ITSPmagazine Podcasts

Breaking Boundaries in Cloud Security, Identity, and Privileged Access Management | A Brand Story Conversation From Black Hat USA 2024 | A Britive Story with Art Poghosyan | On Location Coverage with Sean Martin and Marco Ciappelli

Episode Summary

Join Sean Martin and Marco Ciappelli in this Brand Story as they explore the future of identity and access management with Art Poghosyan, co-founder of Britive. Discover how Britive's innovative solutions are revolutionizing cloud-native security while tackling the evolving challenges of modern technology environments.

Episode Notes

In this Brand Story episode as part of the Black Hat Event Coverage featuring Sean Martin and Marco Ciappelli, guest Art Poghosyan, co-founder of Britive, discusses the evolution and challenges of identity and access management (IAM) in the modern technological landscape. Sean and Marco engage Art in a conversation that covers everything from the significance of effective IAM for businesses to the innovative solutions Britive is bringing to the market.

Art shares the story behind the foundation of Britive and its journey from conception to a leading provider of cloud-native privileged access management solutions. He highlights the shift from static to dynamic identities, emphasizing the importance of automating and authorizing access in real time to meet the needs of modern DevOps and cloud environments.

The conversation also touches on how traditional security measures are adapting to new cloud-based infrastructures, highlighting the growing complexity and necessity for advanced IAM solutions. Marco brings in a critical perspective on the changing nature of technology and security, questioning how modern companies can sustain their operations amid rapid technological changes.

Art shares insight into the convergence of new ideas and the maturity of contemporary technologies, suggesting that today's advancements provide unique opportunities for innovative solutions. Sean and Marco steer the conversation to practical applications, with Art providing real-world examples of how Britive's technologies are being implemented by enterprises facing complex security challenges. He explains how Britive's API-first approach aids in operationalizing security without imposing on performance or user experience.

Furthermore, the episode sets the stage for an upcoming deeper conversation at the Black Hat event, where Art, Sean, and Marco will continue exploring IAM and the critical role Britive plays in shaping the industry's future. Listeners also get information on how to connect with Art and the Britive team at the event.

Learn more about Britive: https://itspm.ag/britive-3fa6

Note: This story contains promotional content. Learn more.

Guest: Art Poghosyan, Co-Founder, Britive [@britive1]

On LinkedIn | https://www.linkedin.com/in/artyompoghosyan/

Resources

Cloud PAM: https://itspm.ag/britivxya3

Learn more and catch more stories from Britive: https://www.itspmagazine.com/directory/britive

View all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Episode Transcription

Breaking Boundaries in Cloud Security, Identity, and Privileged Access Management | A Brand Story Conversation From Black Hat USA 2024 | A Britive Story with Art Poghosyan | On Location Coverage with Sean Martin and Marco Ciappelli

Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.

_________________________________________

Sean Martin: [00:00:00] Marco.  
 

Marco Ciappelli: Sean, are we there yet?  
 

Sean Martin: We are, we're nearly there and we have, we have this really cool story. We get the best stories, I have to say.  
 

Marco Ciappelli: I know. There's a lot of cool stories.  
 

Sean Martin: It's nothing to do with us. It's the people that come on, uh, have the best stories and I'm grateful.  
 

Marco Ciappelli: I think we're a good listener. 
 

We're good listeners and maybe good amplifier too. So yeah, it's always like I have learned most of the things that I know about cybersecurity doing podcast with you or by myself, you know, as I don't have a background in cybersecurity, but really, I learn always so much having this conversation and I'm very, very excited for this one. 
 

Sean Martin: And there's, there's a number of facets to cover when we start looking at, uh, technology and business and, and protecting it and its data and the people behind that data and everything else. And, uh, yeah, it's, it's pretty much it. Starts with access and, and, uh, maintaining who, who can do what, [00:01:00] not just on prem, but in the cloud. 
 

