#381 - Beyond Human: Taming the Wild West of Non-Human Identities with Steve Rennick

In this episode, Jim McDonald and Jeff Steadman are joined by Steve Rennick, Senior Leader for IAM Architecture at Ciena, for a wide-ranging discussion on the most pressing topics in identity today.

The conversation kicks off with a practical look at vendor demos, sharing best practices for cutting through the slideware and getting to the heart of a product's capabilities. From there, they dive deep into the complex world of Non-Human Identities (NHI). Steve shares his practitioner's perspective on why NHIs are such a hot topic, the challenges of managing them, and the risks they pose when left unchecked.

The discussion covers:

• Why traditional IAM approaches fail for non-human identities.
• The importance of visibility and creating a standardized process for NHI creation.
• The debate around terminology: NHI vs. machine identity vs. service accounts.
• The reasons for NHI's current prominence, including threat actors shifting focus away from MFA-protected human accounts.
• Practical, actionable advice for getting a handle on legacy service accounts.
• The emerging challenge of IAM for AI and the complexities of managing agentic AI.
• The critical role of authorization and the future of policy-based access control.

Whether you're struggling with service account sprawl, preparing for an AI-driven future, or just want to run more effective vendor demos, this episode is packed with valuable insights.

Connect with Steve: https://www.linkedin.com/in/steven-rennick/

ARIA (Agent Relationship-Based Identity & Authorization) LinkedIn Post from Patrick Parker: https://www.linkedin.com/posts/patrickparker_ai-agent-authorization-activity-7335265428774031360-braE/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

CHAPTER TIMESTAMPS:

00:00:10 - Introduction & The Art of the Vendor Demo

00:08:02 - Steve Rennick's Take on Vendor Demos

00:12:39 - Formal Introduction: Steve Rennick

00:14:45 - Recapping the Identiverse Squabble Game Show

00:17:22 - The Hot Topic of Non-Human Identities (NHI)

00:22:22 - Is NHI a Joke or a Serious Framework?

00:26:41 - The Controversy Around the Term "NHI"

00:30:24 - How to Simplify NHI for Practitioners

00:34:06 - First Steps for Getting a Handle on NHI

00:37:20 - Can Active Directory Be a System of Record for NHI?

00:45:08 - Why is NHI a Hot Topic Right Now?

00:51:19 - The Challenge of Cleaning Up Legacy NHIs

00:58:00 - IAM for AI: Managing a New Breed of Identity

01:03:33 - The Future is Authorization

01:06:22 - The Zero Standing Privilege Debate

01:10:39 - Favorite Dinosaurs and Outro

KEYWORDS:

NHI, Non-Human Identity, Machine Identity, Service Accounts, Vendor Demos, IAM for AI, Agentic AI, Authorization, Zero Trust, Zero Standing Privilege, Secrets Management, IAM Strategy, Cybersecurity, Identity and Access Management, Steve Rennick, Ciena, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald