Episode 159 - GluuFederation/identerati-office-hours GitHub Wiki

Title: The Rise of JIT Access

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Shashwat Sehgal , CEO & Founder P0 Security

Channels

• Linkedin Event
• Youtube Video

Description

Most organizations still run on permanent privilege: SSH keys that never expire, service accounts with admin rights, and approval flows that take longer than the actual work.

The result? 77% of breaches begin with compromised credentials, and everyone’s afraid to clean up access because it might break something. It’s time to admit that manual least-privilege programs can’t keep up.

Just-in-Time (JIT) access changes that equation: fast for developers, safe for security, and auditable by design. P0 Security’s identity-native approach automates what used to take weeks and turns least privilege from a philosophy into a daily practice.

Homework

• How CISOs Should Approach Identity Security – A First Principles Guide

Takeaways

• ⚡ PAM has evolved from a multi-user password vault, to Groups based authorization, to authorization engine driven authorization.

• ⚡ CISO's should look at "outcome driven metrics”. If the outcome we want is "to protect sensitive company assets from misuse", how do we measure that? Or perhaps the metrics should reflect the effectiveness of our governance program itself, which strives to reduce risk, increase transparency, and increase accountability. What metrics would measure if each of these three outcomes is heading in the right direction?

• ⚡ Modern identity programs can’t stop at provisioning and access enforcement. They also need continuous assurance that access posture.

• ⚡ PAM systems are always closely associated with certain applications. No PAM system does it all. So governing multiple PAM systems is an CISO reality. But its preferable to governing each application as a one-off.

Livestream Audio Archive

here