Mark talks about everything…including Zero Trust | Dynamically Speaking

Axiomatics   ·   Tuesday, January 25th, 2022

In the latest episode, we put Axiomatics’ new Chief Product Officer, Mark Cassetta, on the hot seat, discussing everything from his view of the authorization market to how he believes authorization can enable a successful Zero Trust deployment.

This discussion left no stone upturned, offering a glimpse of what you can expect from Axiomatics in 2022.

Kelly: Hi, and welcome to our latest episode of Dynamically Speaking!

Today we’re pleased to welcome Mark Cassetta, who is the new, Chief Product Officer for Axiomatics! Welcome, Mark, and thank you for joining us!

Mark: Thanks, Kelly! Excited to be here and on the podcast!

Kelly: Excellent! So, Mark, we had a few questions, but maybe we’ll start with a pretty basic one. What made you interested in joining us at Axiomatics?

Mark: Well, it’s a great question, a fun question answered on a number of fronts.

I guess I’ll start first: people. I mean, when we talk about software, you know, yes, it’s software as a technology business and it’s building products, but really isn’t about it is about a people business, right? You’re working with so many people on a daily basis to make great things happen.

So as I got to know, the existing team, that that was that it’s been at Axiomatics sort of the culture that that’s been created around this, this mission focused on being the leading enterprise authorization solution that obviously got me really excited. Speaking with  the founders back and sort of seeing what their passion lies in, in this how the other passion lies in the solution was, you know, that that’s all very important to me. And then, of course, the opportunity to, to work with a leadership team and folks like yourself, again, that I’ve worked with in the past that, you know, we’ve done great things together with and I look forward to be able to do the same thing here at Axiomatics as we like to serve our customers!

Kelly: For sure. It’s definitely exciting and always great to work with you, Mark, certainly. The feeling is quite mutual!

So, you know, I know you’re still in your first month here. But as you’re exploring things, and talking to customers, and other influencers, both within and without Axiomatics. What do you feel is the opportunity that lies ahead for authorization as a market?

Mark: Yeah. I mean, obviously, and frankly, that even fees built into the first question. The space is at this incredible inflection point. And one of the other reasons why I’m super excited to join Axiomatics was, I’ve been following Zero Trust for more than a decade now, back to my days at Titus, back to when we had John Kinder veg presented our customer conference, when you know, Titus was roughly the same size that Axiomatics is right now. And I got this sort of exposure to how important is your trust was in the paradigm of the cybersecurity architecture, and as its evolved, and we look at how it’s matured in the market, many organizations realize that they had to take some of the first basic steps before they really got to embrace the full value of Zero Trust around authentication, and just getting basic, multi-factor authentication in place.

But as that, as those steps have certainly been taken across the enterprise, as people realize that that is just basic hygiene at this point, there are now looking to the next to the next step, which is really around authorization, right? So if I’m, if I’m building applications, or if I’m deploying applications, the big question becomes who has access to this, but what kind of access do they have? And when should they have that access? And what’s all the other attributes and context, we want to bring into that equation to make sure we really reflect the right Zero Trust policies, people are accessing our data and applications.

And so as I looked at Axiomatics, that became a very clear opportunity and certainly the market is in the right place to to embrace that.

Kelly: Excellent. Speaking of the market, we know, identity and access management, IAM, as a market has been around for a really long time and has never been so popular I would think as it is now. So that’s meant there’s a lot of noise in the market, there are a lot of competing interests advocating for different things.

As you’re parsing through this, and in particularly in your discussions with customers, what is your guidance for those organizations looking to cut through the noise and get a crystal clear understanding of what it is they need and where it is they need to find that?

Mark: Yeah, it’s a good question, I think. This is something I’ve been thinking a lot of as we look to communicate to our customers sort of the value that we bring, and the way I’ve started to think about it is looking at policy through a kind of a methodical process in terms of how it gets developed.

So you’re obviously as an organization, if you’ve embraced Zero Trust, you’re thinking about how do I, how do I bring Zero Trust policies to my to my business, whether that’s on the authentication front or on the authorization side, as I look to plan those policies, then I got to design and build them and then deploy them in applications, and so that to me becomes the first step.

And as we’re thinking about authorization, specifically, we’re building these policies that are going to sit within the application at multiple layers with it within the app, right, as people are coming into to sort of that, you know, when they first get access to the app, as they go into the depths of the application, and even into some of the, into the into the database side of it. That’s, that’s all about run-time authorization and runtime policy. And in some cases, like we’ve heard from, from analysts, this notion of just in time authorization, right?

So that’s kind of it’s the the first major piece of the puzzle, and obviously, where, where we feel strongly, of course, that Axiomatics plays plays an extremely valuable role.

Now, the second half of it, then, is managing entitlements and managing the least privilege that making sure that you’re deploying a least privileged model, which, of course, is critical to the entire equation, and that ongoing management and administration is something that we’re seeing a lot of players participate in.

And I think certainly the privilege access management market is, is, is huge because of that. And then we’re seeing things like Cloud Identity and entitlement management, more specifically a Cloud infrastructure, play a role in helping cyber teams better understand all the entitlements that are happening in that environment.

