Non-Human Identity Management. What is it? Why it’s important?

Non-Human Identity Management. What is it? Why it’s important?

Publish on

January 21, 2024

Listen to an insightful conversation about identity management and security between Oasis CEO, Danny Brickman, and top cybersecurity experts. Learn about the importance about establishing an enterprise strategy to secure Non-Human Identities and how leading organizations leverage Oasis to manage the lifecycle of Non-Human Identities.


Speakers
Danny Brickman, Co-Founder and CEO of Oasis Security
Arjun Thusu, CIO, Financial Services
Kyle Weckman, CISO, Antares Capital

Transcript

Danny (00:00):
Hello. I'm Danny Brickman, the CEO and the co-founder of Oasis. Today's a really exciting day. We're launching our company, and along here with me we have our first and amazing customers. Arjun, Kyle, thank you very much for being here. Before we're jumping in and we will discuss about security infrastructure, managing teams, managing non-human identities, I would love to start by introducing yourself.


Arjun (00:29):
Hi. My name is Arjun Thusu. I'm a CIO at a financial services company. I've been in the security and tech industry for about 20 years now. I've been CISO several times, and other roles. I've focused on cyber over the last 15 years. And I'm excited to be here and talk to you more about what we've done with Oasis.


Kyle (00:53):
I'm Kyle Weckman, Chief Information Security Officer at Antares Capital. Prior to Antares, I've mainly been in cybersecurity in the financial services industry, now for 15 plus years. I'm extremely passionate about identity and access management, privileged access management, non-human identities, which had led me to Oasis, and I've been really excited to be a part of the journey.


Danny (01:15):
Maybe an interesting point to start with will be just, in today's new landscape that is changing all the time, we have a lot of things happening, whether from cloud transformation, today there's a lot of discussion about AI that is coming in, but the infrastructure itself has changed dramatically. We have a lot of this, I would say, discussions between security infrastructure and development teams all together, so it creates a lot of new challenges. So it will be really interesting to hear, how do you see the challenges today? What are the most pressing challenges in the identity space, in the cloud infrastructure that is coming in through? So, it will be really great to hear, what did you, Arjun, identify as the most pressing challenges today?


Arjun (01:56):
Yeah. I think as companies become more connected, as their infrastructure becomes more connected, as they rely more on third parties and other connected parties, visibility is a big concern. Having visibility of what infrastructure you have, what connections are being made, what identities you have, who's using them, who has access to them. I think visibility is the number one concern that the industry should be focusing on, because it's not easily done, and there's a lot of cloudiness to doing inventorying, asset discovery, understanding connections, understanding data flows, looking at all the elements of that data flow. So, I think that's probably the number one concern that's affecting the industry today. I mean, look at a lot of the security breaches and a lot of the security incidents. It's a lot of visibility, or lack of visibility, that has caused it. So I think that's probably one of the biggest concerns, I would say, in the industry today.


Danny (02:58):
And when you're looking at it from the perspective of CIO, you're not only responsible for the security of the organization, but also for the efficiency and the infrastructure and the progression of the organization. So, where it meets you the most, where you feel that you are lacking of this visibility or ability to enable the business?


Arjun (03:17):
As visibility continues to be a challenge, and as security becomes more and more of a driving factor from a business perspective, and feasibility of your company and those kinds of things, availability is just as important. And as a CIO, there's a lot that has to go into the strategy that is not just focusing on cybersecurity, confidentiality, and those kinds of principles, but also availability, making sure that the teams that are productive are productive, have the resources available to them, and that we have a scalable design, efficient design, those kinds of principles. And visibility, I think, comes back to a lot of that foundation.


Danny (03:58):
And when we're speaking about non-human identities, that are becoming a crucial part of what's powering the innovation today, and yes, there's a lot of new types that are coming in through the door every day, how do you address this challenge? How do you see it in your organization as influencing your security posture and your ability to move faster?


Arjun (04:17):
Yeah. Look, we have an expansive universe of non-human identities that are in our ecosystem, and it's a result of us doing software development, it's a result of us having a lot of system administration that's in-house, connected parties that use different kinds of tokens to authenticate, and those kinds of things. And so for us, it's definitely a key component of our ecosystem. It's something that we've always treated as a critical piece of data. We've categorized authentication data as our top-most classification from a protection perspective. So it's always been a key concern and a key driver of our strategy.


