The 3 Secrets To A Successful IAM Solution: Q/A with YouAttest CEO Garret Grajek

In this interview series by Website Planet, I talk to executives from the best digital companies, who share their stories, tips and perspectives on what it really takes to create a successful website and online business.

A deep dive into decades of hands-on experience and technical expertise to learn untold truths and practical advice that will immediately help you build and grow your website.

Our guest today is Garret Grajek, CEO of YouAttest and a certified security engineer with almost 30 years of experience in information security. He holds 13 patents and has worked on security projects with Office Depot, TicketMaster, Oppenheimer, HP.com and many more including public sector accounts like GSA, U.S. Navy, EPA and USUHS.

He has also been recognized with several industry awards, including Best Mobile Identity, Safeguard, and Security Solution in 2014, and Best Authentication Solution and Best Single Sign-on Solution in 2011.

YouAttest is a cloud-based identity auditing and management solution that helps enterprises ensure compliance and security of their user access. Te worlds first GRC product developed in the cloud, 100% automated, No-Code.

To start, tell us briefly about you. What is your current role at your company, and what are the measurable achievements you are most proud of?

After working directly at many of the major computer enterprises: IBM, Cisco, RSA and others – I have been creating my own solutions for identity security. First SecureAuth which was the first 2-facto identity provider, the Cylance Persona which was the first zero trust AI driven solution and now YouAttest the first easy to deploy IAM-focused identity attestation solution.

What pain point(s) do you solve for your customers? What was the “aha Moment” that led to the idea? Can you share that story with us?

Who has access to what?

Palo Alto says that over 90% of cloud accounts are overly permissive: *

99% of cloud users, roles, services, and resources were granted excessive permissions that were left unused for 60+ days. Cybercriminals can take advantage of excessive permissions that are not being actively used to navigate through different parts of the network without being detected, potentially gaining access to sensitive or critical systems and data.
Built-in cloud service provider (CSP) policies are granted 2.5 times more permissions than customer-managed policies. This reliance on policies that grant more permissions than necessary undermines the principle of least privilege and makes it easier for attackers to exploit these overly permissive accounts.
44% of organizations allow IAM password reuse, and 53% of cloud accounts allow weak password usage (less than 14 characters). This drastically increases the risk of credential stuffing attacks and brute force attacks, allowing hackers to gain access to one account and potentially all the other accounts using the same credentials.

With all the tools we have – why is this still the case? The truth – we have become better at deploying identities than reviewing what access we have given these accounts. I solved this with YouAttest.

YouAttest automates the manual process of identity user access reviews to improve security and compliance with many compliance requirements, such as Sarbanes-Oxley, HITRUST, HIPAA, GDPR, PCI.

Cloud based identities are completely out of control – They are our #1 weakness. If we don’t address these identities and the run-away permissions, all of our systems are at risk.

* Source:
https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research

What do you think makes your company stand out? What are you most proud of?

Deployment and time-to-value.

Identity Governance – the market that YouAttest is normally associated with has an INSANE long deployment time to value – 3 to 12 months.

Why the deployment of Identity Governance (IG) solutions can take so long:

Complex setup and configuration processes
Difficult integrations with existing systems and infrastructure
Required customizations for specific business needs and regulatory compliance

🚀 YouAttest time to deployment is measured in minutes, not months.

YouAttest achieves a quicker deployment time compared to other Identity Governance and Administration (IGA) solutions through several features:

Cloud-Native Architecture: Being a SaaS, YouAttest does not require any on-premises infrastructure or lengthy installations.
Automated Access Reviews: YouAttest automates user access reviews and attestations. No more spreadsheets and manual actions needed.
Pre-Built Integrations: Integrations with leading IAM platforms like Ping Identity, JumpCloud, and AWS IAM allow YouAttest to quickly unify identity auditing across cloud and on-premises resources.
Streamlined Configuration: The time and manual work needed to set up the YouAttest are minimized.
Scalable Architecture: Many IAM solutions struggle with high volumes of access reviews. YouAttest can process millions of entitlements, enabling it to handle the access review needs of even the largest enterprises.

What’s the one key lesson you’ve learned about building a website and business that you wish you knew when you started? What’s the story behind this realization?

Leaving stale content up on the web site is the most common mistake I have seen people making when building their website. You should keep creating and updating content that is relevant to the market you are striving for.

YouAttest created the #AuditTuesday GRC (Governance, Risk and Compliance) podcast which is based on our most timely subjects. Every Tuesday we talk to the leading authorities in GRC, Compliance and Identity Security.

We then use our website to promote this content through landing pages, content pages and supporting material. We created a lot of topical content around these issues that helped us grow our audience very effectively: