Identity Orchestration (noun)
Rick Howard: The word is: Identity Orchestration
Rick Howard: Spelled: Identity, as in a set of verifiable attribution's regarding a person, a device, or a workload and Orchestration, as in an automated series of processes to configure, coordinate, and manage computer systems, data, or software.
Rick Howard: Definition: A subset of security orchestration, the management of identities across an organization's set of digital islands.
Rick Howard: Example sentence: Identity Orchestration ensures that all the various steps of identity management occur in the right sequence.
Rick Howard: Origin and context: The idea of security orchestration has been around since about 2015. It manifested from the trend that over the years, most organizations had deployed too many security tools to manage effectively.
Rick Howard: The administrative complexity had played such a burden on IT and security professionals that the benefit of that potentially reduce risk to the business wasn't worth the effort.
Rick Howard: Security orchestration was the strategy to manage that complexity more easily; usually with a centralized platform to host the policy that distributed this specific tool controls across all the organizations, data islands: like mobile devices, data centers, SaaS, and cloud deployments. Typically security orchestration applied to traditional detection and prevention tools like firewalls, intrusion detection systems, XDR or extended detection and response and they're supporting systems like SIEMs and SOAR.
Rick Howard: Recently though, a subset of security orchestration has emerged as being even more critical than keeping the security tools up to date. It's called Identity Orchestration and is a way of organizing identity access management or IAM across those same data islands. It's also a subset of a concept called Software Defined Perimeter where users, systems, and devices needing access to a workload would go to a broker independent of the workload.
Rick Howard: The broker would first verify the identity, and second, check of that asset is authorized to access the workload. If it was, then the broker would establish an encrypted connection between the asset and the workload. Identity Orchestration is the first part of that process.
Rick Howard: Nerd reference: There's this trope in spy movies where the good guys eventually decide that they need to talk to the bad guys before the last act happens when they all try to kill each other. But, the good guys don't grab an Uber, rock up to the bad guy's evil lair, knock on the door and say, "Hey, got a minute?" That's just not how it's done. Instead, the good guys meet with the bad guys at some agreed-upon location nowhere near the evil lair. Some vetting gets done on both sides in the form of weapons pat-downs, and insult trading, which are usually quite funny, and then, once both parties are satisfied, the bad guys put bags over the good guys' heads and whisk them off to some safe house somewhere.
Rick Howard: And that's exactly what happens with the Software Defined Perimeter model and the first half of Identity Orchestration. The parties meet at some specified location, identities are checked and vetted on both sides, and then the asset in question is allowed access to the workload.
Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe, and edited by John Petrik, and me, Rick Howard. The mix, sound design, and original music, have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.