Webinar Recording

How to easily expand Identity & Access Management to the Cloud

Log in and watch the full video!

Many large enterprises operate with a glut of access security platforms and tools that each service a specific silo of applications and resources. Most are proprietary, and many have expensive and time-consuming agent-based architectures. In addition, because they are usually very tightly connected to the applications, it is a hard task to move them to the cloud or access them remotely. Traditional IAM systems were simply not designed to secure apps outside the corporate firewalls.

Modern access management supports secure online access from any device via one single sign-on (SSO) solution. It doesn’t matter if applications are being deployed either on-premises, in a private or in a public cloud, thanks to a centralized and federated gateway the level of control always remains the same. It also enables developers to work with latest identity standards such as OAuth and OpenID Connect in order to support identity for multiple clouds and mobile environments in various combinations. And all of this, thanks to easy integration, without companies having to alter their existing IT infrastructures.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Well, good afternoon, everyone. And welcome to this KuppingerCole webinar on how to easily expand, expand your identity and access management to the cloud supported by ping. Now, you'll see that this is Mike Small, who is speaking at the moment. I'm a senior Analyst with KuppingerCole and I'm replacing Martin Kuppinger who unfortunately is indisposed and able to take the webinar. And my co-presenter is Lauren Russ from vice president of product development of ping identity. So this, this webinar is organized by KuppingerCole and KuppingerCole is an industry Analyst organization. We focus on it and the security and especially the identity aspects of it, providing services for research advisory and E events, both for end users and for vendors of these kinds of problems, the events that we are currently sponsoring the next one will be in Paris, which is a consumer identity summit, November 22nd to the 23rd.
Then in March, we have digital finance world in Frankfurt, and finally the annual European identity in cloud conference in Munich. Germany will be May 9th to the 12th in 2017. So as regards the guidelines for the webinar, the attendees are all muted. Centrally. We will control the mute unmute features, and the webinar will be recorded. You can type in your questions at any time using the questions and answer tool, and we will pick these up at the end. And at that point we'll deal with them unless they are something that is so urgent that needs to be dealt with the time.
So this webinar will start off with myself, speaking about how organizations need a hybrid it, and that needs in turn a hybrid identity and access management to provide a consistent and centralized approach for managing identity and access across all users to all applications. And in part two, Lauren Russ from ping identity will present on the modernization of access management with some customer examples and some use cases. So to start with our part of the webinar, the thing that we observe in KuppingerCole is that organizations and companies are going through a transformation, which is necessary to exploit the opportunities and to meet the challenges of the digitally connected environment. And this is driven by a number of external factors, such as the increasing connectivity, the importance of services as part of the product, as well as the increasing risk of cyber attacks. And there are a number of other drivers to this, which you can see on the slide and in order to respond to these challenges, organizations need to have increasing degrees of innovativeness.
And that requires both agility and organizational flexibility. The old approach of fixed specifications of long development times does not work in today's environment. And the key topics which are leading towards this are now getting closer to your customer. Increasing the organizations, want to become much closer to their customer to, to be able to deliver a, a much more personalized product experience and a much more customized experience to these product, these customers, and that is also being impacted by the growing internet of things. And also to a, a greater extent around smart manufacturing and all of this is being enabled by some key enabling technologies, which include things like blockchains, cognitive, and AI, as well as everything being done through the cloud and, and big data. So in order to achieve this digital transformation, we've identified eight fundamentals, and these include that it affects every organization.
It's not going to go away. It's here to stay. It's a lot more than just these particular hot topics like I T and it also requires organizations to change the way they, they organized themselves in order to become more flexible and to match these, these needs. Now, in terms of the focus that we have, which is around identity, one of the critical things is that through this transformation, everything, and everyone is becoming connected. And that's a theme which we're going to touch on in more depths as we go through the presentation, that the idea that you need to do all of these things with security and safety is not. If you will, a contradiction in terms, you can achieve both. And indeed by achieving security and safety, you may well find that you do better at achieving the objectives that you were particularly looking for.
That remember that security is both a risk and an opportunity, and the smart money follows the risk because being better at managing that risk gives you a competitive advantage in areas where your competitors dare not, or are not able to work in a risk managed approach. And finally, the, the identity, it becomes the glue that makes sure that all of this works in a secure manager by controlling who can get access to what systems. So following on the idea of everything is connected. This connectivity is, is, is in the past. People were really just connected to their employers, and this is now changing businesses then became connected to their partners and possibly to their customers. But this is connecting everything to everyone. People connect to each other. People connect to their, their favorite service providers to buy things. Using the, the, the, the, the web and their apps. They connect unknowingly or knowingly using their smart devices from a smart fridge to a Fitbit. These, these things all provide a plethora of, of data that can be exploited of the customer and to the benefit of the organizations providing it is done securely and with privacy.
So organizations can use this data to create new products, to become more effective and more competitive, as well as improving efficiency in this ever connected world. This connect connectivity is being supported by cloud computing, the range of mobile devices and social computing, which gets to user populations. And these, these things are being exploited in quite amazing ways. Social media and eCommerce and entertainment, and increasingly public services are looking to exploit these things to deliver better services that are more in tune with what their customers want. And for example, a UK TV channel uses the monitoring of social media activity to be able to identify the demographics of the audience that is watching a program in order to sell advertising in real time to, to, to, to their advertise advertisement partners during the program. Now, all of this is being made possible by the use of APIs.
APIs are what enabled organizations to connect things together. They can connect their apps to their, their, their center. They can connect their services together. They can sell their data and they can manage the devices that will be put into your home, the smart devices, which will lead to improvements in efficiency and cost reduction for end users. But these APIs are going to be critical to helping organizations to monetize what was previously just a cost in the past. So looking, and so this leads to the new agile business connected. So identity is the glue that brings all of these things together. And what we've identified is eight factors around this. And the first is that you have to remember that it's more than just humans. Identity is the identity of everything, things, devices, services, and apps, and that these identities are going to come from multiple sources.
You can no longer have a situation where you will control all of the identities internally. You will have to accept that some identities will be provided from outside. And this leads to the need to take account to the varying levels of trust that may be involved in that and the attributes of these identities, who they are, what, what they represent, what their properties are, will need to come from multiple sources as well. And this means it's even more important to be able to take account of the trust, the reliability and the potential for man's associated with that. We're moving into a, an area where we have unreliable identity information. And because of this, we need to look at new technologies. For example, things like blockchain, as a way of helping us to determine the trust that we can put into the different areas.
Not only that, but people do not have a single identity. I don't have a single email account. I have many user names and many passwords and I access services from many devices using many different applications. And the critical, the critical for the U the provider of services is to be able to disambiguate between these people so that you can tell that it's Mike Small, wherever I come from so that you can provide me with a better service. And in terms of this, there is also no single way, no single best way for authenticating people. Everything depends upon the, the environment and the, the things that they are trying to do. So there is no single authenticator. What does matter though, is relationships between identities. And in order to understand what's going on, we actually need to look at a graph of humans and their connections with things, devices, and the services and the apps that they are using, because that is the most informative way of looking at what we have.
And finally, in terms of identity, context is king because everything varies in terms of that context, there is a big difference between me transferring a large sum of money to buy a new home or house. And me buying a, a small item on some service like eBay. These things are completely different in terms of transaction, completely different in terms of risk and need a different approach to manage them. So when we look at the future IAM, we need to factor in all the identities of all these kinds into the equation. And these include not only people like employees and business partners and customers, but also things such as services, devices, and things. We need a common approach, but this doesn't mean that everything has to be treated the same. It's just as important to be sure about the identity of the clamp service you are using as it is for the service to be confident about who you are.
So, however, these two different dimensions may need slightly different technical solutions to achieve the same level of trust that is needed. So when we look at how things are changing, and this we've put as not the five, but the four serving men's who, what, why, where, and when we still need to manage insider access, and this is not dead, the mainframe is still alive and well, and being widely used. And these in internal accesses are using proprietary interfaces, but increasingly internal communications and internal systems are being deployed as web-based services to provide a single deployment user interface and a single deployment infrastructure.
However, the internal systems are not alone. Services are more and more being delivered externally. For example, learning services and travel are fairly commonly delivered by outside providers to most large organizations using, for example, identity Federation as is one of this. And not only that, but outsiders are coming in as inbound Federation as well, to be able to access your services. I, in order to provide different kinds of services to you. So, and finally, more and more things are being delivered through the cloud as, as a way of achieving virtualization and, and, and so forth. And these, all these factors make the situation more complex. We cannot remove any of these different dimensions we have in access management to cater for them all, all these use cases need to be covered. In addition to this, we have the ubiquity of mobile and other kinds of access from outside the organization into both cloud based federated and internal services. And increasingly these accesses are now being made using APIs. And so, whereas it may seem that in the past, we felt we'd got on top of the issue of how we can control web access through web access management systems. We now need to bring APIs into all of this. And once again, all of these different use cases need to be managed through some kind of single platform.
