Listen to Identropy's Jim McDonald and Jeff Steadman on their podcast at "Identity at the Center".

Both Jeff and Jim have over a decade of experience in the Identity & Access Management space and guide companies on their IAM Program journey through Identropy's Advisory Services arm.
In this episode, Jim and Jeff share what IAM things they are thankful for this Thanksgiving season with some contributions from the Identropy team and LinkedIn. Thanks to all who listen and share the show. Happy Thanksgiving!

Brought to you by

Want to join the conversation? Leave us a message here: or email us at .

We hope you enjoy this episode and please subscribe to our podcast for updates on new episodes!

LISTEN HERE or read the full transcript below.

*Disclaimer from Identropy: These transcripts are produced using automated tools, so may not be an exact word-for-word transcription. (i.e. - if you read something that sounds wrong, it's the tool's fault!) As always, for a better experience, please listen to the actual podcast.

 Podcast #22 Full Transcript:

 Identity At The Center #22 - A Very IAM Thanksgiving

Jeff: Welcome to another episode of the Identity at the Center podcast. I'm Jeff and as always, with me is Jim. Hey, Jim.

Jim: Hey, Jeff.

Jeff: How you doing? Happy Thanksgiving.

Jim: Actually it’s my favorite holiday. So happy Thanksgiving to you as well.

Jeff: So what makes it your favorite holiday?

Jim: The fact that it's centered on eating food and giving thanks. And those are two things that I enjoy thoroughly.

Jeff: There are worse answers to have. That's for sure.

Jim: I mean, I enjoy a good Christmas along with the rest of them, but so much preparation required and things like that. Thanksgiving does require little preparation, but it's time to take a break. It's also the beginning of the holiday season in the US. And it's kind of like from Thanksgiving week on, things really slow down. And it's a time to kind of close out the year and get ready for the next year.

Jeff: Mad dash for the end of the year to kind of get things done. I would yeah.

It takes more that preparation of all for Thanksgiving because I think of like, family and cooking these big dinners and trying to play host for people who are hosting all the people coming over their place and those sorts of things.

But I think it's a fun. Stress. That makes sense.

Jim: Yeah, well, when do you start Christmas shopping?

Jeff: December twenty first or twenty second?  So you're a procrastinator by far.

Jim: The worst thing, is if you're counting on Amazon Prime and so you're thinking and when you get free two day shipping, I'm going to order on the twenty second. It'll be here on the 24th. Good luck with that. Yeah. I've done that. And that is not a good strategy.

Jeff: Yeah, I feel like they have enough messages that go out there at this point, basically telling people that you need to order by this date if you want to get guaranteed Christmas delivery. So I don't think it's anyone's fault. Other than the person making the order and not paying attention. That's a unrealistic expectation. I think they have.J

Jim: So like I think you said, Thanksgiving is kind of funny stress and that Christmas stress just gets me every year.

Jeff: Yeah, but it's the holidays, friends, family. gifts, not gifts through it doesn't matter that part, but spending time with people you like, hopefully and hopefully getting some time off from work or at least taking being it'll take a little bit of a break. I go back to my restaurant days, right. Always, either bartender or waiting tables. And that is where the prime primetime's to make money. And, you'd work long hours going into the holidays and so forth. So shout out to all my veterans on the food service industry that are out there.

Jim: Yeah, for sure.

Jeff: So it's Thanksgiving. Thought maybe we could put together a list of things in the identity and access management world that we're thankful for.

So I know that I have a few. I know that you've got a few. And I also put a poll out there. I put it on my LinkedIn page and got some responses from folks who saw that also pulled a few people from my own company here at Identropy to get some thoughts on that.

Jim: Did anyone answer that they're thankful for the identity at the center podcast?

Jeff: Someone did. And I assumed it was you filling out the form itself. So if that was you, good job. If it wasn't you, then that makes me feel even better.

We certainly have grown our listening base over the last several weeks, which is great.

Jim: I'm thankful for that. I'm thankful for all of our listeners, all the five star reviews you've been getting. Yeah, just very thankful.  You've been talking about doing this podcast for almost as long as I've known you. And this year, we finally just said, let's do it. And I got to give most of credit to you Jeff because I'm here every week. You're doing the all the hard work behind the scenes of pulling this together and making sure that we do it and that the editing I don't know how many hours you put into that. But I'm thankful for you, Jeff.

Jeff: I appreciate that. I think we make a good team on it. And as shocking as it sounds, there is very little editing that we do to this. Most of the episodes that that go out and people here is this is how we recorded it. This is just two guys talking there. Maybe we have a guest talking about different things in IAM.

It's pretty rare that I have to make any real severe edits to cut large swaths out. It's usually trim in the front, trim in the back, and then making sure that the level sounds as good as they can for me and my froggy voice and you and your golden pipes.

Jim:  I have a feeling that this week could be a technical challenge. So if our audio is poor, we apologize in advance. But Jeff, is that a hotel in Mexico The Internet is not the best I can already tell. I've heard you make that digitized voice a couple of times.

Jeff: It is what it is. It's not perfect. But this is what you got.

Jim: Yeah, that's right.

 Jeff: All right, let's dig in. So let's start with you. What's the first thing on your list of IAM things that you are thankful for other than the podcast?

 Jim: So identity and access management. I've been in this industry for 15 years and it's just different. And I kind of fell in love with this industry back in 0 6. I was at a conference called Digital i-D World and the kind of philosophical debates people were having around what is an identity. It just got me like, wow. I mean, these are conversations that I don't hear people talking about any other part of I.T.

Certainly not the infrastructure and web application areas that I kind of grew out of. And I really love that there were so many small startup companies where trying to take on big problems like passwords or how,  the problem of passwords that they stink. Right. Everybody universally agrees that. But how do you get rid of them? Fifteen years ago, we're still all using tons of passwords. And, some of those small guys usurp the big guys. So 15 years ago, it was Oracle, actually Oracle just getting into the market maybe 14 years ago, like 0 7 early timeframe when Oracle bought Obelix and IBM was already in this space. But those guys tell what I do need access financial ones. And Microsoft said a little piece, but they weren't the company that they are today. And you look at that where things are and those guys are falling further and further out of the picture and guys like SailPoint and Okta, those are the companies and Ping and those companies are getting a lot of the recognition now that they're really the leaders in the market.

Jeff: Yes, the new vendors have definitely injected a lot of innovation and enthusiasm into the space.

I feel like there's a lot more competition nowadays, which is great for customers and fans of seeing IAM move forward. If you think about where IAM was, even 10 years ago and password reset processes and access requests and, the pipe dream of being able to request your own access and have an interface that worked, having to play it, a couple of those, and being a customer of these products they were definitely oversold.

And now that there's a lot of competition, I think in especially in the main markets, like identity governance and privilege access management and access management itself, things like SSO and multi-factor, I think that helps everyone on our side and it keeps companies on their toes. And just, competition is great for everyone.

Jim: It's a cool industry and who'll be the losers in 10 years? That's a new one, I guess.

Jeff: Yeah, I'm sure someone has already created the replacement for Active Directory and there will be something in 10 years that will be the de facto kind of enterprise standard for a directory is a blockchain.

I don't know. I'm not really convinced that there's an enterprise use case for it yet. But, there has to be something out there that has already been created that either we don't know about yet or is just about to break. I'm the other optimist when it comes to the directors.

Jim: Yes. So what do you have? What's on your list for thankful items?

 Jeff: I think this is something that I've noticed especially the last year, but start to see it at the end of 2018. And that was more organizations really taking a step back and treating IAM as a program and putting together a strategy before they would start doing things just to do things from a tactical perspective.

So, that's a little bit of bias just because, you and I work on the advisory services side. So that's what we do and we help organizations. But it seems like the demand for that type of service is really kind of taken off over the last year or so.

And, I think the good advice of, hey, you should have a plan before you build something is starting to get recognized more when it comes to the organizations that are out there.

Jim: I think that, it's probably always been the right move to have a strategy, have a plan before you act. So but I agree with you. I think that I think what it is, is that people burn over the years and had moved on vendor promises. And I think some companies have been successful and others have suffered from it. And so those sufferings leave deep scars.

Jeff: Yeah, I think, too, is that there's just so much to know now.

