Event Recording

PAM: The Access Foundation for the Age of the Limitless Stack


Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
All right. So thank, thank you everyone. We are gonna be talking about, you know, this sort of term that we are using for the convergence of many of these concepts, which we're, we're just calling the limitless stack. But of course, I I'll also say that we all know the setup of a talk like this. The world is speeding up, you know, especially within technology, we have more of everything and more always sounds good, but we also know what can happen when we consume too much of a good thing. So for example, our abundant food production makes our meals delicious and affordable, but calories also have a cost beyond what we pay at the register. As a CTO, I spend much of my life concerned with this speeding up. So more of everything, topic, so more technical trends, more technical details and more technical products. However, right now I'm gonna pause the typical problem statement set up because giving a talk is a rare opportunity for a break from my routine. So, so a little bit, selfishly, I'm gonna ask that you indulge me in a brief departure from technical specs and best practices.
So I'd like to share a story that I'm calling a first principles, Pam parable. So our story begins with Cameron and Gustavo, and they have an idea which is for me, a familiar feeling. They're excited about that idea, which is also a familiar feeling. They wanna build a game they're so excited about the game that they follow through and start a company and they call it CG studios for the, in, from the initials of their first names. Now it happens that Cameron and Gustavo have some industry experience. So nothing triple a, but a few indie video games, even one German style tabletop game. They've each worked a bit on programming a bit on art. They've done a bit of sales, a bit of finance, and because they're contributing equally to CG studios, they decide not to burden themselves with titles like CEO or CTO. They just focus on building. All right. So soon enough, Cameron and Gustavo find four more folks to join the cause.
Everyone decides to stay focused on building no titles necessary. Cameron urges, everyone to just do what seems right. So Aparna wants to do what seems right. And toward the end of her first week, she realized that CG, she realizes CG studios is no longer an accurate reflection of the composition of the company. So she takes the initiative to rename the company, using all of their initials and cat bag C a T B a G cat bag. Studios is born the initial version of the game ships and receives rave reviews. And wouldn't, you know, it, the team grows again. So after a few more weeks, a particularly technical team member decides that cat, the cat bag moniker has outlived its welcome and unilaterally. Renames the company C 25 G studios in the style of Nuer NIMS like I 18 N K a S or O 11 Y in the blink of an eye.
Another growth spurt now known as C 65 G studios. The team has taken notice gun to take notice of a few surprising side effects of their flat title, free organization. So first the marketing website, it looks great. However, a majority of the players are from Latin America and all the web copy is written in Hebrew. It turns out that Yayi just really loves writing web copy. Another observation, every support request received between four and 11 conflicting responses. So duplicate refunds were starting to become pretty obvious to anyone who spent the time to open up QuickBooks and actually speaking of the general ledger, although anyone could add a journal entry, Sean had a really strong preference for numbers ending in the prime digits, 2, 3, 5, and seven. At the end of each day, he'd help out by adjusting all the journal entries for aesthetic consistency.
At this point, a few Spanish speaking members of staff got together and proposed a collaboration with yay on the web copy. They worked so well together and the Latin American customers were so happy that they decided to stick with it and remain focused on the copy design and overall maintenance of the website. Separately. Another group of quantitatively inclined team members read a blog post about something called generally accepted accounting principles. They got really excited about it and decided that Sean's prime digit method could be improved upon like the website team. This motivated group decided to stay focused on the numbers. And at this point you probably recognize what's happening. Our happy chaotic team of egalitarians have discovered departments.
Once they discovered how much more productive they felt without bumping into each other all the time, they took the next logical step. They identified even more specialized areas of focus. Our team had at this point, discovered roles and job descriptions. So even though the company now looked much more traditional and recognizable, the team had found a way to work together. That was also authentically tailored to the shape of their business and their individual strengths and therefore Cameron Gustavo and the whole team lived happily ever after. All right. So now let's just spend a moment to think about how this parable of the egalitarian company of 65 people that discovered how to have roles might relate to our understanding of Pam. So one view of privilege access management is that it is concerned primarily with those high privilege accounts. So in a Microsoft world, think of the administrator account or in a Linux context, think of the root user, the Pam account and the root account are like our staff prior to job descriptions, everyone could update the website. Everyone could hire and fire. Everyone could adjust compensation or even change pricing. Everyone could rename the company with the introduction of roles. We can appreciate a little bit more nuance than those God level privileges of do everything.
One person can update the website, but not add to the general ledger. Another can adjust compensation, but can't change the pricing of the game or the product KuppingerCole uses the dream acronym to represent a future state beyond Pam and Kim. And I'll say, regardless of which acronym you prefer, entitlements and privileges will always be organic, detailed, and complex. They will be tailored to the shape of your organization because this, you know, in many senses is, is more about, is as much about how you organize your systems as your people and your systems. Okay. These entitlements and privileges also just must be understood before they're changed. And that understanding does not come easily conversation it's communication. And then hopefully there's a little bit of leverage that you're getting out of the tools from your preferred vendors.
Of course, these entitlements should balance controlled and flexibility. For example, excessively tight entitlements in a development environment might leave you spending a large amount of attention, approving new requests, which might possibly distract from attention that you would prefer to spend on more sensitive workloads. The design of the system should also balance specialization and generalization. For example, the role of finance might not be sufficient to specialize in the and specify the difference between accounting and fundraising or investor relations. So moving forward at strong DM, we've identified a few additional characteristics of the next generation of Pam and Kim, really, regardless of what the name for that next generation comes to be. The first element that we like to point to is a notion of what we call positive access. So to us, this is really the overall story about making it convenient to say yes to the access that staff need along with that comes total visibility.
But I like to think of this as always on audit trails that you achieve without extra setup steps. So you'll never encounter a case where an auditor or a forensic situation asks for a record that you don't already have automatically. We need precise controls striking that balance between control and flexibility for the systems and users that are subject to those controls. We need a system that secure by design, which encourages least privilege defaults, but of course retains the flexibility of saying yes in that positive access sense in the panel earlier, we discussed the word mainframe several times and I'll say works with everything in 2022 is actually an ambition that we are allowed to have. Although many of the cloud service providers have more intricate primitives in terms of how authorization can be prescribed. There are ways of bridging all of your systems. So you don't have to wait for Nirvana at the conclusion of your cloud modernization project. You can begin, you can begin today with more uniformity across these systems. And then finally the superior user experience is the only way that you're going to both minimize training time and then eliminate pushback from those users that need to participate in your Pam and Kim ecosystem. Of course, we've integrated all of these elements end more into our product, which responds to both the history of Pam and Kim, and also looks forward to the dream.
And with that I'll thank you for your time and your indulgence in my parable, of course you can reach me anytime, just Justin Strong, dm.com and you can schedule a demo or trial the product yourself anytime@strongdm.com. All right, that's all I've got. Thank you.