Episode 067: 11‐21‐2024 Unraveling the 6Ws of Identity Security with ObserveID - GluuFederation/identerati-office-hours GitHub Wiki
Title: The Evolution of Resource and Policy Management in ObserveID
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Axay Desai, Founder & CEO at ObserveID
- Co-Host: Ric Weeks, Head of Channel Sales & Alliance Operations at ObserveID
Description
Traditionally, identity security has primarily focused on addressing three of the six Ws – Who, What, and Why. However, ObserveID takes identity security to the next level by delving into the When’s, the Where’s, and the What’s. By considering not just “Who” has access and “What” actions they perform, but also “When” these actions occur and “Where” they take place, ObserveID employs a comprehensive approach that significantly reduces the surface attack area and enhances overall security. This thorough examination of the timing, location, and specific activities associated with user identities enables a more precise and dynamic implementation of access control and monitoring, strengthening an organization’s defenses against both external and internal threats, and ensuring a more resilient and adaptive security posture.
Homework
Takeaways
-
ObserveID is a "Converged Identity Platform" that strives to create a single management plane for an enterprise's workforce identity tools. It's targeted at the large mid-tier enterprise workforce segment who use an assortment of identity tools and services, but have no good way to combine the data from these systems into actionable information.
-
Organizations need to understand the baseline activity in order to detect unusual activity. With connectors collecting data from the right systems, ObserveID is in a good position to use AI/ML to learn the typical behavior of a workforce user and detect anomolies.
-
While for years Sailpoint has positioned themselves as a one-stop shop for enterprise identity, it's so expensive and hard to implement that they only end up serving the largest organizations, which leaves a gap in the mid-market. SaaS services can bring these more advanced identity solutions into the price range of smaller companies.
-
From both a technical and business perspective, a new authorization model is emerging. RBAC is still important, but companies need to more comprehensively manage security policies for both people and "non-human" identities. It's still early, but it will be interesting to see the tools that companies like ObserveID build to help optimize authorization 2.0.