The Cybersecurity Readiness Podcast Series podcast

Identity Orchestration Strategies and Best Practices

Spola tillbaka 15 sekunder
Spola framåt 15 sekunder

Cloud migration and remote work requirements are forcing organizations to modernize their applications and identity systems. Making the transition is both time-consuming and expensive using traditional software development practices. By decoupling applications from identity, orchestration can alleviate the burden while allowing companies to seamlessly mix and match different cloud providers as well as MFA and passwordless technologies. In this episode, Eric Olden, Co-founder and CEO at Strata Identity sheds light on identity orchestration strategies and best practices.

Time Stamps

00:02 -- Introduction

02:16 -- Eric Olden's professional highlights

05:11 -- State of maturity of identity management, and where does identity orchestration fit in.

08:13 -- When should an organization consider an identity orchestration strategy?

11:33 -- Identity orchestration, a plug-and-play approach

15:17 -- Use of the "adapter" metaphor to understand identity orchestration

16:50 -- Identity Orchestration and Single Sign-On -- What is the nature of the relationship?

18:47 -- Eliminating security vulnerabilities with application modernization and identity orchestration

22:06 -- Wide-scale implementation of passwordless authentication

25:47 -- Challenges and success factors in formulating and implementing identity orchestration strategies

30:24 -- Guidance in selecting service providers and vendors

34:31 -- Making a business case for identity orchestration

38:59 -- Final thoughts

Memorable Eric Olden Quotes/Statements

"I see identity providers themselves, the IDPs, are today's hardware in that customers need them, they have to run something, but they don't want to be locked into any one thing. So, we've created an abstraction layer that allows you to decouple the applications from the identity provider. So you can mix and match and do different things."

"Identity orchestration makes sense when you have more than one identity provider."

"If you find yourself trying to modernize applications and move from legacy to modern, that's another really important use case for orchestration."

"The abstraction layer allows you to avoid rewriting any of the applications because, from the application standpoint, the orchestration layer presents a facade that looks exactly like the application is expecting it before orchestration came in."

"We're able to bring modern security to legacy applications and do that without ever changing them."

"All of these five A's -- authentication, access, authorization, attributes, and audit, need to find their way into this new distributed environment."

"Today, with orchestration, you no longer need an application-specific connector because all of the patterns in the protocols that the applications need are already part of the abstraction layer in the orchestration."

"I told my developers, look, if you ever find yourself typing the word password in your code, stop, you're doing it wrong. So you need to back that up and figure out why someone was trying to bring a password in the first place and give them an alternative. So that is a bit of a heavy lift at the beginning, where you need to change people's mindsets."

"The world today is about self-service, and you want to have things bought and not sold."

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr....

Fler avsnitt från "The Cybersecurity Readiness Podcast Series"