Application Security

Ask the CEO: Dynamically Speaking Live Q&A – Part 1

Ask the CEO: Dynamically Speaking Live Q&A – Part 1
Written by ga_dahmani
Ask the CEO: Dynamically Speaking Live Q&A – Part 1

In a recent episode of our speaking dynamically insight series, we held a live broadcast Questions and answers on our YouTube channel with Axiomatics CEO Jim Barkdoll answering questions from viewers.

This is part one of a two-part article featuring highlights from that session in which Jim answers questions about our associations, customer successauthorization and Identity Access Management (IAM)and meet today’s access control challenges.

DevOps Connection: DevSecOps @ RSAC 2022

How we work with our partners to serve our clients (and why)

Kelly: A lot of prospects and customers are looking for partners to be able to implement security frameworks and architectures, particularly as we start to see new and better ways of thinking about security when it comes to things like zero trust or looking at the cybersecurity mesh architecture, and how you would implement those bits and pieces.

What are the things that the partners in particular are talking about with you or the problems that they see in your mind?

James: Yes, first, I would like to say, again, to reiterate. We are 100% channels, 100% organization, friendly with partners. I believe in cybersecurity. The only way our clients and prospects can be successful is from the experience that our our mates bring. So whether it’s people at the global integrator level or people at the local cybersecurity partner level, they all bring value to their customers.

And I would say, similar to what I talked about the challenge that our customers face, certainly the partners are the ones dealing with the integration between these technologies. What technologies can I put together that match a Zero Trust or NIST-800 reference architecture that says, “I have an identity-centric strategy and these are the pieces that I know if I put them together, they complete that cycle that everyone was looking for? “

Partners have the biggest challenges assigned to them in making these things work together. So if we as vendors don’t provide that easy access point of access, that orchestration, that puts a lot of pressure on them to really, you know, how do they put these best vendors together for the customer and not make it look like projects in silos, which is often at this point, right?

So what’s happening now, primarily for our partners, and the burden that they share is that somebody may or may not get a quote for a specific project, a specific need that’s just part of the story, and the organization thinks it’s done. . I walked in, installed an IGA or information access management (IAM) system, or provided a PAM, or did multi-factor authentication, and they’re like, “Okay, great. I’ve stopped that and digested it. Let’s see how it works.”

And as we all know, obviously on the cybersecurity side, those are just pieces, stopping along the way. To get to maturity, where you’re really protecting your organization, you need to add all of those components into one solution.

Other readings: Axiomatics Implementation Methodology


How business leaders can find value in our authorization solution

Kelly: Technicians more or less understand the need for Axiomatics and I think that has been our experience as well. However, top managers may not understand the value.

How do you position the solution that makes it acceptable to them? So, and I know we’ve had these conversations, how do you translate that technical value to those higher level users?

James: It’s a great question. And this is truly a work in progress for me.

So just a little bit about me. I spent, certainly the most recent of my career, at the CEO level and running the entire organization, but worked my way up the sales ranks. My passion lies in getting a message across at the executive level and creating a blueprint in most cases, educating the client at the executive level on what their exhibits are, how this fits into their business strategies, and then building a blueprint with all the components involved. . .

In our cases, obviously, it is the technology team. It’s a security team. It’s the IBM team. It’s the business team. And in some cases, the end user, the themes that represent the end users. And that’s what I always find that the most successful approaches are, of course, to go high and educate them. In this particular market, we’re focused on orchestrated authorization, and we saw that firsthand last week at the Gartner security conference. Lots of great people, lots of C-level titles. I’d say. It was hard for them to grasp or understand, you know, where does clearance fit in, right?

Many of them think that the authorization is already happening, or that I already did it, this is not a problem. And I think they often don’t see how, how this connects, or their teams aren’t thinking enough about the issue and where this fits into the larger strategy.

So our audience, our partners, our customers, the people who control this, certainly, it’s in the CISO office, but I’m sure the IAM teams are the ones with the leadership. So you know, our, it’s in all of our best interests to try to educate the I am teams or show them, you know, the different challenges that they have not just in, you know, a specific technology, like, for example, about identity, show them the bigger orchestration, play and then help them sell this internally to their own organization.

