You're listening to the identity of the center podcast, this is the show that talks about identity and access management and making sure you know who has access to what let's get started. Welcome to the identity at the center podcast I'm Jeff and that's Jim. Hey Jim hey, Jeff, how are you? Oh, not so bad yourself. I'm doing pretty good. So crazy week of business travel. Of course, right. Prior to going on, all those trips, I put a contract in on a
house, right? So made a purchase offer was accepted. And when I was looking at the house, I asked the question doesn't have high speed internet. The answer was yes. Yeah, no problem. I looked around. I mean the the house had TVs had no satellite dishes but now that I've looked into it further, it appears there's there's no connectivity from fiber perspective like eighteen. T Xfinity doesn't run all the way to the house. So I'm kind of thinking right now that Broadband is not going
to be available. The more I looked into satellite internet, it doesn't look like Good option unless you're with starlink, which is the Elon Musk satellite internet. And actually, I talked to somebody this weekend. Jeremiah, if you're listening, thank you. That has started link instead, it's fantastic. You can do video calls on, it loves it, but it's not like you just order it and it shows up in your on it, especially, you know, kind of in the Southeastern us.
So I might I have to actually have to cancel the contract which would really stink. That's killer. When you find a nice house like that, I totally emphasis M and precise and agree because, you know, I just moved as well and that was like a deal breaker for me, like we told the realtor Mike has to have high speed internet. Like I'm not, I'm not willing to compromise on that, there are things I will but high speed during it was one needs to be,
you know, gig speed. Preferably and fortunately, the place we have here is good and I do have Speed. But I mean if this we're talking 2022 this should be a service that is like a no brainer and certainly certain homes haven't been able to keep up with that for any number of reasons, right? Could it's probably not the homeowners fault, it's more like, just the, the Broadband infrastructure has a kind of reached that point of
saturation. Yeah, saturation yet, the Starling captions pretty interesting, though. I think the, the issue that I've had with satellite internet over the years has been the latency which isn't great for Obviously gaming, but voice conversations and video calls and obviously the stuff that you and I do for the podcast, relies on that quite a bit. I'd be interested to see how the
starlink option works. I know that it's maybe a little bit expensive, but if that's the only option that is tenable then, who knows. Maybe it's maybe, it's the right way to go. I don't know. I mean, you know what's what's more important is it that the high-speed internet or is it, is it the house or Well, I mean, the high-speed internet is how I make my money, so I can't afford to live in the house without high speed internet.
So it's it's kind of a catch-22. The funny thing is, I mean, it's not like this house is in the, you know, the middle of nowhere. It's apparently a Teensy fiber and Comcast run to within a couple hundred yards of the driveway right. There they go. Down that street, they only run into as far as somebody who's on the street orders. It has to Connected into their house. But can you imagine calling either one either?
One of those companies 18z or Comcast and trying to explain it to a level one support engineer that you need somebody to come out and extend the service to your house. So, you know, being that I don't even have the house and can't even place the order yet, right? I don't know. It might just be too expensive of a risk to take and the startling sounds like it'll be available.
See, I kind of feel like you're talking to Jeremiah with his experience, like if I could get starlink, I think I would take the risk that that's going to work but, you know, it doesn't even sound like that's an option until next year. Maybe not. I found a Reddit topic, we're about a year ago. People that aren't that far from this new address actually got star like but it seems Like everybody who got it. Never went on to post on how good it was. So it's like, yeah.
It got my, I got my confirmation. That my dish is on the way and that was it. That was the end of the conversation. But I mean, we look with what we do and we're not the only ones we work from home, you have to have high speed internet, it's got to be reliable. Well, maybe I said something that if you're listening out there, if you're a star link, have somebody with starlink experience, you know, pink.
My LinkedIn, I'm sure more data points would probably help them out and look at the website right now. It says that you get latency as low as 20 milliseconds, which is pretty good. Actually, you know, I don't it's marketing. So who knows, right? As low as 20 sounds great. What is the realistic you know, measurement will be much more interesting? Well, I think if you're under 50 to 100, you're probably ok but past that you might have some struggles.
But who knows? I don't know if you have starlink experience in the real world ping Jim. I'm sure you know, good or bad, he would appreciate it. Yeah, I would and I know people don't tune into a Denny's, the center podcast, he ever met all my problems. But imagine this also is that the folks in the house. Now tell me that they have a, and t, and t DSL, which doesn't sound good enough, right? But it's worth investigating. When I called AT&T, they said, sorry, we can't read dies, That
address. So somebody's lying. Yeah, there are other houses out there, I guess. But yeah, first world problem but of extreme importance for you and I based on kind of what we do for a living. So for sure. Absolutely What else we got going on? We got Gartner coming up in August's you and I are going to be there, we're going to be there. We're going to be podcasting, the more of our listeners who can link up with us because we'd love to get people on to spend 5 10 minutes with us.
