Event Recording

Joy Chik - Planning for Tomorrow: Connecting Identities for People, Processes, and Things


Social, economic and technological changes are creating urgent new requirements for enterprise identity that enable interconnected digital systems. These new use cases require a governance framework that is consistent, integrated and efficiently managed. It also needs to provide increased security, privacy and reliability while being open. Learn how to respond holistically to these growing and evolving identity needs.

Speaker will be tragic corporate vice president of the identity identity division at Microsoft. Try and please. Welcome.
Thank you, Martin. Thank you. Good morning.
So you will
Need this. Yes, good morning. It is such a great honor for me to be here. This is actually my first time at EIC, and I'm already impressed with all the great speakers so far. So today I want to talk to you about digital transformation and how it is reshaping our world. It reorganizes our business so that we can connect more and more directly with our customers. So while this helps us to be more productive, efficient, and flexible, but it also introduces additional risks. So in other words, digital transformation, while it creates new opportunities, but it also add additional challenges.
So what we see is these are reflected in five key computing trends that is reshaping our lives, both at home and at work. So people on average have about three to four mobile devices. And for me, just by counting the number of devices, connecting to my work, I probably have at least seven and each has its own identity. We all use multiple social media accounts. I saw a lot of tweets about EIC so far. And between LinkedIn, Facebook, Instagram, Snapchat, you name it. I can't hardly keep up myself and I sign into each with a different identity.
Increasingly we use more and a more cloud based applications and services like at home, we connect with families through calendars or to-do list and at work and more and more cloud-based storage are used very commonly, so more identities. So I talked about people on average use about three to four mobile devices, but if fact in the T devices, the number probably increased by at least tenfold. So for me at home, if I just count the number of smart lights, thermostats cameras, or entertainment devices, or my wearables, I might get to like 50. And I bet some of you in the audience may even have hundred, if not more. And at work, there's so many different connected sensors at our workplace and each has an identity.
We all know that a cyber attack has now become a professional industry and even sponsored by nation state. And what is the most effective tactic that attacker use stolen identity and credentials? So what all these computing trends have in common is that they each introduces multiple identities. Identity is the common layer across all these trends. So as these computing trends are creating a huge wave of disruption with the right approach, you can ride the wave and the rise above it and businesses that embraces digital transformation, they can survive and thrive. It is just an economic imperative and a business do not provide a digital experiences for your customers. You simply will not survive.
So as I was thinking about this talk, you know, kind of nervously on my way to EIC. So I'm thinking about what are some examples of that digital digital transformation that really impacted my journey here. I made a reservation for my hotel and a flight online, and I precheck in my luggage and to my flight through electronic boarding pass on my phone at the airport. I only need to use a app to request a car, to get to the hotel. And before I got to the hotel, I already signed into the hotel's website and I create a personal profile so that I can personalize the room the way I want it. And the hotel. I only need to check in using my phone, even though it's morning, I'm already thinking about dinner. So before I got here, I used open table to make a dinner reservation.
I don't have to buy a map anymore. I only need to download an app on my phone and on the way here, it points to out all the historical sites along the way for my journey to this hotel. So I think this sounds familiar more and more that we like to do businesses with companies that going through the digital transformation. It just makes our life so much easier, but there's a problem because each of these services use a different identity. So as you probably could imagine as a head of identity at Microsoft, this got me pretty irritated that I have use multiple identities each time, but at least I did not use the same password. I don't think I wanna manage all these different identities, right? And I don't think either you or your customer want that either. So some of the business really put a digital experience at the core of their businesses.
They don't just do digital transformation to drive down costs. They really use it to engage and serve customers in a new way. So think about Uber and Lyft connecting cus their passengers directly to the drivers, through the mobile phone and Spotify and Netflix connecting customers directly to the digital libraries. They also personalizes experiences like Uber knows who the drivers you want to block. Spotify knows the music you like. And then Netflix recommends the movies that based on your preferences and your viewing history. So what that the common is identity is at the very core of all these successful businesses. And these are the kind of experiences you want to provide to your customers, as well as your employees, with the right approach. You can connect all the different services to each other and to the shared customers to create an even better experience. So how do we do this?
You need a holistic and integrated identity system. It starts with identity as a common layer. It connects people, processes and things so that it can facilitate a organizational governance model and a securing data for your company and your customers. And it must embrace open standards so that we can connect all the different identities systems together. So let us work through each. So companies undergoing digital transformation are connecting more and more entities to their corporate network. And this include the entities that do not managed by the company directly. So on average, a corporate network is accessed by at least 89 vendors every single week. And by 2020, the number of T devices is expected to has 30 billion. So to manage all these identity at such large scale, it can be without a right approach.
Many of you have direct identity based relationship with your employees and devices, but what about your customers, your partners, distributors, suppliers. What about your IOT devices? Identity should be at the very core, the center of all these relationships. And we think with a holistic identity platform, you can create all these relationships across boundaries so that you can have the flexibility as well as a control to manage all these entities that's coming to your business. So an entity carries an identity and it's associated context like the location of the user, the status of a device or the document permission. So as an example, let's say Alice wants to, you know, share some customer information with Bob. Alice is connected from Seattle. That's where I from and her laptop is managed by her organization and it's healthy. So Alice is able to connect to Salesforce or when drive through single sign, which is a provision to her.
And Bob on the other hand is signing from Dublin where he lives using a healthy laptop. So he's able to access the same customer information, but Bob just returned from a trip from Asia where his phone was stolen. So somebody from China got Bob's phone is trying to access the customer information, but the system detects the anomaly here where he is already signing from Dublin while trying to signing from China. So the access from China is denied. So as you couldn't imagine, this is just a simple example involving a few notes, two users, two applications, and three devices. But if you could imagine the number of connected node that reaches tens of thousands, hundreds of thousands or millions without an intelligent identity system, this is unmanageable at scale.
So to govern all these relationships at scale, we need a governance model that is based on a trusted identity platform and a used policy based approach at Microsoft. We use about 65 access control policies, and we create over a hundred custom reports every single month for auditing and compliance. So just think about each business. Each of your business have very unique industry requirements while you also need to meet your business needs and to achieve that, you must need a governance model that is flexible, and you have to keep the promises around data privacy. This includes the promises you made for both your employees, as well as the customers about how the data is stored. And it's been used and to comply with government regulations, such as GDPR and Microsoft data, privacy is our top priority.
And no matter how many checks and balances that you have put in place, you are always at risk and constantly under attack. Last month at Microsoft, we see that all the enterprises account logins there are 23 million were marked at high risk due to fishing or other attack. So with this sheer volume of attack, in order to prevent any compromises, you must need a system that are continuously monitoring, both normal and normal behavior and across broad set of signals and apply machine learning so that you can do the real time detection and automate the responses at Microsoft. We get over 10 terabytes of signals every single day. It is just so important for us to stay ahead of this escalating pattern of attack. We all remember wanna cry. As I watched the attack unfold with my team, the scale is so massive and the damage is worldwide. So people talked a lot about the economic impact, but the human lives were at stake. So security impacts our businesses. But to me, more importantly, security is our moral responsibility.
And when we say a holistic and integrated identity system, it does not mean single vendor. It means a platform that is designed with integration. And to do that, you, we must embrace open standards and that this is our approach. Microsoft is an active member of the open standards community. So some of my team members like Kim Cameron who spoke yesterday, Daniel Buckner, Mike Jones, Pamela Dingo, and Tony Nalan are some of the active members of the open standards community. And along with Alexei, Simons and Alexei Wener, they will be sharing more information in their sessions later this week.
So we talked about the five key attributes to a holistic and integrated identity system. It starts with identity as a common layer and it connects people, processes and things so that it must support a comprehensive organizational governance and a intelligent security system. And at last but not least, it needs to embrace open standards in order to allow for integration. So why do we need all this? Remember we talked about the key computing trends that are creating a huge wave of disruption. We believe organizations that embraces this holistic and integrated identity approach can, can rise with the wave and thrive it. So are you ready? Because we want to work with you to make it happen. Thank you.
Thank you for that insightful and highly interesting presentation. So let's have a look at the questions I saw that we already have at least two in there. And I think the first one is a quite interesting one. So simply put regulation, law, follow reality with some distance always. What is your take on that?
Yeah, so, you know, as we all gone through the GDPR processes and, you know, as an engineer myself, one of the things we actually learned is GDPR actually is a great thing for the industry because it really helps like the industry to be more disciplined and to inventory how we are actually store the data and how we use the data so that we can actually serve our customers in a much better way. So I think it really depends, but it can be a really good thing for our customers as well.
So, so I think with GDPR, we maybe have the situation that regulations are somewhat ahead of, of it in contrast to most other scenarios. But I think you're right. The first question right now on top of the list, if you haven't been through a major security incident, how do you sell the identity story to the executives? So yes, if you had the incident it's easier.
Well, I, each time I answer always knock on wood, I hope that's what we have, you know, like 10 terabytes of signals every day. And we gone through 18 billions of transactions of authentication every single day, both for commercial and a consumer identity. And it's not for faint of heart. And we absolutely have gone through with our customers in terms of the major attacks that gone through with them. So we gone through a lot of those journeys and a lot of the learnings. And one of the things we do is share our learnings in terms of how we hardening our services with our customers. So to me, it is an ongoing journey. You know, it is not by going through one major or not. It's a continuous learning and iterating.
And I think it's also easier these days because most of the CEOs have well understood that cybersecurity is right to their businesses. Yeah. So when I go back a couple of years, it was a totally different thing than it is today because everyone is scared for a good reason because either, you know, that you're attacked or you don't know, but you are attacked regardless. Everybody's
Unattached. And it's about recognizing the pattern,
Maybe a short answer, the question, which is right now on the top, are you planning to release some identity wallet inside the windows OS?
Well, I think we all understand. I think your talk about, you know, blockchain is how we think about actually a digital wallet, right. I think to us, you know, how we think about our customers using identity as a vehicle so that we can connect to different services. And this is definitely top of our mind. Okay,
Great. So thank you very much again, thank you so much for insightful talk and the Q a
Yeah. Thank you, Martin.
I need the.

Video Links

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

A Comprehensive Approach to Solving SaaS Complexity

As businesses adopt cloud-based services as part of digital transformation programs to enable flexible working, boost productivity, and increase business agility to remain competitive, many IT and security teams are finding it challenging to gain oversight and control over the multitude of…

Analyst Chat

Analyst Chat #135: Can DREAM Help Me Manage My Multi-Hybrid Infrastructure?

The IT environments have become complex, and this will not stop as more technologies such as Edge Computing start to take hold. Paul Fisher looks at the full scope of entitlements across today's multi-hybrid environments. He explains how this new market segment between the cloud,…

Webinar Recording

Multi-Cloud Permissions Management

Most businesses are adopting cloud services from multiple providers to remain flexible, agile, efficient, and competitive, but many do not have enterprise-wide control over and visibility of tens of thousands of cloud access permissions, exposing the enterprise to risk of security breaches.

Webinar Recording

Erfolgreiche IAM-Projekte: Von Best Practices Lernen

Häufig beginnt die Suche nach einer Identity-Lösung mit einem ganz konkreten Schmerzpunkt im Unternehmen. Ein nicht bestandener Compliance-Audit wegen überhöhter Zugriffsberechtigungen, technische Probleme, wegen komplexer Systeme frustrierte User und eine…

Event Recording

The Role of Managed Security Service Providers (MSSPs) In Your Future IAM Application Landscape

Trying to “do identity” as a conventional IAM or Security workload with in-house resources and vendor platform deployments may not satisfy identity and access today’s requirements for IaaS, PaaS, databases and other cloud infrastructures. There are now a growing number of…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00