As we celebrate the first-ever Identity Management Day, I had a chance to reflect on the Beyond Best Practices Technical Working Group’s contributions over the past year, and one word came to mind: Creativity. It’s the one skill that underpins nearly every successful identity management team. Whether it’s finding a way to glue together the Active Directory forests of three acquired entities, or bringing privileged access protections to the new IaaS cloud that the business-run IT team stood up, creativity is what the team needs… sometimes, a lot of creativity! As we embark on Identity Management Day — a creative endeavour in its own right — it’s worth looking back at what we’ve accomplished, and what we have ahead.
The IDSA Best Practice list is a gold mine for identity security practitioners, new and old. When we chartered the “Beyond Best Practices” Technical Working Group, my co-chair, Doris Yang, and I did an hour-long brainstorm on what kinds of things we’d like to tackle. We reflected on the inspiration we find in the work of Identity Management, and the work we see our customers, partners, clients and vendors do, every day, in identity security.
The team’s favorite contribution so far has been What Sharks and Your Identity Program Have in Common. There haven’t been a lot of occasions for belly laughs in the past year, especially over web meetings — but in our hour-long working session in mid-March, we had team members (myself included) nearly crying in laughter as we brainstormed this list. If you’re looking for some insights about identity programs that you won’t find in the latest analyst report, be sure to check out that blog post. I’m not sure Greenland Sharks will turn up in the next iteration of the CIS Top 20 controls list, but you’ll find it here!
While sharks brought some much-needed levity, the team has also contributed a few more conventional pieces:
- New best practice: Access Governance Committee
- Blog article: Stay out of the 4 Identity Program Booby Traps
- Blog article: New CIO or Head of IT? Make a fast positive impact with identity
- New Security Outcomes added: IDSO-18 and IDSO-19
Upcoming, check out our planned pieces diving deeper into the best practice of creating an Access Review Committee, new and expanded best practices — and new security outcomes as well. In our queue we have some content about audiences for identity management programs you may not have considered, and questions you may not have thought to ask. We even have a plan to tell a story about identity management — and while it won’t end with sharks, it does have a great ending.
And on the topic of endings, I want to close out by thanking my loyal co-chair, Doris Yang, and our excellent and frequent contributors to the Beyond Best Practices Technical Working Group: Aubrey Turner, Stephen Bahia, Christopher Hills, Jesper Johansen, Jerry Chapman and Dan Dagnall. Last but not least, I want to thank Julie Smith and Asad Ali for their leadership and contributions — thank you all!
As we think ahead towards the 2nd-ever Identity Management Day, I hope those who read the Beyond Best Practices Technical Working Group’s contributions will take some inspiration from the assets we’ve created, and use them in new and creative ways in your own Identity Management practices.
About the Author: Paul Lanzi, is the co-founder and COO of Remediant and IDSA Beyond Best Practices Technical Working Group subcommittee leader. Remediant is a cybersecurity startup focused on delivering a new approach Privileged Access Management. Paul and his co-founder at Remediant, Tim Keeler, worked together in the IT departments of several biotechs including Genentech, Roche and Gilead Sciences before starting Remediant. At each of those organizations, they saw first-hand the drawback of the legacy approaches to PAM and were inspired to create something new. Paul’s previous corporate IT experience includes project and program management, corporate mobile app development team management and recruiting and managing full-stack web development teams. Paul has a passion for excellent user experience (UX) and project management, having held a PMP certification from the Project Management Institute since 2005. Paul also holds a BS with Honors in Computer Science from UC Davis.