And of course, Axiomatics can continue to play, or I’d say specifically, authorization can continue to play a role there but I think that I almost look at it between those, there’s sort of this, this need for runtime just in time authorization based on  Zero Trust policies that are focusing on why, what, who, when how, and ultimately driving some sort of action. And then there is the ongoing administration and management of those authorization policies in the process. And so that’s how I started to kind of break it down.

Kelly: That makes complete sense. I think, as a follow on to that, you know, once folks have kind of figured out all of the different layers between identity and identity governance and authentication, and then authorization, and, you know, that’s that’s even aside from what you look at it at Zero Trust, when you start to break it down.

For somebody who was looking at Axiomatics specifically, what are the critical things that you would want them to take away from that look?

Mark: Yeah, it’s a great. Another great question. We’re gonna call this episode, another great question!

When I look at the space, and we look at cybersecurity in general, there’s a lot of products out there and there’s a lot of companies trying to solve these problems. And there are I’d say a few companies that have stood the test of time of being there and scaling to the needs of enterprises and solving really hard, hard problems.

And, frankly, that’s, that’s where Axiomatics has come from, it’s, it’s, it’s hard to go down the path of, of making customers successful and making large organizations successful with with authorization for the last decade.

The first thing is, when you think of what you need in an authorization solution, the first thing you need is scale, right? You need to be able to know that what you’re going to deploy isn’t just about one application, it’s about the entire environment. And obviously, for us, that’s, you know, that’s something we built Axiomatics for not just in, you know, for the last decade, but for the next decade as we look at sort of a Cloud native realities that organizations are operating in.

The second is when it comes to Axiomatics, what’s interesting is, I don’t think this is a surprise, you may have had a perception of being, you know, really built, being able to build these really demanding complex policies. And that’s a huge strength of ours, which is true, but what the ethos of his business has been as, I hate to use this word, because it can be overused, but they’ve been trying to democratize authorization, right?

So everything that that we look at when it comes to making authorization successful, there’s multiple stakeholders in a business that that need to be enabled, right?

You’ve got sort of that that CISO-level that needs to just understand that they’re following best practices and that they that are applying the right policies and that it’s lining up to their broader security strategy.

You’ve got the the business needs to be able to translate just requirements into into policies and frankly, don’t really want to get their hands into the actual app, they want to lean on the IT security team to do that.

And then you’ve got the developers who in some cases are like, look, I could write code that that’s going to reflect the unique policies that we need, and I want to make sure that solution can actually, you know, support that and deploy it.

And so for us, I guess the other key component of this is we want to, like I said, democratize it and enable authorization to be accessible by the all the key stakeholders, and, and, you know, give them the tools they need to get up and running quickly. And so that’s, that’s been a focus of the business. And obviously, as we go forward, it’s going to continue to be a focus as well.

Kelly: That’s terrific mark. And certainly, you know, from all of these these answers, think you’ve been you’ve been with Axiomatics for years, which is phenomenal. I mean, that in the very best way. But given you know that you’re this is a new, this is a new role. What are you most excited about?

Mark: Yeah. Well, I think as soon as we’ve been thinking about that, Kelly, so it’s as much about so obviously, we want to give folks the tools to be able to build the right policies, as you know, whether it’s that initial crawl phase, or even as they evolve into a more walk and run strategy. So we’re going to be there with them in that entire journey.

But sort of underpinning that is been this discussion, we’ve been having internally about the need to orchestrate authorization.

So if you think about it, and you know, you’ve seen analysts like Gartner talk about this need to centralize accountability and decentralized policy creation. And that’s really what we’re talking about is how do we look to a CISO, or the identity leader, which could be the same person or in some cases different depending on the organization? They’re the conductor, they’re the ones who are accountable for making sure that the right policies are deployed at the apps. And that the right you know, that their developers and their teams are enabled to build the policies they need to protect their information.

So how can we make sure that, so when we look at orchestrated authorization, we’re saying how do we make sure that that system is enabled with all the tools that they that they need to model those policies, to translate, perhaps, existing policies that may have been written written in an open source, or not necessarily translate, but actually be able to enable open source policies,  and then there’s also this need to be able to visually provide information about how those policies are being written and whether they aligned to the requirements that the business is looking for.

And, of course, there’s all the integrations that need to be done as well, that that, that we support today, but there’s also opportunities for more integrations in the future.

And so, you know, while it sounds a bit high level is, from a strategy point of view, we’re really framing up kind of the ingredients that we see are required for this for orchestrated authorization and I’m excited to bring that to life!

Kelly: Wonderful. Wonderful. Well, thank you very much, Mark. I think we’re, we’re at the end of our time, but I want to thank you so much for for being here for sharing so much of your vision and, yes, lots of exciting things, things to come!

So thank you again, and we hope to have you back on the show soon!

Mark: Awesome. Thanks, Kelly!

About Mark Cassetta

A cybersecurity veteran with more than a decade of experience, Mark Cassetta leads Axiomatics’ product strategy, driving the creation of solutions that offer enterprises around the world a way to address current and future authorization and access management challenges.

Mark brings to the team a passion for secure information sharing and leading product strategies that strive to protect data while still enabling organizations to meet today’s pace of innovation. Mark’s deep cybersecurity experience includes various leadership positions for both software vendors and global systems integrators, including Titus and Accenture.