(05:01):
But I think the industry is starting to really pick up on how important non-human identity is, because human identity is very, I would say, mature, relatively. There's several layers of control that can be implemented into human identities. Non-human identities do have a similar set, but it's just a little more sophisticated, requires a lot more management, requires a level of sophistication within the team to be able to secure those kinds of identities. And, of course, hygiene from a development perspective, infrastructure perspective, making sure that your administrators have the right hygiene.


(05:39):
So, I think there's a lot that goes into it, but the challenge continues, and I think it's going to become more and more of a hot topic as there's more visibility and there's more capabilities around this particular challenge.


Danny (05:53):
And a really interesting thing about your industry that compliance, keeping up with that and starting asking questions around this, specifically when we're speaking about, for example, PCI 4.0. So, how do you prepare yourself for this kind of regulatory inquiries?


Arjun (06:09):
Yeah. It is amazing to see that regulatory compliance is starting to catch up with where cyber practices should be, where again, compliance does not equate to security. We all know that. But it's good to see that compliance is starting to catch up and have more stringent requirements around technical controls specifically. So I do think, especially with PCI 4.0 being a little more expansive, a little more granular, there's definitely a lot more focus around identity and non-human identities as well. Because take any industry, and take rotation of service accounts as an example. Everybody struggles with it. Nobody can really tell you when they did it last, where they all live, who has access to them, are they hard-coded anywhere? So, it's a problem that has been plaguing the industry for a while. It's just finally getting the attention that it needs.


Danny (07:09):
I think, because it's not only service accounts, it's just all the different accounts have suffering from the same problem. And Kyle, really interested to hear from your perspective, because once we first met, you told us we're pushing towards more and more of cloud adoption today, but it creates a ton of challenges.


Kyle (07:26):
Yeah. I mean, the biggest problem for me was, I was used to traditional privileged access management solutions, and as we were going through various digital transformations, shifting to SaaS services, there really wasn't a product out there that could really solve our problem. To do account management, privileged account management, non-human account management, all the varying different types that you would see out there. That was the number one challenge. And [inaudible 00:07:48] just understanding what kind of tech debt we had out there. Typically, you didn't have a lot of systems out there that could discover what you had out there, what your problems were. And that's where we found Oasis was the biggest thing, the value-add that brought to the table is, show us where our problems lie, in a cloud environment that we adopted as we came into the company. So, that was the original challenge.


Danny (08:10):
And when you first saw... First of all, I would say put aside the richness of how the system looks like, but also the challenges it need to address. Was it a surprise for you, something you would predict that we would see?


Kyle (08:22):
Yeah. I mean, I kind of knew what we would see here. I knew it was going to be bad. But I think the thing that's nice to see is, you can really focus on what is the most critical risk to your company. I really appreciated when you could have visual interpretation of what accounts were exposed more than others, so you could focus on what you're going to remediate in the short term, and then the long term, which ones are a little bit less vulnerable. But I think the severity was a bit shocking, even though I knew what was going to be there.


Danny (08:49):
Kyle, I think it's really interesting for the audience to hear, when we first engaged, we were also surprised by the amount. It's like, it bypassed in factors the human amount of identities, right?


Kyle (09:01):
Yep. Yep. I think it was shocking. I mean, these accounts were... As we stood up our cloud environments, these were original accounts that had never been rotated, had no ownership from day one. It went back to the day we stood up some of our cloud environments.


Danny (09:15):
It's super interesting and striking, because every initiative today that we're seeing that is happening is actually producing a ton of non-human accounts. And from the beginning, it was a little bit surprise of we have 10 times, 50 times, 100 times more accounts, but suddenly you understand it because you have the context, you understand what is the project.


Kyle (09:37):
Well, new account types are coming out every day, depending on what cloud provider, whether AWS, GCP, or Azure, they have their own different account types. If you're going SaaS to SaaS, if you're going to API, certificates, tokens, it's [inaudible 00:09:50] growing daily, and the use of them are growing exponentially, and that tech debt is just growing exponentially, even though it's newer tech debt.


Danny (09:59):
Yeah. And Kyle, you tapped into... Speaking about PAM and all the tools that were supporting us so far, but how do you see the change in security posture right now? With everything that is coming in through the door, developers are creating more and more value, but from the other hand, we have something new happening, so how should we be addressing this new posture?


Kyle (10:25):
Yeah. So, you got to understand what you're trying to secure. So, that's first and foremost, and I think that's what Oasis brings to the table, is the ability to discover what is out there. But second, then, is really about hygiene. So, our model of using Oasis is really about discover, get clean, and then stay clean. So we're using it in all different stages within the life cycle of these accounts. So, even as we know that they're out there, we're ensuring that they're rotated, they're owned, and as we're creating new accounts, we can do that same type of thing.