So single sign on well for a long time, we think we've had solutions to single sign on, and I've seen the evolution of this from things that we're giving you single sign on, on the mainframe things that gave you single sign to various client server type things. Then we had web access management, and now we have to cater for the need to bring API access into this same fold. And this all needs to fit into this common infrastructure. So what is needed is one platform that supports all of these needs. It needs to support everything from consumers, to customers, from partners to employees and bringing in con contractors as well. It needs to allow them to access the services through both the connected things, the mobile devices, as well as the more traditional personal computers and laptops and so forth. And these services will be accessed both internally and externally.
So we need to support all these different kinds of technologies, such as Federation, web access management solutions, APIs, and to do this with authentication, which can adapt itself to the changing risks associated with different use cases and all this needs to give frictionless legitimate access to cloud services, as well as internal systems, web applications, legacy partners, and supplier services. So this really quite challenging environment is the one that we need to be able to support. So in summary, the digital transformation needs an organization that is going to become more and more open than ever. It was before in order to support the agile connected business hybrid, it needs to support this change as well as supporting the existing infrastructure. And what this really means is that hybrid enterprises need a hybrid identity it system, and hybrid. It needs a hybrid identity and access management process. So that is my part of the presentation. And I'm now going to hand over to Lauren who will take over the screen now and present Ping's approach to, to this.
All right, as a take over from Mike, I wanted to spend a little bit of time talking about, you know, ping identities perspective on the modernization of access management. And it's really in support of a lot of the characteristics that Mike talked about. And the first thing I wanted to do is elaborate on some of the elements or characteristics of a true digital transformation, cuz it's really built upon that identity glue that might refer to first, it's really about securing access for all the different identity types employee, customer, and partner, being able to be responsive to the user's context, their location, the behavior, that kind of network that they're accessing from. And then the devices that they're, you know, the users are using to access the various applications and services. Also one of the, you know, strong things is that rapid connection we're finding more and more that the user experience is primary in succeeding in digital transformation.
And it's really about enabling any type of application and service regardless of the existing infrastructure that may exist as well as the backend services. Some of the things to consider as well is that ability to continuously authenticate so that you can trust the user trust the device that they're accessing on. And it really isn't about just authentication. I'm sorry, you know, really providing authentication services at the authentication time, but also being in session and also able to control and provide continuous authentication for any access request regardless of device or location. Also ensuring that it's a frictionless user experience is user transition from web to mobile, to, to things as well. That as then, very important to make sure that your integration into legacy infrastructures, as Mike talked about mainframes, aren't going away nor our windows servers or Linux and unit servers. So as we, you know, start to look at this hybrid environment, those integrations are very important.
One thing to consider though, is that digital transformation is really just a journey and it's the path and steps along the way that really determine what your requirements are. And as you look at this example, it's really just identifying, you know, what the path is for some users. And as they go through those transfer transformational steps, the kind of deployment model and the kind of services that need to be available to help you successfully address some of these requirements is very important. So you can see as some companies start, which is by modernizing their legacy identity management infrastructure, and that takes introduction of perhaps some new, more modern servers, as well as identity bridges to help bridge that gap between on-prem legacy and SaaS applications. Then the next step would be to replace business apps with SaaS applications. We're starting to see as Mike talked about many different kinds of services and now migrating to SaaS applications, there are alternatives there for sure, and helping enable users there.
Other things then is you start to look then beyond the basic SA services is one of, there are no alternatives. You start to then look at cross domain identity and access management solutions to support workloads that are moving to infrastructure services platforms. Those platforms then would be all the custom applications and all of the services that there really just are not any SAS alternatives for. And then last is then how do you go to the, the final step of digital transformation and those APIs, essentially those external services to start to create a unique set of application, unique set of services that are available. So as we go forward, it really is looking at six design principles of modern access management. And these are critical because they support the modern cross domain architecture and essentially borderless environments that many of of you are deploying your applications in.
If we go around the loop here is just really about federated architecture, ensuring that trust exists between the different domains the standards are utilized and the integrations to help take proprietary to standard is very critical in ensuring your success. Internet scale is very critical as we start to see user populations of, you know, 80 to a hundred million, and you start to see partner communities or ecosystems of a hundred thousand plus, as Mike talked about web mobile and API become very critical all services and applications. Aren't just exposed through a browser, but are available in multiple formats, all identities as well as then flexible deployment become very critical.
So as we go through quick dialogue identity and access management is really just about connecting users, things to the various applications and services on the backend. As we start to see digital transformation, it's really that move of APIs and services out to the cloud and leveraging the various environments either provided via SA service or application or else infrastructures of service. But as you look at, be able to do that and be able to essentially effectively connect the various users and devices to the legacy infrastructure and enterprise applications, you need a very hybrid environment to be able to support that. So if you go from left to right, and I'm gonna orient orient you a little bit to this slide is the left side is inside the firewall. And it's those services that enterprises need to be able to support this hybrid environment. And then to the right is the various cloud services that are available.
And in many cases, companies are looking to either provide Federation services for the various applications and integration, as well as bridges to help bridge their legacy environments to the cloud. We also need identity data services. How do I consolidate the various ID stores, or how do I create specialized data directories or data services for the user identities and attributes that I need to share across the net? And the next is how do we provide the right level access control beyond authentication to be in session for not only your browser based applications, but also APIs and native mobile applications. Then we move to the cloud. We need a robust identities as services platform to start take advantage of the cloud and that infrastructure, as well as to support a one to many connection that many of the Ida solutions provide either via desktop, be able a Federation hub as well as an application catalog.
In addition to reach a more modern architecture is moving your authentication services to a mobile or a device platform and enabling authentication services in the cloud. If you look to the lower right side, quite often, as we move workloads out to the cloud and to the identity, or sorry, the infrastructure of the services platform, you also need to migrate the access gateway to provide a very lightweight interface, providing access control as well as you may move the identity. Some of the identity data services out to your infrastructure layer to handle the large populations of either consumers or partners. So we look framework it's really supported by a set of core capabilities that ping provides in a set of products and services that we bundle in the P identity platform at the very top in the center box, you see ping one and ping ID and is a robust identity is a services platform that provides single sign-on access control directory services, provisioning services, as well as audit capabilities to provide a, a holistic solution in the cloud that most of our customers can only leverage that cloud because they have legacy infrastructure they need to integrate.
So they use pink federated as a robust Federation server to help provide the right token validation or token creation as necessary to help translate proprietary identity frameworks, to, to standards as well as they need to bridge to the cloud either, you know, bridge to ping one, to be able to access the mini applications or else bridge bridge, direct ping access provides that access policy as well as enforcement point to many of your environments need to provide a modern infrastructure with that ability to centralize your policy administration, perhaps in your enterprise, but move a very lightweight enforcement point out to an infrastructure of the service to provide protection there. And then last and not least is P directory that provides that level of identity data services that you need to support your users, your device and your applications, and the way that you manage those accounts, manage attributes about the various devices, users, and applications as well as then to provide the, the self-service as well as preference of profile management that's necessary.
So do I do now is talk about a few characteristics of modernizing your access management framework. First is really then going beyond web and including API security. That first starts with authentication services. Really, you know, that authentication server functioning is an authority for, you know, all the authentication activity going through the net it's support of open ad connect and OAU services. Again, to go beyond just home web, that support API and mobile, and then have very flexible policy definition to support the variety of applications and services on the backend. This is really enabled through providing an access broker and agent for those web and API resources and support of multichannel access management framework. So it's not just about enterprise, but support SA IAS for the various applications that are being deployed, provide domain level API security for the level of control that you need as well as then more modern architecture requires, you know, support of data throttling as well as then restful interfaces and web.
