Episode 67: Unraveling the 6Ws of Identity Security with ObserveID
Traditionally, identity security has primarily focused on addressing three of the six Ws – Who, What, and Why. However, ObserveID takes identity security to the next level by delving into the When’s, the Where’s, and the What’s. By considering not just “Who” has access and “What” actions they perform, but also “When” these actions occur and “Where” they take place, ObserveID employs a comprehensive approach that significantly reduces the surface attack area and enhances overall security. This thorough examination of the timing, location, and specific activities associated with user identities enables a more precise and dynamic implementation of access control and monitoring, strengthening an organization’s defenses against both external and internal threats, and ensuring a more resilient and adaptive security posture.
Episode 66: Demystifying Non-Human Identity Management
In today’s digital landscape, the rise of Cloud, SaaS, Generative AI, and data-driven automation has led to the proliferation of Non-Human Identities (NHIs) within organizations. These digital entities—such as service accounts, access keys, and API tokens—play a crucial role in driving business operations, but also introduce a growing attack vector. Mismanaged NHIs have contributed to 85% of security breaches, including ransomware attacks, where weak NHIs are exploited to access critical data. Organizations need an enterprise-wide Non-Human Identity strategy, without which they risk exposing themselves to security breaches or outages originating from inefficient administration of NHIs. Join the conversation to discuss best practices for discovering, securing, and managing the Non-Human Identities in your environment.
Episode 65: Improving bank mobile security
Identerati are excited about the potential for EU identity wallets. But less obvious is what the proponents intend to do to enable PAYMENTS. Identity and payments have different functional requirements, making it challenging creating a “unified” standard without ending up with an unimplementable “frankenwallet”. This episode will discuss an idea for a different kind of Payment Authorization Wallet, uniquely targeting payments, that it is based on Deterministically Encoded CBOR rather than JSON.
Episode 64: Amazon’s Cedar Open Source Strategy
Amazon released Cedar as an open source project on May 10, 2023. Why? The open source strategy will shed light on what AWS is expecting to accomplish with Cedar. Are they expecting open source contributions? Does AWS believe open source will increase the rate of developer adoption? Why did AWS chose to open source both the policy syntax and the Engines (Rust, Java, Go). Why choose the Apache 2.0 license? What was the business case the Cedar team made to AWS management? What are some of the metrics that AWS will use to measure the success of Cedar adoption? What other open source projects does Cedar resemble at AWS? Join this episode for a deep dive into the Cedar open source strategy!
Episode 63: Beyond Whack-a-Mole: Future-Proof Against Tomorrow’s Threats
Heather Vescent takes us beyond the endless game of reactive cybersecurity—whack-a-mole style—to understand how strategic foresight can future-proof against tomorrow’s threats. Discover how to shift from a defensive stance to an anticipatory strategy that stays ahead of emerging dangers. Learn how to outsmart future threats before they hit your systems.
Episode 62: Reflecting on FIDO’s evolution to passkeys
What were passkeys before 2022? What are the passkeys today? What is missing?
Episode 59: Product Manager Strategies for Trust and Safety
When it comes to preventing bad actions on online platforms, the goals are different. Priorities are set… and then change. And measuring success is often “inverted”. What are tactics that accomodate these differences to enable trust and safety issues on a platform? How can product owners or similar leadership roles support these differences?
Episode 58: Corporate Wallets
Will your future business leverage decentralized identities to issue credentials to authorize its workforce to transact? Is federated identity enough, or is this a use case for decentralized identity? How does a business even assert a legal identity? What new tools and rules are needed to minimize the transaction costs of inter-domain trust? In this episode, we’ll discuss if a “Corporate Wallet” is a key enabler for digital transformation for both an organization’s workforce and its end-users.
Episode 57: Latest developments in DIDs
Decentralied Identifiers (DIDs) are being used in numerous digital identity projects around the world and serve as the basis for Verifiable Credentials (VC) and many other technical specifications and protocols. At W3C, a new DID Working Group has been launched to update and expand on the existing DID standard. Let’s take a look at the current state and recent developments around DIDs!
Episode 56: How modern AuthZ will change banking
Banking has many security challenges: privacy, regulatory compliance, MFA, third-party vendor threats, insider threats, api security, cloud security, incident response and breach management. What can we learn from how banks are adapting to this new security landscape by supporting central policy management? What are the concerns and unique challenges that are driving the momentum to externalize application security policies? And how has their current strategy worked out so far?