It's very difficult to truly be a very deep generalist when it comes to I.T.. So identity access management self its own niche within information security, which is within I.T. And the pace of change and evolution in this space has been pretty radical over the last few years. So I think people are recognized like, hey, you know what? I don't necessarily feel comfortable in this space. Let's bring in somebody who is and that probably applies to multiple areas from a technology standpoint where technologies have gotten, very specific, and there's so much to know now that people are looking for help with different areas.

What do you got next?

Jim: All right. So I'm just thankful for, a certain type of technology specifically, which is multi-factor authentication and how ubiquitous it's becoming. I really think it's, layering whether it's a SMS, which we know is not great or an email or better yet, an authenticator application to a phone. But then layer on top of that, the biometrics available with phone devices and being built in do all types of devices today. I'm just thankful for that because I think showing authentication is exponentially stronger than usernames and passwords. 

So, yeah, I mean, nothing earth shattering there, but I think that's how you see it everywhere now. And, I think it's actually getting to the point where users actually expect it. We used to find a lot of organizations a while yet. We can't ask our users to do that. And now it's like I think people get it. Like if you're not asking your user to use multi-factor or anything that has sensitive data, especially financial data or health care data, then you're usually going to say, well, you're not really protecting my data. That worries me. I think people are starting to get that.

 Jeff:  I agree. And you're definitely the only one. I mean, I definitely ran the M.F.A. side, though, the little poll or forum that I put out there and linked in a lot of people that responded had M.F.A. as the thing that they were most thankful for. Helping people protect themselves from their own bad passwords, that sort of thing. I feel like I wish more companies would still continue to offer M.F.A. to their customers. I feel like organizations are doing a good job taking care of their employees and or contractors. You know the internal side of it, but I still want to see more companies do it for their customers as well. And I would argue that if you do not provide an MFA option to your customers, that you're not doing enough from a security standpoint to keep them safe. Doesn't necessarily have to be a mandatory option. But if you're not at least offering it for the customer to take advantage of it if they so choose it at this point, I don't think you're doing enough. And I think that you're not even doing the minimum. That would be acceptable in this day and age. So that's my take.

Jim: Yeah. So shabbier, collecting credit card numbers or anything like that.

I mean, it just. If you're storing people's CPIs, which almost every website does.

I think the bar is now set that some form MFA should be the option of the user at the minimum.

 Jeff:  And I'm thinking of a certain organization that I've worked with in the past. And they're not the only ones.

But there is this thought process that on the business executive side that if the password strength is too weak, that people won't want to use their product because it's too hard. I'm sorry, I don't buy that one bit.

It's you're willingly sacrificing your users security, which leads directly back to the organization if there is a breach because it's too hard to type in a password. I mean, I get it.

There's people who aren't as technical and maybe struggle with the password process, but I think in this day and age that, those folks are in the minority. And more people are becoming aware of this. Everyone always said I can think of, has a bank account and is aware of how to log into that and. I just don't buy them. Well, people are going to use our app if they have to type in too hard of a password. Get rid of the password, offer MFA and do password less authentication.

 Jim: I think anybody who's had to deal with a major breach would not be making the argument that person may be made to you. And I think that's right. A point that I've brought up on the podcast a few times is that you work with clients who when they experience a breach, all of a sudden you see a major investment in one particular area.

The analogy I used recently was, do you realize how much money we saw on homeowners insurance? My house has never burned down. I've been paying for homeowner's insurance for 20 years. Knock on wood. My house never burned down, so I wasted my money. So you have to have it as insurance and that, having stronger security controls is a form of insurance.

Jeff: That peace of mind. What is that worth it to the organization? The risk mitigation. All right, anyway.

All right. So you're talking about MFA.

 Jim: Yeah.

Jeff: OK. My next one that I'm thinking about here is my more personal Annett’s that I feel like there's always something new in the IAM space. I'm sure there's others that have that same feeling that, just when you were thinking, hey, I'm getting a handle on this, IAM thing and I feel like I've got it down, something comes along, knocked me down a peg or two for a little bit. And you're like, oh, man, I'm not as smart as I thought it was or what the heck is that? And that's partly one of the reasons, though, that I also like this job, being able to experience that and continually to do, to grow and to learn and to learn new things is a good incentive for me from this role.

But it's always rushing with something comes along. And I feel like that came along earlier this year when I was trying to figure out this whole blockchain identity thing.

And I'm still searching for an enterprise use case for it.

I know we talked with about blockchain a couple weeks ago. I think it was, but, I still don't see the enterprises use case and maybe I don't know if that's me just being ignorant still I need to do more research and talking with people and see what their thoughts are. Or maybe there isn't any use case right now for it. That makes sense. Maybe there will be in the future. So that whole thought of, something new and never quite kind of feeling on top of things is something that I'm thankful for because it keeps me on my toes.

Jim: Right. I feel like that's when the great things about IAM in I.T. as a career path, I go back and forth between, I need more technical skills. So I'll go and research something like OpenID Connect and OF2 and really getting people on that for a while. And then I realized, oh, I need to, focus on frameworks and industry regulations, privacy regulations, how to make a better business case. I go back and forth between the business side of things and the technology side of things. Maybe partially that's because of my role. But I think, even deep, deep technology people need to understand the business environment and what that means from, whether is a regulation side of things or just how businesses operate as a business folks really to be more well-rounded, you'd understand something about technology.

So, I mean, it's that's why I think IAM is great as it's really an intersection between business and technology. Technology is right in your face when it comes to identity and access management.

 Jeff: Yeah, I totally agree with that. What's next on your list?

Jim: Next on my list is just something that I don't know if I'm seeing enough momentum on those, but it's something that I've seen a few organizations recently where it's kind of like light bulb moments where understanding organizational governance, how to manage IAM as a program requires formality. So sometimes when we start our gauges QEP, you'll see this will say, do you guys have an IAM steering committee or do you have an IAM program manager and there's always a one. Yes, I know. I am program manager. And this is group here they were the steering committee. You're like, well, when did you decide that? When to asked the question. So what I'm getting at is like by the end of our engages, usually organization truly understand, like no steering committee has a formal membership. And it's takes an IAM program has to have a 360 degree perspective.

So it's not just the core IAM that's important, but it's stakeholder involvement. It's involvement from, interfacing with technology partners or consulting partners. It’s, grassroots. So the operations team and project teams feeding in what's working well or what isn't working well. And it's also, at the top of the organization of the top of the pile of understanding where the IAM program, what's ahead, what are the problems, where are the solutions?

And also pushing down, this is what the business needs. These are the areas where we need IAM make us successful. And I feel like, you know, formality.

It is a message that makes sense for a lot of people. Even a smaller organization is turning out to be a fifty thousand person organization for this to make sense. I think that most of our clients are coming and saying we need a strategy. Also realize that they don't just need the zeros and ones. They also need what is the framework? What is the formal process by which we can run this as a program arena? As IAM as a program, not a project. But what does that really mean?

Jeff: It's not easy, it's hard because if it was easy, everyone would be doing it.

 Jim: What do you think that one key is, though? What is the most important first thing that IAM program should have?

Jeff: An owner.

Jim:  Well, we call program manager, but you're right.

 Jeff: I love asking questions and we're working, and kind of investigating how things work is, who owns IAM? And people look around the room and they might point at one person or they might point out different people. And that person doesn't know that they own it. I mean, it's always kind of like an eye opening moment. It's like, OK, so no one owns I. All right. Well, someone should. And that person, you know, should probably know that they own items so that they can start to make plans around that.

 Jim: Do you first get the feeling people get offended when you ask a question?

Jeff: No, I don't think so, because I think they realize that they probably realize that they don't know owns IAM and that they're looking for clarity as well. So if it sounds that if maybe it feels like it's like a tough guy question, it's not meant in that method. And in that vein, I think people kind of get it. So I've never really had any pushback on it. I don't think people like it.

Jim: I've seen you play the question of three times. I remember some people saying, what do you mean are you?

What do you mean like?

And I think in some respect, people are like, what's your angle here?

It's really the angle is like, who's driving this thing? Somebody has to say, put IAM on their back and just run with it. And I'll tell you this this should be on the list. This should be number one on most of thankful. be an IAM program manager is a fantastic career move. I mean, if you can run IAM program. You can work with the business. You can work with technologists, and the thing is, like nobody wants to sign up to say, I am program manager in a lot of places.

You're like signing up for it. You're going to put the thing on your back here to work the extra hours.

We're going to like, deal with not getting what you need all the time and kind of, quote unquote, fighting the political battle.

So it's part of it. But, you're going to get to build your furnace and build your executive, skills, I guess, is part of the best term for it, just you're going to show that you can run a program and I'm not going to find many programs that are more difficult in the I.T. space to run than IAM.

Jeff: Yeah, I totally agree. And I think maybe sometimes people get intimidated by maybe being an IAM program manager. I don't personally feel that you need to be super technical in that role because theoretically you're gonna have technical people as part of the project and the team the program. But you do need to understand the theories, the concepts, how things work together and most Hartley How do you communicate that to the organization and build those relationships? You know, the shaking, the hands and the kissing the babies and the politics of it all. And sometimes the politics are easy and sometimes a mere Game of Thrones. But, being able to navigate that and build relationships with others organizations. I think that's more important, especially in the beginning around the technical side of things, because you can always get the technical help. I think easier than gallery in organization understanding.

 Jim: You're right on with that, and that is the harder part because it's not something you can grasp on to and just say, oh, I understand OpenID Connect, I hope they understand access management or governance.

That's great. But can you get people to buy into your ideas? Can you horse trade, if you will, to get what you need? Those are the kind of skills. And here's the way they get to play your strengths. So you're coming from a technical background, maybe moved through project management and now you have an opportunity in IAM program. I mean, it's the next step up. So, I think if you're straight as being a technical background.

What I would recommend is read a lot of business and, Harvard Business Review type articles and magazines or books, just become a sponge for that stuff and start realizing that you need to be 360 degree you need to be well-rounded.

That's what I think makes the best IAM  program  manager is somebody who's well-rounded.

Jeff: I think we could probably do like a TED talk and be an IAM program manager. If only we had this platform where we could spout off our own nonsense and ideas, maybe that could do something someday.

 Jim: We should start podcast, Jeff.

Jeff: It'll never work. Let's see. Standards, which I think a lot of people who wrote in and filled out that survey. A lot of people were very thankful or standards. So things like an  SAML scam or IDC, I think what else is out there? But I think standards are a good thing. And a lot of people are thankful that because it allows a lot of different technologies kind of play together and have more integrations. And I think that also dovetails a little bit into the second part of my thankful ness, companies realizing that it's a lot better to play together than not.

It used to be, where this giant suite of software and, you play an hour ballpark and that's it. And now there's a lot more independent products out there that have built alliances to fill the gaps that they don't do as well and play together well. So I think that's a great thing.

Jim: Yeah. “provise her” has become a dirty word. Some of the other standards, it's more basic, not IAM specific centers for html and TCP/IP.

Those are standards that we maybe take for granted.

But build on top is things like rest API. And things that are happening in the devops community. Those are standards that are revolutionized in the way IAM delivered software as a service model, revolutionizing as IAM, infrastructures of service. And what's happening now? You know, Amazon Web Services, A Microsoft Azure and the ability to host infrastructure and platforms revolutionizing as IAM. And it will never go back over your backwards career. It's really what I'm thankful for.

And that also faces like watching it evolve. And I think that companies that stay on top and stay ahead of those trends are the ones that will be the most successful. So I think that's fantastic thing to be thankful for

My next one and kind of my last one is just industry norms that are becoming they're gaining momentum.

But what I had in mind was things like contractors moving in to being manufactured by human resources.

Missing something that I've been consulting for eight years now.

And what I didn't realize was, it's almost it was eight year ago is always a universal thing. Like no HR system had contractors and no H.R. group wanted to manage contractors. I still think there's a lot of that attitude or perspective that exists still today. However, it's much less. It's much, much less. And we find a lot more organizations in H.R. groups willing to manage contractors. And even a year ago, you say like, what is the role of HR me or all of HR would be to manage people that work there? Well, that includes contractors. And, there's that management of that as well.

And so wash your hands of it doesn't seem to me to be doing your job. Just say it.

