef kind of ecosystem
where there is just millions of life forms that all depend on each other and they all run around and it's actually harder to visualize that or to make sense of it and it is to actually just think about the identities that are using it. And if you think concentrate on the identity, What they need access to what role they have and how long they need access, it shouldn't matter so much what the infrastructure looks like. So that's what kind of turning it everything inside out.
And that's that's I hope describes what we mean by an identity fabric. That's pretty easily actually. Yeah, that's that's even more philosophical than I even contemplated. Obviously, we came to podcast identity at the center, so we kind of have a Similar Viewpoint, right? Which is that you have and we've seen this in our careers major shifts in the technology
landscape from. You know the on-prem data center environment to now very much a cloud-based environment, who knows maybe it'll shift back the other way at some point that's the way I T has seemed to go throughout our career and kind of prior to our career was shifts back and forth. And I mean, if anybody thinks that things are going to stay static for the next hundred years you're you're out of your
mind, right? I mean we know changes the one thing that we can be sure of, but what I think is important is that, that idea of, if you have good controls around the identity, they should be able to adapt to that infrastructure. Yeah, I mean by T is all about people doing stuff right in the
end. It's all about applications, doing stuff and increasingly, there are more and more applications, and people are now used to downloading an app and then immediately using it. So you're right about things.
Do come around. Oh, I mean, I remember back in the 90s, everyone was talking about the network computer and what a great idea that was because you have a dumb terminal and you just fire up a virtual machine and You'd connect just for your work that you needed you to get the applications you needed etcetera. When you shut it off. That was it was, it was gone forever and I think we sort of
almost talking about that again. Now, with web applications except it's much more sophisticated and you can do so much more. I mean, I think those dumb terminals had some kind of browser-based applications. I can't remember now because Actually they came and went, we talked about on-premises dying the little but I agree with you. It's actually if you talk to people in the real world they still like to have stuff on premise and so the yeah, even people are still using mainframes.
I found out the other day, so which was because even mainframes even predate me and you I'm sure so. Oh, for sure. A Jeff and I we had a client that has over 100 mainframes without a strategy to get off the Mainframe. So that means it's going to they're going to be around for quite a while. I've um, well, yeah. Exactly. IBM. Still, they're still selling them and doing quite a good business. I think out of Mainframe stuff and they say that they have people that actively ask for him.
So yeah, but I But what is different though? Is to get to the point of our discussion is the number of identities. The number of access points the number of privileged accounts and then I was talking to a vendor the other day. They claimed that when their solution was installed by their customer, they found 10 million, Privileged accounts or other sorry to clarify, that found 10 million standing privileged accounts. So that was 10 million accounts that have been opened and never
closed. And we're basically an open, exactly. But I was staggered at like 10 million, 10 million accounts have been created over the years I guess, never been controlled and that's where the philosophy.
She comes up against the reality, I guess, of, of business Computing. And that's the other thing that I try to bring into whatever I write is that we are in the end talking about Business Solutions and sometimes you know, in our world it's easy to get carried away with the technology and like and say talk about the coral reef or the Amazon
rainforest and things like that. But there's Reason why this stuff exists is because businesses want to do stuff and if we take, you know, the car industry automotive industry. As a good example. They've literally they are example of digital transformation in action. They're moving from an engineering lead industry into a
software LED one. And they are the people that are actually the customers for all this stuff they are the people that really We are trying to manage all these identities in a real-world. So as I said, we can talk about philosophies. But the way that when we talk about the identity fabric where, where is all way of kind of clarifying, what people need to do to manage what's going on in their organizations. I think it's the evolution of
the business process. Like he just mentioned right used to these things, didn't exist, 10, 15, 20, 30 years ago. So these Process is now being replaced by software, right? Software is eating the world as I think, you know, one of the statements that's kind of been out there and I guess from a, from a management perspective. And when I think management thing identity management, you know, we have this kind of core concept of human versus non human.
And now I'm thinking of more like doesn't matter so much. It's just an entity that needs access. Does it really matter if it's a human or not? Because at the end of the day, it's still who has access As to what and is it appropriate, right? And all those kind of key things go along with it. I guess I'm wondering from your perspective do you see it that way as well? But also in addition to that, How do machine identities fit into this?
What's so special about them? And I guess are they special when it comes onto any fabric? Yeah well I think you kind of set it there in the end. Does it actually matter what the identity is that is trying to access a own identity is trying to access Server, you have to, just does it matter whether that's human or non-human or machine or not machine, which is now the cool way to say human and non-human.
So so machine and not machine to get ready for our overlords exactly what seems to me. Like that's more machine. Positive language that we're using. Yeah, if we say, well, you either a machine or you're not? So, let's assume that anyway. And I Entity wants to do something in a network, really? If the identity access management or the privileged access management is set up
correctly. It should know, not what that identity is, but what it's trying to do, and what it's trying to access and whether that's okay, really? Because the the network doesn't know, you know, when when things have been switched, they do. Whether it's a human or non-human or an application is looking for Access. So why do we care so much? And I think the vendors are coming around to that quite a lot as well as particularly in privileged access management. They didn't used to talk about
machines very much. Now, they talk about them all the time. They spoke about admins which is kind of seems now like a really kind of slightly prosaic thing, you know, the old Edmonds that need access to your, to end point to, to squirt, to do something. You know, who knows what happens Arabic were admins? Why are they human? Probably not, you know, service
accounts do stuff like that. So, my view is that there is nothing special about machine identities, particularly any more than there's nothing special about human identities.
I think there are Just identities or entities, which I think you said as well, which is probably even better to talk about entities and it's just the sheer, the sheer pace of everything as well as you know, Financial Services is another example of digital transformation in action has gone from a very staid industry to one that's embraced software. Development is Embrace agile and devops and everything because They need to create code all the time, so we can't get in the way
of that. And, and we've established that. Now, as a way of working in an event, in the software companies themselves are doing the same thing, you know. So which, you know, brings us on to things like software supply chain security which which is related to all this but it Dad. I just think that Yeah, my view is an eye, what the identity is really doesn't matter. You know, I think there are implications for the I am practitioner in the difference between human and non-human, identities.
And I come at it from this standpoint, I feel like it's gotten very good in terms of managing the human identities, especially in the Enterprise contacts especially with employees yourself. Employees in the HR System, when they join the organization lead, the organization change shot
rolls. That's the quote, unquote, authoritative Source. Ideally, you either have a parallel for non-employees or there, maybe even in your HR System. However, when it comes to non-human identities, it could be a number of stories. When you have that Dev psi-cops environment, you have developers who now need to create machine accounts to think.
Go through some Central process to make sure that, you know, it's going through proper channels for approval and being documented, do you have a way to discover if you're creating those identities out of process? And then with service accounts, I mean, the ideal scenario is you, you do go through some kind of ticketing system. There's a paper trail for the request and approval of the creation service account.
And then you're managing the service account, life cycle, including management of the credential. So, you know, I you password, make sure you're rotating the password and no humans are the past for because, you know, we kind of joked earlier about the attack. Surface machine identities. Can multiply your attack surface especially if you're not if you don't have good controls over
over those machine identity. So I don't think There are different in terms of, you know, a lot of the aspects you just talked about. I guess my thing, I wanted to bring to the table, is we've done. We've gotten down to really best practices for management of the humans. And I think for the nonhumans is, its were the state of maturity of organizations at a hot as a whole, is not Nearly as good as it is with humans.
So you're saying that where we've kind of got human identities, pretty much under control give or take but the the machine identities are, we're way off that. Is that where we? I think the 80/20, that's what I see. Yeah. You see, that's why I don't know whether that's where that's true. I think that, I mean, in privileged access management there.
There is now a kind of a divided opening up between newer vendors smaller startup type of guys that have built Cloud native applications from the ground up versus the Cyber arcs. The Beyond trust the well, I was going to say that. Okay, then centrify, but they're now called de línea and who come from the very regulated Bolt. Password rotation, set up versus the newer, guys, which have decided. Yeah, you can have a v if you want, but we're just going to do
just in time. For the reason being. We know that there's this whole new world of influx of identities that want privileged access to stuff and we don't think there's time to issue. You passwords or anything else, but just manage those identities equally and give them just in time access when and when they need it. So that the problem with that, is that there is an argument that that isn't secure enough, the, the older, more established players or so. Yeah, but you don't have any
analytics. You don't have any governance, you don't what happens when when it doesn't work. How you going to find it? Like you mentioned a paper trail so it's probably easier to do that with humans. I don't know, but I think ultimately we will see Pam become much more focused on just in time and ephemeral, but will become better. Those vendors that are emerging will become better at the stuff that they're missing at the
moment. So I think my money would be if I was betting on on Pam. I'm itself. My money would be on some of those vendors for the, for a long-term future bet, but I still think the in the end we haven't got time to worry about whether humans or machines or or aliens or whatever else, once once access to do our businesses. So we have our guests on our last episode, Mike Frazier, VP of devops over it sofa. Assuming he quoted the Star Trek resistance is futile.
