Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
This presentation is titled day after tomorrow. So we are so, so when, when talking about nitrogen state, we might end up with diehard four oh, as a movie right now. It's the day after tomorrow, please welcome Hila me of CA technologies. She will talk about security challenges of the future. Yep. Here you go. Thanks.
So, yes. Now we're going to talk about time travel. We're going to travel in time to the day after tomorrow to see what are going to be the future challenges after the wave of mobility, social and cloud. Okay. So I've built this time machine, especially for you. And it will allow us to understand what is coming in our way and by understanding what is ahead of us, we can make now today some smart decisions and smart investments that that can help us deal better with our future. So I'm going to try and answer three questions.
First of thing, first of all, it'll be what is happening now that will continue to happen. What are the technology trends that we're witnessing right now that we'll also see tomorrow, then we'll talk about, okay, as managers, as CIOs, CSOs, what are going to be our management challenges in this given situation. And then at the end, we'll talk about what are the kind of things that we can do today in order to improve our future and be well prepared to what's heading on our way. Okay. So what's happening right now.
We all talk about this famous Troy car that Martin Kuppinger talked about a while ago. So cloud computing is happening. Mobile is happening, bring your own device, social media, it's all happening. And guess what? It'll continue to happen in an amplified way. We'll see more of that, but it'll continue to be there. Another thing that we'll see that is happening more and more will be machine to machine integration and connectivity, and also cyber threats. We were talking about it a lot today. Cyber attacks are happening in a larger scale day after day, and it'll continue to be this way.
We will have to handle it. Another thing that is going to happen is that guys, we will not have more budget today. None of us have growing budget and our budget will continue to stay either flat or maybe even going down. So complexity will go higher. We will be requested to do more and more thing in a more complicated environment, but we will not have more budget to do that. So it will force us to do things in a smarter way, in a more intelligent way. Talking about cloud, we've done a survey around few months ago and analyzed the European market.
We contacted around 300 organization in Europe and we ask them, what is your attitude towards the cloud? And so clockwise, you will see that the pink one are the cloud enthusiastic. The one that will go first to the cloud, and then it goes around the clock and the ones that are green or orange, these are the cloud avoiders. So we see that around 57% of the organizations are already accepting and embracing the cloud. And this will clearly continue to grow as we move toward the future.
And at the end, in a couple of years, all of this pie chart, most of it will be a cloud adopters and a small portion of it, of organization that their kind of business or their kind of sector do not allow them to join the cloud. This will be a very small group of what we call cloud avoiders. You can also see how the different countries in Europe deal with the cloud and their approach to the cloud. And one of the surprises here was, and it's not really a surprise was that Iberia, the Spanish market is really embracing the clouds, really accepting it more than any other country.
And there is an explanation to that. If we look at the economic situation right now, especially in Spain companies over there that avoid large investments right now, and the cloud in this specific point of time offers them a right, a way to do things and evolve their business and, and grow their business without doing all this kind of fancy big investments. So it's a nice explanation to what we see here. Then another thing that we looked at were social media, how do we use social media identities?
And again, here, the numbers are not that high. And clearly we will see more and more companies adopting social media identities for their marketing activities, for the sales activities in order to interact with their consumers, but also in order to deal with their employees. So think about it in the future. It might be possible for some of our systems, maybe not the core business sensitive one, but for some of our systems to rely on social media identities in order to allow access. And another thing that we looked at were how about the parameters?
How do we open our systems to external users? And what are the reasons that we open our systems to external users? So we say that around 58% of the organizations, they open their systems for consumers or, or users from a consumer organization to access the systems that we're supposed to be considered internally. And the main reasons why we do that is for business reasons, because we want to do more business. We want to transact directly with our customers and this thing, this trend will continue to grow.
And we will see how parameters are dissolving and different identities and different users from different locations and different originally come and join and access our network, which brings me to the point that now with the parameters that the traditional perimeter are dissolving the inside and the outside are being merged. And we have cloud environments, we have mobile devices accessing our networks. The only real perimeter that we have that we can still control and we can still rely on is the identity of our users. So it can be a customer of ours. It can be an employee, it can be a partner.
It can be a mobile employee out there in the field. Doesn't matter, based on their identity, we can allow them access to the different environments and that we control. So we understand what is happening from the technology perspective, what is happening right now, what will continue to happen?
Now, let's talk about security. What are the security challenges that will happen, that will impact us? So we did this kind of LinkedIn poll and we published it on the coping call, LinkedIn page to see what do you guys think? And I think that few of you also voted here. So here are the results for those of you that, that voted and are really interested to see the results.
So most of the things that you will see here are not so new people are talking about cloud migration, eh, privileged identities, compliance, identity governance, the insider, threat, privacy, all these kind of threats and challenges they exist already. And clearly as we move to the cloud and we embrace the cloud, it will continue to be, but what about some new things? And here is something that we got in one of the comments system trust. How do we know that our systems are actually doing what they're supposed to do to do and what they're reporting to us that they're doing? Okay.
Now think about it. If in the world of machine, to machine connectivity or in scatter systems, if I don't trust the system that it's reporting to me about what it's doing and that I can rele that it's for real, then we might have a real problem here. And this is something that is not that new actually Norbit Viner, who is the father of robotics. He was talking about it in the sixties, and this is going to be, I believe another major challenge for our security guys.
Do we really trust our systems and the output that we get from our systems now, as managers, we know the challenges that are heading our ways as managers, what is expected to us? What are the management challenges that we will have in the futures as CIOs and CSOs?
So again, we, we did a poll and we ask people, so as managers, what will be the key initiatives, the key challenges that you will face. And the most important thing that people mentioned was a holistic security across channels, working in a multiple channels environment. And how do we manage security? The challenge of managing security in a multiple channel environment, others talked about outsourcing security and how to manage security in an outsource organization and so on.
So let's, let's talk about it. Clearly, the role of the C S O is changing, and it's becoming a role of an orchestrator that orchestrates an outsource organization. And we are talking about systems that are outsourced, and we're talking about people that are outsourced. So today we might be managing a team that is actually reporting to us, but in the future, it'll be different people that work for different organizations, some vendors, and some partners that form our security team in our it organization.
And then comes the question of how do we audit it and how do we answer a question of who has access to what and why in such a complicated outsourced organization. Another question, and another challenge is how do we consolidate identity and access management for employees and consumers right now, traditionally, we tend to have two separated environment, two separated mechanisms for identity and access management, one for our internal employees, and one for our consumers. Many times it's managed by completely two separated teams. Does it make a lot of sense?
If everything is in the cloud, if we allow different devices to access the organization anyway, if parameters of dissolving, does it make any, does it make any sense to invest wise in the same mechanism that does authentication and provide access to systems? And this is a real use case. It's a utilities, it, large utilities company from Europe that we are working on a project with.
And they had this situation with a very complicated landscape, with a lot of users, customers, employees, mobile employees, partners, accessing systems in the cloud, accessing on-premises systems, a lot of repositories and directories that are out there. And what they realize that they need to do is that they, that for them, it's good enough to have one central policy engine that will provide federated authentication and authorization services all provided as a cloud service to this organization.
So they can now have from the cloud directory services, policy, engine authentication, and Federation. So any kind, any user that will access the organization, whether it's an employee or a consumer or a partner will go through this cloud service with a policy engine. And based on the identity of this user, different authentication methods will be provided and then the right access to the right environment. So in a very centralized way provided from the cloud.
So we see one identity and access management approach for all of the users in the organization, internal and what we used to be called, what we used to call external customers. And the last thing that I want to mention is security across multiple channels. We now tend to treat mobile online as social is separated projects and separated topics.
Again, it doesn't make any sense why invest multiple times in the same thing. Do we have the luxury? Do we have so much budget so that we can run several projects, several parallel projects to deal with all these kind of trends clearly not. Right. So by treating a multichannel business in a holistic way and start talking about identity and access management across multiple channels, we can provide a lot of value to the business. We can talk about lowering the total cost of ownership.
Again, instead of deploying multiple solutions for several channels, let's deploy one solution. We can manage it centrally. If we want to deploy a new business service to our consumers, there's only one environment that we need to update. And when we think about our consumers, we can talk about a better con, a better experience, a more consistent experience that we can provide to them. And these are the kind of use cases and the kind of business scenarios that banks deal with today.
Retailers, insurance companies, and again, providing identity and access management for, for all of their multi, for all of their channels. And consumer channels will make a lot of sense in the future. Instead of dealing it in a siloed way. Social media clearly is one of the channels that we deal with social media can be used in order to promote marketing activities, attract customers to our website by offering them Federation and single sign on between social media and our website. But then the, there is a limit to how much you can trust social media and identities.
And maybe at one point you would like to do some kind of a step up authentication. And when the risk go goes higher, you may want to create a higher trust level and maybe do a higher level of authentication. So social media is one of the consumer channels, but again, up to a certain point, and then at one point a step up authentication is required. So we understand the challenges and the trends and how as manager, we will have to deal with things. Here are some tips for a better future. First of all, avoid silos, try to invest once and then use it multiple times.
So we had one use case about an organization that's selected one identity and access management infrastructure to serve their users, consumers, and employees and partners. And we also discussed the multichannel security, how we can deploy security in a holistic way across multiple channels, instead of dealing with each and every channel as a silo and build its own security environment for it. Start talking more to the business side of the organization. I think Martin, you mentioned it earlier as well. Security must become part of the business.
And you'll be surprised that when your budget goes lower, the guys in the business side, they need to drive the business forward. So by joining forces with them, you might find some hidden budgets that you can use. And actually you can do more by doing that, embrace the cloud, but also make sure that you are moving to the cloud in a secure way. Some of the cloud providers are secure. Maybe they're more secure than you. Others are less or be smart when you move to the cloud.
But, but clearly we are moving to the cloud. And the last thing is about moving to the cloud. There is no magic there. You will have to go through a transition phase.
There, you will have to work in some kind of a hybrid mode for a while. So when you make the decision to move to the cloud and you will all make this decision at one point, make sure that you are prepared for a hybrid mode and make sure that the technology that you're selecting will be good enough to operate in a hybrid mode. And the bottom line is that the role of the CSO is changing. We're no longer talking about the person that is dealing with infrastructure and servers, and about how to build and secure the infrastructure of the, of the organization.
We're talking about a business person that is well allowed with the business of the organization. It's a business service broker role that deals in an outsourced organization, working with MSPs and outsourced environments, run security. What CA technologies you can find us in the exhibition hall CA technologies is a leading it management company. We have our security offering that is focused on content aware identity and access management come over to our booth to hear more we're active in all of the key verticals. And that's it for me.