Just telling us about you know, what sessions they've been to what was their favor session. What would their big takeaways? I think if we can compile a few of those things into you know some episodes be great In we haven't figured out our whole strategy but, you know, based on the authenticate conference that I ditched you for, because I had covid. So I didn't really I will never let you live it down.
Never let me live it down covid or not you know you you had an episode per day and I'd love to match that if possible. Yeah, it's a lot of work but I think we could kind of cool. I'm I'm still trying to work out where we will do the podcasting. We've got a lead on a spot that's like one level up. But there's conversations between like Gartner and Caesars and approvals and also their stuff. So hopefully we get that kind of sorted out sooner rather than
later. But, you know, my thought was like, yeah, let's let's talk to folks, we're going to be out there and if you want to be on the show, great, we can work it out. Even if you just kind of want to watch the magic happen as boring as it might be, you know, maybe even being in the room while we record with others.
You know, I think that's certainly an opportunity as well but at the very least you know, give us the opportunity to kind of give a fist bump of thanks, that people are going to be out there, listening or who are listening We're going to be at Gartner. We're always happy to meet up and kind of have conversations and stuff like that.
I think that would be really cool and this is the first time, you know, Jim and I will be at the same conference and multiple years and I have been on the road pretty much all week this week. Saw each other for the first time on Monday last Monday in over two years which was, you know, a little bit surreal. But yeah, here we are, you know, we video like every week we visited every week for the The last two years so it wasn't like oh that's a big surprise what
you look like now. But yeah it was it was definitely weird. It was my first business trip in over two years. Well, that's back baby. We're all over the place now. So I guess good times we were having some conversations this week to that about some some cool stuff that we're working on that. Not ready to announce yet but stay tuned for latest year. We'll keep some mystery around it but the calm Two things like
that. One of the conversations was, we're kind of talking about the podcasts folks and well, Clinton. If you're listening I'm going to steal this because like, you know, how you guys come up with ideas and we kind of explained our process, which sometimes it's plans, sometimes, it's not, here we are. We've been on the road all week, I've had chances chance to sit down, and it's Saturday, July 23rd, and we're recording this.
And I'm going to have to get it, edited and ready to go and publish for early Monday morning. So that's sort of like the process of the magic comes. Behind it. But you know, a lot of the times we pull topics from, is what happens to us, sort of in the real world. As we're having conversations, you know, with either colleagues or clients or analysts, whoever it may be. And the conversation that we were having earlier, this week was really kind of around like
this. This idea of a hub-and-spoke model and I got think Jim thinking about mergers and Acquisitions. I think that's we're going to take the conversation today is talk about sort of I am in the MMA space, mergers, and acquisition space. But yeah, before you go any further, this would be a good point to insert the an audio clip from the Seinfeld show where George is saying it's a show about nothing. You see this is going to be a topic right here. It's about nothing rocket about nothing.
For you talk about mergers and Acquisitions and thing and challenges and opportunities in the identity space, that those might present. Aunt. But yes. Yeah I think in the spirit of Seinfeld, I don't want to get a copyright strike but just imagine you know the show about nothing but instead were about identity, nothing. I don't know if that makes sense or not. Yeah, I get it.
Everyone gets it. All right, let's talk about mergers and Acquisitions. I guess the way that you and I were kind of thinking about this was sort of like talk about maybe some of the challenges that first and maybe some of the opportunities and I know what divestitures is a thing out there as well. We'll probably kind of weave that towards the end, but maybe from just, let's just talk ma
for right now. I guess, what are some of the things that you think about formica challenge perspective, that folks who were in the identity space living in the trenches, in the real world should probably start to think about or at least consider if they're about to go through some sort of m&a activity? Yeah, I mean, while I think that the Mna activity kind of needs further Mission. Right? Because there could be the M which is mergers and it could be kind of a merger of equals re.
So a big bank is joining with another big bank or whatever industry, but you've kind of got to organizations that are roughly the same size or have roughly the same Sway. And you've got to kind of like Stitch those two together, whereas on the Acquisitions, that I think of a bigger fish, consuming of smaller fish, In other words, a big company buying out a smaller company. In this smaller company is going to plug into, you know, how things are done at the bigger
company. I also kind of feel like especially in that second scenario is if your company's done a lot of pre-planning or requires companies all the time, you prop, you really should kind of start to have a strategy for how you fit. It in an acquired company, right? So there's the policies and standards and all the things that you're going to adopt and that we have a strategy for how we handle, you know, active directory or single sign on things like that.
So I think that that definition really is a good starting point, merger, I think, is it definitely has its challenges. It also has presents a lot of opportunities as well, because potentially the company, Merging with brings as much good stuff to the table as your organization, or maybe more. Yeah, I guess, from a. So, let's the mergers and acquisition definition is flexible, because you could be on either side and of those in any capacity, right?
If you're doing a merger, Chances are you know organization probably the same size. There might not be a bigger fish or maybe there is a bigger fish, right? Who's going to be in charge, is one of the things that I think about is, okay, to organizations of equal stature and capability, right?
Who becomes the dominant personality from an identity perspective, when it comes through that merger in the case of an acquisition, if you are acquiring someone else, chances are, you're probably going to, you know, impose your Any practice that processes and Technologies onto whoever it is that you're requiring. Conversely if you are being acquired you might have the opposite, right?
The acquiring organization May impose certain things upon your your identity stack, whether it's process or technology that need to be accounted for now. Doesn't always hold true, right? It may be that your company's acquiring technology or acquiring another knee because of the success of that technology or processes and you might be able to impose some of the better processes and things that come along.
So I think it's important to not just look at this and like in a black-and-white way and say okay we are buying you so therefore you are going to do it the way that we tell you to do it that certainly can be the case but does not always the case. So I think if you've got a good identity program of whether you're the acquiree or the acquirer Um, there is the opportunity to kind of extend that maturity into the organization either up or down from there.
I think some of the other challenges I think about too is like, you know, you've got different it systems that are going to be out there. So you think about it, okay. You know, the the the competition of single sign-on of MFA of the different directories, you know, who's going to, how we're going to handle those things, are they going to be Consolidated or they get a kept separate?
You know, I think the idea Allstate is a lot of folks like okay well you know, we're going to be one big happy family with one giant SSO, 11 MFA solution and one directory and then the real world hits and you realize oh you know here we are five years later and we have 48 active directory domains because we never Winters observe you know consolidation or you may know Jim you and I we could have seen that you know multiple times over the years and there was never like any steps to sort
of like think about this strategically. It was we've just gotta make it work. So okay. Slap the domain in there, we'll just create a forest and set up the trust and we're done. We wash. You kind of like move on to the next thing. So those are some of the things I think about as well. Any thoughts on what? I just touched on? Yeah, yeah, I actually was thinking about, you know, what we're really talking about is like the full on integration of the acquired company.
And I think one thing that kind of has to be laid out is that it's not going to happen overnight. There's not going to be a flipping of the switch and the company's fully integrated. So there probably are steps along the way. Usually it starts with things like the email system. Let's get the email system, it see everybody under one email system.
Federation is usually an I am solution that has put into place so that people can, you know, authenticate and and reach corporate applications of the acquiring company. Sometimes people are just moved over at the A swollen of you can just migrate the users over into, you know, a new active directory, or new single sign-on system and, you know, get rid of
some of the old it systems. But that in my experience is usually the scenario where a much bigger company requires a much smaller company and it's like resources are thrown Outta to make all the old it systems of the acquired company, just go away. But in a scenario where that acquired company has it Systems that are going to come over and
continue to be used. Now, you've got a different set of. I am challenges in other words, how did, what's the transition state then once the final State and into something that you were talking about, is what we've seen so many times with clients that we've worked with where they get so far with the integration and then they move
on to other things. It's like somebody just kind of gave up on it or there wasn't the executive push and I That's that's kind of one of the things I've learned through the ma and divestiture activity that I've been involved with is that trying to drive integration of it and infosec. And I am from a Grassroots level, is, is almost assure loser, especially when it gets to Major Integrations, like, hey, we the acquired company has their own active directory.
So, let's say that the acquired A company is like a third of the size of the acquirer so it's not a small company. It's you know, say hundreds or thousands of users and there's an active directory and applications integrated into act active directory. You're going to have a hard time if you are the active directory, team of the acquirer to convince the active directory, team of the acquiree, to give up their control and move everything into a central active directory.
However, if from like a sea, Yo level, you've got the support to miss support the direction and and the mandate to get down to one active directory, you got to make it happen. Everybody's had a March of that tune or, you know, they might not be happy here anymore, but ultimately, I think that, you know, if the mindset is, we're going to build a better mousetrap in my experience. That's a loser. You know, you've got to do more than build a better mousetrap,
you've got to have The Mandate? Yeah degree. I think you know, we talked about sort of like treating, a technology implementation is like an opportunity to do process re-engineering, and I kind of see the same thing around mergers and Acquisitions is sometimes it's the right time. I do it.
Sometimes it's not, if you have a modern mature identity program, You know, the the inclusion of just another Target or another system, to manage, generally should fall in line with whatever the program is already established for like a standard integration pattern perspective. For example, it's it's more complicated but it should fall
into that same thing. What I think typically happens though is most I am programs are not that mature and so they're left scrambling and trying to figure out. Okay well how are we going to get you know this new population in? So our system are they going to go into the EHR platform? If they are, is there any automation that is going to be used to sort of create new accounts, for those individuals coming in?
You know, how is, how are people going to get access to the ticketing system to submit requests, right? How are we going to get them? Their IDs and passwords. My experience is has been, it's a pretty manual process where there are spreadsheets of IDs and passwords that get kind of passed around and sent to some coordinator. Of the of the activity, right to get off to managers and things like that. But it's not great and trying to design it at the same time, you're doing the acquisition.
I feel is a losing proposition as well. Yeah, you know, one other thought as you were talking it got me got me thinking about was the reason why companies go out and acquire other companies and perform mergers is that They think that the money that's being made by the acquired company, we can make more money. They were to leverage what we have. So it's leverage our, it systems, leverage all of our back-office, maybe leverage our manufacturing capabilities, leverage, our sales force,
things like that. And so the idea is that, you know, we want to acquire this, the company what they're good at, but we want to leverage what we have because we think it's can make it Much better company when I think about that mindset and I think about running a back office. Not just the back office. But hey, let's say we start manufacturing these goods and different facilities and things
like that. The idea of identity management, it kind of like goes all the way back to identity management. Like if you can't even log in and get from system to system, or you keep running into access denied because their systems aren't fully integrated Or else not even use the term integrated. But like, the vision should be that we're kind of getting to just one set of systems for the company. If you, if you can't get the, I am stuff straightened out. Everything else is going to
suffer. And so I kind of feel like, you know, from a technology leader perspective, getting that, I am P straightened out as just of the utmost importance and it again, if you kind of leave that to a Grassroots effort, to say, alright, well, we don't want to rock the boat and force and make people who are over here, feel like, oh no, big brother's coming in and forcing me. So I'm just going to go from a Grassroots perspective. My active directory.
Ministers work out. I'm telling you from what I've seen, it'll never happen. Yeah. I think the intention is that you know, in every go through sort of this process of a merger acquisition it's to make the experience is good for everybody involved. I don't know anybody who likes to try to have a process where it just doesn't work, but that's just the way it is. The process of merging identities is always a challenge too, because sometimes you'll come across these situations.
Where, you know, people might have an account in one organization and the organization is acquiring them. They may have an account there as well. So trying to kind of pull those together is a challenge. I've seen it before to where people are not necessarily loaded into directory systems, it might be kind of treated as like one-offs and they live sort of like in this transitive State between directories or between HR platforms, whatever it may be. So I think that's another thing.
And people kind of consider is as you're going through this process, right? You might have like, on your side and identity and access management platform that is used to receiving identity data from an HR platform, like a work day or an oracle. Sure there's tons of them out there, right? How is your system going to respond when that data is not available or can't be used for whatever reason? How are you going to provision? Those accounts is always a question and the same.
Thing is, if there is a termination, how are you going to make sure, you know this kind of touching on the divestiture topic that we'll talk about as well. But how do you make sure that acts as unwind into has been a challenge? This is where I typically see those spreadsheets get passed around which stinks and nobody
likes that. So I think if the system is designed in a way that again from a program perspective is okay, it's just another Target. Another population to manage insert them here and you've got sort of like this manual hook up. For when that RV, you know, comes along to the campground, kind of them, be more Transit.
I think it makes more sense. So, when you're designing your I am platform, especially when it comes to things like identity, governance, and the axis engine side of things is making sure that you've got not only a happy path, right? Here's your identity source of truth, but here's the manual, / may be unhappy path. Of how are we going to handle folks? Who don't fit into that? Into that bucket? What your thoughts?
Yeah. Yeah. I mean I'm sitting here thinking, probably the first time you do, this is going to be the hardest sale on the acquisition track. And I was thinking about the merger track where a merger of equals and you know, I was thinking about. Okay, so we have say to companies with 10,000 employees each? You know we talked about kind of it happens, iteration.
So in other words you put together enough Plumbing so that you can kind of work together but that's not the vision of You know, how you achieve the, The Leverage you get from take going from two companies to one company. It's by a full-on, you know, melding of all this back office. And I think about things like, you know what, if you're using the same SAS applications like Salesforce or even something, as
simple as concur. Now I go to concurred it's asking me to login, like which one do I use? So you can imagine in like the cloud brings on all these new directories and how you get to those and how you authenticate to them and how you're being provision to them. All those things need to be taken into account. As I think if we just think about it from the traditional directory perspective of an active directory, that's
complicated enough. When you started thinking about organizational units and and policies, and You know, all the things that go with ad and merging those together over them, when you take all of these Cloud applications that have their own directories, and the fact that organizations could be the merged organizations could be using the same application.
So it requires a extensive planning of requires that the merge companies work together to kind of, you know, come up with the strategy for this, this merger, so that end users don't. Don't get stuck in the land of total confusion.
But, you know, the other thing I was thinking about is like, imagine a scenario where two companies merge, they're both using Office 365, they both are using in tune and they're managing those end devices on in tune with be it, you know, laptops are more likely mobile phones. Imagine that they also have, you know, non-employee users in their core directories Like Partners which to your point, you could be leveraging the same partner, so they might not be an
employee user. Normally a person wouldn't be an employee of both organizations but certainly a third party could have accounts on both sides and that could actually absolutely be confusing but I think you know you have to with all that complexity at all that you have to kind of dial it back into parts that you can control and try to isolate. Eight the areas where you can merge where it makes sense and try to minimize the impact Downstream.
And then, you know, you go after some of these more complex Parts as late in the process as you can, I think it's probably a good spot where we can pivot and stop talking about all the problems and maybe stuck start talking about. So I things that are actually benefits right? Or potential benefits, or opportunities, whatever way we want to kind of spin it around. Okay, so we know we've got all these issues. What are some of the positive things that could come out of a merger?
Organs action acquisition from an identity for Sperry, right? Yeah, I mean, that's that's great because I am an optimist, believe it or not are like to think Of myself as an optimist. You know what I think of you know say were the acquiring company or the more senior organization in the merger however you want to put that or even if your equals the idea that the other company could have a better process, a better mousetrap for some Mass effective.
I am so you've been on you know, adfs for Forever. Right? And you haven't been able to get the investment to move to a cloud base and say the company that you're merging with has OCTA, that's not perfect opportunity to you know, upgrade your technical footprint and hopefully you're all so you know going to be bringing you on a team of people who are expert in that technology. So that's a great opportunity right there.
What are your thoughts? Yeah, I think anytime that you can grow from Expertise standpoint is great. I think that's certainly in, on a win. If you if you are able to get additional technologies, that may be either you couldn't afford or just didn't get approved or whatever, maybe from from an acquisition. I think that's great too. I think a lot of times companies who are doing acquiring tend to be more mature anyway, from a information security and from add any perspective.
So there may be an opportunity to solve some Legacy challenges that you might have had. If or being acquired, for example and say, hey, okay well this company has you know, X technology. We we didn't have that. But now we do, how were we going to take advantage of that sort of thing to be able to, you know, deliver, better services
to the organization? You know, for my identity standpoint, probably an opportunity to take advantage of, you know, if there are, if there are better processes, it can also be used as an excuse to make it to make changes to the environment. Say, okay, hey, you know what? Well, we're going to those Acquisitions.
So because of that, That we're going to have to do X and sometimes, you know, that that sort of kick in the pants is is all you need to change mindsets or at least get the the momentum or the drive to maybe make things more standard or more consistent through processes. So I think you can kind of get
creative sometimes around. You know how you want to kind of Leverage that change from at any perspective and a merger or exact acquisition or Eve or a divestiture is a seismic event in the organization and it can certainly cover, you know, a lot of things that need to take place either from a people, a process, or a technology standpoint. The seismic event often comes with a special budget.
So there might be an opportunity to invest in an area where you have an invested before you even take it to that very fundamental level. A lot of organizations, even mature organizations, don't have a mature.
I am program or I am strategy. so it might be an opportunity to reset around that, especially if you've gone through an acquisition and you can say, alright now let's do a post-mortem on it and you start to say boy we could have probably done this better had we had a shot at she around how to handle an acquisition or merger so movie we bring in some help to help us plan around that and then to your point, you know, usually even very mature organizations, have some areas
that Could be improved whether it's, you know, they can have a better process or better technology for access management or something on the provisioning and you know, role management side or privileged access management side. So the scope is large enough that you know, you can take take advantage of the opportunity to have an acquisition budget. Potentially get some things done. Yeah, for sure. I mean, don't overlook that budget. I think we've seen it.
Yeah, the last few years is like This thing called digital transformation. And we've seen a lot of identity programs, sort of, get better, and sort of use. Some of the funding, that might be available that to transform the organization, whether it's like, internal Workforce or maybe some sort of customer-facing thing. But I think this is another another cover to get some, some money into the. I am program that may be of use and be able to kind of move things forward with that.
We've been hinting on sort of divestitures the whole time in. I think probably now is a good time to kind of Think about that as well is what are some of the things from a divestiture standpoint? Because for every, you know, I feel like merger and acquisition that's out there. There is also the opposite that takes place where some part of the organization or company is being spun out or wound down, or
whatever it might look like. And there are certainly challenges around that because those are not typically like a normal run-of-the-mill separation or termination, right. Those sort of thing. What are some of the things that you think about from a divestiture standpoint before we move on to Investors. Can I bring up one other area? I guess around these challenges and opportunities because they think these two are the two things we're going to bring up our both potential challenges
and opportunities. So, the opportunities arise around people. Potentially, you're acquiring a company with talent and you can add that talent to your team. The challenge is potentially those folks. Don't realize that they're, you know, you're thinking about them in that way of, hey, there's there's going to be a new home for me and I'm going to be happier than I was before.
So the challenge becomes You need to get in front of those people and let them know that there's a place for them and that you picture them in your future. So people's one, the other I was thinking of there's like so many more of our of clients that I interact with are moving to this manage operations, or MSP or mssp model where they've outsourced. The day-to-day run activities of their info SEC and I am groups, maybe all of Mighty.
So, you're potentially in a merger scenario or acquisition scenario, you've got two different msps. Obviously, that could be a challenge like, you know, do you move forward with both of them in place? Do you move forward and kick one of them out? You know, but it's also an opportunity right if one organization has been unhappy with their managed service provider. I mean, that's how I see that you know, quite frankly Quite a lot.
So if one organization is very happy, the other organization is unhappy, I mean, there's a potential opportunity where potentially lower your costs overall, for managing it and you could improve your service on at least one of the one end of it.
You know, either the acquirer the acquiree, you know, going back to real quick before you get back to dusters around people and making sure people are under, you know, Part of the plan and understood but communicating that to the employee is a very important part because it's certainly, you know, if you're thinking about is like, okay, well shoot, we're getting bought or we're selling something off, like what does it have to do with me? Right?
What am I going to? What does this mean for me, from a employment, standpoint this good or bad? And the sooner you can share, you know?
News, hopefully it's good news. The better you will be off because then, you know, people are aware of Of what's going on where they're going to fit into the new organization or how that's going to work, etc. You know, one of my mantras is never wait to share good news with people because I've seen a lot of times where, you know, that uncertainty, you know, leads to something that you wish hadn't hadn't happened, all because you decided to wait, because you were trying to
coordinate something else or maybe share, good news, you know as soon as you can. I think that's a good mantra for me, at least. Yeah. You and I were both recently involved with being in that. Position, right? And I don't think when you say people think we'll, how does this affect me? There's nothing wrong with the person for thinking that, right? I mean that's, you know, any normalize what you should be
doing, it's normal. And so I think going into a situation like that, if you're in management, you should be thinking before going to be thinking that and get out ahead of it. Yeah. For the people that you really value their, you'd be really disappointed. If you found out, they were leaving You know, right around the time of the, you know, acquisition taking place. Yeah, it's difficult time for
sure. So try to make sure if it's the same page and again bring people to especially the folks that are considered strategically organization is make sure they're aware of what's going on. Make sure they understand what their role will be and try to share as much as you can. So, alright, let's get back to divestitures. What are things to think about?
Because I think about this idea of like a carve-out, For example, a lot of organizations are good at putting things together, not necessarily good at breaking them apart and that's one of things immediately jumps to mind but I'm sure you've got other thoughts on that. You know, I think that you're right on.
So I've been a part of divestitures in the past and you know, typically what I saw was that when you divested company included in that sale is some set of it systems and the folks required to support those, it system. So You know, it could be one of your networking people. It could be you know one of your I am people, but essentially you're going to have to, you know, give that acquiring company, the it systems to run the business, right?
They're not just buying the factory and none of the computers and it systems that go with it. So the accounting system all that. So you, you know, as much if you're in the business of, you're going to divest a few companies. Obviously, if you have that strategy and And as you're developing systems, you can develop them in that way. Each business maybe does have its own active directory domain.
So then you just kind of break the trust and give them their active directory and all goes well rather than having everybody merged into, you know, one OCTA instance, maybe you're in a hub-and-spoke model and they get their spoke or the data is kind of already segmented. That is ideal. One of the other things that came to mind. There is just That you know, well, typically you're going to have to divest some of your team as well.
So, you know, if you're not completely decentralized, which would be great, but usually not the case. You're going to have to, you know, take some of your folks from your corporate it and info SEC staff and give them over to the new company. Those people may know shared passwords and they may know, you know, things that. Well, at least let's just stick to Passwords for a second.
