Speaker: Vladislav Shapiro – President – Costidity Inc.
Date: Thursday, June 1, 2023
Location: ARIA Resort & Casino | Las Vegas, NV
Description: Every organization has a bunch of disjoint governance efforts named after this element run by different groups: Identity Governance (IAM), Data Governance (Data Management), Application Governance (application owners), End Point governance (hardware group), Network Governance (Network Administrators), etc. We state that this current system is inefficient due to, on one side, existence of many uncovered cases (one governance authority thinks that another one covers it), which creates security holes, and on the other side, too many contradictory regulations preventing people to do their job and pushing them to deviate. We propose to change focus from managing individual elements separately (single points) to governing triplets (identity+device+target) as the subject of controls. We propose to create “allowed triplets”, which contains identity, device path and target path. This way, the triplet will become a subject of attestation, risk measurements, rules, reports and other controls instead of each element individually, which brings to better management and reduction of cost, unnecessary policies and combining efforts of different enterprise groups. The basic of such collaboration is identity fabric, i.e., interwoven relationships between people-centric (identity), hardware-centric (end point, server, firewall and other devices protection) and resource-centric (applications, data, etc.) ordinances and rules.