Good afternoon, ladies and gentleman, welcome to our cold webinar, easy and secure user access to sensitive information. Why multifactor indication is the patent key to company's most vital possessions. The webinar is supported by microfocused speakers. Today are me Martin, ER, I'm the CEO, founder and principal Analyst and ran lift who has been formerly president and CEO at OASAS. And right now is working for Microfocus, which have acquired is from company. Before we start some general information on some housekeeping information could be a call as an Analyst company, we're providing enterprise it research advisory services, decision support, and networking for it professionals through our research services, where we provide reports, market overviews, and a lot of other stuff through our advisory services, where we directly support both NGOs organizations, others ERs, and through our events, which include for instance, our upcoming European identity and cloud conference.
So when looking at these upcoming events, I want to mention on one hand, as I said, European identity and cloud conference, which will be held in May 10th to 13, again in Munich, it's number 10, it's a master turn event. You definitely shouldn't miss this event. And then there will be in September 21st, 23rd, a digital finance world, which focuses more on finance industry in FinTech to be held in Frankfurt, some guidelines for the webinar. You are muted centrally. So you don't have to mute around with yourself via controlling. These features. We will record the webinar and the podcast recording will be available latest by tomorrow. And there will be a queue and a session at the end, but you can end the questions at any time using the questions feature in the go to webinar control panel. So if you have a question just it, then we have a, hopefully a long list of questions, which we can handle in the Q and a session at the end, the agenda for today.
So I will start and I'll talk about the concept of adaptive authentication, including clearly all the multifactor aspects and what we call adaptive policy based that X management, why is crucial for proper access to information that we have authentication that is dynamically changed and adjusted to the circumstances. So we need to support from my perspective, multiple factors, we need to be flexible in this factors we support. And the second part then will talk about how a one sub solution could look like that provides users with consistent, easy to use and secure access from various devices, sensitive data stored in their company's on data center or store by third parties or in the cloud. And as I've said, then the third part will be the Q and a session. So I want to start a little bit high level and the ones a few you have have been listening to a company called webinars and the recent past probably have seen that slide already.
I think the fundamental change we are serving these days is that everything and everyone become connected. So this connectivity challenges are even bigger than they ever have been before. They are sort of ever growing. And we have to understand that there are more and more people we have to deal with, which are using a multitude of devices. So it's sometimes little traditional PC it's tablet. It might be a mobile phone. It might be other types of devices. People are using to connect or which are used sort of indirectly. When we look at connected devices or the things which are used sort of indirectly as you cannot people. And that means so the days where we could say, okay, we have to look at how can we authenticate someone from HPC. They are passed. We still have to understand how can we authenticate someone when he's accessing from HPC, but we have to do it as well.
If he's using a tablet, a mobile phone or whatever other type of device is popular in these days or in the future. And who of us knows which devices will be devices of choice, let's say in two or three or five years from now, most likely it'll be something different than we prefer today, because change is probably the most reliable thing we are currently are, are facing. So it's an ever-changing environment we are in. And that means we have to become more flexible and first and all. And I think this is another challenge organizations are facing. And from what we hear from a lot of organizations, it's really one of the, the major trends. When we look at how we looked at identity, access authentication and all that stuff over the past years. So formerly it was very much a employee focus. We said, okay, we need to provide strong authentication to our employees.
Yes, true. We need to do that, but it's not only the employee anymore. It's about how can we enable secure access for business partners, for customers and consumers also in a broader view for services. So we have to manage all that. How can we do it regardless of how someone accesses and how can we do it for everyone who wants to access our services regardless of where they reside. And this change, I think is another very important aspect. So we don't sort of have the opportunity in emergency say, okay, this is our close group of users, ideally, with a defined set of devices, they are using it's all types of users, all types of devices to all services, our organizations using regardless of where the services are running. And this is a far bigger, far more complex challenge than what we have been seen for.
So our challenge is we have to support multiple identities. We have to support different types of identities, but we need to do it in a very flexible and at agile way. So businesses have to be at trial. No doubt about it. I think a trial is one of these more persistent passwords. So for some years, and it's not disappearing, I think it's, it's very logical. So when we look at transformation with changes in the business, models, changes in the partnerships. Agility is a, a key requirement for organizations, organizations need to be at trial. And for when we looked at this from a, from an access control perspective, as one of these things we have to look at, there are many things we have to look at when we talk about agility, then it's about, it must be adaptive. So our authentication must be flexible. It must adapt to the context on one hand, but it must be also flexible in the sense of, we need that to be bound to one type of authentication, but we need to support various types.
We need to be flexible enough to support whatever might be the next trend and strong authentication. Be it fingerprint devices on smartphones, be it, whatever Iris scanners be it face recognition, be it some more down to earth technology, which we might use such as OTP or whatever we need to be at trial. We need to be flexible. We need also to be more dynamic. So when we have this environment where people access with different types of devices, obviously that's also where context then comes into play. We need to make decisions at run time, depending on context, on the strengths of the authentication type of device, whatever else. And that's also where the context comes into place, the roads, attributes, wise types, geo location, whatever you can imagine. And we need to be more flexible in a world where we have various types of users. Not only are employee anymore with a multitude of devices, which are accessing systems, which are run in various locations.
And that means we, we need to get a grip on contacts and policies on one hand. And on the other hand, we need to be extremely flexible when it comes to support of authentication mechanisms. So the context, and this is we, we use the term for adaptive policy access based management based access management, which goes beyond what you might know as for instance, apex or the attribute based access control. So basically it's about understanding to context, acting in context, also having policies and about policies, which allow us to define in which scenarios someone allowed to do what this is, where we need to move. And this means we need to understand which device is used, where is it all that stuff? And how do we, how can we support all the various types of false indication mechanisms? So when we look at them, this is a slide I've brought up a while ago.
When we look at how identity and access management is evolving general. So we had a very administrative focused identity access management some 15 years ago. So talking about made directory services, then provisioning came into play with some more business perspective. So how can we define some simple processes? Then the access governance part came, came up. So detecting all the rules, all the rules met, can we do the people have only the entitlement entitlements, they should have cetera. Right now we are moving towards access management treated, which includes a massive new types of technologies, such as better analytics, but also adaptive authentication and authorization. So moving away from, oh, let's use that type of OTP because that's good enough for all our employees towards let's use something which works in every scenario, which works, whatever we want to do. And this is from my perspective, one of the major changes we are facing here, and maybe to answer a question, which just came up, the presentations will be available for download as well. So not only the recording of the webinar, but also the presentations will be available for download, download. Okay. So in fact, our overall looks a little like that. We have people coming in from inside people coming in from outside. So the who changing the who's far more diversified the ever before the what, what or which devices uses farmer colored farmer.
You have so far more differentiated than ever before. More types of device. I talked about it and where are services again? It's not only the application application. We were internally, it's our business partner applications, which might be running somewhere out there. It are cloud services, whatever else. And then the house we need to access. It web-based access also with traditional types of access. I don't have all the lines in here. We are APIs if back or backend service is accessed, we are an app or whatever else. So we have a very broad range of types of access. And that means we have to support it in a flexible way that we can say, okay, we can secure all this service in an adequate way, but putting in putting something in between, which allows us to deal with all types of false indicators and all types of devices, all types of access, all the barriers and varying requirements.
This is where adapt force indication platforms come into play platforms, which on one hand are very flexible in the support towards the backend. So you might have your internal users, which still need to access the mainframe. And the next minute, the same user might need to access a cloud service. We are a Federation platform. So ideally he uses one authentication. He uses one platform or in the backend one platform is used with set of policies, which supports this authentication, but also defines what is good enough to do what, which backend application. So we need something in between, which helps us consolidating the authentication, not adding up with, oh, this is our approach for the mainframe. This is our approach for the cloud. This is what we are using for our standard, whatever SAP applications and data and data, and that we need to consolidate it because this is also about not only about security, security is an important asset here, important element here, but it's also about user convenience.
We need to make it simple, standardized, and it needs to fit. And that's another part of adaptiveness. It needs to fit to the use. If I use my tablet, I might require a different approach than when using my smartphone. And when I'm in my home office, even something else might be adequate, probably it's the same as for my tablet, depending on the type of tablet I have, but we need to be flexible. And so what we need to understand is we have a need for platforms which allow us to use different types of indications in a flexible way, integrating with a variety of different types of bag. So we talk a lot about adapt, authentication authorization. So ideally also there's some authorization which tells us, okay, based on that level of authentication, that risk you have from your context, you're only allowed to access an application in a certain way, but this is more, more a background question around how do the applications react? Are they flexible enough to do so? So let's put, let's put the emphasis more on the left side, which is we have identity of context. We have different types of credentials. We have this, all these various factors and we need to have a system which allows us to adapt our authentication to this ever-changing situations.
Multitude of use cases we need to serve based on policies and being really flexible. Maybe at some point of time, we then then even can move towards something which takes fraud information into account. So sort of automatically responds to our fraud. That would be more the, the, the future. But anyway, even in that situation, the basis is we need to have a flexible authentication framework. Unless we have that framework, we will fail in supporting the changing requirements with more types of users, more types of devices, ever-changing demand for different authentication methods on one hand. And on the other hand, security, which requires a strong authentication, which requires us to go beyond username password and on the other side as well, convenience where the user wants something, which is easy to use, which is, which fits to the device, which is familiar to him. And ideally strong enough anyway, how this could be done. That's the second part of this webinar. And that's where I want to hand over right now to who will be right now, talking about how this could be done, how such a platform could look like. LE's your
Thank you Martin. So my name is from the drift and I'm going to walk you through our solution. So first I want to introduce to you Microfocus for those on the call, who dunno Microfocus Microfocus has been around since 40 years. And basically their focus is on helping their customers to exploit all the advances in technology whilst reusing all the investments they already did in, in hardware or systems, they already have running, they're have a broad portfolio of products and especially their identity access and security portfolio is a complete portfolio with IBM stacks, enterprise and web single sign stacks. And of course a need set of authentication framework and a security incident and event monitoring system. So be able to provide a complete package towards the customers. So some figures about Microfocus, it's a global company with, with almost a hundred offices around, across the globe. We do 1.3 billion turnover, 20,000 plus customers, 5,000 plus partners. And we are growing rapidly in employees.
So here is a subset of our customers, as you can see, are we, we have a very set of very nice, big global customers, but nevertheless, also smaller companies are using our tailor made solutions. So back to the topic as for today, the strong authentication part. So if you look at the strong authentication today, it is tough in the enterprise with regard to the business drivers. What we saw in, in the last century, it was about information security and less about compliance. And since 2005, we increased regulations. We see that the, the, the purchase position of these kinds of solutions are basically yeah, for compliance reasons, but implementing strong off solution for compliancy reasons. Isn't isn't enough. If you don't take the other boxes of integration, user convenience, the total cost of ownership and the reuse of existing authentication hardware, for instance. So if you look at the strong authentication, as it is today, you can see that most strong authentication hardware vendors are trying to force the customers into a vendor lock, which by itself puts the enterprise in a difficult position. So the authentication events that is moment in times where you want to authenticate, or reauthenticate the user that has increased with the complexity of the hybrid network. So on-prem in the cloud, private clouds, whatever the number of applications and the number of users, devices exploded. And then there's something called BI O D all those developments create a fine authentication spaghetti mess. As you can see on this slide in shortly, it's becoming quite a puzzle to select and implement a strong authentication platform for the enterprise. Well, let's see what we came up with.
So for us, it's just another jigsaw we've designed our solution from the ground up via deconstructing authentication into methods events. So any moment in time that you want to authenticate a user policies and directories and or repositories that design is consistent throughout our software manuals, making things very easy and transparent to use on the method side of the question, we support almost every authentication technology that's out there out of the box. And if a potential customer has some exotic, strong authentication method that we don't support yet, then we have a standardized process to add this methods within four weeks, fully documented and desk. And because all methods are plugable easy, does it. So on the event side, we support all on-prem and cloud authentication events. And fourth, third party applications. We have a rest API for custom integrations if needed. So here more schematic version where I want to stipulate that we support user repositories in mix and match whether those repositories are on-prem or off-prem in the classroom. So we support all major devices, including an O six client with full Fido, U twos support. And of course, all the other supportive methods. So biometrics cards, OTPs, radius, whatever. We also provide a pattern module for Linux two. And we believe in an authentication framework where the operating systems shouldn't be the limiting factor. That's why we support a more.
So if you look at our yeah, USB, so to speak, our framework is based on open and common industry standards like oath FIPs, and we support network and remote access out of a single framework, like previously told you all authentication methods are plugable. So you can mix and match every authentic methods in the network, and you can reuse whatever tokens or carts you already have that you already purchased in the past. One of the neat features that we have in the framework is that you can create your own multifactor authentication methods through something that we call chaining. So what we did in the framework, we flattened out all the authentication to the bare essence. So we have a pin authenticator, password, authenticator, fingerprint, authenticator card, a syndicator, and you can chain those in, in whatever sequence you want and apply that chain on a specific authentication event. And that makes it very flexible and very powerful. And whether assist admin does the training, or you have a risk based engine to provide it for you, that's something you can tailor.
Like I said, all the platforms are supported. iOS windows, all the common windows are supported, including Linux and OS. If you look at the fingerprint and cart, authenticators by itself is a small piece of middleware, which supports the major fingerprint readers. So from a user perspective, it's very convenient. He just selects fingerprint. He doesn't know the brand of the reader it's automatically done, and the same goes for the cards. So you can mix and match whatever card technology in your network. And it's automatically done by the, the software to adjust whatever is needed. So you can mix and match platforms. You can mix and match user directories. Of course, there is a central policy management. It's an appliance based solution. So very rapid deployment. And what is very hip nowadays, it's, it's a fully Fido, UTF certified client service solution. So you can use phyto tokens. Even if you have a win seven client, you can use Fido under your brows, which is very convenient. As I said earlier, we have a rest API for easy integration and a standardized process for development and deployment of authenticators.
So if you put it in the, in the whole of the broad micro focus portfolio, software solutions for the various businesses of the enterprise, our authentication frameworks works cross portfolio. And besides already the existing integrations into our IDM stack sales sign them, it's worth mentioning that we are about to launch this quarter. The integration for the Roomba reflection for the mainframes Roomba reflection are the terminal emulation pro applications for mainframes. And we have a full integration bringing unparalleled security features through the mainframe world. So we have several mainframe customers actually waiting for this product. And it's nice to bring also modern user convenient authentication methods to that platform. It's really exciting. So of course we provide all the authentication hooks, so to speak for, for instance, a seamless security incident, an event monitoring system to perform things like step up or graded authentication, as you can see, the, the whole architecture of the framework is very flexible. Basically it's a giant switchboard, which makes it very easy and flexible to use. So I want to go over with you to a couple of customers that,
That are using the framework and the reason why they selected our technology. So one of the customers is a, is a chip manufacturer, 30,000 users, and they needed strong authentication across their whole population of, of, of users. They had various technology, they wanted to implement like smart phone authentication, but in areas where the phone wasn't allowed use UBI keys fi U two F compliant tokens. And basically they selected our framework because it easy integrated with their existing IBM infrastructure. And they could leverage past investments. And of course leverage all the future options for biometrics or whatever extensions they want to do on the authentication part. So one thing that was mandatory, they have a hybrid solution with windows and max. So we are one of the few that support it. So what I did in the presentation, as you can see, there is a video reference because these presentations you can download. So I referenced to the YouTube pages where you can basically look, look up the video and see for yourself what, in this aspect, our framework brought to the table, the other solution, wasn't more, it's the biggest toy manufacturer in the world.
They had a security challenge in, in, in China, whether needed to protect the assets and they chose to protect the assets with biometrics and carts. And during the conversations, eventually the system will be rolled out across the whole of the company, the enterprise, including the blue collar workers, where they will use the framework to use their access card technical, to sign in and sign off batches. One of the things that was mandatory here is that the customer wanted to reuse their laptops with building fingerprint readers. And those were variety of brand brands. So with our frame, you know, fingerprint, authenticator, they were able to leverage, yeah, all those former investments. Once again, here is also the hook into the YouTube video.
So one of it's not a very big installation. It's the Dutch cancer Institute. They allowed us to use, they are showcase. So they allow us to use them as a reference customer. But it's important in this hospital because it's, it's a cancer treatment hospital and all the patients have a room for themselves, but it's a very small room. So in that room, there's only room for one terminal, which happen to be a line terminal where they do their Skype or watch television, or do some ordering inside the terminal is, is an HRD contactless reader. And when the doctor or nurse comes up to the terminal, they just tap the batch via Citrix session. Citrix comes up there, the patient record because the system knows which patient it is, then they can do their, their treatments or whatever they need to do inside the system. Tap again, and the patient can look or Skype any further. It's a very neat system, very fast, and they rolled it out across the whole hospital. So it's not only on the Linux bedside terminals, but also on the window stations and the computer wheels. So that's what cows are here in the presentation. So write it down in case you download don't email me a cow is a computer on wheel. So there is a nice video of the Dutch cancer Institute and the, the reference here, just click on the link. Once you downloaded presentation and look, look for the video Martin, I handed back to you,
Thank you. I'll make me presenter account. And then I think we directly go to the Q and a session. So again, to all the attendees, if you have any questions, please enter them. I already have a number of questions here. So let's directly start again. One of the questions was around downloading the presentations, as I've said, forwarded presentations. It will be available to download together recording the same place where you were justed for this webinar, or could be a call website. Then I have a little bit more technical question to you then. So can you, with your advanced education solution address the mix and match of user directories? So you talked about this, so does this mean that's the questionnaire that AAF for instance, can work with? Let's say a local active directory, maybe an Amazon web services. I am concurrently. So can you mix different directories in different places here?
Yeah, that is possible. So basically you, when you set up the system, you can add response and basically yeah. Apply all these strong authentication methods on the various repositories and events where those repositories points to, so it doesn't make any distinction so you can mix and match them. Yeah.
Okay. Hmm.
Yeah. Go ahead.
No, go ahead. If you'll left more to
Answer. Yeah. So if, if, if, if one wants to know how specifically it works, please drop an email. After the, after the webinar, we, we have extensive documentation, but you can also download the demo. That's always a possibility and see it for yourself.
Okay. Next question. If you, if a customer already has net IQ access manager, it sounds like AAF full trust need its own appliance. Is there another requirements such as an additional VM server or something like that? Or is it no, really only the appliance?
No, it's fully integrated already with access manager. So it works all out of the box. Just deploy the authentication server and you're good to go.
And one appliance for all the various Pega systems.
Yes. Correct.
Okay. Another question which came in, do you have any hints how to migrate the existing web access to a single access management solution with two factor indication? So the customer or the person asking this satellite access costs, I'm wondering about broad project costs probably depends on which web access management solution is in place today. So obviously it's easy when you already have Microfocus or net IQ access manager in place, because you don't need to migrate. It might be a little bit more complex depending on the type of access management you're using.
Yeah. Correct. But then again, it's, it's, it's very open basically because we are open standards. You can use the API to connect basically any access manager, single sign on to, to the system.
Okay. And, and maybe a point which is important here for my perspective. So the concept of I access management, same as Federation is that it's a more a gateway or whatever you'd like to phrase it approach. So it sits in between the user and the applications with being not very intrusive in most cases. So it's rare that that applications are really changed and adapted to a, to an access management application, which means that using rather open interfaces or maybe sometimes those more proprietary ones, but it's relatively easy because you don't have to fix the code of the applications in the back end, usually in most situations. So that should be relatively straightforward.
Correct? Yeah. Okay.
Another question I have here, can you explain your remote access functionality, how it works and what is supported?
Yeah, so, so if you look at our remote access solution, so it's, it's a lot compliant. So when you look at, for instance, from a smartphone, you, you have the normal OTP generator, but we build in something neat by push technology. So when you authenticate on a device, you get a push notification or your mobile and the app is either protected with biometrics or not, or pin code or whatever your policy is. You enter the application, you just press yes or no. It's completely out of that. And you see the application locking through and the need functionality of that is that, especially when you do authentication on the same device, typically with, with normal OTP, you get timeouts with the, the authentication requesting application and with the push technologies that we preferably use. That's not the case. So you can just switch to the authentication application, push the yes or no. The other application automatically locks through. So you don't have to go back copy paste and OTP in and with the risk of time out. So it's very convenient, very fast. And because it's completely out of band, you have basically two channels. So it's very difficult for a hacker to be on both channels.
Okay. Thank you. You, another question which came in, I just read, I've heard Fido mentioned being mentioned a couple of times, what's the relevance. Do you wanna pick, or shall I
I'll leave it up to you?
Okay. So Fido, the Fido Alliance is a consortium of a number of vendors in the authentication space, but also from various other types of providers. So Google and Microsoft, and most of the big ones already are part of the fi Alliance. And the basic idea is to have a standard, which interfaces between strong authentication technology that, that is built into devices, or that is running at the front. And in which way ever, it must not necessarily, or it's not, Marily built in to the bag system. So Fido is sort of the standard between authentication technology, such as a fingerprint reader, the smartphone, or Iris can the smartphone or whatever else you could imagine here, or a UBI key, or you name it and the bag systems. And so instead of, instead of being, instead of the, having the need to at every single technology, which is supported at a front end device, there's a proprietary connection to your education system. When you support Fido, you can work with all the fi devices which are out there. And it's the growing number of such devices, particularly in the mobile device area, where list devices that have strong Aion support. So that means you're getting far more flexible and supporting broad variety of authentication. In fact, authentic, somewhat some user is trust using because he has a certain device. So that's, I think a very essential part, both from, for security integration from also from a convenience perspective.
Yeah. If I might add Martin. So we, we were one of the first to build an integration on behalf of a big chip manufacturer into the windows stack for final two F. So basically we were the first windows integration. That's why we supported since windows 2007 and up, and I think it brings big benefit to the customer. You see that the, the, the average cost of hardware authentication hardware is going down whilst the connectivity and or the variety of options you have is increasing. So we are very supportive of this initiative. We are at the final member sponsor level and very involved into final and committed.
Okay, perfect. So it looks like we are done with all the questions we have received. Oh, there's another one. The question is, is there a builtin two factor authentication module in there? Or do you need any way to integrate a third party element?
No. What you, what you can do, so integrate it out of the box so you can download all the apps for free. So you, you just, these, the, the, the framework,
No, not necessarily Fido, but, but in general, more at your AAF solution.
Yeah. So in the so supported is basically all the strong authentication methods. So you can use any token that you already have in the framework. So from that perspective, you don't need to buy anything else and you can use your phones or your smartphones to authenticate even on windows level. So there, there isn't a direct need, but there there's something. If you look at the, the, the various definitions. So our strong authentication platform is typically a multifactor authentication platform. You can do two factor username and a card or a password and a card, but you also can apply biometric to it. So I think in the end, over the next few years, we will see that two factor isn't enough. So where the majority of the vendors are now pushing two factor authentication. I think it's, we, we really need to go to a, a world where multifactor authentication is the only option. Okay. Nevertheless, we support everything out of the box and you can apply a simple tool factor authentication in our framework.
Okay. Thank you for the answer. Okay. We are done with all the questions. So rain, thank you very much for your presentation. Thank you to all attendees for listening to this call webinar. If you have any further questions, don't hesitate to email, to rainy or me, and hopefully you will attend one of the upcoming call webinars. And hopefully I see you in person at our upcoming European identity and cloud conference. Thank you. Goodbye.