If somebody who shared passwords service accounts or shared passwords for routers and things like that, those passwords need to be changed. So I think, you know, step one is trying to figure out anybody that your divest thing. What are the passwords that they know that you need to change? It doesn't really sound that much different in that context of like a normal separation, right?
Shouldn't you always be removing access for people who have left the organization or Road into a new, you know, position that doesn't need access to things. I know we see the struggle of time with a privileged access management especially shared
accounts rotating passwords. You know not everyone is fortunate to have you know a tool that will automate automate that rotation of the secrets password Vault something of like privileged access agent tools like you know psychotic or the Linea. Now Beyond trust cyber-ark, those sorts of things and they're left sort of like in this manual state where it's like okay well shoot Jim knew all these Counts. I'm gonna have to go off and change all these and hopefully we get them all.
It seems to be, you know, one of the, one of the strategies I know that you and I don't like building strategies based on hope. So how do we, you know, validate that that stuff is taking place. But you know even now with like Cloud security, and the obfuscation sometimes of some of the identity permissions that go with things like AWS gcp Azure to lesser degrees of the measures a little little more straightforward. For the adgroups.
But, you know, how are people getting access to some of these Cloud infrastructure as a service or platforms, as a service, whatever it may be understanding how the permissions are working, how to counter for is a big part of it, too. Because we've certainly seen in the mood, in the news. The last few few years of people having access to, for example, S3 buckets, that probably shouldn't have had access to Beyond, you know, they're, they're, they're stay with the organization.
It's no different for me. Least from a divestiture standpoint was like, okay, it is a termination and the goal is to make sure that the axis is removed in a timely manner to whatever systems will not Remain the challenge. Is there, sometimes this transitive state where a person might be in both roles, how do you make sure that access is appropriate? And if there are things, we've
been carved out or separated. How do you make sure that the right permissions, remove wrong, permissions, go away. You know, those sorts of Things. So I think it's a complicated scenario for sure, but if I try to keep it for my feeble brain, as simple as I can, that makes it easier for me. Yeah, well, takes a lot of planning.
It takes also having detective controls so that you can keep a watch on what's Happening. I think what you mentioned there in terms of like all the the cloud reach Beyond kind of just what's happening on your network makes It harder to control, makes it more complex, and I think that's why organizations constantly find themselves falling behind is that the, the
world of it is changing so fast. It's, you know, new services are coming online and it makes it harder to manage, then you throw a divestiture on top of it. So, yeah, again kind of the divestiture and MMA stuff, really just has a You know, Major Impact in terms of complexity challenges, but I think on the on the flip side, it's opportunities as well.
And if you you know if you get it right potentially you can grow your business exponentially and that the acquisition like we're talking about why the business is to the Acquisitions. It's because they believe that take this company, that's making a million dollars, a year, put it on our system and maybe it can make ten million dollars a year because of the kindness of their heart. The idea Is this?
Yeah, they don't want to make that examinees is to make more money so it's just it's just the way business is. I think for my dining perspective is kind of start to wrap things up, is try to keep it simple as much as you can. These are complex situations, but if you try to break it down from an identity perspective, we're still talking the same Concepts who has access to what and is that appropriate. So boarding off-boarding the changes, those are still the
same type of life cycle. Well, events that are probably taking place, you know, throughout the challenge here is that it's a new organization, they may or may not have a easy path in and there may be some options that need to be triggered to be able to support sort of that that move over or move out whatever that looks like. So again I try to keep things as simple as possible and try to, you know, the life and the world was already complex.
We don't try to make it complex, even more complex. Just just for know, A reason doesn't make any sense to me. So, again, try to keep it simple as kind of a things and, hopefully, that that makes makes things go smoother As you move through this process. Yeah, that's great advice. All right, so we should start to wrap things up, but you and I have been on the road. I've been on the road for two straight weeks, which is great times.
And you've been on the road I think for the first time in a while for all week with, you know with me I got me and you thinking about some of the trips that we've taken in the past and you had a good one that I thought would We'd bring to cut kind of white here. Is what was your first international business trip and you could stories around it. Yeah, good sir. And and the reason we picked International talk about is that I did have a first domestic trip
but it was pretty uneventful. My first international trip was to Frankfurt, Germany. And on, during the landing, there is a little kid sitting in the row behind me, and he started crying and Not sure why I was crying but then I found out pretty quickly because he vomited over the seat on the guy next to me and there's splashed on me. So, I mean gross before I was pretty fortunate that I wasn't like I didn't bear the brunt of it but the guy next to me got
God blasted. And I mean even if you get one drop of vomit on you, it's really bad. Now I heard the appropriate number of drops is 0. In case you're wondering. Yes. Yeah if you're doing if you're playing at home but yeah it was
pretty bad. Someone had mentioned to me early in my travel days like try to be as empathetic to the people around you as possible and traveling because nobody's having your time and you know like I didn't take this as an opportunity to blow up. Now, the guy next to me was furious and I think probably if I get blessed with Like you did. I probably would have been Furious too but I tried to take it in stride as much as possible. The mother whose with the kid was almost in tears.
