Posts in Simon Moffatt

by Simon Moffatt
December 9, 2022

Poll Result: Would You Pay for Privacy?

Two weeks ago we ran another of our LinkedIn polls, querying the cyber, identity and access management community around a perennial question the industry has yet to consistently provide an answer for - in both user behaviour and technical solutions - "would you pay for privacy?".
1
read more
by Simon Moffatt
November 25, 2022

Comment: US Department of Defense Zero Trust Reference Architecture 2.0

Zero Trust has been with us for the best part of a decade - since the likes of the Jericho Forum, Google's Beyond Corp and ex-Forrester analyst John Kindervag have all promoted a view of moving the concept of "trust" from a location to a concept based on the identity, device and associated context. Version 2.0 of the US Department of Defence Zero Trust Reference Architecture has been cleared for public release and is a good, detailed read regarding an actual migration and implementation model. The document is available here.
2
read more
by Simon Moffatt
November 16, 2022

Vendor Introduction: sgnl.ai

An introduction to just in time, next generation authorization vendor sgnl.ai
0
read more
by Simon Moffatt
November 11, 2022

CISO Briefing: Next Generation Authorization

Homegrown access control is limiting business agility - the ability to share data with those who need it, engage in joint ventures and B2B partnerships, protect PII and open up APIs to employees and customers alike. As such the market for authorization has increased substantially in the last 36 months. Funding rounds for the likes of Styra, PlainID and SGNL to name but a few indicate increased venture expectation that access control has a long tale of growth.
0
read more
by Simon Moffatt
November 9, 2022

Poll Result: Are All Identity Services Cloud Delivered?

Over a 4 week period I asked the preferred deployment model option for four key identity and access management services: consumer identity, workforce access management, identity governance and administration and privileged access management. The results where subtle and nuanced.
0
read more
by Simon Moffatt
October 21, 2022

Authenticate 2022: A Review

This week saw the FIDO Authenticate conference take place in Seatle. I attended via the virtual remote route, going through the vast majority of the sessions from the comfort of the office. A few items that stood out for me.
0
read more
by Simon Moffatt
October 17, 2022

5 Questions to Ask Your Passwordless Authentication Vendor

Passwordless authentication is often described as improving both the usability and security aspects of both the employee and customer identity journeys. Many approaches to passwordless have emerged over the last 5 years - including hardware, software, biometric and standards based initiatives.

In November 2021, The Cyber Hut released a 61 page buyer guide for passwordless authentication, describing the vendor capabilities, requirements, integration options, B2E and B2C use cases and planning recommendations for migration.

A brief snapshot of questions to consider, when engaging software based solution providers in this space is described here.

1
read more
by Simon Moffatt
October 14, 2022

An Introduction to IDQL: A Language for Identity Orchestration

Let us start with the basics. IDQL stands for Identity Query Language. The description given to it from the Hexa website (I'll come back to Hexa in a minute) is "Identity Query Language (IDQL) is a declarative access policy and set of APIs that enables the mapping of a centrally managed policy into the native format of multiple clouds and application platforms". The main initiator of the IDQL project is Strata who issued a press release back in May 2022 outlining the concept and idea. Strata is the "identity orchestration" company, that looks to solve the growing problem where identity and permissions data is being spread across a multi-cloud landscape - but somehow needs to be managed centrally in order to improve visibility and security.
2
read more
by Simon Moffatt
October 7, 2022

IAM Deployment Model Definitions

Even as many organisations are moving to a "cloud first" strategy for the consumption of new applications and services, the cloud line is blurred. Not all services can be consumed in a pure cloud setting, and not all "clouds" are the same.

Any analysis in the popularity, options or strategy with respect to IAM deployment should be firmly based against a set of basic definitions.

1
read more
by Simon Moffatt
October 5, 2022

Poll Result: Where Will AI/ML Have The Biggest Benefit in IAM?

Our latest LinkedIn poll on September 27th was focused on understanding the role and impact of artificial intelligence and machine learning (AI/ML) technology on the general identity and access management industry.
0
read more

Registered in England & Wales as TCH Research Ltd 13188456. Registered Office: 7 Christie Way, Christie Fields, Manchester, M21 7QY, UK. Email: info@thecyberhut.com

© 2021 - 2024 The Cyber Hut.