(US & Canada) VIDEO | Authentication Is All About Understanding the Digital Identity — Field CTO, US Federal Ping Identity

Bryan Rosensteel, Field CTO, US Federal Ping Identity, speaks with Katya Mijatovic, Principal Data Scientist at Data Society and CDO Magazine Editorial Board Member, about recruiting and upskilling staff and his approach to implementing new technologies.

Mijatovic interviewed Rosensteel on the sidelines of the recently conducted AFCEA CeVA Data Centric Summit.

Sharing a takeaway from his presentation, Rosensteel mentions the quote, “Authentication is merely the enabler of authorization.” He explains that people often think about the person behind the keyboard while thinking about identity. While authentication is important, he says that it is about understanding the digital identity — the different parts that make up who the person is at that time as they try to interact and access resources.

He explains that this understanding allows for informed decisions regarding access to resources. Moving forward, Rosensteel advocates for a cohesive approach among the pillars of zero trust. He emphasizes the need to avoid siloed development and instead focus on modernizing and integrating these components to enhance overall security measures.

Speaking about his approach to bridging the talent gap, Rosensteel suggests either upskilling existing staff or recruiting new professionals. He acknowledges the difficulty of acquiring qualified personnel, which poses challenges not only in identity management but also in handling data across various IT domains.

He proposes a solution that involves moving away from creating individual solutions for specific tasks and instead focusing on developing standardized processes and practices that can be applied universally. This approach aims to streamline access control and data classification procedures, enabling employees to be trained on these standardized practices and apply their skills consistently across different environments, whether it be enterprise, expeditionary, tactical, or detailed settings.

When asked about a technology that was most relevant and useful over the past years, Rosensteel mentions Public Key Infrastructure (PKI). He says that PKI's role in establishing standardized communication protocols was crucial in enabling cross-trust and interoperability among systems.

Rosensteel emphasizes the importance of learning from PKI's early days to accelerate the development of modern identity, credential, and access management (ICAM) systems, particularly in the realm of federation.

He further says that if the last ten years were about authentication, the next ten need to be about authorization. Rosensteel is excited about verifiable credentials that can provide a lot of information about the user to be able to build the authorizations.

Responding to Mijatovic’s question about his approach to technology implemented, Rosensteel flags it as a major challenge. He says that the cultural barrier for zero trust deserves more attention than it gets and the organizational structure is key as well.

He expresses concern about the lack of clarity regarding role equivalence within both internal and external government entities. He highlights the challenge of establishing access control policies without a standardized understanding of hierarchical levels.

Further, Rosensteel stresses the need to overcome this obstacle, suggesting that addressing it can facilitate the acceleration required in various processes. He underscores the importance of returning to foundational principles and achieving standardization, particularly in data management and organizational structures.

CDO Magazine appreciates Bryan Rosensteel for sharing his insights with our global community.