The future of access control
Hello and welcome to the first official edition of Identity Radicals, the newsletter focused on all things identity, curated by cybersecurity experts and your friends at Veza.
Tarun Thakur , here! ?? As Veza 's Co-Founder and CEO, I have the honor and pleasure of leading a world-class team on a mission toward advancing the state of the cybersecurity industry. I describe myself as a serial entrepreneur, a founder, and a product CEO. I love building products from the ground up, working very closely with customers to address their pain points, and iterating with fast-paced engineering and GTM teams. Similar to how building a product is a function of following customer insights and prioritization, go-to-market strategies scale on the principles of:?
As we unveil our biggest product launch ever, we're focusing on those three GTM principles to paint a clear picture of our vision for the future of identity security.
Why anything?
The “why anything?” principle (or, in some cases, “why do anything?”) is the easiest to answer when it comes to identity. Identity is considered the new perimeter for a reason: it’s critical to business growth and cybersecurity.
Identity is composed of users, groups, roles and associated permissions. Essentially this looks like:
Identity is the weak link in most security architectures
With an increasing number of identity-related security incidents (privilege abuse, insider threats, credential thefts, MFA compromise, etc.), it’s clear to see that something is broken in the way organizations have traditionally managed and governed identity access. The results of this dangerous dynamic are dismal and are putting all of us at risk. Look to the headlines: breaches are constantly reported, including companies like Twilio, MGM, Uber and more. Although every breach is unique, there is a common theme: identity credentials are compromised and, by using those compromised identities, someone gets access to data that they should never have the ability to see.
Despite increasing rates of identity-related security incidents, identity is still a cornerstone of many business initiatives. Projects like new software-as-a-service (SaaS) adoption, new cloud adoption, new infrastructure services, new databases, adoption of modern AI models for business efficiency, etc. all start with identity.
So, why aren’t we protecting it?
Why Veza?
If identity is the cornerstone of every security program, then access management is the mortar that ties the identities to resources. Access governance is the foreman making sure that the house will stand when a storm comes. Access governance is indispensable; the show cannot go on without it.
Our insights are simple yet profound: over the last decade, the industry has seen world-leading innovations around how to protect different segments of the infrastructure: network security, app security, and endpoint security. However, from a business value perspective, all these investments are for one primary reason: not to protect the infrastructure itself, but to secure access to data.
Our critical intuitions have been validated time and time again. We believe the "truth" of access to data is codified in the system-specific authorization permissions metadata. Until Veza, no one has built a system that configures, maps, and monitors these system-specific permissions and - most importantly - their associations to identities (human or machine) in near real-time. It was clear that while the industry has developed significant innovations (e.g. SSO) over the past decade, the hardest of the access problems - understanding system specific permissions and associating these to the identities - has still not been cracked.
This is exactly why Veza was founded. We have invented a normalized Canonical Data Model that maps to any authorization method (RBAC, ABAC, IAM, etc.) used by end systems. This data model is realized as the Veza Authorization Graph which acts as the foundation for us to address access visibility, access intelligence, access monitoring, access lifecycle, and access requests.
领英推荐
It’s critical that the modern access control system - Veza - is applicable to enterprise systems. Such a system must encompass SaaS apps, data systems, infra services, and cloud services - each with its own authorization metadata. Understanding that customers need to manage and control access to all these systems, we have developed the Open Authorization API (OAA) that provides anyone with a self-service approach to integrate any application or system into Veza.
With Veza, we have a vision to build the future of access control. We believe that the cornerstone of the future access control platform is one which offers access visibility, access intelligence, access reviews, access lifecycle, and self-service access requests - all at enterprise scale and to any enterprise system. Unifying all aspects of the entitlement lifecycle is critical and Veza’s focus. The cloud is a highly interconnected ecosystem and point products addressing subsets without context of the overall will inherently lead to an insecure posture.
Why Now?
As companies start, grow, and scale, they adopt countless SaaS apps, data platforms and infrastructure systems, with identities (some federated, some local) throughout these systems.
To further underscore the need for identity security, we can look to NIST. In early August, NIST released the Cybersecurity Framework 2.0, an overhauled version of the initial framework they released nearly a decade prior. Although the new framework still includes the former’s five main functions of cybersecurity - identity, protect, detect, respond and recover - the latest iteration includes a sixth critical component: govern.
Identity is now no longer about identity providers and SSO, but rather about:
We've been building with these tenets in mind and I'm thrilled to announce Veza has taken a monumental step today in announcing Next-Gen IGA, a true game changer in identity security for the entire multi- and hybrid-cloud world. Learn more about Next-Gen IGA in our official announcement.
Want MORE Identity-related content? Of course you do!
We encourage you to subscribe to our sister-podcast, Identity Radicals: Conversations with cybersecurity experts, where we put the spotlight on experienced CISOs and CIOs who discuss their battle stories, successes and strategies for securing their organizations. Don’t miss our most recent episode, Identity Targeting: A Growing Threat, ft. Rachel Wilson, subscribe and listen wherever you get your podcasts.
Join us for our upcoming Next-Gen IGA launch event!
To learn more about Next-Gen IGA, join us for an informative webinar on October 12th where the Veza team will show you how to leverage Next-Gen IGA to secure your business. Click here to register!
Dive further into the world of identity:
For our voracious identity enthusiasts, here are our identity-related top picks from the last month:
Thank you for joining us for the first edition of the Identity Radicals Newsletter. Please like & subscribe, and stay tuned for more identity-related content next month from your friends at Veza.