Build Badass Identity Team

From IIW

Building a Kick Butt Identity Team


Tuesday 2H

Convener: Sarah

Notes-taker(s): Jonathan McHugh


Tags for the session - technology discussed/ideas considered: Identity Teams

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Dysfunctional Productive
Lack of testing/UX Skill sets
Architecture (standards aptitude]
Sales to Dev
PM
Training (external & internal)
Dev
UX
DevOps
SME
QA
Infosec/appsec
Communication
Easy/accessible/open/powerful ID infrastructure
Organizationally-distributed (accessibility but lacking broad vision) Issues-Employees have, generally, more privileges
Lack of dedicated resources for identity team/forward thinking Auth0-Allow a lot of privilege with a huge amount of auditing
Treated as IT Functional definition of security
Split between IT/IS Powerful engineers/CI/Audit/Notification[ATC = Automated Test Ops]
Uninformed product owners Breadth of and depth of team-All have broad, individuals have depth
Identity team overly restrictive Organization-wide recognition of security and identity SME as priority
  Treated as IS
  Executive support/cover from management
  Clear policy articulation
  Minimizing glue/integrating standards
  Metrics aligned with smart infrastructure

 

  Discussion

  • What is an identity team
  • Consumer and Enterprise Organizations
  • George Fletcher
    • Many times the identity team is broken up
      • Manager
        • Enterprise Services Team
        • Identity team
      • Manager
        • Security
    • Consumer and Enterprise identity/security is converging
      • Least privilege
      • Unintended consequences due to complexity
      • Enterprise developers need to adopt the consumer developer attitude towards identity
    • Raising the priority of identity tech
  • Jonathan Hurd
    • Sales to Dev connectivity
    • Engineers using standards but having the flexibility to
  • Justin Richer
    • Pre-configuring Identity technology for easy integration
      • Libraries
      • APIs
  • Matt Muller
    • Upon departure, how many systems will we have to disable their identity on?
  • Jonathan McHugh
    • It's identity, stupid