Danny Jenkins

And now, just joining this meeting, just opening the Google Docs beforehand,

It was such a pain in the backside to go through the code, the push notification, all of this, my password to get in.

And at the end of the day, if I'm a weak user, if I'm a human, I could have given it all away.

just as easy as I could have entered it into the computer.

So I think Andy's absolutely right.

I think the word identity is often referred to as the identity of a person.

It should not be the identity of a person.

It should be the identity of a person combined with the identity of a device and making sure nobody can access something if it's not from a trusted device.

And we had...

This is what makes me really, really nervous.

We did a pen test a few months ago before Zero Trust World, and we managed to fish, which I thought was five, but it's eight of our engineers to put their Office 365 credentials into a page and accept the dual factor push and put the code in.

Ouch.

And it's embarrassing to me because I always thought salespeople, they're going to get phished.

Finance people, they'll get phished.

Engineers don't get phished.

And engineers got phished.

So I think the most important thing is I've heard too much about human identity and we should be thinking about device identity, something that you cannot give away to a very nice man on the phone or a webpage.

I completely agree.

And that's exactly what we've been trying to do with Zero Trust Cloud Access and Zero Trust Network Access is, hey, you can get my Office 365 credentials.

You can get me to push a dual factor push.