While cloud computing has become a great digitization enabler to enterprises, multiple clouds—especially when intersecting with on-premises systems and one another—can produce some challenges. Many organizations can end up with an "identity gridlock" of competing identity systems and protocols since each cloud platform cannot exchange access policy data with other cloud providers. It was an absolute pleasure having Gerry Gebel, Head of Standards at Strata Identity, join me to discuss the significance of standardizing identity management.
Time Stamps
00:02 -- Introduction
02:09 -- Gerry Gebel's Professional Highlights
04:15 -- Role of Standards in Identity and Access Management
08:14 -- Avoiding Identity Gridlocks
11:38 -- Competing Interests in Developing Standards
14:49 -- Role of Standards in Achieving Fine-Grained Access Controls
18:25 -- Rationale Behind Having Numerous Standards
21:02 -- Senior Leadership Involvement in Standards Setting Process
25:39 -- Streamlining and Standardizing Security
28:07 -- Final Thoughts
Memorable Gerry Gebel Quotes/Statements
"Standards allow for interoperability between domains that different organizations run, and this can provide the user with a lot of convenience."
"Each of these cloud and computing platforms has its own way of defining and configuring access to resources. That's where the gridlock comes in because they're not interchangeable; they are not interoperable."
"Realize that you're not standardizing the whole offering; you're standardizing different pieces that have maybe become a commodity."
"It really comes down to having customers involved in the process, because they're the ones who ultimately, will, or will not purchase products. If there's a lock-in, or there's a lack of interoperability, the customer may choose to stay away from that product or solution."
"You can be an active participant (in the standards-setting process) and look out for your own interests, rather than delegating that to someone else who may not represent the same point of view."
"What is the purpose of creating these standards? And we've sort of alluded to that a couple of times here. I think that's where the enterprise perspective is very important. Because, as a programmer, as a developer, we can easily get lost in the weeds of the technology, you know, how do I write this Go routine? Or how do I write this API? And I think the enterprise perspective keeps the focus on what's the real business purpose for doing this. Does it enhance security? Does it give us vendor independence? Does it reduce risk in some way? Or does it enable new business? So I think it's important to have that [customer] voice in the conversation."
"I would say from the enterprise administrative perspective, there's more capability to properly govern the deployment, the configurations, if you have standards involved, because it gives you more visibility of exactly what is connected to what and who has access to what. It gives you better visibility or reporting capability to show, "Oh, well, I'm compliant with these HIPAA rules, or I'm compliant with, you know, some of their financial rules." So, that's where the standards can be of great benefit in overall governance."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
Preventing Security Breaches Must Start at the Top
Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic
Latest Webinars:
How can brands rethink data security to maintain customer trust?
Cybersecurity Readiness in the Age of Generative AI and LLM
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee