Security Market Watch
SMW # 3 - The Business of Identity Management and AI Ft. Eric Olden
Our chat with Eric goes beyond just identity orchestration. We discuss the seismic shifts in leadership styles over the years, the critical role empathy plays in coaching, and the importance of finding product market fit. Eric shares his thoughts on the value of building a team you trust and his strategy when hiring. We also dive into customer development, market focus, and upcoming trends in AI and machine learning. If you're keen to navigate the enterprise space and carve out a niche for yourself, Eric's insights are a treasure trove.
Join us as we venture into the future of identity management, the increasing role AI plays in it, and the looming question of whether passwords will become obsolete. We discuss the importance of aligning IT teams and security with regulatory compliance and Eric's advice on creating and monetizing value. This episode is a must-listen if you're curious about identity management, AI, leadership, or eager to learn how a 300-person company was born in a dorm room. Buckle up and get ready to be enlightened!
Our chat with Eric goes beyond just identity orchestration. We discuss the seismic shifts in leadership styles over the years, the critical role empathy plays in coaching, and the importance of finding product market fit. Eric shares his thoughts on the value of building a team you trust and his strategy when hiring. We also dive into customer development, market focus, and upcoming trends in AI and machine learning. If you're keen to navigate the enterprise space and carve out a niche for yourself, Eric's insights are a treasure trove.
Join us as we venture into the future of identity management, the increasing role AI plays in it, and the looming question of whether passwords will become obsolete. We discuss the importance of aligning IT teams and security with regulatory compliance and Eric's advice on creating and monetizing value. This episode is a must-listen if you're curious about identity management, AI, leadership, or eager to learn how a 300-person company was born in a dorm room. Buckle up and get ready to be enlightened!
Welcome to this episode of Security Market Watch, the show that goes right to the source. We talk to industry leaders, those who are out there in the trenches every day to give you the insights that allow you to make better business decisions in cybersecurity. Today, maggie and I are talking to Eric Olden, and Eric is the CEO of Strata, which is a identity orchestration platform, identity orchestration solution, and so today we're going to learn a lot about the identity neck of the woods. get his input on his slice of the industry. So, eric, welcome to Security Market Watch.
Speaker 2:Thanks for having me, josh and Maggie looking forward to the conversation.
Speaker 2:For those who don't know what is identity orchestration and what is an identity orchestration solution So identity orchestration is a new way to manage identity when you have more than one place that you need to manage identity And typically it's in multiple clouds. If you're using, say, your on-premises data center and you're also using a public cloud like Amazon or Azure or Google, and you've got now two clouds the public and the private that you need to manage identity, or you may be using multiple public clouds Amazon and Azure. Well, each of these environments has a identity provider built into it, And the challenge that organizations face today in multicloud and hybrid, is how do we make all of these different systems that weren't designed to work together play nice with one another so that we, as an organization, can use whatever identity system makes sense for the use case and the application at hand? So we're like to think of what we're doing is building the VMware of identity and doing for identity what virtualization did for compute and storage and networking.
Speaker 1:In my research on Strata I saw that the way that you've kind of explained it was taking away the identity layer of an application and somehow unifying that under Strata so that your organizations are not, you know, across all of their apps trying to manage identity and sort of, you know, redoing everything from app to app to app to app. But that is my surface level understanding of it. Can you let us know? why is that a pain point for customers and how does that abstraction really take place using Strata?
Speaker 2:Yeah. So I think the direction you've got correct. The way I think about it is we decouple the application from identity And if you've ever deployed identity to secure applications, you'll recognize the pattern of the last mile integration right where you have to make the identity known to the application. And over the last in my case 27 years we've seen that move from being a proprietary way that we did it in the early days to a standardized way that we do it today, using protocols like SAML and OpenID Connect.
Speaker 2:But the trick is that when you think about the applications and identity, they've been tightly coupled for so long that if you ever want to make a move to a new cloud identity provider or update or upgrade any of your identity infrastructure, that typically means you have to rewrite your application to work with the new stuff and not with the old stuff.
Speaker 2:So by decoupling using an abstraction layer you're able to have the application think it's still talking to the identity system that it was yesterday, but in fact you've switched the identity provider from the old to a new one and the application is none the wiser. And by doing it with software you avoid having to do it by hand, which typically saves about six months of refactoring and recoding and retesting, then it usually costs organizations a reasonable amount of money, and so when you try and do this at scale and you've got hundreds or thousands of applications, you can see quickly that doing it by hand is virtually impossible. So we created this new approach to do this using software, and not only have we decoupled the application from infrastructure, but we've added a lot of new automation capabilities at the orchestration layer that I'd love to share more details with.
Speaker 1:What is the time to value on something like this?
Speaker 2:So time to value? if you're thinking about deploying orchestration within identity, typically you can get things up and running. We describe our world as live in five, five days, So time to value can be as short as two weeks And you can basically do in minutes what used to take months. So if you're thinking about, hey, how do we show results very quickly so we can justify doing more and expanding, we encourage our customers to focus on getting a quick win And you can usually do that in a meaningful way in less than 30 days.
Speaker 1:I'm sure Maggie is just bursting at the seams with questions, but I have one more question before I hand it over to Maggie. Before we hit record, we were talking about creating a space and creating categories, which is something that you've done, and I thought that you did it only once with Strata, but you were telling us that you've done this multiple times. So at Trustmap, that's something that we a challenge that we have faced in creating a new category called security performance management, and so this is a challenge that I'm very familiar with. I'm really interested in the way that you've done it, not once, not twice, four times and possibly five And so could you give us an idea of how does one move into a new space? You know, normally the struggle is to differentiate, because everybody's the same, but you've created brand new categories, and can you lay that out for those who are listening right now?
Speaker 2:Yeah, absolutely. And I think there's a couple of things that I've learned along the way. For instance and it's always been in my world identity management, and you know a couple of the challenges well. Why would why not make a MeToo product that can be incrementally better than something that's out there? And I've never seen a company reach the kind of category creation capability using an incremental strategy. So it can work for a lot of companies, but when you're trying to create something new, you can't be thinking incrementally. You have to be thinking radically different.
Speaker 2:And the second point is that in the early days, you bring the idea or the approach to people who are educated and they understand, in my case, identity at the enterprise infrastructure layer. If people jump on your idea and say, oh, that's a great idea, chances are it's not a great idea to build a category because it sounds like something that may not be that significantly different than the status quo. Why is this so important? Because it's very difficult to beat the incumbents in the status quo And having something that's incrementally better, like, oh, it's 50% faster or 20% cheaper, no one's going to care because you're asking them to take a risk on something entirely new. They're not going to do that unless there's a significant return on that risk and that investment. I use the kind of early test where people tell me that's a great idea, i won't do it. When people say, oh, that's impossible, there's no way you're going to figure out the engineering behind that, then I feel like, ok, i know how to build product. I can solve the engineering problem. And it sounds like everyone thinks it's too hard to even try. Then let me go and see what I can do. And there's a bumper sticker I saw when I was in college and paraphrasing it and said the person who says it can't be done shouldn't interrupt the person who's doing it. And that stuck with me because you really do need to have a strong conviction in what you're doing, because you're going to have a lot of moments where you're like maybe they were right, maybe this is impossible. And if you can't dig deep at that time, odds are you're not going to make it through the treacherous decisions and trade-offs and all that that you need to do. And then I guess the last thing I would suggest is be patient and think about this as a life cycle, and what's worked well for me has been to.
Speaker 2:When you're initially creating a market. Don't think about your product, think about the problem And think about is that problem that you're going to build something to solve a big enough problem? Is it your addressable market? Is there enough people who have that problem that, if you put them all together, you can build a substantial market? And the second thing is is it a high priority? because if the problem exists but it's 10, 15 rows down on your priority list, odds are you'll never get the attention that it takes to be able to make that person invest.
Speaker 2:And then the return on that investment, because you've got to have proof. So these three P's the pain or the problem, the priority and the proof. So the reason proof is so important is that when your early buyers are going to try and justify why they're spending money on this new thing, you need to arm them with the proof that what they did was significantly good in their outcome. So having the ability to point to hard return on investment, whether it's hard cost or soft cost or time and all the above new capabilities that's the kind of proof that you're going to need in order to get up from the crazy early adopters to the majority in the middle. That's where you make your most customer growth And without evidence and proof that your references are going to be able to talk to, you're going to be really challenged to get more people to try and buy in. So, pain, proof and priority, those are maybe the three takeaways.
Speaker 3:Very good. So I have a question, and I told Josh that I tried not to plan very many questions. I like to kind of go off the cuff as I listen to your answers and some of the things that you said already above my head And I'm not ashamed to say that, but I also resonate with the people that are trying to learn more about cybersecurity. Also, i'm in sales. I have a totally different approach from Josh. That's what kind of makes our dynamic really really well for the show. You had quoted on your LinkedIn that you created 235 million in equity from your garage and software companies and that immediately made me think of Steve Jobs, and so I wanted to kind of bring that back down. And in your opinion, you start talking about identity management from a more humanistic, psychological standpoint. How would we pair those two together for someone?
Speaker 3:who doesn't know anything about cybersecurity. They don't know some of the tech speak that you're talking about. How important is identity management to who we are as an everyday person?
Speaker 2:Yeah, identity management is one of these markets that has taken a long time to get the gravity that it has today. And I say that because my first company is Securant and I started that actually when I was still in college and at university And my best friend and I from high school next thing, you know, two kids in a dorm room had a 300 person company and it was like, well, that escalated quickly and we had no idea I'd be, you know, i'd be making it up if I said I was as experienced at 23 as I am, you know, 30 years later. But I think, in terms of identity management, we didn't call it that early on. It was web access management and things of that type.
Speaker 2:And to answer your question about the what is identity management today and how does it affect people, i tell people who are not in this space think about the systems that you use to prove you are who you say you are. When you log in to your bank, you're going through an identity management system. When you log into your email and you provide a password, or, even better, if you use a multi factor token or something on your phone to scan your face, that's identity management. I am identity and access management, i think, is probably a more holistic way to think about it And outside of the users that are meant that you need to manage who access your applications in your data, you also need to manage the permissions or the access that they have. So access management is a big part of all of the identity world.
Speaker 2:So, and then at risk of getting a little bit deeper, i like to think about the five days. You have, the authentication proving you are who you say you are access control can you access what you're trying to get to authorization? Can you do something within an application? Can you open a mortgage? Can you approve a request? Attributes which are used to define you, like your account status or your status as an employee. Are you an employee or a contractor? And then the last A is audit and administration, so how you can show that you have governance in place to make sure that only the right people are accessing the applications that they should. So those five days have been around since before I was in security, going back to the mainframe days all the way through today, and they basically have to be re-implemented at each point in technology, so they should be familiar to people who have ever logged into an account or signed up for a new service. You're going through identity management.
Speaker 3:Perfect, that was a great answer. I not just sound ill mannered here, but that made me think of a meme I recently saw with Kermit the Frog where he said he's on the phone and he's got some type of hacker and he says you have all my passwords. Great, what are they?
Speaker 1:That's exactly what I was thinking, awesome.
Speaker 3:Thank you. What, in your opinion, you know? obviously it sounds like you built a lot of teams from a very early age. I love that. I love the entrepreneurship behind your story. Forgive me for the train, it's just live. Here we go. What's been your favorite part about leadership and how has it changed over the years?
Speaker 2:First of all, that train brings back great memories from my first company, When we got out of school we moved to 4th Street in Berkeley and I had this big sales meeting and I was going to pitch this giant Fortune 500 company and it was three of us at the time and had the speaker phone. It's already and there's a train that run a rail way that was right behind our garage loft and wouldn't you know, right when we had everyone there, the train comes through and it went for like 90 seconds and I'll never forget that. So you're bringing back good memories. Maggie, Can you ask your question again?
Speaker 3:Yeah, well, now you got me thinking about my train trucks, because it's the busiest one here and where I'm at, and they're going to the biggest GM manufacturer. Anyway, now here or there. So back to what I asked Leadership. Just how has it changed from when you first started? Obviously and I speak from experience when you start really building at a younger age, it can get really chaotic, and how do you make that controlled chaos. And then how does leadership overall change for you now? How has it changed?
Speaker 2:Oh yeah, great. So I think my approach to leadership was early on. I made a ton of mistakes and I've had to give myself the kind of room to say hey and I say this all the time, even today, 20 plus years into it If it was easy, anybody could do it and you wouldn't have an opportunity. So when you feel like, oh man, this is really hard, am I doing it wrong? Because you may be doing it wrong, but the reality is you have to do hard things to be successful. And then that leadership of saying hey, we're not going to shy from the problem, we're going to find a way to make it work, that tenacity is contagious. And when you get people around you recognizing that if our leader isn't going to back up, then we're not going to either And we're going to find a way or make one. And I think that was Hannibal was his saying when he was going to go invade Rome on elephants and crossing the Alps. No one had done that before, but you just stay tenacious about that.
