Transforming identity security with intelligent access (SEC221)

Summary of Video Transcript

Overview

  • The speaker, Mike Towers, is the Chief Security and Trust Officer at a company called Vasa. He has been in the cybersecurity industry for almost 20 years.
  • He believes that identity security is the most underserved area of security for the last 20 years and a completely disruptive approach is needed to solve identity problems.

Challenges in Identity Security

  • Most identity solutions were built when the world revolved around Active Directory and SAP, but the world has changed drastically.
  • The level of variability in where data can be copied is extraordinary and growing, with more SaaS platforms being added.
  • There is no standard for permissions and entitlements, which are the fundamental root of identity security.
  • Identity and Access Management (IAM) is rooted in directories, users, and groups, which does not help with security.
  • Security posture is an amalgamation of roles, permissions, and resources across all platforms, which is difficult to manage and track.

The Vasa Approach

  • Vasa has built a data model called the "Axis Graph" that connects to all the systems in a business and graphs the identity data, roles, permissions, and resources to provide a comprehensive view of the permission landscape.
  • The data model aims to:
    • Unify the different permission models across platforms into a consistent set of actions (create, read, update, delete).
    • Democratize access control by empowering business leaders and data owners to manage access, rather than relying solely on a central security team.
    • Provide visibility, intelligence, and control over the entire permission landscape.

Challenges and Importance of Identity Security

  • Factors like cloud adoption, digital transformation, AI/ML, and business changes (acquisitions, restructuring) make identity security increasingly challenging.
  • Effective identity security is critical for business enablement and supply chain resilience, as it impacts how third-party users access and interact with an organization's systems.

The Vision for Identity Security

  • The goal is to move beyond just visualization of the access model to:
    • Identify and remediate toxic combinations of access.
    • Implement real-time, secure access policies.
  • Achieving the principle of least privilege is a key focus, as most users have far more access than they need to perform their jobs.

Conclusion

  • The speaker emphasizes the importance of a data-driven, permissions-based approach to identity security, and invites the audience to visit Vasa's booth for further discussion.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us