Streamlining and Improving Security by Standardizing Identity Management

The Cybersecurity Readiness Podcast Series

Oct 18 2023 • 32 mins

While cloud computing has become a great digitization enabler to enterprises, multiple clouds—especially when intersecting with on-premises systems and one another—can produce some challenges. Many organizations can end up with an "identity gridlock" of competing identity systems and protocols since each cloud platform cannot exchange access policy data with other cloud providers. It was an absolute pleasure having Gerry Gebel, Head of Standards at Strata Identity, join me to discuss the significance of standardizing identity management.

Time Stamps

00:02 -- Introduction

02:09 -- Gerry Gebel's Professional Highlights

04:15 -- Role of Standards in Identity and Access Management

08:14 -- Avoiding Identity Gridlocks

11:38 -- Competing Interests in Developing Standards

14:49 -- Role of Standards in Achieving Fine-Grained Access Controls

18:25 -- Rationale Behind Having Numerous Standards

21:02 -- Senior Leadership Involvement in Standards Setting Process

25:39 -- Streamlining and Standardizing Security

28:07 -- Final Thoughts

Memorable Gerry Gebel Quotes/Statements

"Standards allow for interoperability between domains that different organizations run, and this can provide the user with a lot of convenience."

"Each of these cloud and computing platforms has its own way of defining and configuring access to resources. That's where the gridlock comes in because they're not interchangeable; they are not interoperable."

"Realize that you're not standardizing the whole offering; you're standardizing different pieces that have maybe become a commodity."

"It really comes down to having customers involved in the process, because they're the ones who ultimately, will, or will not purchase products. If there's a lock-in, or there's a lack of interoperability, the customer may choose to stay away from that product or solution."

"You can be an active participant (in the standards-setting process) and look out for your own interests, rather than delegating that to someone else who may not represent the same point of view."

"What is the purpose of creating these standards? And we've sort of alluded to that a couple of times here. I think that's where the enterprise perspective is very important. Because, as a programmer, as a developer, we can easily get lost in the weeds of the technology, you know, how do I write this Go routine? Or how do I write this API? And I think the enterprise perspective keeps the focus on what's the real business purpose for doing this. Does it enhance security? Does it give us vendor independence? Does it reduce risk in some way? Or does it enable new business? So I think it's important to have that [customer] voice in the conversation."

"I would say from the enterprise administrative perspective, there's more capability to properly govern the deployment, the configurations, if you have standards involved, because it gives you more visibility of exactly what is connected to what and who has access to what. It gives you better visibility or reporting capability to show, "Oh, well, I'm compliant with these HIPAA rules, or I'm compliant with, you know, some of their financial rules." So, that's where the standards can be of great benefit in overall governance."

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms: