or, to be a little cynical, there is no zero trust it's just somebody else's risk liability.
In Reply To: this post
or, to be a little cynical, there is no zero trust it's just somebody else's risk liability.
Likes: 0
Boosts: 0
Hashtags:
Mentions:
Comments
Displaying 0 of 1 comments
Graham Sutherland / Polynomial
In response to this postI must admit to not being super experienced with the prevailing options from an integration standpoint (blue team ops stuff has never been my jam) but the vibe I get from a technical perspective is that outsourcing to an identity management provider makes sense in a mid-sized (esp. rapid growth) org where your cross-ecosystem identity management needs exceed your ability to support an internal function to handle it to a satisfactory degree. but large tech orgs *can* support that in-house, so...
... ultimately that leaves me with the impression that large orgs are opting into this model for other reasons. given the evidence so far, I don't think it's controversial to say that there's an increased technical risk to homogenising and centralising identity management, resulting from a range of factors (greater incentives for threat actors, increase blast radius of incidents, etc.), so that rather points to accepting higher tangible risk in exchange for lower responsibility for that risk.
by Graham Sutherland / Polynomial ;
Likes: 0
Replies: 1
Boosts: 0