Yeah, welcome to the board but I did want to, this is exactly why having you on the show is, is so cool because you've got a different perspective as an analyst you're out there. Seeing what's coming, what are these new inventions in this space? The new players in, you know, You're getting an earlier view of that, whereas, I think Jeff and I are going into organizations and we're trying to talk about best practices that are being used in the
industry. So it's lagging a little bit behind kind of the The Cutting Edge. What's new? But also from an analyst perspective, you're also working on new Frameworks and New Concepts ways of thinking about things. You've got a concept called dream and I, you know, I see that Can I have a dream or living the dream but give us an idea of what it is. So is Dr. E, am talk to us about what that is. What is Dream? Well first, what is your point on your right?
You probably we do, we don't live in a fantasy world but we do live in a world where perhaps we're predicting what's going to happen but then that's our business. I guess. So dream as you say they used to be A pop group in England, called D Rim, which was D stroke. Re am for some reason. So, I tend to in my head OS, a dream, but to be serious. What it stands for is denying Dynamic resource entitlement and
access management. So we've we've seen that the market is changing to accommodate multi Multi Cloud infrastructures hybrid structures, Etc. And Gartner came up with Kim or their Cloud infrastructure, entitlement management grouping and we've sort of taken that a
bit further. So, yeah, I think Gartner was right to identify Kim and also Cloud security posture management which that I think they've now Merged into into another acronym that which I forget right now but they work their a right to see that cloud entitlement and access management was well that needed managing and there was an emergence of vendors to do all that.
And but we noticed as I kind of hinted just now that within the pad Market itself, first of all, they had I started to understand the unique needs of the devops or Dev secure Ops and agile groups in getting privileged access to stuff quickly. And so that invariably meant the devops tend to work Almost 100% in the cloud and use cloud resources. So we thought, well, that's that's actually a cloud infrastructure, entitlement management.
Thing. But then there is also these vendors themselves which are now doing Kim. So we thought, well, let's put those together and we got that. The world is moving to Dynamic, infrastructures. Everything is in and out. Things are scalar, spun up and spun down quite often privileges, open and often left open and things like that, which is part of the Will this managers? It managers increasingly have not much control over lines of business that are downloading
stuff. Building machine building virtual machines, building code in their departments. So if they can't Direct in the old days you know in the old days of perimeters Etc and and firewalls they could have just stopped people doing that but it's out. It's no longer there. It's no longer possible. Plus they have the business side of the Enterprise could actively encourages stuff because like I said, the car industry.
Once those guys to be building a new bit of software for their latest electric vehicle, and they want that to be updated over the air as often as possible. So, we've brought together all of that and we've doing a leadership Compass, which I should explain a leadership. Compass is a report that You're cold does on a particular product sector. So we've kind of invented this dream sector which is what got a does.
So why can't we do it? And we've invited the number of Pam vendors that perhaps do some Cloud management or do some Pam for devops plus, a number of the dedicated Kim vendors, all of which seem to have I've been from my research so far. Most of these came vendors didn't exist, five years ago. So it's a really new part of the business and they're all, you know, small startup type of outfits.
But they're all attracting a lot of money from the VC community, so that that's what dream is it's our assessment. Of any platform that can discover and can manage access or rather. Sorry could discover those identities. They have access to Cloud, resources and can manage that access usually from some kind of dashboard and can switch that off or switch it on can prevent access, but it crucially, it can do.
It can actually look at things which are happening on Amazon web services, so gets quite granular or it can, you know, they, most of these Kim platforms, are not all of the Pam platforms, actually will cover the four main Cloud providers. So, but they, as I said, they are mostly dashboard driven are mostly web based on our web application and the kid ones in particular.
Killer, a really quite exciting. I mean, they are and this is where I probably get a bit overexcited because I was about to say they're quite fun to use, but I think the the fact that they work in a dashboard and you can see the entitlement, you can see who has access, you can see getting back to whether they're
humans are machines. You can see what kind of identity it is. So, That's that's for us is our way of making sense of this trying to manage everything moving to the cloud and hybrid clouds. And that comes back to what I was saying earlier. Like it the the dashboard is is a focus. Their the dashboard is the focus on identities and their activities and what they're accessing what's around that dashboard is kind of the infrastructure.
And that doesn't really matter to what you're seeing within it. So I hope that explains dream I think. Actually I explained it to myself quite well there. So I think I understand it better as well. So and that report is as I said I'm working on right now and we'll publish it in May sometime. So yeah, the dream dream on the I Have a Dream and there it is. Is what's a great acronym? And I guess I've got to follow up questions for you. The first is stupid.
My stupid question is what comes first. Is it the identification of a space like this or do you come up with the acronym and say how do we fit I am? Well that's that's a that's a trade secret because heaven forbid that I have a bid that we would come up with something as nice as dream and then fit everything around it. But in this case, yeah, I mean We wanted the word dynamic in there, so, because I think Dynamic does it does describe
what's happening quite well. I cut, one of my colleagues came up with this. I can't remember which one but we, yeah, we went through. We, the process is that, yeah, we realize that something is happening. Perhaps in the market, we realize that there are vendors doing some new things. And we notice that the way, Businesses have been doing infrastructure is changing. So yeah, so then we think well that's seems to be a new category of platform or product and then we think of the the
acronym afterwards. So I'm sure that's what I imagine is like a whiteboard somewhere with just a whole bunch of like terms and then it's a little bit like Mad Libs or some word game, right? Where you trying to, to order them in a way that makes them sort of, you know, D sounding effort. Mm, yeah. I think we might have might have had D Ram or something before before. Someone said, hang on or but yeah, whiteboard is a very popular tool with my boss Martin. Actually, he loves the Microsoft
whiteboard. I mean, you know, the you the one that comes comes thrown in, with teams, Etc. So that's the process. And as I said, I, I love talking to These some of these new vendors as well. Because it kind of really enthusiastic about what they do and most of them have some track record in identity business that gives us the way to say. They've done startups in the past and now they're doing that another one and so on. So it's it's a great time to be covering identity.
I think. Well, speaking of kind of a space, you know, Mike the second part of my question. A follow-up is, I can't imagine that the established privileged privileged access management players, right? And we only think of kind of like the big ones cyber-ark Beyond trusts you psychotic, you know, all the ones that are out there is that they're going to see this ground willingly.
And so, when I see a bunch of these little startups, kind of come up with new technology, hmm, it almost strikes me as like, okay, either cyber-ark, which is pick on cyber cyber are Kirby on trust, right? These are going to build it themselves. Themselves or they're going to go out and acquire one of these smaller startups and kind of augment their existing solution to become, you know, that much more complete from a service offering.
Do you see a consolidation taking place in this space that would merge privileged access management with Cloud infrastructure? Entitlement management or dynamic? I'm not going to get it right? But then, you know, the dream, the dynamic resource, allocation, things like that. What is happening? I think. Let's let's take cyber up again.
They've actually Rebrand not rebranded but they've kind of re pitched the entire business along identity now rather than privileged access management and they have now got a crowd entitlement tool within their portfolio so that's their way of responding and be on trust. I'm sure are looking at it the same way. Way, I think we will see some Acquisitions, maybe some of the, the maybe one of the two of the Kim providers. The problem with that is that
the Kim providers. Also offer some form of privileged access management within their own platform and I would say that I wouldn't say that the the big players are threatened or you know there's still plenty of Out there for Pam, pure Pam but I don't think it's as easy as them acquiring, perhaps a Kim startup because the technology is so different and they built this stuff. Like I said, Cloud native, it's so up to date. You know it's built for cloud
environments. So we are seeing like a, I think The last few years there has been some consolidation in Pam psychotic and and centrify as we mentioned have merged into now called de línea. So they're in the process of merging two sets of of capabilities into one which either suggest that they felt that scale will help them compete. Or that that was the way to compete with say be on trust and cyber-ark cyber-ark.
As I said, their response has been to change the focus slightly so they are looking to reinvent themselves. I think cyber-ark have the resources and expertise to do that, but we're also seeing some traditional identity. Petit players moving into this Market as well as sale point and doctoral playing a little bit in privileged access management.
And then of course the cloud providers themselves they all have some level of privileged access management built in automatically as does Microsoft so far. None of those have really shown much interest in developing it beyond their own proprietary system. So, This movement going on. But it doesn't, I mean the number of Pam. If I talk about another report, I do Pam leadership Compass the number of vendors in that has actually stayed about the same even within consolidation.
There are some newer within with empowerment self. There are also some newer more Cloud native Pam providers coming up. So it's a market that is really in a great state of flux. The other thing that is affecting this is software supply chain. So not exactly an identity matter in the classical sense, but all these devops guys, and all these people doing stuff with open source code, for example, create some kind of Threat, Vector it, but just by doing In that.