I mean, she felt horrible about it. But I mean that was my very first trip. So lend in Germany got vomited on, went directly to the bathroom. Took off my shirt wash, it didn't put it back on and put something else on. But yeah, I'll never forget that one. How about you? Yeah, I'll bet that's it. That's It's a not a great way to start. I guess, I guess that's one way to stamp a passport. I would just rather ink instead. Yeah, yeah.
And you know, it wasn't, it wasn't a bad trip but I had not dealt with that kind of jet lag before. So, six hours difference and I'd be laying there at night, after working all day, and being exhausted and just staring at the ceiling because I my body wouldn't adjust. And then when I got home and there's only six hours, But you know is my first first time experiencing that it was the same way. I think my first trip was to India going from Chicago to India, which was a nineteen and
a half hour. I think total travel time between airports to get there. I had a good trip. I mean, as far as, you know, experiences go is my first international business trip, you know, it was a long trip, that's for sure. Sure. But the actual experience was great and you know was there on business with the partner that we were working with and going through a scenario that we had just talked about and, you know,
the, the experience was great. I got a chance to sort of open my eyes to other cultures and kind of see how other folks around the world lived. And I think that was, you know, a sign of an Awakening moment, you know, having lived in my bubble in the Chicago area for a number of years.
At that point, not really having that exposure You know, shout out to the folks that I was with making sure that spicy food was kept to a minimum protecting me from hopefully making any too many stupid American mistakes in a foreign country but just being able to kite, go meet the other folks you know, I got to see mahabalipuram and the shore Temple and a bunch of stuff in the Chennai area of India. It was very hot which as you know is My Kryptonite hot and humid not A great combination
for me but the actual trip itself was so positive. It was, it was a good experience for me, certainly long from a travel perspective but I'm glad I went and certainly was a good experience. Like I said and you get vomited on. No, I def, I did not. It was a, it was a, it was a good trip. No, no vomit vomit. Free trip. Wow. This is so weird. So unusual, right? Yeah, I hopefully that's a no. I mean, hopefully that's the uh, normal. Strictest, you're not gonna say it.
Only happened to me once it just happens to be my first trip. It was a scarring incident. What can you say? You can. All right, let's go ahead and wrap up because we were starting to ramble a little bit. It is definitely a Saturday. I got to turn this around to a show for Monday, so we'll go ahead and leave it there, you know, I think, you know, as we kind of think about this Ma and identity perspective and we talked, I feel like we spent more time on sort of like the challenges.
But as I'm sitting here thinking about the conversation, a lot of the challenges are things that you're probably already dealing with already. It's just not in the context, maybe of a merger or an acquisition or a divestiture, but it's still again that same concept of onboarding off-boarding changes right to Identity, the system's being available, right? How are they going to be
utilized with any memorization? So, hopefully, hopefully this conversation made sense and if you've got comments around it, you know, certainly paying us on LinkedIn. We're happy to Tell it tell us, we're crazy. Tell us like, yeah, you know War stories about it. We're always happy about that maybe even better maybe. Come on the show and kind of talk through some of the challenges. Maybe you face in the real world wrong with HEPA to have folks in the real world come on.
But any final thoughts before we close it up for this week? Jim. Yeah. Just thinking exactly what you said about the, you know, adding your comment to LinkedIn. Every Monday noon eastern time in the u.s. Jeff post a post on LinkedIn to let everyone knows that the episodes out. Out adding a comment there would certainly be welcome and then of course feel free to direct message us on LinkedIn especially if you're going to Gartner and we have that
opportunity to to meet. We'd love to interact in person. Yeah, definitely. If you're going to Gartner, we will be there. We hope to see folks there as well. We put on our golden podcast pants just like everyone else. We'd be happy to do fist bumps, you know, if you want to watch a show getting recorded, you know, that's, that's certainly an option or beyond the No, hit us up on LinkedIn. We're happy to accommodate that
as best as we can. So all right with that, we'll go ahead and leave it there for this week. We're on the web. I'd any at the center.com we're on Twitter at idac podcast and we've enjoyed this conversation and hopefully you did as well and we'll talk with everyone in the next. Thanks for listening to the identity at the center podcast. If you like what you heard, don't forget to subscribe and visit us on the web and identity at the center.com.