JPMorgan Chase's CISO Open Letter: Call for suppliers to deliver security-by-design and operationally excellent solutions.

A response to JPMorgan Chase’s open letter on prioritizing security in a modern, interconnected digital ecosystem. 

Recently Patrick Optet, Global Chief Information Officer at JPMorgan Chase, published an “Open Letter to Our Suppliers” with a clear directive: security must be elevated to the same priority level as innovation. 

It’s a powerful message that highlights the growing risks posed by overly simplified identity interactions and the erosion of security boundaries in increasingly interconnected environments. 

This is more than a call for compliance. It’s a demand for modernization done right, built on visibility, strong authorization, and appropriate controls. 

This aligns with Britive’s mission and vision. We were founded on the principle that identity is the new perimeter, and authorization must be reimagined to meet the demands of modern, multi-cloud, AI-enabled environments. 

The Collapse of Authentication and Authorization 

One of the most important themes in the letter is the collapse of traditional security boundaries. 

In today’s cloud-first world, authentication and authorization are increasingly delegated to third-party systems — often without adequate transparency or oversight. This opens doors to new types of abuse: 

• Unsecured access tokens passed between systems. 
• Opaque 4th-party dependencies buried deep in vendor supply chains. 
• Overprivileged service accounts that operate without visibility or governance. 

This loss of control is real, and it can’t be solved by simply checking a compliance box. It requires a smarter, more intentional approach to access. 

The New Security Perimeter: Identity Front and Center 

One of the underlying themes in JPMC's letter, and a reality for every organization that is thoughtfully moving towards cloud and digital transformation, is the shift of the security perimeter. 

Cloud-forward organizations have undoubtedly found that traditional network boundaries have been removed: identities and their associated permissions have become the primary security perimeter. 

Every identity, human, non-human, and AI, requires active governance. 

As organizations move toward AI and automation, the number of identities is exploding. Not just human users, but service accounts, bots, and AI agents capable of decision-making and task execution. 

In fragmented, multi-cloud environments, managing access for all these identities and ensuring that access is appropriate becomes a massive challenge. 

This is where centralized visibility and modern privileged access controls are critical. 

Britive was designed for this reality. Our platform offers unified access governance across all identities, providing security and IAM teams with a single source of truth for who has access to what, and why. 

Zero Standing Privileges: A Modern Standard for Authorization 

The foundational principle of modern cloud security, especially for privileged access, is Zero Standing Privileges (ZSP). Vigilance against "always-on" privileges and broadly over-provisioned access is critical in dynamic cloud environments. 

Implementing ZSP with just-in-time (JIT) access means: 

• Access is provisioned only upon request and approval. 
• Permissions are scoped granularly to the task, and automatically revoked upon completion or expiration. 
• Risk is minimized across all identity types, human, machine, and AI. 

When implemented effectively, ZSP reduces the attack surface, eliminates credential sprawl, and simplifies audit readiness across the environment. 

Bridging Legacy, Cloud, and AI Systems Without the Complexity 

Large enterprises face sprawling ecosystems: legacy apps, SaaS tools, cloud infrastructure, and AI agent-driven workflows. Securing access across this complexity requires a platform that can do it all without increasing the operational burden. 

Britive replaces patchwork tooling and processes with a single control plane for governing access across environments and identity types. With out-of-the-box integrations, agentless architecture, and support for both human and non-human identities, we help organizations simplify access, reduce overhead, and accelerate their Zero Trust goals. 

Security as a Shared Commitment: The Foundation of Future Partnerships

JPMorgan Chase’s letter is a challenge to the industry: vendors must not only innovate but secure. 

At Britive, we believe those two goals are inseparable. By eliminating standing access, enforcing Zero Trust at the authorization layer, and unifying access across environments, we help enterprises move faster without ever compromising on control. 

Organizations don’t have to choose between agility and security. With the right strategy and tools in place, they can achieve both. 

We’re proud to support enterprises as they navigate this shift. And we’re ready to help security leaders like JPMC define what modern access management should look like.