And that stuff is all mixed up in this, you know, infrastructure that we're talking about. So it's, it's a fascinating world and I think, yeah, I look forward to seeing what it looks like, maybe in five years time, I predict that some of these Kim providers will get swallowed up. They'll merge or they'll get bought out by perhaps a bigger player. Microsoft, in fact did acquire a Actually, I'm pretty sure they acquired a Kim vending of the nice things. Yeah.
Is that right? I think I'm right on the in, so that could happen with Microsoft. Haven't done much with it so far, but it was only a few months ago, so we'll see. Yeah. Where is the throw a few thoughts out there, myself all? Because I think you're from a customer perspective, customers don't want to have to keep going and finding new Vendors to solve these problems. I also think though one of the challenges is that you know Pam was designed around the
traditional on-prem. Now you've got infrastructure as a service and there are companies who strategies to say, we're all in on a particular infrastructure, whether it's Amazon, Google, Microsoft, you name it, then there are others that say we're going to let Let our it teams, our business teams, choose the cloud that works best for them.
And that latter scenario to me, it seems like that's the messaging from the Kim providers is, you know, you, you know, to try to manage identity across these clouds which all operate very differently in terms of how they managed identity, you need a tool and your traditional Pam can't do that. I think from a customer perspective, still they want their Pam tool to be able to extend into the cloud.
And if they choose one cloud provider, say Amazon, I don't want to have to buy a separate tool to manage that. So I feel like there's this kind of tug of war and was being lost as what the customer really wants, which is support for the quote-unquote hybrid. Enterprise, which is almost
everybody there. You know, other than small organizations you have both, you know, some very small organization might be all Cloud. I don't, I haven't run into a organization recently that has no Cloud right. Almost I say basically, every large organization has some Cloud infrastructure now. So I think companies won't, you
know, one tool. So either for Pam to have the Keen capabilities or a keen player to stand up and say, oh, by the way, we can do your on-premise infrastructure as well, we can do password vault in Your Privilege session management and that audit Trail, we can do the whole nine yards. So to me, that's that's the ground where we hit the most success. What are your thoughts there?
Yeah, you're absolutely right. And I think the the, the organization's Also used multiple clouds from different vendors, so they'll probably use Azure and Google and they might not even know who's using. What? Yeah, I get that. The if you went for a Kim vendors, say right now, they're not going to be able to do the traditional Pam stuff. On the other hand, the more traditional Pam providers are probably not as good or as fast. At managing identity access to Cloud resources.
But I think this this conundrum is, is long-standing this this the idea that a customer will get something and that's it. This will last for a decade and will we won't will the vendor will provide enough upgrades for us to keep to to keep in in touch with our own changing circumstances. I don't think that'll ever happen, you know?
I just think it's it's a bit like you know, you buy, you buy an iPhone or tablet, two years later, you realize that it's no longer fast enough or it's no longer can do the things that you want to do right now. So you buy another one and so on, so that is kind of multiplied at million times within an organization and I guess our job company.
Area is obviously to advise people as best we can on what they should invest in what they should purchase to get a ratio of fit for purpose versus obsolescence as best that we can advise. So that's where, if they said, we have lots of privileged accounts, we still have stuff on premises. We work in a highly regulated. Then a zippy but feature, like, Kim solution, probably wouldn't
be the right one. And we would probably say you need a good solid privileged access management platform and this is from analyzing your business. So we're never going to be able to say that a vendor or a solution is going to be good for everyone. The only thing I would say is that pace of development Within the Kim sector for what I've seen so far is pretty rapid and it's probably more rapid than what's happening and privileged access management, but to get back to the root.
I think they are responding like cyber are Beyond trust. They are realizing that maybe they had overlooked this Market, but they are making their making moves now to to do something about it. So, If my the message to a customer that's already, perhaps invested in a Pam platform of one of those types would be. Don't Panic probably they will come up with some part or a new to set of capabilities that would deal with your multi hybrid your dream environment.
So yeah I mean it's it's not an easy thing, you you You'll never find anything that will probably suit your be fit for purpose forever but you can might find something that will be fit for purpose. I don't think things are so Dynamic at the moment that everything is out of date by next week, that that might happen decades into the future. Who knows what he'll we might be trying to advise on in then. But for now I think that's the best answer.
