Ping Identity’s CTO Baber Amin discusses what the future security of remote work looks like, and shares how identity is at the center of it all.
David Manks: Hi everyone I’m David Manks and welcome to SailPoint Identity Talks. These certainly have been challenging times for organizations especially IT and security teams. This rapid transition into remote workers has presented major challenges. They’ve had to figure out in short order how to quickly empower the remote workers with the right tools and applications, how to swiftly onboard hundreds if not thousands of temporary workers to meet increasing customer demand and of course have it all done securely. Today we’re talking to Baber Amin, CTO of Ping Identity. Thanks for joining us today Baber.
Baber Amin: Thank you for having me David.
David Manks: Baber with just about every business going remote, new cybersecurity threats are emerging and increasing every day. With all the bad actors out there it’s never been clear that identity is critical to a modern security approach. Tell us with this next-generation workforce what types of security controls, what enterprises are require to enable this new work from home and work from anywhere organizational model?
Baber Amin: Well it’s a good, good question David and you know your company and my company we’ve been, we have been working on this together over the past year, year and half. And but you know since, since February this, of this year this has become front and center right. It’s not about which organizations are you know have had more remote workers. It’s which organization doesn’t have remote workers anymore right and, and I think what’s gonna happen is what we see is that as, as not just the work aspect is but is remote but even onboarding is remote. Like most people don’t even think about those things. Imagine bringing a new employee on and you don’t get to do document verification like we used to do but that’s all done remotely. Imagine a position or a EMT or somebody else who’s in, in a position where they have to prove who they are. They have to prove they have the right you know credentials, or their training is up to date. All of those were done in person, now it has to be done remotely.
So, identification becomes an identity proofing and identification becomes a very, very core you know basic foundation that everything builds upon because if you don’t know that who this person is or process or devices then you can’t trust anything after that. You can’t trust what they tell you, you can’t trust the data they put into the system, you can’t trust what they’re doing to the system and you can’t trust any actions they take either on their behalf or on somebody else’s behalf or modify where the system takes actions. So all of that trust is anchored on knowing. Without knowing it all falls apart.
David Manks: Great. Hey speaking of security and you talked a lot about trust, let’s talk about Zero Trust identity. What can you tell us about Zero Trust and why is it so important in this new work model?
Baber Amin: So same, same kind of concept right, I actually you know Zero Trust is, is a term but I’d like not to use Zero Trust because it kind of brings bad connotation. Like you know you don’t trust anything. It’s more I think of it more as ephemeral trust right where trust is constantly evaluated and reasserted rather than zero right? The reason it comes zero is that it, it just means don’t, don’t assign it based on a discrete event and this is, this is you know very important from a governance perspective because governance is all about making sure that the entitlements are checked as to who should have access to what right. The concept of least privilege comes into play, don’t give people all the different entitlements right. Don’t make me equal to my peer, right maybe I’m similar but I don’t access the same applications. Maybe I don’t need access there so why just you know grant access in our world, as you’re familiar, we call it open access right, don’t do that. And then another place where you know governance comes into play is, is visibility. You cannot monitor something if you don’t have visibility, right? So this is where you know the governance in conjunction with what access control systems do which is to enforce that entitlement and force that governance. You know they kind of come together and, and really shine a light on what has happened in the system and also what should happen in the system right? So it’s both types.
David Manks: Great, thank you so much Baber I really appreciate you taking the time to talk to us today on our Identity Talks. I know this is an extremely important topic and we’re gonna be talking a lot about this in the future. Thanks again.
Baber Amin: Thank you David.
Find out how SailPoint can help your organization.