Speaker 2:Over time I've systematized those things, because the ones that I find work I continue to use from one company to the next, and so there's a whole host of these that I have internalized And I share within my team.
Speaker 2:So where things are now in my third venture back startup and all of the trials and tribulations that I've had to go through in the startup sense, is really kind of boiled down to a handful of these, i guess, maybe axioms that I use every single day, and sometimes I'm saying it to coach somebody, sometimes I'm saying it to remind myself that this is what's going on.
Speaker 2:So I think leadership is something that you earn the right through experience and through driving through hard things, and then your ability to communicate it, i think, really comes from a empathy where I can think about what it's like to receive this direction or coaching or correction or whatever the case may be.
Speaker 2:I really like to put myself into that person's shoes and say how am I gonna receive this? How do I get both sides of the conversation so that when you're bringing it to the person, that you don't lose sight of the humanity and avoid a situation where confusing being a executive or a title that gives you some responsibility and authority but it doesn't give you respect. You earn respect, you may get a title, and don't confuse the two, and I've seen people really run into problems when they think, oh, i've got the title, so don't I have the respect, and then they find out through their actions that people aren't gonna follow them right, that's a deficit in leadership When people take that and they assume that the chair is the means that justify the end to do bad behavior. So I guess, in the end, remember to be a human, remember you're working and leading other people, and it can be really simple It doesn't have to be complex and try and think about both sides of it, and empathy goes a long way.
Speaker 3:I love that You're gonna air fist bump on that one, i think it'll definitely resonate with what you just said. And next time you're having a bad day, I will tell you something that I share. Michael Jordan obviously one of the most revered basketball players of all time had 9,000 missed shots. So just remember that he failed 9,000 times and he's still up at the top. So I always keep that in mind. We all have bad days, and that was a really candid answer, So thank you for that one.
Speaker 2:Yeah, you bet Good question.
Speaker 1:When you're building out these companies, what are some of the first roles that you hire for?
Speaker 2:Ooh, that's a good one, i think. When I'll speak to my most recent company, i, when I was choosing my co-founders, i was looking for really deep technical experience in the space, and both Topher and Topher, marie and Eric Leach had a phenomenal experience in background. So the other thing is I'd worked with them both previously. In the case with Topher, this is our third company together And so that is important, because being able to trust people is so critical And if you've already worked with them, you know where they're coming from. You can focus more on moving forward than kind of building a foundation because it's already in place.
Speaker 2:Once we had the three of us, then we started to look at the next ring out of kind of the first team in on the ground floor, and who we brought on at that point were people who had a lot of experience as well in the space of identity, because it's a very niche kind of thing. But we, from a functional standpoint, we brought on marketing talent and implementation and services talent And also, on the engineering side, some phenomenal engineers that I had worked with before And within the first, and operations and legal. So we went from three people to seven people within about 30 days, and that was to kind of get somebody who's good at those different functions and bring us all together. So we were about seven people for a good amount of time And then we started to add more depth into each one of those functions. But one thing we didn't do until very late relatively late years into it was hire anyone in sales, and the reason for that was that early days in a new category, in a new market, there's no substitute for the founders and that early team from being right with the customer And you get the highest fidelity on those pain, priority and problem issues when you hear it directly.
Speaker 2:And so, even though I know a huge amount of very talented go-to-market people, i didn't want to have anything in between me and the customer because I feel like I'm the closest to the problem on innovation, so anything that if we end up playing the operator game where things get diluted further from the source, that can kill your company. So we basically made sure that we got very direct customer feedback interviews and we did dozens and now over a hundred of companies that we've talked to, and once we had all of that, we've got our early product out and we had our first 10 plus customers. It was then when we thought, okay, now it's time to scale, to go to market, because we had product market fit And so, yeah, that's how I did it here And that's how I recommend people do it in other companies that I'm involved with.