Which is, you know, get What works for your type of organization, your kind of people, Etc. I can see it in the future, you know, we kind of we started by dumping on the Mainframe, you know, like, oh, they're still made from is out there at some point. Like, I remember we had active directory servers on premise, right? It's like it's just, it's just the way that things work, all, you've been really great through time. I know we've only got a few
minutes left with you. So I want to start to kind of wrap things up and one of the ways we do that is to have a little more fun conversation to kind of end this talk. So that wasn't fun. So is plenty of fun for identical nerds like like you and me and Jim and probably the people who are listening to the show for sure why. But you know, a little bit of a lighter note and we had a we had a pretty good conversation on Monday.
As you were kind of prepping, you know for this call around photography and I forgot other things. We actually went down to pretty good rabbit hole of kind of like some of some more interest. So want to come up with something different for today and that Is here's the question for you if you could instantly become an expert in something, not identity related. Okay. I know that's probably going to be your number one choice.
What would it be? Yeah. Well my first reaction to that would be some kind of diplomacy for diplomatic genius. That could solve conflict in the world but let's not dwell on that in. Instead, I've always been fascinated by economics and I find, I would love to be expert in, I'd love to be an economist but to the level of, you know, someone well I'm trying to think of a famous economist but someone that is, you know, internationally-renowned but also I just think the way
economies work or don't work. The way that everything affects everything else, the you know, profit and loss market, supply and demand. Why things go up why they'd go down? All that stuff is is I mean I've tried I've ripped economic textbooks and come out more confused and before. So and I once saw a documentary on TV about and I think that the message was that he kind of is don't really And it either. But they did the best they get.
Yeah, they do the best they can. But sometimes they think the economy is a kind of a self-governing or self-perpetuating machine that we actually don't control. So you know, how does how does inflation start and how does it get out of control? All that stuff is is fascinating. So I'd love to be able to, you know, give answers on that. But some yeah and also I'd probably be a lot richer. I think I like how you put that towards the end of the answer because that's immediately.
I was like it was like okay yeah like if I'm going to be proud of me I'm probably you know doing doing pretty well for myself. I think it's a fascinating subject for sure because they think it's you know there's obviously you know the financial aspect of it knowing how Financial Vehicles work right? Whatever that looks like. But also psychology of humans and you're Trying to predict human behavior, what's going to
happen if you know? Well if a boat in the Atlantic catches fire, where the whole bunch of you know sports cars on it, not that that didn't happen recently right in the world. Like, what does that mean, right for the economy of those companies or wherever they were intended, things like that. Yeah, for sure. I'm way. Why does war cause stock markets to go down and pandemics while I guess the obvious answer is? Because industry won't function
and cetera. But you know, it's just a whole world is governed by economics and you know our system of way, our whole way of living and you know most of us don't really understand how it work. I don't even get like I remember School the teacher was like, couldn't understand how why I couldn't understand how money. Could be electronic and if you don't have the cash in your hand, I thought what how can all these numbers get transferred from one account to another?
Where's the actual money using this? What the old days that you'd show up and like, here's, you know, here's a pouch full of coins. Yeah. That should do it and it wasn't even like you knew what the amount was like, yes, feels about right. Let's go and do our things. Yeah. But I, you know, even now I still think like everyone. Forget it.
Get a statement was the numbers on and that converts into pounds but nothing ever changes hands and you know, it that's that's the one thing that really bugs me is that's fundamentally the way the whole system works is just stuff being transferred from one place to another and it's all numbers. Yeah, you know. That's and that's and that's that's what wealth is, you know, or lack of it. So And now, in Britain, we almost literally, almost have a cashless Society. Thanks to the covid thing.
People didn't want to carry change anymore. So now we have the technology to bypass that. And so now virtually everything is paid for with card or phone. It's quite a. Yeah. Last year, was the first time that I can confidently, say, the year 2021. I did not use cash or coins for anything. Yeah. Every purchase that I made last year involved, electronic transfer of funds. I didn't know. I still have the same currency in my wallet. I've never even been to the bank, you know?
I mean, it's a really interesting time which I love because I think you know, I think it's great from an efficiency standpoint, but it certainly is an interesting time to be alive if, you know. Yeah. If that concerns people and isn't it also? Like this pandemic has happened at a time when we're Advanced enough to carry on pretty well, you know, we had thanks to our it, that we could work remotely, we could do stuff like this.
We have payment systems that don't require physical activity and so on. So yeah, I wonder what a pandemic would be. Well, we know that we are in, do it, you know, the Spanish Flu I guess was A very different experience of people. So, yeah, there, I've got a book to actually become reward. It's cool. But it's it's nice to dip into now and again because it kind of provides an antidote to all the Gloom you know, with you know global warming war everything else going on crazy politicians,
that actually a lot. A lot that's happening in the world is is far better, you know. We're in a better State than we think we are. You know, we've we've got rid of a lot of illness, there's more democracy there is actually less war and things like that. So I keep that by the bed, I like the positive outlook on things, they think that's that. We sometimes lose sight of all the, the bad news had side. There is plenty of good in the
world. Jim, if you could become a instant expert in something, what would it be? I will weigh in on the economics too much because I could turn this very gloomy. Very quickly. I do use cash. So by the way, and I don't think that saves me from, you know, any kind of potential economic collapse that could take place. But as things become more computerized, it's not just, you know, ransomware that is our issue. There are state-sponsored
attacks that are possible. I mean, there is zero, day bugs that are found all the time that all the financial institutions. Institutions, Global financial institutions count on Commercial software and it's very vulnerable. I think of the big picture, if we went to war with Russia or China. The so that's my concern on that front so there's your Gloom. I said I wasn't going to do it but I did it anyway. Thanks for thanks for waiting Us in the geopolitical power struggles.
How about something else? Okay, so what I Look to this question from a couple of angles and one of the anger This was what I do already. What do I find interesting? I spend my time researching because sure would be great to, you know, if I think if you're doing it for free you'd love to do it as a career and so or even as a career, but just to be an expert on and the topic I came up with what number one was
longevity. And so from a longevity standpoint is what are the things that you can do too? Get the most out of this human form that we have to both make it live longer but also have a higher quality of life, you know from a physical perspective. Also from, you know, your mind operating at a peak capacity and gave the most of the time that you have your on Earth. And so, you know, I think one of the challenges with longevity though, is, it's just like
sighs. So I think that, you know, that we've had Mantra in the world of I follow the science, I follow the science. Well, science only knows what science knows. And usually what science knows is the result of studies. So if this studies were never done and by the way, studies are usually done to generate a profit, not always right there. Are some studies that are funded by institutions just to see how things work.
But a lot of the studies that are done are done to test Staff pharmaceutical, you know, will this pharmaceutical result in, you know, X Y, & Z and therefore we can sell it and make a ton of profit. So there's a lot of studies that are never done. So, so science only knows what science knows. And that's kind of the limitations I think of longevity is now we have these, you know, forty studies that were were done.
And somebody wrote a paper to pull it all together and, you know, this is what we can infer from all these. Rat studies of people, taking turmeric or rats, eating tumeric, they live 20% longer and that's it's just Ali should be given so we're supposed to do that. Yeah, well you know, it's not one. Wait, you studied rats or you've taken turmeric, you know, I've
done the tumeric. Yeah, well yeah, because I believed the, you know, stuff I read on social media and you know, like all those things I gave up after a few weeks because it could be bothered, it's a lot of money. It's a lot of money to take all these things and plus they all have side effects, right? So if you take a lot of turmeric, then I mean for me at least it's like kind of gives me a sour stomach if I take too much of it.
So you know, and I do take a ton of pills and spend a bunch of money on it and I get excited about these things. They also rely put a disclaimer here, right? You should not be coming to the identity of the sender. Podcast for medical advice. Please carry on please carry on. So the long and short of it though is exactly. To that point. I'm not a doctor. So then you start reading these these articles about how these things work on. Just like, I'm too confused.
So I need somebody to explain to me. So if I could become an instant expert on something, I think it would be longevity. Now, at the same time, we're not looking at the instant expert of like because I can say, oh, I would like to be an instant expert in Bitcoin that's still not going to tell me where Bitcoins going to be two years from now. So if I was to you know, and I'm trying to advise Sighs. My son, who is a junior in high school, getting ready to go into college and I'm saying, what
should he major in? What should he and? And I that's the type to tell them what to do, but I'm going to give him my my life experience and then let him take that as one of the inputs, I think computer coding computer science which is a focus on development, right? They have now information technology and computer science are different tracks and information security. That's an information technology.
Lot of information, technology courses are like networking and these things that I'm thinking about. Maybe it's because I specialize in those days and like that stuff's easy. You don't need to go to college to learn that stuff. The computer science, if you can take four years and really focus on how to code and how to architect applications, you won't go hungry in this world, right? That is a great basis to build whatever career you build. So to me, that's Right?
If I was 18, again, that's what I would get into is a computer science program. Yeah. What about you? Jeff? I just want to point out, you absolutely crush the longevity Thing by with that answer. So I can see where that would have been your been, your first choice. I'm going to keep it simple because I wish I could play a musical, instrument guitar, piano, something like that. Be an expert musician at something.
It's something that I've toyed around with, in the past and obviously, we're not obviously, But you know, when I was younger try to get into it but I've just never been musically inclined, can't get my fingers to do the, you know, the Frets and the and the chord shapes and things like that in the guitars. Haven't really sat down at the piano and like that.
So I'm going to keep mine positive and simple and say hey I wish I could you know be an expert on an instrument let's just say guitar because I think I've always been Keen to try to learn that so so yeah. We've gone very long much longer than we normally do but it was a great Station longevity as part
of it as well. Before we wrap up, I want to give Paul a 30-second window here to any final thoughts as far as the conversation and then in addition to that, if there's anything else that's coming up, I know that the European identity conference is coming up, I think it may or may be some other blogs or webinars that might be coming through. The floor is yours Paul. Yo.
Thanks Jeff. Well, it's been a pleasure, I should say and I hope I haven't confused people even more than they were before they list started to listen, there is you say cic, European identity conference, which is now coming up for its 20th year. I think it's happening, May from made a ninth to the 13th in Berlin.
So if it's the registration is open now, It's also if you go to our website could bring a cold opcom, go to a I see there is some blogs there, there's one that's been just been published by Martin Martin cooking, her all about the identity fabric which goes into a lot more detail than than I did, which is well worth a read. There's modesty doesn't prevent me from saying that there's a Blog by me as well. On there. Should you want to read that?
But there are several interesting bits there. That's that's the main thing and as I said it's the European identity conference has become probably the biggest conference devoted just to Identity certainly in Europe. So yeah I hope anyone that's in Europe at that time would we'd like to see you thankfully now looks like it's going to be you know, fully As in real, people are going to be there. So but we will there is still the virtual option for anyone
that wants that as well. So that's the main thing I think I've done my my job there and promoting that so, and as I said, look out for the leadership, compass on dream around about the same time, very cool. And I have a link to Career call as well as a link to that identity Fabrics, article or blog that that Martin wrote In The show notes so people in check it out but yeah check out at Commander col.com also have a link to Paul's LinkedIn.
Hopefully Paul you're open to you know, getting connections are folks out there and and interacting job. Well absolutely, yeah LinkedIn is is is a challenge these days. I'm sure, you know but if you can avoid some of that it still I still love to talk to people on LinkedIn from this community. So yeah, yeah, Jim and I to Jim and he I thought so before we wrap up this week just pooping or cold just a fantastic job.
So I S getting out there signing up getting on their you know their newsletters you get links to a lot of free webinars and the ability to get great information. They also have a fantastic podcast so don't mind pumping that a little bit. Matthias does a really good job but that podcast and yeah I guess I just wish you guys had an American Identity conference and in the meantime, Jeff, I think we should put it into go to the European one.
That would I'd be willing to put a mask on and get on an airplane for eight hours for that. What do you say, I'm totally down. I've never my only journey into Germany was Frankfurt, airport, and that's it. So I've never actually had, you know, on the ground experience. I would totally be up for that, but we'll have to see how things go I think as the world continues to open up here, so I'm all-in. For it though. I'm glad to see more things becoming live.
You know, as long as people are safe and healthy, you know, I'm all favor for it. Alright, let's go ahead and wrap it up there. I know this is a kind of a one of our longer ones, but I really enjoyed the conversation. You know, Paul. Thank you so much for being a part of a part of that conversation with us from from our perspective. Right?
You know, feel free to check us out on the web where idac podcast.com, we're on Twitter at, idac podcast and Jim and I recently started doing a live stream. Mmmmm every week roughly on YouTube which you can find us at idac dot live. They'll take your right to our YouTube channel and, you know, it's I won't say it's less prepared. It's, you know, more freewheeling opinion, kind of whatever is for the moment for whatever we decide to figure out where we're going to talk about
at that time. So, you know, that's the kind of conversation we try to get into. So hopefully people will kind of check that out and And subscribe to the podcast to the YouTube channel, those sorts of things. So with that, We'll go ahead and leave it for this week. Thanks Paul. Thanks Jim and thank you for listening and we'll talk with everyone in the next one. Thanks for listening to the
identity at the center podcast. If you like what you heard, don't forget to subscribe and visit us on the web and identity at the center.com.