Senior Analyst Carla Roncato covers identity management, access management, open identity standards, data security/content protection, and privacy and zero-trust initiatives at ESG. Carla has expertise in cloud, software, hardware, and services. She has worked with organizations such as Cognizant, Intel, McAfee, Microsoft, and the OpenID Foundation, where she is an evangelist for open identity standards.
Before ESG, Carla launched several funded SaaS startups as a part of Cognizant Accelerator Program and was responsible for M&A in Cognizant’s Data, Analytics, and AI practice. Previously, she was the VP of Product Strategy at an IDaaS startup backed by Goldman Sachs. She became the Microsoft Watcher and Chief Ecosystem Strategist within Intel Security after her role as Director of Customer Insights at McAfee. Among her various roles at Microsoft, including in the Identity & Security Division (ISD), Carla launched numerous products from Windows 7/Windows Server to Office 365/Azure.
Prior to working in the US, Carla held enhanced security clearance with the Government of Canada, where she deployed card access systems, and the British Columbia Ministry of Health, where she handled PHI of citizens. She holds a degree in Management with a minor in marketing and technology from Thompson Rivers University-Open College and British Columbia Institute Technology.
Last month during Identiverse 2021, an annual conference by identity professionals for identity professionals, I attended several sessions that got me thinking a lot about the C-suite, specifically Chief Information Officers (CIO), Chief Information Security Officers (CISO), and Chief Privacy Officers (CPO).
It was 30 years ago when Terminator 2 (T2) came out. I vividly remember watching it in the movie theatre when it debuted, and I re-watched it over this past Memorial Day weekend. The premise of the film series is that civilization will be eliminated by futuristic machines uprising, and in the T2 sequel, Skynet, the 21st century supercomputer, sends a second terminator—the T1000. This one is more stealthy and more advanced, capable of rapid shape shifting and near-perfect mimicry.1
Last week’s Executive Order by President Biden provided a glimpse into each branch of government’s cybersecurity accountabilities and a strong declarative on the mandatory use of foundational security tools.
In part, the Fact Sheet says: “The Executive Order helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period. The Federal government must lead the way and increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.”
This month, as we head toward RSA Conference USA 2021, where more than 40,000 security practitioners are usually all buzzing throughout the Moscone Center in San Francisco, we will all be signing in to virtual sessions instead. And just like last year, compromised credentials continue to be one of, if not the top vector for breach, fraud, and theft. These stories are in the news daily.
Big data estates, advanced analytics and insights, and the democratization of artificial intelligence (AI) are accelerating digital transformations aimed at harnessing the value of data across the business landscape. It is especially prominent in financial services, healthcare, and consumer services where customer experience reigns (and an unfortunate feeding ground for fraud and abuse).
The identity and access management ecosystem has come a long way in the past decade, invigorated by cloud identity, customer identity, mobile identity, and open identity standards. Industry incumbents and cloud providers have made significant investments to support scalable, distributed, multi-factor enabled and decentralized identity systems.
In my first (and exciting) week at ESG, I met with a series of sharp-minded entrepreneurs and newly funded startups that are tackling the complexities of authorization, access governance, and multi-cloud identity orchestration.