i’ve been spending a lot of time with prospects and clients. every one of these meetings is set up to talk about identity lifecycle and authN. but every single one ends up in a discussion about authZ. friday afternoon i sat in one of the nicer buildings in uptown manhattan and we were talking to a big media company. we were talking about their homegrown websso solution and how quest may be able to offer them something more robust. i mentioned that our product could also do some basic authZ work and the lead on the project said “if you want to talk about authorization we’ll need two more hours”. i scratched at the surface a little bit, but we only had 20 more minutes for that meeting. “everyone is challenged with this right now if they have even a slightly complex shop” the customer was very clear to state.
certainly, authZ is a big topic. Gartner’s last IAM conference made it clear that getting an authZ strategy in line is the next big task for a well run IT shop. MSFT is ready to take a fresh run at the issue in Geneva with a better chance of success (MSDN Blogs). there are some really cool players in the space like Bitkoo. and there are some really big companies taking the plunge through acquiring, the biggest being the Cisco + Securent take down. but there seems to be a big break in the types of companies i see actively looking into this. it’s the smallest of the big and the biggest of the small. shops that, not coincidentally, have the right kind of budget and the right level of complexity to be far enough along in a maturity cycle that this can edge it’s way out to the front as a real project. but project or not, everyone wants to talk about it. it will be interesting to watch it all play out.
About the Identity Sander
- "So what you mean is we don't need policy now because you guys can fix it all later, right?" Um. No. Not really. #security #facepalm:: 1 hour ago
- and #hacker movie trivia. @securityweekly shames me with one I really should have got /cc @InfoSec_World (2/2) youtube.com/watch?v=WjrvxJ…...:: 1 day ago
- First, the serious bit of #security #philosophy with @securityweekly at the #InfoSec con /cc @InfoSec_World (1/2) youtube.com/watch?v=NeC8hi…...:: 1 day ago
- Yes & don't forget AD #AuthN & data access - Clean Break: Block Ex-Employees' Access inforisktoday.com/clean-break-bl… by @euroinfosec #security #IAM:: 1 day ago
- I sometimes wonder if some of the people really upset about online #privacy overlap with people screaming #PII into mobiles on NYC streets:: 2 days ago
- RT @STEALTHbits: WEBINAR: 1 day left to register! Solve the #IAM blindspot & adopt a better #InfoSec posture @sanderiam @joe_carson | https…:: 2 days ago
- math giveth #encryption, and math will take it away youtu.be/12Q3Mrh03Gk #security via @PBSInfinite:: 5 days ago
- RT @STEALTHbits: 5 Trends for Security Professionals #infosec #GDPR, @sanderiam bit.ly/2oXYC5P:: 1 week ago