So to be able to, you know, leverage HTP, secure HTP traffic versus requiring to open up a port, other things that are, you know, key to the modernization is the ability to extend to your infrastructure as a service provider. And when you look at some of the limitations, you know, and moving legacy land systems to an infrastructure service is really around legacy land systems really don't extend to these environments very well. It's all about 60 to 30 servers that would need to be transitioned versus leveraging internet protocols, to be able to support a very lightweight deployment of either gateway or agent at that infrastructure service close to the applications that you're moving there. Also, it's not very viable to move your entire wham infrastructure. It just becomes too cost prohibited. When you look at extending is solutions to the cloud, it really then needs to be based on efficient standard authentication, authorization and session management support as well as then leveraging the ability to elastically scale when you're in that Amazon environment to handle various changes that are due to seasonality or due to, you know, increase in workloads based on M and a activity or other changes within an enterprise environment.
Next is the, you know, it's important that you provide contextual access control and on the surface, it seems simple to just, you know, provide a level of authentication for the various applications as a service on the back end. But quite often, many of those applications require either additional user information. They require additional attribute to be able to authenticate. They need to also support internal external data, and they need to be able to navigate across multiple networks. And so being able to provide very sophisticated policies to then strengthen the access control on the authentication events, as well as in session becomes very critical, being able to provide multiple authentication sources and then also be able to continuously verify upon access request to be able to step up based on token creation or token validation.
Another factor is important to modernization of multi is multifactor authentication is ensuring that you can protect resources regardless of if they're legacy or in the cloud. So ability to support legacy applications, enterprise infrastructures, a service or platform as a service SaaS application APIs consistently with one framework, be able to provide embedded services so that the APIs, you can start to embed the applica the authentication services into your web applications, as well as provide brandable data, mobile applications to support the various deployment needs and last, and not least is be able to support end user access access to legacy environments via VPN or sec, you know, provide a secure authentication environment for admins as they access windows servers or, or Linux Linux unit servers going forward.
Some of the things to consider then is beyond just standard based multifactor authentication is to provide authentication factors regardless or very modern factors, regardless of the type of device that you have. We have some situations where customers have bring your own device and then mobile application on that device is very applicable. We have others that don't allow for phone use in any case. And so they'll support UV key SMS, apple watch, email OTP, etcetera. Some other advanced authentication goes beyond just the factor itself, but looking at, you know, different zone based, you know, network country or location policies, as well as device parenting policies that will enable or support detecting geo breaks requiring device log, as well as requiring that the device beyond a trusted network before they can authenticate. So again, just looking at a more modern, advanced method for authenticating. So as I transition from then modern, the kind of modern capabilities that are necessary to the type of solutions that ping provides, I have a few customer examples I'd like to walk you through are really all along these lines of employee solution partner solution and consumer.
And what I hope to show is that you'll see by leveraging a hybrid platform, you can provide that improve productivity across all the different kind of application types, as well as be able to strengthen the security of those app. You know, those users to those applications and partner like to demonstrate how simple it is to onboard, you know, your partners, regardless of scale, give them the environment as well as give them the control over their identities, you know, as they need. And then last is to show how you can streamline the customer experience and really enable the market and business side of your enterprise for engaging customer. So the very first example I wanna give is Alaska has a cloud first and mobile only solution. And what they were looking for is the ability to migrate their application workloads, to infrastructure as a service and SAS, as a service while enabling their workforce to work primarily from mobile devices, they had a challenge where they had this vision around one identity, zero passwords, that they were really needing to migrate away from a legacy IM environment that was really keeping them be able to support again, a migration to the cloud, the digital transformation, as well as them to support the mobile devices.
So in working with Alaska airlines, we were able to provide them seamless access across all of their applications. You know, unifying tens of well, quite a hundred, but you know, tens of applications under a single single sign on solution. We were able to do that via get a standard protocols for mobile and API access as well as then, as they migrated applications out to their is platform, we provided them an agentless proxy based solution for them to protect not only their on-premises cloud applications with the same infrastructure, what they're able to achieve then was this one identity, zero password vision that allowed them to free up their employees to better service their customers at lower cost. And that really meant that many of their agents are now with their iPads, working directly with customers to help solve their needs in a very seamless and easy way.
If you look at then the environment that was needed for this is that they leveraged not only access gateway, be able to protect resources and applications that were in their on-premise infrastructure, as well as leverage the access gateways. They migrated applications out to the cloud. They leverage Federation server and bridges to, again, normalize the identities and authentication framework for their environment. And then also strengthen the authentication, leveraging a cloud service to provide them a very robust high scale platform for supporting the multifactor authentication needs that they had as we transitioned them to partner. You look at G had a challenge where they wanted to invite their partners to a new partner Porwal as they looked at the sheer number of partners that they had to onboard. Their main challenge was that just the limited resources to contact each partner, talked to them, you know, work them through the process as far as exchanging metadata and developing trust.
And so, as they looked to ping, they started to leverage the ping one services that enable partner onboarding and leverage, and also then enable for some of their small partners who had no identity infrastructure to be able to leverage the IDAs platform as the identity provider. They also looked for enterprise grade software to support their service provider deployment, and that enable them to do, you know, essentially unify all of their backend applications to provide a single interface for that Porwal. And then last as they looked for cloud scale capabilities to provide, you know, the, just the sheer volume support, the sheer volume users that they were working with. And the big benefit of this is that they were able to onboard many of their partners in minutes. There was no metadata exchange to negotiate. It was a very secure invitation process to help with that verification process.
And then the ability to Del, you know, provide delegated administration, enabling GE to provide level one support for many of their customers partners, as they onboarded them to look at that infrastructure then is that ability to then enable partners to be their own identity provider, leverage the cloud, to provide a one to many connection. And then as you can see, leverage a lot of the, you know, enterprise software services that have enable, you know, first the standardization of the identities, you know, centralized identity data services when their infrastructure, and then provide the, the right level access control for their environment. So last example I wanted to give was, you know, ends up being the second largest sports provider sports equipment provider in the world. And they had a challenge where they wanted to use social identity to register their users and simplify the buying experience, but had some challenges in, you know, ensuring that they could handle the scale as well as connecting to the various systems they needed.
And so the requirement again was just to, you know, simplify registration increase their retention as well as begin to gather data about their users. The challenge they had was social identities were considered two week for purchase. And so quite often they were able to onboard get CU, you know, some of their customers interested that they saw a lot of drop off when the online purchase process started to engage. So the solution was very simple, just, you know, Facebook integration to provide that social identity coming in the support of strong and contextual authentication to help with that verification process as the user transitioned from their Facebook account to the linked stronger account that Audis maintained provided API and access security for not only connecting the backend services, but supporting the mobile applications that user are coming in on as well as then third party aggregation, to be able to unify the various services behind the Audi da customer Porwal.
And then last is just that ability to provide a unified customer profile within a single identity data services enable the end user to manage their own profile as well as then the preferences that they have and what they intend to buy. And then the ability to link the account and enable, you know, self-service of the account profile as the users gone forward. So if you look at them, the benefit was the marketing joys, a much better site adoption and engagement, you know, usability and consumer data is provided. And then the enterprise is still able to adhere to a lot of the security policies and ensure that they're provide a secure environment for their users. And then if you look at the hybrid customer solution, again, leverages capabilities that are, you know, in software, on premise, as well as leverage the advantage of the cloud and providing the various authentic case and services for their customers.
So last then just for a closeout is just wanna recognize, you know, Ping's advantage is really that ability to increase time to task support multiple deployment models, as well as enable the interoperability that's required to again, take proprietary legacy environments to the cloud. So last in summary is just when you look at access modernization, you need to focus on protecting web cloud and API resources ensure that con context sensitive access management's included applying MFA when needed for web and enterprise support, flexible deployment options as Mike talked about. And then also ensure that you can solve not only this simple use case scenarios, but also support the very complex ones as they come on board. So with that, I'll hand over to you, Mike.
Okay. Thank you very much, Lauren. That was very interesting. And especially your, your, your examples about the hybrid solutions because organizations have this legacy, and this is one of the challenges of the it industry that very little ever goes away and being able to bring all that together is really important. Now we move on to the point where we have questions and answers and to the participants in this, if you have any questions, we will, we will try and find an answer to them as quickly as we can. So, in fact, it, it seems, I do already have an example, which says in the example of Adidas, what was the unique selling point of ping over any other identity management platform like Gigi generat, et cetera. So perhaps you'd like to answer that.
That's a great question. Ivan, can you hear me okay?
Yeah. Yes, I can hear you.
Okay. That's great. So I was asked that question a few times and it's interesting. It was a few things first. It was that it wasn't just about the social identity integration, but you know, what did the overall identity management infrastructure look like? So as we actually competed with some of the other, you know, I'd say social identity focused identity and access management venture, like gen rain and giga Audi dust recognized that they needed more, they needed to actually have a single platform that only supported their consumer facing social identity integrations, but also, you know, the other applications and support the other use cases. And the second was they looked at ping and how we supported standard interfaces for the, the various social identity providers. And at the time the request was, you know, 32 unique identity providers across the globe that they needed to support and ping was really, you know, hands down on the leaders in, you know, providing that standard based level of integration that they were looking for.
Thank you. Thank you. Now we have another question. This is a very, very active audience, which is asking recently, we heard that Microsoft ping partnership where ping is providing on-premise help for Microsoft as your identity and access management. How does that play play into P's cloud strategy?
Yeah, it's a, it's a great question. I, you know, had a good chance to sit with Alexei and he, and I actually even did a video together that talked about what the, this relationship looked like. And as we looked at, you know, ping strength within the enterprise and our ability to really take legacy and proprietary environments, transition them to a standard to be able to do business on the net. You know, we started to look at, you know, as enterprises start to interface with various application providers, as well as infrastructure providers and platform service providers, you know, we were in a very good position to help enable that bridge. And so if you look at, you know, many applications and many customers are migrating, some of their identity stores out to Azure ad, they're also migrating a lot of their Microsoft applications out to the cloud. And so we look at those transitions to these various platforms, no different in customers, migrating application to Amazon, as well as Azure and Google, we see a ping that will still, you know, remain or maintain our status as over that Switzerland of identity and being that one single independent provider that can provide identity management at this broader internet scale. So we see that it's going to change perhaps our cloud environment, where we certainly, you know, anticipate that ping will still be at the center of your identity management needs.
Okay. Thanks. Thank you very much. Sorry for the slight interruption there. So we now have a, yet a further question, which is what kind of fraud analytics do you support in ping to help with identifying potentially false logins and so forth?
Yeah, so we work with third party vendors and if you're familiar with Ping's identity, you know, it's identity find security Alliance or IDSA. And in that relationship, you know, we work with threat metrics primarily to, you know, interface, you know, with them to be able to, you know, identify fraud and risk scores and be able to support that need. So it's done through partnerships, not directly in our application or our services.
Okay. That, that was an important question. So yet another question from the audience, and this says while implementing cloud solutions for intranet applications, will it be done through a kind of Federation setup job? I mean, will each application be set up as a Federation? And if so, do you see that as an overhead in terms of network traffic?
Yeah. It's interesting question. I, I guess I don't see it as an overhead in network traffic. I, I do see most applications and most of the vendors we have that we work with that are in support of enterprises are, you know, doing that with a know a federated architecture rather than looking at kind of the traditional screen scraping methods. So I do see Federation, you know, continuing to be the standard. I think open ID connect provides a very lightweight framework for enabling Federation at scale. I see, you know, skin, you know, that kind of the emerging protocol for doing identity provision under a federated architecture, but I don't anticipate that it has an increased number of traffic, you know, you know, and I, I, I dunno how to answer that question outside of, you know, certainly if architected correctly, there isn't a lot of traffic that would be associated to that.
Well, I, the question will also come to you in text and with the attendees. So perhaps you'll be able to reach out to them afterwards and get more details.
Yeah, that sounds great. So,
Okay. Now the next question is what are the most common challenges faced by enterprise customers when introducing multifactor authentication for, I, I a, a S infrastructure as a service.
Mike, do you wanna answer that or do you want me to
No, no. I think, I think the best thing would be for you to say what you are meeting in, in your case.
Yeah. So what we found with, you know, infrastructure as a services platforms, you've got two elements, you've got the admin accessing the, you know, IASS or is services as well as they have the user. So let me answer it in the context of, as you move applications out to an infrastructure as a services platform, and you are desiring to provide multifactor authentication services for those applications. In many cases, it's, you know, moving your Federation architecture out to Amazon, as I talked about you put your access enforcement gateway or else agents, you know, with those applications out to that platform, have them integrate back to your identity, our Federation server on the backend, and as users authenticate, you know, it release then users authenticating via the Federation service. If policy exists to be able then step up authentication to those is services. It's a simple integration to ping ID is a cloud service or some third party strong or multifactor authentication vendor that's available. So it really is as simple as migrate the service, the applications out, put in, you know, essentially an enforcement point in front, either the, you know, proxy or, or agent, and then tie that into the Federation backbone that you already have.
Yes. Thank you. Yes. And this is a, an interesting point, as you say that I see a lot of emerging solutions that are coming around the cloud, where people are trying to provide cloud specific solutions and really all of this needs to be done in a common way, rather than there being a specific solution for the cloud and another specific solution for on-prem and the, in a way the cloud needs to be treated as part one of these many components that have to be managed, but they should all be managed in a, a, a common way. So thank you very much for your insights into that, Lauren. You're welcome. I think that we must be coming to the end of the questions because all the ones that I'm seeing are, are right. Privileged access management, but it says, does ping identity solutions cater for this? Well, you clearly said you do. So perhaps you'd like to answer that question from Ping's point of view.
Yeah. So as we talk to many customers, you know, there are a lot of privileged identity or privileged access management solutions out there. And as we talk to customers, they said, you know, there's perhaps a lighter weight method of addressing the needs of privileged access management. So I don't tend to say that we compete directly feature to feature with other access management vendors in particular around the ability to simulate recordings of admins accessing various site. But what we can do, which many customers have leveraged is that ability to provide a unified multifactor authentication plane centralize the authentication policy, also centralize the access request, policy and environment, and then provide a robust auditing framework so that all activities and events are logged for those admins. So there really isn't, you know, entering, you know, the privilege access management market, like competing with cyber art, but certainly providing a lightweight solution for unifying your identity and access framework, and then work in concert with some of those other access privilege, access management vendors to do the recording and simulation and some of the other activities.
Okay. Thank you very much. Well, it looks like there are no further questions from the audience. So I'd like to just ask a question. One concern of many organizations is that if they choose one vendor solution, that this means they have to kind of tear out or they're prohibited from using any other vendor solutions. So could you talk to the subject of how your solutions integrate with other services and products to work harmoniously with them in, in the customer environment?
Yeah, that's a good question. We quite often, during the modernization of access management process, it really becomes, you know, two to three phases as customers start to, you know, transition applications to the cloud. And first, you know, what happens is, you know, they have an existing legacy identity management system. That's, you know, about 90% of the times we're seeing that in it's a case where they may have site manager or Oracle access manager, and they need to be able to integrate with the more modern architecture before they're able to transition to the cloud. So we have about 80 plus out of the box integration kits or agents for supporting the identity provider side of that equation or the service provider side. And then with the ability to provide a, an access gateway in the middle, we're able to then give customers an option of, you know, how they want to transition away from these legacy applications of more than modern infrastructure.
So first you can tie in the authentication framework via the Federation server and use integration kits to transform like your site monitor cookie to a standard token, to be able to do business on the, the net and integrate in a standard way with that access gateway as well as then over time, you can start to transition applications to be protected or controlled by the access gateway. And then as you can see, once your authentication's unified, you start to transition various applications to the gateway over time. You can start to migrate those other applications as needed without disrupting the user's experience or without doing a rip and replace.
Okay. Thank you. Thank you very much, indeed. So I, I don't see any further questions from, from the audience and the participants. So I think at this point, it's right for me to say, thank you very much, Lauren, for your very interesting presentation and especially your examples and use cases, which are always really very useful to show customers and people just what you can do as opposed to what is theoretically possible. And so with that, I'll say thank you very much and thank you to the audience for their participation. And remember there will be a recording of this available tomorrow. Thank you, Lauren. Thank you.
Thank you, Mike.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Evolving Identity and Access Management for the Digital Era

Join Identity & Access Management experts from KuppingerCole Analysts and Broadcom as they discuss how business IT is changing, and the implications for IAM. They will define modern IAM and explain why and how IAM needs to change to support modern app development, regulatory compliance,…

Analyst Chat

Analyst Chat #156: CIEM Is Entering the Privileged Access Management Market

The PAM market is changing and expanding. Paul Fisher talks about the latest trends for Privileged Access Management, the role of CIEM, mergers and newcomers in this important market segment.


Continual Access Control, Policies and Zero Trust

Trust no one, always verify. We know that Zero Trust phrase already. But this principle is rather abstract - how and where exactly should we do that? Martin sits down with Jackson Shaw, Chief Strategy Officer at Clear Skye to discuss one very important part of Zero Trust: Identity and…

Analyst Chat

Analyst Chat #154: 2022 Wrapped Up - Major Trends in IAM and Cybersecurity

Another year gone already! It's time to take a look back at 2022. Martin Kuppinger and Matthias talk about what happened in the past year and identify top trends in IAM and Cybersecurity. They go beyond technology but also look at processes and business models. By this, they also…

Event Recording

The Future of Access Management: The Role of Contextual Intelligence, Verifiable Credentials, Decentralized Identity and Beyond

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00