And we're going to talk a bit about that today with our good friend, Art Boghossian. How are you, Art?  
 

Art Poghosyan: I'm great,  
 

Sean.  
 

Thank  
 

you for the  
 

opportunity to be here today.  
 

Sean Martin: Yeah, it's good to, good to see you. And, uh, yeah, we go back a while. I think we, we did some stuff in Pasadena, some events, which were really fun. 
 

And, uh, we got to meet you there and, and. Yeah, just, uh, good community and, and you're, you're a super cool dude and I'm thrilled to have you on. So this is part of our, uh, event coverage, uh, part of Black Hat's, uh, coverage that we're doing. And you're gonna be in Las Vegas for a couple days and we wanted to catch up with you. 
 

We're gonna do, we're gonna do a video recording. On location with you there to dig deeper into some of the stuff that you do at Bridev. But, um, we wanted to kind of kick it off with, uh, what we call the origin story. Why was Bridev formed? What was the catalyst behind it? What's [00:02:00] your vision and your mission? 
 

That kind of stuff. And, uh, let's first start with you, Art. You've done a few things yourself over the past year. So what led you to Brighton to start off?  
 

Art Poghosyan: Yeah, this is always a fun story. And every time I tell this story, it seems like I remember something. That I didn't remember before. So hopefully something that comes up this time that the world hasn't heard yet, but, uh, if, uh, since, yeah, we go backward, I want to say probably 12, 13 years, um, uh, and the company, uh, that I'd started then was, um, different one called advanced technology solutions, uh, identity and access management technology, uh, solutions company. 
 

And. Before that, I was with Big Four, E& Y, um, and, uh, yeah, been in the identity space, uh, quite a long time. It turns out almost, uh, 24, 23 years at least. Um.  
 

And it's [00:03:00] many shapes and forms of the identity space.  
 

It's been, it's been very exciting to, to see this industry evolve, uh, and where it is today. And, um, part of that origin story is very, um, very closely related to, uh, That background in identity space and, uh, our, uh, first business, Advanced, it was acquired in 2016 by Optif security. 
 

And it was great. It's very exciting, uh, to, uh, you know, to, to get to that milestone. Um, you know, it was interesting at the time. It was also at, at already, uh, um, Taste it. Let's just say that the, the entrepreneurial, you know, life and success. And, uh, I, I knew I was definitely going to do another one.  
 

Sean Martin: So, uh, exactly. 
 

Art Poghosyan: Luckily my co founders were in the same boat. And, uh, so [00:04:00] we really were, um, thinking about, How the world had changed at that point from the technology evolution standpoint in general and, uh, how, uh, emergence of public cloud technologies was changing the businesses. Um, so quickly. And for us, it was, uh, really kind of thinking. 
 

A few years down the road, a decade down the road, what was it going to look like? And how would the world respond to, uh, these massive, you know, shifts in, in the tech stack, like going from data center to cloud, you know, cloud infrastructure and data and so on. And the question we're asking ourselves is. 
 

Um, security is inevitably going to change identity. Um, inevitably is going to change. What is it going to look like? How is this going to look? How is it going to work to be able to support this kind of a very rapid change and transformation? And, you know, we had seen some very early signs and [00:05:00] among our customers, we had it. 
 

Some very sort of forward looking and cutting edge type of businesses that were already pushing the limits of existing I. A. M. And security products in their cloud environments. Um, I remember this incident, or I remember this episode when I see so a very good friend of ours at a health care technology company said, Hey, in just one month I had to, uh, access breaches in our AWS environment. 
 

API token, and then the developers role, developers access is compromised. Like, um, this is kind of out of control. Um, and a lot of it was because they weren't using Any of the existing products in market, uh, not because they didn't have it. They had it. They just didn't want to the cloud teams that is. So for us, it was like really worth digging more and understanding why, why is that the case and came down to [00:06:00] the existing products didn't support the way they operate the environment, like infrastructures, code type of processes or DevOps, right? 
 

And so it was kind of a. Worth more time and efforts. We dug more and we really kind of understood that this is, this is a problem that is going to get even bigger and more complex as organizations also mature and expand across new cloud technologies. So it had to be addressed sort of ground up for that kind of a world and that kind of a reality. 
 

Uh, so we started building and we went right back to the, uh, you know, drawing board and started building. And it was a couple of things that was very clear from the beginning that It's it's not such a light bulb kind of a moment anymore, but it was a I'm talking about 2016 2017 at a time that, [00:07:00] hey, you know, um, there is not gonna be a security perimeter in the cloud. 
 

So what is going to replace that? Um, how is that security architecture going to incorporate the concept of identity? Because identity is essentially that the closest perimeter you have. How do you build something around that? Not around the firewall anymore. That's a, that got us started. And with a lot of great discussions with some experts in the space, you know, some CISOs and CTOs, we eventually built what's a, what it is today. 
 

Bright is a cloud privileged access platform.  
 

Marco Ciappelli: Before we, we dive more into what. This company does. I kind of cut a few of bits and pieces of what you said with all the experience you have. You started more than one company. You guys, both you and Sean has been in this industry for a long time. And what has changed from the way that you [00:08:00] started this company compared with maybe what you thought you had in mind when you started the other one? 
 

And where I'm going with this is Nowadays, we know that nothing is there forever. The best technology, potentially, eventually, for sure, is gonna change. So, before, maybe it was like, Hey, I invented the printing press. We're good. You know, I'm not thinking the radio, the TV, the internet. So, how is your methodology thinking has changed as a, as a company creator? 
 

Hmm. 
 

Art Poghosyan: You're not hinting on AI, are you, Marco?  
 

Marco Ciappelli: I swear I didn't think about it. Maybe for the first time in a year I haven't thought about it, but sure, you can.  
 

Art Poghosyan: I threw that in just to spice things up a little bit because that is the constant change, right? It's yet another big disruptor. But [00:09:00] certainly, I think, um, I, I think the, the, the first thing that really kind of comes to mind here is once you've embraced that everything is going to change, uh, it only gets a little bit easier from there on. 
 

Mm-Hmm. I think you, you, you have to prepare yourself. You have to always think about what's going to change, uh, down the road. Uh, and I think that's what the, the modern technologies need to, the companies that are building modern technologies needs to, to embrace. Right. Um, I think for us specifically, um. 
 

There's, there's a lot of different sort of, uh, forces at play in, in the. Including A. I. Is a big, big, big catalyst to modernize the security, security stack and security products. And there's tremendous amount of opportunity there. Um, I think there's also something that you always have to sort of balance, especially when you're addressing, uh, major sort of enterprise organizations needs. 
 

You don't just forget everything that exists and [00:10:00] run to the, uh, You know, the newest and shiniest toy or whatever is in the market, right? You always have to sort of balance the perspective like what's new what's sort of that cutting engine? Driving the innovation, but what are the What are the big sort of, um, uh, data risks or security risks that need to be protected today right now, right? 
 

So I think that's, that's how, how we think about where this technology will go, where BrightIves technology will go. Of course, we'll want to be sort of, uh, at the, uh, the cutting edge of the technology and the innovation, but without forgetting what our customers need today. Um, that makes sense.  
 

Marco Ciappelli: Yeah, it's a, it's a balancing act. 
 

Sean Martin: And I want, I want to balance on the other, uh, end of the, the seesaw. Um, Kind of going to the, the origin and the initial founding. Cause I mean, let's look at it. Yes. Security technology, security companies, technology companies bring stuff to market that's [00:11:00] innovative and hopefully it solves a problem for an organization. 
 

Ultimately at the end of the day, an organization has a IT operations, security operations, the team that knows stuff, they know how to tweak, tweak and tune and config and manage and respond and all that, and it's a A move to the cloud, we can talk about this in, in just the pure transformation from on prem to the cloud that evolved over time, right? 
 

Some things moved as they were, some things had to be tweaked as they move. Some things had to be rebuilt. The cloud had to adapt to some of the old things that didn't just naturally move as well. And I think if we look at IAM and, uh, and privileged access management, I think the same thing could be said for that. 
 

So you, you kind of saw that. The existing tools, you even said it, right? They may have covered some things, but not comfortably for the security teams and definitely not comfortably for guess [00:12:00] who the cloud teams, right? And the team is building apps and running cloud ops, which is sometimes different than it ops and certainly doesn't always mean that security ops is included there as well. 
 

So talk to me a little bit about some of the thinking there and how you. How you saw that shift and the need for that is probably based on experience. But tell me, tell me a little bit about how all that came together for what you ultimately built and continue to build at Brighton.  
 

Art Poghosyan: That's a great question, Sean. 
 

I think anyone has been in the security space, you know, a decade or two. I've always seen that sort of tension between the You know, security teams and the rest of the organization, the I. T. team, the business and so on, because obviously security wants to secure the environment, which comes at a cost of performance, operations. 
 

[00:13:00] One. Um, I personally felt really kind of Conflicted about that. I, I, I always thought like, why is it that way? Why can't it be both? Like why can't the world be perfect if you will, right? That's why that's why I do what I do, right? I have that perfect world in mind But I mean to bring it back to sort of the beginning of how we started approaching this problem is First and foremost to understand why should there be a conflict? 
 

Uh in the in the world of identity, especially privileged access management, obviously privileges are You Exclusive and it shouldn't be given to anyone, but could they be given to people who always need it in a way that it doesn't create friction, in a way that it doesn't get in their way of Just doing their everyday jobs, right? 
 

And it felt like when we dug in research, that was the first thing we really try to understand why does it have to get so difficult or cause friction? Can we eliminate friction? You know what? It was, it was an amazing [00:14:00] discovery that it. It really could be solved, and it's not a very complex solution. The solution is to authorize people who buy their, you know, job title and the role in the company are expected to do certain things that are privileged, right? 
 

So authorize them, and instead of making them ask every time to give them access to a, let's say, a domain admin credential in a bowl, can we just let them go and do what they mean to do every day? And things are a little bit different. That was a Example of a legacy PAM use case, like domain happening. 
 

But when you switch to the DevOps world and you switch to infrastructure as code, it's a lot of different things, uh, you know, for infrastructure services, a lot of access credentials and so on, authorize them properly, validate when they're actually asking for that. And let them go and do what they are supposed to do. 
 

And if they need to automate all these things, allow them [00:15:00] to use the tooling for that, right? And it was that kind of, you know, all of a sudden trying to, all of a sudden seeing how we've found the solution. And it's very simple. You can authorize it. And while you also provide that access, you don't keep it there 24 by 7 by 365 because nobody uses it. 
 

That, you know, like that. So that was a simple kind of this, um, discovery moment that helped us move forward  
 

Marco Ciappelli: was also sorry, Sean. It was also a technology that at that point allow you to do that, where it was just the thinking that was wrong. You know, sometimes you need the convergence of the idea and the technology available to do so. 
 

Art Poghosyan: Yeah. Super important point. Right? Yeah. Again, I'm sure there were a lot of smart people before us thinking along the same lines, but it wasn't done. It wasn't built. And I think if you go back even 10 years, I think [00:16:00] it'd be very challenging because you didn't have the maturity of this different technology, especially cloud native technologies, right? 
 

So, yes, it's a, it's a big factor of the combined combination of the idea and the timing and the Uh, technology, uh, maturity to be able to do that.  
 

Sean Martin: Well, I always go back to operational maturity as well. And part of that's driven by the technology. So moving from on prem and I'll call them static, uh, static identities, right? 
 

You get onboarded when you join, you might change roles. So some things might get tweaked. And then when you fight, when you leave, hopefully they. They, uh, remove the identity and the access, but it's fairly, fairly contained. But when you, when you move into the, to the, uh, DevOps and infrastructure, infrastructure is code and, and you're building multiple times a day and, and loads of people are involved, some teams at some time, other teams at other customers and all these things come into play, [00:17:00] uh, is a very dynamic world. 
 

So clearly scale is important, but also the speed at which. You have to manage this stuff. So you can't, you can't put the burden on one team or another to handle the speed at which all these things are coming at them. So you have to, you have to take that into account, right?  
 

Art Poghosyan: Yeah, no, absolutely. Um, to give you a, an example from very early, um, stages of our product development, this was even before the product was GA and a big enterprise, uh, company was, uh, Testing it in the pre G. 
 

A. Stage in their first use case was, uh, We need the API functionality to do everything that we can do from the console, the web UI. Candidly, um, we built the product as API first, but a lot of what we had actually from the APIs wasn't even [00:18:00] documented at the time. So, so when they started actually doing it, uh, from the API and, uh, and, Made us document everything and be very diligent about like what we're building and, uh, you know, what's available through APIs may just really think that this is going to be a huge differentiator for a technology like this yet, APIs, or I think there's a term like APIs are the new UI, right? 
 

I think it's very true for our product. Essentially a lot of that automation and opera operationalization constraints of products are come down to that. Can, how much can be. Automated for ongoing, you know, maintenance and administration of any product.  
 

Marco Ciappelli: Wow, interesting. And you know what is great is that you two are going to get to go deeper in this conversation in a couple of days. 
 

Sean Martin: It's hard to stop now, but I will.  
 

Marco Ciappelli: Well, that's why I stepped in. That's why I had to step [00:19:00] in because I know you will not stop, Sean. And I just want to give the opportunity here to Art to, I know you guys are going to be a black hat. You can meet with people network. So how are you going to do that? How can people get in touch with you? 
 

And of course, I invite everybody to to do that and to follow the next conversation that Sean and Art are going to have a blackout and I'm going to be the one with the camera. And, uh, recording that. So I'll be there, but not not in the in the shot. So how can people get in touch with you?  
 

Art Poghosyan: And yeah, LinkedIn is probably the best. 
 

I'm always active on LinkedIn. Um, certainly, uh, LinkedIn, direct message, whatever works and love to talk.  
 

Marco Ciappelli: Very cool. We'll be sure to put this into the notes here. [00:20:00] And, uh, with the website and everything that people need to know about, uh, about what you do. Um, Sean, final word, no questions, just no questions. 
 

Sean Martin: Well, no, I think, uh, what I'm excited for is some use cases and some stories of how some of these challenges that you saw and you built for are actually overcome, uh, for some of your, some of your customers and the ultimate outcomes that they've experienced. They're fortunate enough to find you and the Bride of Team. 
 

So I'm looking forward to that this week and, uh, excited to share that with everybody and yeah, definitely connect with Art on LinkedIn, uh, find him around, uh, around, uh, the Mandalay Bay and, uh, have a chat with him. And if you need help finding them, you can find me and I'll, uh, I'll put you in contact for sure. 
 

But, uh, not love what you're doing arts and, [00:21:00] uh, thrilled to have you on and excited to see you this week and continue the, uh, the brightest story.  
 

Art Poghosyan: Absolutely. Thank you, Sean. Marco. Thank you.  
 

Marco Ciappelli: It's a pleasure. And everybody else stay tuned for more conversation. Definitely watch the upcoming one if you haven't, and if you have, and this is the second one that you see with art. 
 

Good. We, we want you to read and listen and view all the stories we share with Bright Tide. So, take care.  
 

Sean Martin: B R I T I B E dot com. Brighttide. com. There we go. See you all there.