And so I feel like that attitude is and I'm not sure why, but that's kind of becoming more and more pervasive, that H.R. role in making sure that those people are accounted for. And that really helps. IAM because H.R. becomes the authoritative source not only for employees, but also these non-employee users as well.

Jeff: Yeah, I feel like it's human resource, not employ resources. I specifically do it that way. So being able to track everyone in your organization has always been something that I think is important and just wasn't getting across. And I understand it, I've been in organizations where that's been the case. And it's the issues typically arise from we don't have the bandwidth right then of resources or it's too expensive to put them into the H.R. platform. You know, those sorts of things.

And then sometimes there's a legal thing because they don't want to do things get off the impression.  And I think it's turned a long way in the last several years where, people are taking it more into account. But I feel like there's still a way to go to get that mindset out and that an identity is identity. It needs to be managed. Let's figure out how to make this work rather than just leaving contractors out like a red headed stepchild somewhere.

Jim: The other thing that I was going to mention in the story was access reviews and how proliferations to reward or recognition by a lot of different companies and industries that access reviews provide a meaningful detective process for keeping their environments secure. I came out of financial service industry in the, you know, doing access reviews as the norm. But when I got into consulting eight years ago, very few other organizations were doing it. And now, almost every organization that doesn't realize that they need to do it. So you're not free of a brand new idea like, hey, you should be reviewing access. That's in systems with the identity's coming from human resources and making sure that everybody has all the accounts are accounted for. Again, I used to be something that was like, people look at you funny if you said they should be doing that. Now, everybody seems to have a recognition that they shouldn't be doing it.

Jeff: Yeah, I mean, I think a lot of companies want to do it and they know they should be doing it, but they still struggle with the house and the why and not the alternative.  But the House still organization is sending out spreadsheets and having to deal with rubberstamping and other things that kind of go along with it. But at least the recognition that they know they should be doing is out there and things like socks. Right. Definitely drove a lot of access review work, towards a more robust process around it.

Jim: Nothing else on my list, but I was interested to know what else came in through the survey. Anything that we didn't talk about, Yet.

 Jeff: There were a few. So David mentions that he was thankful for SaaS based single sign on and he's thankful for it because it eliminates him having to create 50 page documents full of screenshots showing the installation of the products. Here, here, brother. Yeah, definitely.

Jim: One of my big perspectives that I've talked to console a lot about because when I got into IAM fifteen years ago I deployed a product called Obelix and it was a school access management system.

And one of the primary will be is that application will be in a really it was with proprietary agents, T.J. and Sol agent on the web server. It would inspect all traffic and they would write a cookie back to a browser. Yadda, yadda. Long story short, the approach was how do your applications work? Today we're going to integrate those applications into a minimal touch to affect how those applications work. That was usually how we went about implementing actions management. Somewhere along the way, the samuel standard came out and was highly adopted by cloud single sign on platforms and applications, and an organization said our application needs to change to work with that center because that's our new platform. We're going to use that and say the application didn't change. And David's right. And then we said these developer cook folks like you can write this to get into the product and all the other jazzier send you a round up application teams. They have to,  they didn't want to do it. And nowadays, it's a much it's an open standard. And integrating applications has become a much less horrific kind of thing.

 Jeff: Then I'll add the two, as I think vendors have done that, especially a few of them. I can think of but I won't name specifically have done a really good job of providing documentation for their APIs and their products.

Let me pick on Okta. I think Okta does a great job with their portal, right? It has all information you need and I feel like Ping does the same and SailPoint has a great portal. I just think that a lot of these vendors have recognized that they need to get developers on board and have taken steps to provide adequate training and documentation available so that people can get up to speed on the product that much quicker.

Jim: And I think a lot of the application platforms that are out there today and platforms including applications, vendor support applications and  platforms like Web servers have ready, built, set up so you can integrate with SAML AGP. And that makes it a lot easier for the application developers to go ahead and integrate.

Jeff: Right. Next on the list is from the very well named individual goes by name of Jeff that he's thankful that we're on the way towards achieving password less authentication, which like you said before, I think we've been waiting for that for ten, fifteen years.

It seems like it keeps getting closer every year. Maybe 2020 will be the year or I have to type in the parsers is as much at least.

So I like that one. Another one I'm thankful IAM involves business discussions like how companies are interacting with their customers and their employees.

That's from Luis, definitely it's a conversation that's taking place now. It's not hidden behind the veil of IT. You know, there's companies that are now taking. Okay, well, how are we going to manage these identities? It's core to the product that they're developing or to the services that they're offering.

Jim: Yeah. I think that IAM has always been a business integration project, which is middleware, it's connecting all of your applications and we are going to do that. There is a business component, there's organization change management component. And like you said, if you have anything that's outward facing with your partners or especially your customers, you've got to make the experience one that's palatable.

Jeff: And the last one and probably my favorite this comes.

I'm not sure who wrote this. Then it was anonymous, but video games adopting cross safe features across multiple platforms. So I can play the same account on different systems.

Right now I can play on X-Box or PlayStation or P.C. or whatever it may be. Hell yeah.

 Jim: I have no comment. I don't play the game. So I'm not against video games. Like my kids get into playing and I guess I was against their person and I realized I kind of was being like my parents were the video like what I was doing to just make me feel like, not good about inside said, all right, I'm going to try to, you know, not play it with them because I didn't want to play the video games, but at least I got on the case about it. So maybe that's just the let's just leave that from father's side. Yeah, I did. I'm not a big videogame person. I never really got into it.

 Jeff: I'm a gamer. I used to play quite a bit. I don't have as much time these days, but I still game trying to get in get in a couple rounds of League of Legends or World of Warcraft raid here in there.

So shout out to my other gamers. They're out there.

And I think that's probably a good one that we can close out.

Jim: Why don't I say one other thing.

 Jeff: Oh, do you have one? OK.

Jim: I'm kind of thankful for this. So as much as I love open standards and proprietary, I don't think it's a great thing.

The Apple ecosystem is something else. I just got a new iPhone and, it's only been a few years since I upgraded by switching from the old phone to the new phone was like, you basically just took a picture of the old phone from the new phone and it brought all the information or so. And then I'm on this Apple ecosystem where the phone I've got the laptop. And it is amazing how things go back and forth. Just using your Apple I.D. I mean, I'm pretty thankful for that because it's like a new device and you're up and running in a half hour. Some days I remember the days of getting a new P.C., maybe 10 to 15, 20 years ago wasn't a major, major effort to move everything from your old world to your new world. Do you want to get rid of the old one for a while? Because you wanted to make sure that you got everything?

Jeff: Yeah, I feel like the cloud has been the key driver on that. I try to put as much stuff I have in the cloud, so I'm constantly shifting devices and trying new stuff out.

And I've got my laptop build process down to about an hour, including download time for all the different apps that I tend to use just because everything's in the cloud and using a stick that way. But yeah, I remember the old days where if you were on one ecosystem you could transfer everything and then, Google contacts rolled around. I was like, oh my gosh, is the best thing ever. And I don't have to worry about my contacts being on my SIM card, things like that. So yeah, there's dongles now that that sometimes other vendors will put it in if you're switching from Android to Apple or vice versa. So yeah, it's the user experience of that whole process, stuff like that. But I would love to take a look at what the schema looks like for an ICloud ID.

There has to be a ton of information to give to move that back and forth.

 Jim: We've got a lot of smart people working with the company.

 Jeff: Anything else?

Jim: Not this year.

Jeff: All right. Well, I think we can probably wrap up this 2019 Thanksgiving Identity at the Center extravaganza.

And happy Thanksgiving to you and yours, Jim, and everyone else that's out there. And we'll be talking to you guys and the next one.


Jim McDonald & Jeff Steadman

Jim McDonald & Jeff Steadman

Jim McDonald is a professional with over 15 years leading teams through business-critical technology initiatives. Technical Strategist, Leader and Champion of Change with history of crossing organizational boundaries, cultivating strategic alliances and building consensus and alignment among diverse constituents to leverage IT as strategic asset and deliver solutions that rejuvenate and advance global business’ financial performance. Also as part of our advisory practice and with over fifteen years in the identity and access management space behind him, Jeff Steadman helps develop realistic IAM strategies and provide vendor agnostic recommendations to move the needle on IAM maturity for organizations large and small.