Danny (10:56):
Arjun, Oasis connected with you and started working together, but at the end of the day it, I think for me at least, and for the audience, will be really interesting to hear, why did you engage with Oasis?


Arjun (11:08):
Yeah. As a financial services company, for us, demonstrating our level of hygiene, our adherence to regulatory compliance, as well as cybersecurity frameworks, it was a comprehensive platform for us to be able to demonstrate how we're doing. Typically, we would have to do some level of shoulder surfing, providing data samples, providing other supporting evidence to show how we do what we do, and how we're ensuring the protection of our data. Now, with a platform like Oasis, we're able to easily demonstrate across all our different platforms, our hygiene, any attention that's needed, our level of compliance, as well as we can produce reports that show historical data and historical trending, so we can see how we're doing over time as well. So, that was the big game changer for us.


Danny (12:03):
And when you're looking before Oasis, you were speaking about manual work and stuff like this. Can you just give us the quantity of how much manual work was needed and required to do the processes that you just described?


Arjun (12:17):
Yeah. We did some level of data analysis around what productivity gains did we gain from a tool like Oasis. It's standard process for our company that we do some level of ROI calculation when we bring in something as different as Oasis. And so for us, we had a 30% to 40% reduction in our manual processes that we were following across our operational teams, around identities. So it gave us a measurable productivity gain, as well as helped us automate a lot of what we were doing manually. Again, not impossible to do manually, but just requires a lot more effort, provides some room for error. Now, having a solution that's able to do it in an automatic fashion gives us that scalability and efficiency that we were after.


Danny (13:07):
And it's really interesting to tap in, because our work together produced a lot of more and more automations that we can bring to the table. For example, how do we utilize secret managers and the work with secrets, et cetera? Which brought up new and new automations. As we started working together, we figure out that there's a lot of things to do, and we can save it and win here on two fronts. One of them is the manual work required to secure and to comply with our policies, but from the other hand, to gain the security posture that we want to gain when we bring in tools like secret managers. So, how do we utilize them? What are your thoughts about this?


Arjun (13:46):
Yeah. For us, when we partner with a company like Oasis, it's very important to have a two-way communication capability around features, around requests, around enhancements that are needed. Because for us, the success of a new solution is... For that success, it's critical to have that capability. And for us in this instance, we've been able to really give you some indications of what we would like to see, where we'd like the solution to evolve to, and some of the growing pains that we have. Because if we have that level of touch between our partners and us, it gives us that adaptability that we want from a solution. Because It's not going to be static, the industry is changing, our platforms are changing, our landscapes are changing, the threat vectors are changing. And so for us to have that kind of versatility from a provider is very important.


Danny (14:40):
And this [inaudible 00:14:41] I think even when we started working, we didn't have the concept of life cycle management, but as we progress, we figure out that [inaudible 00:14:48] actually managing the life cycle of non-human accounts, which we're really used to doing in the human side, but we weren't able to do that on the non-human side.


Arjun (14:58):
That's correct, yes. For us... You can see this across the industry. Very mature understanding of human identities, there's good measurement and good demonstration of how you comply with requirements, how you're able to demonstrate operational efficiencies around it. But non-human identity has just started to catch up. There are some tools out there that can do things in isolation, but having one comprehensive platform to be able to see it in one place, add risk scoring, add criticality, add some level of prioritization... Because look, when a CISO shows up at my door, as a CIO, there's always a number of problems that need addressing, and prioritization becomes the issue. For us, having the capability and the visibility that we have with Oasis, prioritization, at least from that perspective, is not an issue, because now we can demonstrate some level of context, some level of quality in what we're doing from a remediation standpoint.


Danny (16:00):
So, I want to double down on this one. From the CIO perspective, how do you perceive Oasis? As only security tool, or something that brings you more value outside of security?


Arjun (16:10):
We did not view it as a security tool. I'm sure the CISO views it as a security tool, but from our perspective, it's an operational tool. It is something that, again, I think more of the security industry needs to focus to the CIO, because I think that's where really pedal meets the metal. It's really where we are having to not only balance the business, and not only balance innovation and other important aspects of an organization, but we're also having to balance cybersecurity availability in those aspects. So for us, having these kinds of tools, we view them as operational tools, not just as security tools. And I think Oasis is bigger than just a security tool or an added tool in your security toolbelt. We have use cases where this could be leveraged by multiple different functions across the organization.


Danny (17:07):
I want to tap into something really interesting that happened with our partnership, because when we started working together, yes, we visualized the problems, we helped solving that, but we built this concept together that we are now calling projects. CISOs have a ton of promise, but when we could focus our efforts on specific projects, we can suddenly show value, and also show it the board and to other people around the organization, how do we progress? So, this concept of projects became a really important one. So I want to hear from your perspective the progress that we've made, and why you brought the concept of projects as something that is really important from you in the product.


Kyle (17:51):
Sure. I mean, just like anything, you have to prioritize risk, you have to prioritize other projects that you're doing within cybersecurity, or any part of the organization. And so you have to really understand, what are you going to focus on? So, we took a pretty structured approach, like you would do with your typical vulnerability management type of program, where we looked at, all right, what are we seeing in our development environment? What are we seeing in our quality, QA environments, testing, staging, and then ultimately production?


(18:17):
The thing that Oasis provides is that criticality and that risk scoring, when we're looking at where we have particular vulnerabilities on non-human identities. And so it allowed us to focus, prioritize, put them into varying projects for remediation, and be able to tick away at them and show actually progress and remediation. And then hopefully we're trying to then, as we go through that component, the second component of that is working with our developers and our infrastructure teams to educate them, so we can get clean on the front end of things. So, we're taking a two-pronged approach in a project type of manner through remediation, but also education and posture management.


Danny (18:55):
Amazing. Just I wanted to share with the public that you decided that you want to eliminate all the critical issues, and actually being the first one to really clean it up and bring the value of security to the organization.


Kyle (19:07):
Yes. I'm extremely pleased about it. I know it's cliche, but I believe it. Identity is the new perimeter. I know it's cliche saying out there, but if you think about it, when people talk about phishing and training awareness and things like that, ultimately threat actors are trying to go for privileged accounts. That's what keeps me up at night. And so to be able to discover those, secure those, it makes me sleep better at night, honestly. And so, it's something really important to our program as a whole.


Danny (19:36):
Which you're now doubling down on a real interesting thing, that today's breaches more and more become focused on non-human accounts. It's really hard to rotate the password for service accounts, or to rotate secrets, so attackers and hackers are leveraging this pain or this struggle in our organization to control more, to move laterally, and you [inaudible 00:20:01] it makes you sleep better. Can you address a little bit how Oasis help you to address this pain and change?


Kyle (20:07):
Yeah. I mean, Oasis is one of the first tools that allow us to be able to do discovery across our entire cloud environment. In particular, we are in an Azure environment, and a lot of the legacy platforms are just not able to discover. They do your traditional PAM account management on servers and rotation. And for the first time ever, we found a solution that could identify all of these different accounts, allow us to inventory them and go through that life cycle management, which then means we know what we can... If we can see it, we can secure it. And it's something that, really across our entire environment, we've put a lot of focus on.


Danny (20:39):
And now, I want to speak about the future of, how do we address it? Because the mission of Oasis is not only to understand what is the mess that we have right now, but also to clean up completely the problem. And how do we do that is by, first of all, cleaning up the mess, everything that we have already, but then setting up processes, so everything is created by policies. So for example, when we're creating secrets, one place that creates them, but it vaults them, it's making sure that it's rotated as well. Can you please tell us how painful it is today to do this process, for example, only for secrets?


Kyle (21:13):
Yeah. I mean, to be honest, it's really not happening the proper way. So, the difficult part is understanding where we're going wrong and discovering what is out there today. Now, as we've come on board with Oasis and been able to look at where the problems are coming from, we're trying to get the root cause, and seeing where we can educate developers, where we can insert Oasis in to be continuously monitoring those. We actually look at those as... If secrets are not vaulted or create it offline or not through a repository or not through our pipelines, we can actually get flagged on that from Oasis as alerts, so keeping up with that continuous posture management.


Danny (21:51):
And you're now speaking about something really interesting, this security and developers relationship, when in this new world that we're tapping into, becoming more and more complicated, because we started speaking in different languages. So, can you describe us how Oasis help you to bridge this gap between security and developers?


Kyle (22:11):
Yeah. So, I think the first thing is showing them what we see out there, and where our security risks are out there, and so they can understand what they're doing and how they're developing things, are creating issues for the organization. It's just a component of education for them. And then having those conversations, having then the ability to get access to Oasis. So we don't look at it as just a security tool, we actually allow our developers to see what secrets are out there, they understand what systems those are on, and how they're managing them.


