WHY ON PREMISE IGA IS THE NEW LEGACY

So I prepared this, this speech a little, and I was now surprised that it fits quite well into what was just sat set on the stage before. Because as when, when it was a child, we went to holiday very often and we were driving with a car. And when it looked out of the window, it, it seemed like the sunlight was going into all different directions. But from school, I learned that the sun is so far away that every Ray of the sunlight comes to the earth completely unparallel.

And I think when you're on, on a show or an event like this, it might appear that all of those vendors and, and those companies that you're talking to have very individual directions or approaches, or are having their unique messaging that they want to push to you. But in the end, it's, it's, it's just a matter of perspective because I think we all, everybody who's here at this has a booth here has more or less the same message and that's identity. First security is crucial for every enterprise security strategy.

And so it goes as well for zero trust and, and everything that you heard just minutes ago. So I'm here to, to try to give you a little bit of this perspective, because to understand identity management, it's, it's important to understand where we come from, where we are, so that you know, where we are transitioning to and what is the way going forward, because otherwise you're just lost somewhere.

You see that a lot of vendors have a lot of different ideas and strategies, but when you suddenly see this path, you know how you can make an informed and better decision when you're looking for vendors, when you're looking for implementation or anything that you want to apply to your enterprise security strategy, there will be three key takeaways that I hope that I can put in your hands. And if you forget everything about my speech, please take those, right. So cloud-based identity governance is it's not something value on it itself.

And it's more far more than just putting service into the cloud so that you don't have any maintainance cost for service or updating or things like that. It's a real shift of an approach of providing identity governance or identity management itself. So it's far more than just the way of delivery Transitioning to this modern solutions will mean that you have to questions traditional ways of implementation. So sometimes I see organizations that come in and say, well, we we've just developed something and we've tweaked the solution that we have. And now it's like this complex.

And now with your solution, can you just rebuild that in the cloud? And I, I think the way of thinking about that is something that as well, not just the vendors have to react to, but as well, those people on the other side of the table have to make clear that the requirements have changed and they should be more modern than just re or reheating the T that is 10 years old. And the third thing will be that, of course, there might be the need to change a solution because you're a unique company. There's not something in the B2B market, like a solution that fits in the same way.

For all organizations, you have different systems to connect to and all different requirements. You work with supplies with third parties, with contractors, you need to vet your, your externals with, with a solution likes data that you have heard before. Things like that make you unique.

And, and it's not like every organization that gives you a product will just fulfill your needs in the same way, but a lighthearted decision for just using the solution that you buy as a toolbox and customizing, it will potentially have a very long tail that is going to be very costly, especially when it comes to the first and to the second migration of the product. And I hope that with the transition to the cloud, those are the things that we can take away significant to insignificant amount.

So there's in situations like this, there's obviously an elephant in the room everybody's wearing his mask and Corona has really left its, its its footprint on us as a society or as a global society as well. But my take on Corona would be that actually Corona has not really changed something. It has just accelerated something that was an ongoing development. So things that happened very slowly have been accelerated, but there's not been anything that is super new. So there was no revolution of, of identity management, identity governance as well as there was no not revolution.

And those measures that organizations were taking, there's the trend for more collaboration, but it's not like SharePoint online came up during Corona or teams existed doesn't exist before we used it more. There's a trend for more cloud solutions, but ServiceNow and, and Salesforce and all those players, they, they have been here before.

It's just this trend of accelerating your investment into those kind of platforms that changes the requirements, but everything that happened during the last year, more ransomware attacks and all these explosions of identities based on additional supplier relations or working from home or working from your, your holiday and checking your mail at the beach is not something that was just invented.

So the reactions that all the vendors had have not been super surprising, they just have as accelerated the way they were as well, transitioning to the cloud, but their journey has as well started very early. So there was not a real revolution, just the shortage of resources in the market and in an accelerated demand that was not forcing by many.

And now we are seeing that we have arrived in of course every year we say that we've arrived in a modern world, but I think we are now at the time where we have this three third generation of identity management solutions, you had this classic approach in the nineties and early two thousands where everything was rather automation based. And you had solutions that were covering your basic needs and creating accounts and, and doing stuff that were just solving administrative problems because they were not able to keep up with the change demand and the number of, of systems, et cetera.

And all of a sudden we came to 2008 with banking crisis and all, all the 2000 tens I would say were based in, in this legacy segment where we had a lot of regulation requirements and, and a lot of banking institutions that were driving the change. So you had a lot of compliance, a lot of workflows reliability, the ability to prove that you can audit what happened in your system.

Well, we didn't care for that for 30 years, but we, we need to be ready for the audit in 3, 4, 5 months. And that was what was triggering this second evolution of, of, of, of tools and vendors. And in this, this area, it ended like 18, 19. I would say we had a situation where all those solutions have evolved into toolboxes. So they all came with some provisioning capability with some workflows and, and all the things that you needed. A little bit of reporting here, a little bit of this and that role modeling.

And it came to the play where, where every organization was using it and just saying, okay, these are requirements. Let's now try to use those building blocks that were provided by those vendors and create something out of it. And now we're having the situation where we are seeing a lot of legacy applications that are now come to a full stop, right?

So you're, you're staying there and say, okay, we've customized what we could out of this standard solution. And now we need to migrate for the benefit of getting the standard functionality going forward. And very often the cases that migrating the standard solution means building back the customization and then building it back in based on standard after migration and the cost of that is like buying a new tool. And we're seeing a lot of organizations that are in this very situation today. So everybody is looking like, okay, how, how can we get rid of these, these costs?

How can we stay innovative? Because if we now don't migrate, we are going to lose this system connectivity for those 200 systems that we've put in place. Those risk controls that we just successfully implemented to be sure that we are audit proof and, and, and where we were passing the audits in the last 3, 4, 5 years. And with this transition to the modern world, and some, some players are a little bit more advanced than others.

You're going to see that there's much, much more than just chain putting the stuff that you've implemented into the cloud because going forward, you're rather looking into an evergreen model where you leverage the standard capabilities often of a solution where you have much more flexibility in configuration instead of the need of customization. And by that, you're going to be able to just migrate continuously. And the vendor will be able to just provide new functionality, not individually for this and that and that customer, but for all of its customer base.

So it will be possible for vendors to stay innovative just because they don't have to look at each individual customer. And that will grant more security, deeper ability to integrate identity governance going forward. So the typical pain points of legacy solutions that we see today is that they're mainly not meeting all modern requirements because they can't keep up with staying innovative because they have to look at each individual release. They have to maintain all those historic versions of its products because they're deployed in, in different customers in different ways.

They have to look after those customizations transition and make sure that you're going forward. And as well before you can even start to think about an implementation. You have to get your infrastructure ready. You have to make sure firewalls are that the servers are, are ordered, implemented in place that you have all those environment ready to start with your sandboxes development, configuration test and quality assurance environments. The costs that are just there for maintainance or, or upgrading your infrastructure are enormous.

And as well, those customizations that you have brought along and, and that were necessary in the past, because those solutions that you based, your, your, your environment on, they didn't bring all the features that you needed in the past. They are sitting in your back and really hunting you with costs. Because as I said before, first, you have to remove the customization. Then you can do the migration. Then you can build something that is closer to the standard. Hopefully your use case after those two or three years between those update cycles is implemented in the product standard.

And then you can go forward and think forward, but to get there and to get to this innovative state, you really have to do this kind of homework, which is really painful. So the benefits of modern identity management solutions are that they're cloud based. And this is why I'm, I'm, I'm, I've chosen this headline on premise and, and those classic solutions are mainly the new legacy because those cloud native solutions will provide more and more.

The, the more successful those vendors are getting the better. They will be able to put your items to the priority because they are going to be able to provide new functionality for all of other customers. Instead of that, just those few ones that are the running, the latest version that have the same requirements. So they are going to build things that are generic enough, that you can put your requirements on top. So based on concepts, instead of just toolbox, that is ready for customization cetera as well.

We see that there is a shift because in the past year, you've just integrated identity governance to the, to the root you wanted to solve this identity governance puzzle. While today you see that identity governance is just one part of an identity. First cybersecurity strategy. You have Z CTA with their identity proofing. You have as well, multifactor authentication, you, you have anything and any kind about data, access governance, role modeling, and they need to interact. It's not like that. You can afford to just solve one problem. It's rather about the advisory.

How does identity governance fit into your entire securities security strategy? So vendors are more likely to invest more in alliances and give you the opportunity to go further up to the business level, to argue the benefit of identity governance in your complete system and architecture as well.

You're going to see that modern solutions will have more triggers and, and, and be able to receive more signals from the outside so that you have the ability not just to play with those different disciplines, but as well, to have a trigger that says this person has locked on from, from, from an web cafe, from the country that looks suspicious. We dunno whether he's on a holiday, but it would be good if you secure this identity before you give him access. And those signals need to be implemented in all those modern solutions.

And they're much easier to be implemented when they're cloud based instead of when they're located in your network, because all of those use cases will require your action in the network. But the most important point is that they are using configuration much more than customization because the ability to even implement your own code in the web front end will allow you to stay closer to the standard. And by leveraging the established concepts, you're more likely to be able to just move from one version to the next, with a click.