Speaker 1:I dug through some of your show notes in a podcast that you did, and you mentioned that the initial task, speaking of perfect product market fit, you mentioned that the initial task for Strata was to find the perfect product market fit. So exactly what steps did you take to follow, or what steps did you follow to identify this, and how did it influence your go to market strategy?
Speaker 2:Yeah. So I think the way that we do it, did it rather, and I guess in a way we continue to do it is to really start with deep understanding of your customer persona, and when you're building a product, you want to understand what are the problems that are important and then what are the jobs to be done? I don't know who came up with that acronym, but the jobs to be done mean what is the day on the life that person look like and you can translate those jobs that they need to do into use cases that you can implement in software. So once you start to get that part of the problem, it builds like a snowball right. You start to see a pattern and you say, oh well, everyone was talking about this, so that is a common thing. Only now and then do we hear people talk about this other outlier. Maybe that's not a place to really prioritize investment. Once you get that in place, then you do that using customer development interview, and there's a book out there. You can find it on line. Kathy Alvarez called Customer Development and she just really nailed it. So if anyone wants to know the playbook, i think she wrote a great one. We use it here at Strata. I've recommended it for a long time with a lot of people.
Speaker 2:So, once you've got that, now you've got your product and you now need to focus on the market. So then the market. That's another area that you want to understand. Where are you going to start? in the enterprise, the SMB, the consumer market? That's one way to break up a market. My experience is all in the enterprise. That's just the way our identity sits.
Speaker 2:So, very quickly, we said we're going to focus on solving this identity problem for multi-cloud, because that's what everyone is saying is their problem, and we're going to focus on the enterprise and the large, large, large organizations And being holding the line. Because when you're in these early days, you want to make sales, you want to close customers and there's a natural drive to win. But we turned down a whole bunch of customers that could have been phenomenal, but they weren't building in my target demographic or firmographic. So we said, hey, that's interesting, maybe in the future we'll come back and have a conversation, but we're going to stay focused on as small a niche as you can get. So in our case, we took the enterprise and then we said, okay, within the enterprise, where is this pain most acutely felt And things like is it a regulated industry? And there's so many regulations that people need to show that they've got identity management policies in place. Now we said, okay, we can focus on that smaller market and smaller and smaller and smaller.
Speaker 2:And you may be thinking well, i thought you were just saying a minute ago, is there a big enough, total addressable market? And now you're saying, contradictory, make it as small as you can. Well, the way to think about the two of those is how big is the ocean or lake or stream that you're going to fish in? And then the next question is how many fish are there in that lake and stream? and so on. So they're related but not the same.
Speaker 2:And so once you get really specialized, now you can have that conversation with your prospect, and early days you're going to be having a really broad conversation because they don't know what you're talking about. And eventually, once you get product market fit, we find that when our sales engineers or our account executives are able to ask two or three questions and qualify whether someone is a prospect or not. Are they part of our ICP, our ideal customer profile, then we've gotten that kind of product market fit. And so now it's time to scale. So it takes a long time but, as I mentioned, if it was easy, everybody would do it, hi.
Speaker 1:And it ain't easy.
Speaker 3:That made me think of a quote I just recently heard where we've probably all heard if you give a person a fish, they're going to eat for a day. If you teach a person to fish, they'll fish for a lifetime. But if you teach a person to teach a person to fish, it could change the game. So that kind of just made me think of that with your fish quote, but kind of switching gears and I apologize, josh, because I know you got a whole list of questions.
Speaker 3:But I'm curious to ask someone you've just got so many amazing ideas here and a topic that's been coming up, at least for me on my end, i've recently taken up natural language processing and actually doing the creative writing portion of that, doing the auditing, quality checks, those types of things, and I'm starting to with my own tech portfolio advisement, getting contacted by people that are wanting to do startup companies that would be competitors, for instance, to scale AI, things like that. So, with regard to this topic in particular and this is an opinion, okay and no one said, maggie said but what's your take on where things are just kind of headed specifically with AI and overall machine learning right now?
Speaker 2:Yeah, i'm super excited about it. I've had a good amount of exposure and experience with it, starting with machine learning at a media targeting company that I was part of, and then more recently at Oracle. We had a lot of really cool early stuff around chatbot automation and so forth. So it's been in my kind of world for 10 years now, and what I'll say is that the current stuff that's coming out around generative AI and some of the semantic search and so forth is real And I think there's some amazing capabilities within that. The caveat is that you're going to see, like so many technologies that are breakthroughs, the hype Stuff starts to. Everyone's saying, hey, now, with 25% more AI and 16 ounces of natural learning and all this Nonsense, right, so it's going to get noisy, but don't mistake the noise for the signal and vice versa. There is signal here, there is something here. So what I'm particularly excited about What we're doing here at strata is bringing in Identity I'm sorry, bringing AI into identity management. It really starts, like everywhere around the data that you feed the algorithms, and You know there's a lot of these algorithms that are free and open source, right. So AI, in one sense, is free, but it's only as good as the data that you can feed it, and so that's our priority is is thinking about how we can use our data assets at strata to feed algorithms to create meaningful outcomes.
Speaker 2:What I will say is I'm impressed with two companies that are doing some really, really interesting things. The first is Microsoft, and they've got a really strong play within Automation. They call it their co-pilot and there's some really cool stuff that they're doing, and Microsoft's gone all in with AI and the Open AI investment and all that, and it's been. Really we work a lot with Microsoft And I'm really impressed with how they're bringing that automation into the really complex world of Microsoft security. The second company I would encourage people to take a look at is New Relic, and They have really done a lot with a cool technology generative AI, but their chatbot called grok grok Google that Because that is really cool. It's also a co-pilot piece, but It'll help you do. You're talking about security performance management earlier, josh. So New Relic, as you may know, application performance management. So I think there's a really, really powerful things that they're bringing to market. That is that signal that I'm talking about. It's real and it's very, very, very powerful. So very excited about all of that And I think a lot of these things build on top of one another.
Speaker 2:So once you've got the data, you can layer on machine learning and on top of the machine learning you can add Semantic search and on top of that you can start to create more automation with large language models. And Think about what kind of thing would you generate if you had control over the data or APIs. And you know, languages aren't just English and Spanish, but in Engineering world we think about languages like go and Java and Python, and The ability for these algorithms to produce code Is pretty compelling. And I'm not worried that people are gonna lose their jobs to AI. It's always. Any major disruption always makes people a little not all people, but a lot of people Fearful like, oh, am I gonna get replaced by a robot? You're not gonna get replaced by a robot. It's the people who figure out how to use the tool. They're the ones they're gonna get ahead. So I run towards it, not away from it, and I think it's always gonna be more powerful to be a man or woman plus AI than just an AI on its own 100%.
Speaker 1:I am bought in. I am sold on AI. What are the things, though, that Worries a lot of people and that worries me, especially as someone? I use chat GPT quite a lot, mostly just asking it stuff like What is life? you know, i have conversations with the AI and, yes, i say please and thank you, because in case there's a robot apocalypse, i want it to remember that I was the guy who was polite to it. Yes, so one of the things that people are really worried about that I'm worried about is putting my data into an AI chat and Having that data now out in the world and we saw that Samsung faced this challenge when Their data was leaked because they had entered a lot of that data into a chatbot. How worried are you When it comes to identity management or the way that you and your customers use Your data and AI? how worried are you about the privacy issues and the security issues around AI?
Speaker 2:I'm obsessive about it. I think I Don't know the details around the Samsung situation, but I am obsessive because If you ever have that situation where you fed data Under the expectation that that was like a private conversation, but it turns up that someone else is able to get that information through the, your inability to control access to that data and the AI on top of that, then somebody was using it when they should not have and they didn't have the Excuse me the appropriate governance in place. So those are the things that are Really impressive about some of these platforms is their ability to Segment the data. If you're just going to chat GPT and you're using the consumer beta, they have warnings. I say, look, don't tell us something that's proprietary, because the way that the system works on the publicly facing free things, you should assume that whatever you put in there is Going to be seen by anybody else. And so if you're dealing with confidential data the way that security and identity data is You have to make sure and dull, check and verify consistently that the controls that you put in place are Are enforced, so that you never have that situation. Right, trust but verify.
Speaker 2:And so I think if you aren't obsessing about it, then you're going to have a problem and but, that said, there are ways to address that, and so it really comes down to data governance more than anything, and Being clear, when you're setting up your AI program within the organization, that you manage the Way in which people can put company information or should never put company, certain kinds of company information into an AI. So it's not without a Set of risks, but I think they're manageable. But I never stopped thinking about it, and we're incredibly obsessive about making sure that everything is encrypted and everything is controlled and that only the right People can have access to the right data, so it never stops. So you're probably good to be afraid of Having that go to the wrong place. It's gonna be paranoid.
Speaker 1:I don't mean to put you on the spot here, but what local options are there for folks who want an alternate, an alternative to chat, gpt or barred or You know, brock camera, is it Brock Oh?
Speaker 2:Oh, brock, you mean like the rally. So I think there's there's a couple of different categories that we're talking about here. Rock is a AI that I believe is a licensed version of Open AI, chat, gpt for, and then some other kind of tools, and they And I don't want to, i'm speculating here, right, because I don't have direct information But I suspect that the New Relic team worked out a licensing agreement with Chat, gpt and open AI so that they can point it at their own proprietary data and that that won't get shared elsewhere. So you can negotiate and set up these arrangements with the AI prop provider. So, whether it's open AI or Azure or Amazon or All of them, have it really tensorflow at Google?
Speaker 2:There's a lot of different capabilities, but You want to. You know what's local anymore. I think it's a cloud service that you localize your data and you ring fence that data so only The right people can query it. But there's a ton of options that are out there. You just need to expect to pay for them, right? That's where you know if you're getting it for free. But whatever, what has Something that's completely free ever really been free? and so I think, use that common sense to say, hey, if I'm paying for it, i'll read the terms and conditions to make sure that that is giving me private access and management Of my data, because, in the absence of knowing that you're, i would assume that your Data that you put in is going to be shared with the world. So a lot of options, but read the fine print.
Speaker 3:What is your take on Regulation with regards to compliance for anyone looking to do evaluation for companies and those types of things? and the reason I asked this we're? I've been asked a lot by Regulatory compliance firms, asset managers, how we can combine cyber security, some of the products that you're working on, what would you say are some good ideas to help bridge that? The CIO for Las Vegas last week told us that it was a it was a ring match between Cyber security and and what we're talking about here. So I want to keep asking leaders this, because we got a bridge this somehow. What's your take on that?
Speaker 2:Well, right now, it seems like止 we're coming to see them cherry on. I'd love to talk to that person you're referring to, because what I find is that It shouldn't be an either or, but more. How do you do what you want to do or need to do, and you know if? by elaborating on that a bit, if you think about the regulations, one of the most common things that every regulation shares is Is there a policy in place and how are you enforcing that? and if you don't have an information security policy, start with that. Right sounds common sense, but forget who said it. Common sense isn't all that common, and So I think when you look at that and say, well, of course we got a show, we have a policy, then you think about how do you implement that policy.
Speaker 2:Now You're starting to talk about technology, and then what is the policy or what is the risk that you're trying to manage? and so, of all of the risks that I see out there that are showing up in regulations, as well as cyber insurance Criteria, it's another way to think about it. Right outside of, are my regulatory compliance needs met? can you get insurance to cover your cyber risk? and inside of the insurance world if they are paid to Identify and manage risk. So what you'll find today is that a huge priority is on getting rid of passwords, and I think that's a great thing because our software at strata, we design passwords out, so there's no place to use a password in our software. We just don't have to ever worry about them getting fish because we never have passwords to begin with.
Speaker 2:And so if you think about now the different ways to solve password Authentication, how to get rid of it, there's a whole host of different things that you can choose from and choose the technology that works for your business. But if the idea is that the IT team and security are at odds with the Regulatory compliance, i like to get people more aligned and say, look, the security and I tech Team is going to implement the policies that IT leadership comes up with. Now We're all on the same team and we're all trying to do this in service of meeting that regulatory requirement. So I Guess really my advice to that CIO would be, you know, maybe looking at aligning the organization and figuring out How do you get that Consistency from the regulation to the implementation and everything in between. That's a leadership thing, that's a conversation. That's how you manage that Initiative. I think will go a long way to making that successful.
Speaker 1:Well, eric, not to burst your bubble, but I've got money on this. But you know, i've already placed my bets on this fight and it's gonna happen. It's gonna be a cage match and we're gonna have it in Vegas. So There's no way that's not gonna happen because I've got a lot of money writing on this. So We're we're approaching the end of the show and there's a. There's a topic that's sort of been swirling around my head this entire time That we've had this conversation. It's kind of stuck. So Maggie had mentioned your creation of X amount of equity and That's a dollar amount, right? So normally we would think of creating equity as a dollar amount and I'm thinking What really is the difference between equity and value? if you create 280 million dollars in equity, are we saying that you're also creating 280 million dollars in Value to the customer? are those things equal or is there a distinction between equity and value?
Speaker 2:yeah, they're completely different and In many ways very unrelated. When I think about equity value creation and that quote was from a long time ago We've done a lot of other really compelling things since that number should be revised upwards significantly. But the answer your question, josh, i think it's not How much the shares are worth and the shareholders and how they do, but it's what is the impact that that technology or that company has in the broader industry. And From my standpoint, i focus first on creating value, because if you do that, the equity, the money side, will take care of itself, right, and if you are trying to make money but you don't create any value, you're not gonna actually make it.
Speaker 2:Work has to go the other way around and to that end, there are things that I'll do that are about creating value, that have no expectation of monetization.
Speaker 2:And that comes around standards.
Speaker 2:And You know, having been fortunate to be part of two identity standards, early days on the co-authoring of Samal, but then more recently here with strata, co-authoring a new standard for policy called identity query language or IDQL, and we do all of this work to Enable the customer to be able to mix and match their different clouds and have policy work wherever they are, to Trains, dogs, cats, you name it And what we do is we do that so that the customer has choices and not to get locked in.
Speaker 2:We give that software away for free. We got an open-source reference implementation at the cloud native computing foundation called hexa, and It's all about creating value for the customer, with the expectation That if we want to monetize something, it's gonna be because of our reputation as the team that solved all these problems didn't ask to get paid for it. Well, who would you give your business to? someone who shows up and helps, even though you don't and didn't ask for payment? Or are you gonna go for someone who's always got their hand out saying, hey, i'll only help you if you pay me. I personally like people who are generally helpful and that's where I spend my time is trying to create that value.
Speaker 3:Great question, you're gonna fist bump to Josh.
Speaker 1:All right, eric Olden Creating value, solving problems. Thank you so much for being on the security market watch Podcast. And, maggie, as always, you're great, you're wonderful, you're, you're a hurricane. What else can I say, thank you. How can people reach you, eric, if they try to get a hold of you?
Speaker 2:Well, i think, if you're interested in identity orchestration and multi-cloud and hybrid and how to make that world work, take a look at strataio, and that's our website. And if you have, we have a nice little promo that, if you Go to our strataio slash podcast, we have a little fun thing that we do called send send us your identity challenge. And if you come up with a use case that you want to see whether orchestration can solve it, we'll show you a live demo and give you a pair of Apple earphones the the nice ones, the one that, the white ones that go in your ear airpods airpods That's it, and the Pro ones. So so good stuff. But if you're interested in policy orchestration and that open source and that standard, google hexa, hex a policy orchestration, and you'll find the website and the cloud native computing foundation. You can download hexa and learn all about IDQL There, and I think those are two good places to start.
Speaker 2:And then, if you want to reach me personally, i'm very active on LinkedIn and you can find me at LinkedIn. My URL is linkedincom. Slash bought, not sold, and it's bought. Bo u ght not sold, and The. Connect with me and love to hear from you.
Speaker 1:Maggie, how can folks reach you?
Speaker 3:sure, so LinkedIn is well easy to find me there. Also, i'm on Instagram as championship underscore energy Shout out to my mom, she was a equestrian champion. And then also want to remind everybody we do have a newsletter that we are posting by weekly. There's a lot of really good educational material in there. We're making sure to also have these podcasts listed in that newsletter, so please feel free to subscribe there. It's gonna be all over my page if you go there. Josh's page as well.
Speaker 1:And you can find me on LinkedIn as well. I'm just Josh. We're brooning and you can email me at j brooning, at trust map comm. I'm on Instagram. Check out the security market watch YouTube channel. Make sure to like and subscribe our videos. We appreciate it very much and Just help us to get this information out into the public, and this has been a really good conversation, eric, i really appreciate it. Once again, thank you so much for being gracious with your time and for everybody out there. Thank you for listening to this episode of security market watch. Bye, thank you.
Speaker 2:Thank you.
Speaker 3:Did you realize we were in the same colors and we did not plan this?
Speaker 1:I know it's time.
Speaker 3:I just noticed that, like I've been a girl right now.