Danny (22:37):
How do you describe this risk and this gap that we have to the board?


Kyle (22:43):
Yeah. I mean, identity and access management, privileged access management, non-human identity, is our number one risk factor that I described to the board. It's the keys to the kingdom. It allows, like you said earlier, lateral movement, it allows people to elevate their privileges, and it really allows complete takeover. And so to me, it's one of the most critical risks I highlight to that board often and continuously. And so, I just make sure that they're highlighted, they understand it. It's not the easiest concept when you say non-human identities to the board, but you basically just communicate it as that it's a system to system communication that we really need to be concerned about, and it's a real threat.


Danny (23:19):
And every initiative that you're pushing towards today, and I'm even not speaking yet about AIs, you tie together to this proliferation?


Kyle (23:27):
Correct. When you're talking about API to API, AI system, bots that are being used extensively nowadays, again, these new types of accounts, these new type of identities, non-human identities that continue to spring up.


Danny (23:41):
Thanks, Kyle. And Arjun, how the board conceives this risk? I know identity is a big thing, but how they address this one or see this one?


Arjun (23:50):
Yeah. Look, our board is very cyber literate, and they look at cyber as a whole as a top-tier risk, not because of our environment, but just that's the nature of the industry that we're in. We're a financial services company, we're data-rich, we have information on our consumers, and it's definitely a potential target for a bad actor. So for us, the board takes it very seriously. So, availability as well as security of our data is very top of mind for our board. And so from an identity perspective, they do look at a lot of the breaches that have happened. You can see very easily that a lot of it is tied to identity. So, there's substantial market impact that you can see, touch, feel, from other breaches, other security events where identity has been involved. So, the boards get it. I think the industry gets it. It's just a matter of starting to box how big the problem is for an organization, because I think that's the primary struggle. How big is the problem? Know we have a problem. How big is it?


Danny (24:59):
And how do you explain how big is the problem to the board?


Arjun (25:03):
I mean, I think for an organization, getting a tool like Oasis gives them that capability of being able to dimension how big the problem is. So, I think that's... Any visibility tool, I think it's where most organizations lack is visibility, understanding what their environment comprises, which way the data flows, what's used to initiate those data flows, those kinds of things. So, I think it all... Building blocks of what you want to report to the board.


Danny (25:31):
Today, more and more security tools are measured on how fast they can bring value, show the value, be connected and onboarded. And I'm saying, we are measuring ourselves from the moment that we connected to the moment that we solved the first violation. How was your experience with Oasis regarding that?


Kyle (25:49):
Yeah. I mean, it's been fantastic. As you know, I'm a two-time customer here. The original component, when we went through Oasis, we were able to do a very quick proof of value. Since then, I switched companies, and we've gone on with Oasis again for a second time. I think the second time, since we were used to it, we were up in a day, connected up in a day. It's an extremely easy, lightweight connection. And I think we were analyzing and getting telemetry within a week.


Danny (26:13):
Yeah. I think you broke the record of solving the first violation.


Kyle (26:17):
Yeah. I mean, we're off to the races here solving violations. I think you mentioned earlier, [inaudible 00:26:21] all critical violations in our system. We have a hefty number of high violations, but we're chipping away at those, and prioritizing those as needed.


Danny (26:30):
When you're looking at your security strategy in general, can you tell us a little bit of what is your approach as a CISO? What is important for you to achieve? What do you expect from your team to be doing all the time? What are the products that you have, and where Oasis fits in that?


Kyle (26:45):
Yeah. We're going to be a very identity-centric organization from a cyber standpoint. We're putting a lot of effort, a lot of time, a lot of focus in identity and access management, whether it's on the non-human side or on the human side. And it's really been big part of our strategy. And so, just like anything else, you got to look at people, process, and technology. We have the technology on the Oasis side, but we're really trying to focus on that get clean, stay clean type of environment, where we can address and understand where are weak points within the organization, how we secure them, how we maintain them, and how we have good hygiene going forward. Now, a lot of that is education to our developers, our infrastructure teams. A lot of it's out of our control. But we use Oasis as, again, an educational tool to all of our infrastructure team and development teams, to be able to show them what we are seeing in the environment, so they can understand it just like we do.


Danny (27:35):
And we must speak about AI, because this is the topic of the day, but when we're actually speaking about AI, we have two problems. One of them is the data security, and the other one is the access. How do you see Oasis as helping organization achieve and embed and embrace more AI modules and techniques?


Kyle (27:57):
Yeah. I mean, it depends on how you look at it. We are going to be embedding AI, not only into some of our security systems, but generally into some of our business systems. Or if we're using off-the-shelf, like Copilot and other systems that come out of the box, those are going to need... You're going to want system-to-system communication. Like an example is, we use Security Copilot, and we integrate that with ServiceNow. We're going to be using non-human identities that we're going to need to be managing for all of that, AI to different various system communications. And we're going to need a platform like Oasis to ensure that we're properly deploying those, making sure that we're vaulting them, and using them properly.


Danny (28:29):
And Arjun, from your perspective, embracing AI. What is the component that you see as needed from the access and identity security?


Arjun (28:40):
Yeah. As I said earlier, more and more systems are getting connected. Application connectivity, the need for information, has never been more, and they want immediate access. And a lot of that requires authentication, authorization, and the leveraging of non-human identity. So for us, having that visibility, having the capability of being able to demonstrate that we're doing things in the correct fashion, we're following policy, we're following processes, we're gaining the efficiencies that we expect to see. A tool like Oasis would help us demonstrate that, and we have used it to demonstrate that. And so, I think that's really key there.


Danny (29:19):
Can you share with us a little bit how it was to work with the Oasis team?


Arjun (29:24):
Yeah. I mean, I think it's been a lot of fun. It's been an exciting time for us to see the growth and see the innovation that's happening at Oasis. Like I said earlier, a key for us with partnerships like this is being able to do that two-way communication. So, seeing some of our ideas become actual capabilities has been amazing, and we really enjoyed the ride.


Danny (29:46):
Kyle, from your perspective.


Kyle (29:48):
Well, I wouldn't be back a second time if I haven't enjoyed it. I really appreciate that you've looked at the problem and you've found a way to solve it. Like I said earlier, I've gone out to the market and tried to find a product that could solve this problem. You guys, I think, have done it eloquently. We really appreciate the product, our relationships, both personally and professionally. Again, that two-way street, I appreciate your willingness to build that ServiceNow connector of something that you had never built before, for a single customer that I'm sure hopefully will be able to be used more at scale, but do appreciate that personally that you were willing to go that extra mile to build that specifically for us as a customer.


Danny (30:27):
20 years ago, non-human accounts, if you will, that were back then called service accounts, were a smaller piece of the infrastructure. Human accounts were dominating, and we needed to build a lot of solutions around that. Kyle, can you please address to, first of all, what has changed? And in terms of magnitude, if you're comparing between human and non-human, how many you have in your organization?


Kyle (30:51):
Yeah. So, give you an example. I believe we're a company of about 450 people. I think we have upwards of five to 10,000 non-human accounts in varying degrees, whether certificates, tokens... It's growing exponentially by the day, and it continues to grow, and it's something that really needs to have a focus on it.


Danny (31:12):
Thanks. And Arjun, in your organization, how do you see this proliferation happening?


Arjun (31:16):
Yeah. I mean, we are a smaller company, we're about 250 to 300 employees, but we have five to 6x the number of non-human identity. And it's not surprising, just because of how connected our systems are and the level of automation that we leverage. So, it is a number that we expected to see, but it was good to finally confirm what the real number is, and the dimensions of that environment.


Danny (31:46):
Any last words for the industry, or any thoughts that you'd love to share?


Arjun (31:51):
Yeah. I think visibility is key and foundational to a strong and robust program, not just from a cybersecurity perspective, but from an operational and IT perspective. And so I think, as more and more providers continue to focus on visibility and giving organizations the capabilities around remediation and prioritization and some level of contextual vulnerability analysis, I think those are key factors that the industry will need to continue to harness and continue to foster.


Kyle (32:28):
I would say, just get ahead of it now. The sooner you address this problem, the less effort it'll be in the long run. A lot of people want that shiny car immediately, but you got to build the factory to build a car. Use Oasis as one of those components along your journey, rein in your developers, and help enable them, and I think using Oasis does all of that. And so, just get ahead of it as soon as you can.


Danny (32:54):
Guys, thank you very much for being here with me. It was really exciting and amazing to speak with you guys about visibility, posture, automations, and how in general should we manage this proliferating problem that is called non-human identities. And as this problem is growing today, we are here to help and to explain more on how to address this risk. So, Oasis is offering today a risk assessment to quickly understand and see the gaps and the risks that we have in the non-human identity space. So, please feel free to visit our website or just give us a call. Thank you very much, guys.

More like this