The complete industry has now adopted a lot of things that were very individual in the past, but nobody has to define what a joiner mover and lever is. So those kind of things come as best practices already. Now. Thank you. And there, there are tons of samples, but I, I decided to just put this sample to the forefront. Why I think there's, there's a big transition. We're seeing that in the past, you had those 2000, 500 systems that were, that you were using.

And so you went out to the vendors of, of those identity governance solutions and asked what's the list of standard connectors that you have. And they were replying with 2200, 2000 standard connectors. And then you look for the best match, but going forward, we see that there is a shift to SAS, best applications. So you're using service.

Now, you you're using Salesforce, you you're using SAP success factors, all those kind of things. And the transition of SaaS applications in the target environments is much faster than those traditional applications in the past. So going forward, they are going to be many, many more players, and it will be very hard for traditional vendors to just say, okay, we are having all those standard connectors because they're part of our core core product. And everybody who's on the latest version of our product has access to those blah blah, blah connectors.

Instead of that, we are seeing a transition that you require those APIs that you can reuse for all kind of scenarios. So the long tail of SaaS application needs to be covered. And that's possible by leveraging some things that are now pretty established and by the increased flexibility of those web front ends by those vendors. So you're going to base your connector on skim, rest, old data and all those individual APIs, and have the ability to buy that very easily.

Make sure that all the system can use your applications that maybe are very special for you, your region, your, your vertical or your industry, and that are not necessarily on the short, short roadmap of the vendors. And if you stick with a vendor that says, okay, you need to wait for the next release till I have this connector.

It, it may cost the vendor, actually a lot of his ability to, to stay innovative because they have to transform those historic connectors to use the, the modern world, etcetera. So focusing on the most important connectors and systems in the world will be something that is super crucial for any vendors, but no vendor can go out and say, we have standard connectors for 17,000 or 200,000 applications that might be out in market.

So utilize those standard connectors or configurable connectors, leverage that and exchange between a lot of those companies that are having the similar requirements, because a lot of those systems have actually a purpose and are valuable for lots of enterprises. I have no idea how good I am the time, but I, I think I need to speed up. So going forward, if you, if you look at the total cost of ownership of a SAS application, you're going to see that it's going to decrease.

You're going to have to pay a little bit more licensing, but the total amount of consulting that is required to bring your solution to a level that is sufficient for your enterprise will actually much lower. And with the remaining costs, you can decide whether you really want to go deep into identity governance, go into segregation of duties, go into the role modeling, go into all those nice things that come along with, with identity governance solutions or whether you're fine with just the basis.

So classically before the cell, you were just seeing the tip of the iceberg with SAS based a cloud-based solution. You have much more transparency. You're able to lower the cost going forward, and it's going to be the way of delivery going forward at, we have decided four years ago to really transition all our modeling to this new world and the new paradigm. And we came up with a solution that combines the best of the on-premise solution with a full and cloud native solution. So we have, of course, an enterprise grade IGI set.

We provide you with a low risk solution for getting a productive environment within 12 weeks. That is proven success within various enterprises in Germany, but as well worldwide, we provide you with navig green, always up to date solutions. So no more migration costs with a guaranteed service level and flexible pricing. So there's a lot of benefits about my vendor or my employer. If you need more information, please visit us at the booth. But the solution itself is just one part of what we provide. I I'm done in two minutes. So it's more than just a product.

We come with the best practice framework, and we share all the things that should be part of an identity governance solution in a form that you can start not on a blank sheet of paper, but have an idea about how modern looks like for the most successful enterprises in the world, so that you can take over what they think is good and where you can define on the remaining, let's say 20%. What makes you specialize in enterprise as well?

We have a methodology about how you can make sure that your product is going to be successful, but cause in the past we were you looking from a very technical side, but today stakeholder management and why is the things we are doing relevant and beneficial for the business becomes more and more important.

So going forward, having something like identity project, plus as an asset for your organization to run your project is something that really can push your as an, as a delivery team forward, last button or least we have the Armada academy where we train our customers, our partners, as well as our internals, we have nothing to add. It's all the same courses that you can use to bring yourself up to speed with what, how should good look like what are others doing? And take the best things out of what we provide as those concepts. So that was a rush.

I'm sorry if I was too fast, but I hope that the idea of where do we come from, where are we now? And what would be the perspective going forward has, has resonated with you that you now have a perspective? Because I think today we are just seeing the Dawn of day in which enterprises acknowledge and realize that they have to do more with identity. Thank you for being here with me and meet us at the booth. Have a good day.