Ian Yip's Security and Identity Thought Stream

Identity, Access, Security, Cloud, Mobility...
  1. Retiring this blog

    Photo by Ethan Ou on Unsplash

    This is being written a few years too late. Then again, I don't think too many people read blogs like this the way we all used to.

    It's been a

  2. Invisible Identity
    My Name Was Michael & The Rest Is History
    Photo source: Michael Shaheen - My Name Was Michael & The Rest Is History
    In my previous post, I promised to explain the following:
    Organisations should care about identity so they can stop caring about it. Identity needs to disappear, but only from sight; it needs to be invisible.
    If you've been to any of Disney's theme parks recently, you may have noticed they now have something called the MagicBand. It
  3. Identity needs to disappear

    The disappearing machine
    Photo source: Paul Chapman - The disappearing machine
    In recent years, security vendors, including ones that don't sell Identity & Access Management (IAM) products, have been pontificating about how identity needs to be the focus for all things security. They (my current and previous employers included) continue to be on-message, each beating everyone to death with their own version; identity-centric-security, identity-powered-security, identity-defined-security, identity-is-the-perimeter, identity-is-the-foundation,
  4. Hey security managers, go hire some marketing people for your team
    This is not a plea for organisations to start actively hiring people away from vendor product marketing teams. But if you want to look for people to point the finger at and explain why you aren't getting the budget required to actually secure your environment, product marketing is a good place to start.

    There were 2 key messages attendees should have taken away from the Gartner Security & Risk Management Summit in Sydney a few weeks ago:
    1. Security priorities tend to be set based on the threat du jour and audit findings.
    2. Security teams need to get better at marketing.
    Here's the problem:
    1. Sensationalist headlines sell stories, which attracts more advertisers. This means the threat du jour will get the most airtime.
    2. People who hold the keys to budgets read headlines, which perpetuates the
  5. How to spot a meaningless contributed article
    What is a contributed article? They're the ones where the author works for a vendor or solution provider and not the publication. In other words, their day job is not as a journalist. I'm speaking from first hand experience as I've written a number for various publications and understand the process.

    Contributed articles do not typically involve any form of payment. When they do, reputable publications will disclose this fact. More commonly, they are freely given to a publication based on a brief that was provided. For example, a publication may say they are interested in a contributed article about a new smartphone's features and the implications on digital security. A vendor's marketing and public relations team will then work with a subject matter expert (SME) on crafting such an article for submission. Of course, if the SME isn't really one, then nothing will save the article.