Another thing that most people need to be thinking about, most, not all, but almost everyone has Active Directory in their environment. And that is the most important part if you're using it for authentication and authorization as your central directory for that. So making sure that your Active Directory is as secure as possible.
[MUSIC PLAYING]
Hi, I'm Darren Thomson. I'm the global vice president for product marketing here at One Identity.
And I'm Stacey Blanchard. I'm responsible for our North America sales engineering team at One Identity.
We're going to talk today for about 10 minutes or so about an increasingly important topic for our customers. Many of our engagements over the past 12 months or so have involved the topic of cyber insurance, and so we're going to dive into that topic a little bit today. So, Stacey, maybe we could talk first of all about why One Identity, as an identity management vendor, having conversations about cyber insurance. What are you seeing in the field?
Yeah, that's a good question. So a lot of customers are coming to us now, letting us know that they need cyber insurance. They need to qualify to get it. And so some of the topics that the insurers are asking them about are problems that we can solve here at One Identity.
And I'm hearing as well that in some cases, people are no longer even able to get a cyber insurance policy without proving that they are at least somewhat mature when it comes to identity management.
Right. That's true. So there is the entry level requirements, entry to get your cyber insurance in the first place, and then, we can even talk a little bit about taking it one step further and making sure that you can get the lowest premiums that you would like to have.
That makes sense. And so one of the things we're doing right now at One Identity is we're building content and intellectual property. We're adjusting certain parts of our product roadmap to suit this requirement.
And so what I thought we'd do, Stacey, is go through a recent piece of blogging that we've been doing around some of the things you can do to, number one, secure a cyber insurance policy, and number two, if you've got one, to reduce the price of that policy. So maybe we can sort of dive through our top 10 list. Do you want to make a start?
Yeah, absolutely. Love a top 10 list, just like David Letterman, right? So I would say the number 10 item would be making sure that you are regularly patching your systems. I mean, this is like, table stakes, right? Basic, old school. Everybody believes they're doing this well, but there are some things they need to make sure they're doing, also.
It's amazing the amount of customers that I meet that want to talk to me about all of the modern, exciting stuff, AI, and machine learning, and quantum computing, and things like that, and they're still not patching their systems properly.
Right.
And so, in a previous incarnation, I was working in a cyber insurance firm, and what we would do is would be assess clients on behalf of underwriters, and more often than not, the patching wasn't happening. And so, again, as you say, kind of table stakes. I think the second one on the list for me would be subject close to our heart, Stacey, which is MFA, Multi-Factor Authentication.
This has become absolutely table stakes for insurers. They realize that, ultimately, what criminals are after are credentials. Stolen credentials are much easier to do if we're not implementing MFA. And so most of the questionnaires and the surveys and the assessments that we see in the cyber insurance realm are specifically asking the question, have you implemented MFA, and can you prove it?
Right. And then, you also need to make sure that you're doing MFA at all levels, right? The desktop, at the perimeter, if you have a VPN in place, your applications, any servers that you want to get to. So we see breaches all the time, and the customer says, well, I had MFA in place, but not everywhere, and not unbreakable MFA.
Right. And I think that requires sort of a constant assessment and auditing process, doesn't it, to make sure that, as the company changes, the MFA changes, regular testing. And I can't stress enough across all of these items, really, insurers expect you to prove it. It's not just a matter of filling out a form and saying, I have it. You're going to be expected to demonstrate that you have it as well.
Right. Especially if you have a breach, and then, you try to make a claim. You're going to have to prove that you had it in place.
Absolutely. You're going to be looking for that. Yeah. So what's the number eight, Stacey?
Number eight, I would say, is also old school. Use encryption for both data at rest and in transit.
Right. Yeah. Again, we've been talking about encryption now for 30 years. I see this, at least, as patchy, at best, even in some of the biggest organizations that I've worked with. They've adopted encryption, often, hard disk encryption, but implementation is patchy.
And so, again, as new departments form or new employees come on board, or new applications are implemented, encryption often gets left behind because it's one of the old things. And so if we do an assessment as to where it's being effective, that tends to be limited. So that's definitely a good one.
Absolutely.
So I seem to be-- I've drawn the long straw here, because I seem to be having all the identity topics. Next one for me is privileged access management. So, obviously, this is something we're very good at. We have a world-leading solution in this area.
But the governance and the protection and the
20:12