Starting from the executive level, in many cases, they have had a hard time understanding something that is really a technology that becomes part of the plumbing, right? If what we do is authorization in the fabric of all these applications, and it can get to a very granular level, I think sometimes it’s hard for executive leadership to wrap their arms around it.

Other readings: A practical guide to implementing orchestrated authorization in three phases of growth


How Axiomatics is helping customers meet today’s access control challenges

Kelly: Solving complex access challenges is part of Axiomatics’ strategy from now on. How do you see that changing in the next two years and a tip of the hat here, because that was going to be one of my questions, what was coming up for Axiomatics? Jim, what are your thoughts on that?

James: Our vision is clear in this space. First, the broad support was orchestrated authorization. When you look at the business level, what does that imply, right? So there are a number of different constituents in that process that want to have this, they need to have input and skills to make changes or create policy, but it all needs to be with a really easy to follow and easy to implement system for balances. and checks

So if you’re a developer, you need to have a certain type of access. If you’re a security specialist and you’re helping create policies, maybe there’s a global policy you want to implement, you need to have the ability to override and follow policies. And then most importantly, when you look at non-technical users, everyday business users who understand what types of access they want to give to the consumer of their application, they need very simple access to create non-technical policies, not not in a developer or security analyst, but rather the everyday user.

So it keeps growing, we’re providing all three of those things today, but improving those capabilities, so it’s much more seamless. That is our short-term roadmap. We already delivered today. But that’s where we’re going to continue to iterate and you’ll see a lot more to come from us on that front.

Other readings: Four Ways Isolated Authorization Challenges Zero Trust Success


What investors are looking for in Identity Access Management (IAM)

Kelly: Where do you think investors in this in the security space and in particular in the IAM space are going to be looking for balance of the year?

James: I think it’s more or less the same, right? There is no unknown technology that still needs to be developed or thought about, at least in the IBM space, that is clear.

What I think will happen is there will be more clarity, there will be more partnerships, there will be better integrations between the technology ecosystem, between IAM providers and authorization providers. And I also see growth, you know, we’ve already been pioneers and advocates for a long time both at the application level, which is, what are the types of interactions and policies on what I’m allowing the user to see or do within the app and the data or access to big data, right?

So when you’re talking about a data lake, or something like data blocks, for example, or big data sources of structured data, where you want to control access of things that come to specific data points more in the market of data access governance. So when you see you look at the CDO and their teams, they also have access issues, so we’re starting to see some of those combined requests on the IBM team, where they’re trying to find a cohesive solution. strategy for how do I, how do I take this centralized theme around authorization and access and apply it to all my kinds of systems?

I think you’ll see continued investment in those areas and we already see that from amazing partners like Immuta, for example, who just raised $100 million in that space.

Other readings: The Future of Access Management: Babak on the Evolution of IAM


How Axiomatics Supports API Database Level Authorization

Kelly: Can Axiomatics support authorization at the API or database level?

James: we just talk to talk about it. Then yes. So that is definitely one of our strengths. And if that’s the case, if you look at the lowest arm’s length type of fruit for any organization, it would be at the API gateway, for example. Connecting and intercepting multiple applications, especially when it comes to legacy applications or cloud-based applications, you have already taken advantage of an API gateway like Mulesoft for example.

At the data level, there are really two instances, right? There is the data related to me as the unique user who enters an application and interacts with the data. We do it natively through our application platform.

Big data, data access, the governance opportunity that I’m talking about as we play around in that space, that’s where I really think you have to see if there are very specific partners and needs in that space that address the larger needs . Big Data part of those types of use cases. And we also have a number of strong partners in that space.

Other readings: Key Considerations: Using Orchestrated Authorization to Optimize Policy Creation


I have a question? we are listening

If you have any questions about the challenges you are facing with your authorization and the Zero Trust strategy, we can help you in the following ways:

You also can Contact Us to speak directly with one of our experts or to see a demo of our Orchestrated authorization solution.

The charge Ask the CEO: Dynamically Speaking Live Q&A – Part 1 first appeared in axiomatic.

*** This is a syndicated Security Bloggers Network blog from axiomatic written by Kelly O’Dwyer-Manuel. Read the original post at: https://axiomatics.com/blog/ask-the-ceo-dynamically-talking-live-qa-highlights-part-1

About the author

ga_dahmani

Leave a Comment