We have a seat and have our panel discussion future, maybe of corporate directories. First of all, Jamal, isn't able to join as we already said in session before, but for all of our new audience and people who didn't have the chance to listen to the previous presentation, I would like you to introduce yourself just with a couple of sentences.
Sure. So Sivan, Cortez working for, and I'm French, as you can hear with my lovely accent.
Perfect. My name is I'm CEO of CDAs. We are a cloud identity access management solution, and I'm happy for the panel discussion and exchange some ideas.
So for you, I'm Kaya I'm Analyst, Analyst, and advisor with copy our call and I try to lead through just discussion since we are always, always just two of us. And I like to invite the audience to join our panel discussion. And I like to polarize a little bit beforehand. And since the topic is already very stating straightforward, will corporate directories survive in the future. I would like to give a short hand sign what the audience thinks do they, or won't they? So for all who thinks they will please raise your hand? I, no, no questions. Just, just hand sign and the rest. I assume things they won't. Right. Okay, perfect. So maybe we have some polarized situation here as well. What do you guys think? Do they, or won't
Yeah. So I also listen to your presentation. I agree. So at least for the near future, we can define our five, 10 years, whatever they will, at least in especially bigger enterprise companies be present on the long run. I think the corporate directory will move at least to, to the cloud space. So as you also outline that to cloud service, I, there might be less corporate directories in the, in the companies itself. Still some might still use it for special use cases like you mentioned, but on the long run, I assume the corporate directories, the local on-prem corporate directories will be gone.
Yeah. I, I, I mean, I think like if you think about the importance of the size of the directory itself, perhaps it'll be less in the future and for sure it'll be less because you will adopt more and more cloud services. So you will need to have perhaps some specific way to manage identities, which are not the classic enterprise directory as we know today, but depending the size organiza of the organization, depending your vertical, I really think even in 10 years we still are to manage some corporate enterprise directory.
So when you speak on corporate directories, you assume they are OnPrem and not in
The cloud, no hybrid. No, it, I think it'll be hybrid. Okay. I, for me, I mean, I'm not how to say that. I mean, I don't think the world will be on prem. I don't think the world will be cloud only. I really don't think, I really think the hybrid situation will stay forever.
Okay. Thank you for that. And when you are talking about like the transition, you already mentioned in the panel, where in the presentation before, there's a lot of investing into movement into modernizing, like the directories, for example, and still having to invest in them for cybersecurity or whatever. So there's a huge tech vector for external resources and attackers, right? So what do you think, how can companies manage this split between can I invest in it and still I have to decommission it?
Yeah, for sure. It'll be, let's say a difficult situation to manage during the coming years. Because as I said, there means the previous conversation you still need. I mean, you, you start your cloud journey. So you, you start to use cloud identities for sure, but you still need to use your, you know, old identities running OnPrem, and this situation will be difficult to manage. What I think is the future of directory as a service solution is to be able to provide a sort of emulation running on prem. So I know some vendors think about it. So if you think about the directory as a service, it's a pure cloud situation. Okay. You manage your users, group computers, whatever in your cloud services, but let's imagine you are able to duplicate this service, but run it OnPrem a sort of emulation of what you are doing in the cloud, because you still have some identities, computers, whatever, running on frame. And I think it'll be the future of the directory as a service piece. So if we have something like that, we will be able to cut all the different directories, which are actually running on frame.
What is your opinion to it?
I would say moving to the cloud also gifts or moving away from corporate directories also gives you the chance to rethink the ways you collaborate and you manage your infrastructure. So in that context, I would say, especially considering we are talking about hybrid and all that. So as we've seen during pandemic in remote work became more active. We also see zero trust approaches. If you see like Google putting all applications to the internet instead of closed networks and all that. So a few things will change. And the hybrid approach where you have on-prem and also cloud services makes it necessary that you have the services in the cloud available. If it's evaluation where you make, how, how you connect your on-premise environment with your cloud environment, I'm not sure about that might be, but you will have a relation or a connection between your on-premise and your cloud work in that aspect.
Okay. Thank you very much. So we had talked a little bit about the way to like directories from the cloud and keeping it in the cloud and a hybrid way. Do we think it's desirable to like, get rid of the corporate directories as we know now and move to something new?
Yeah, here, here, again, we need to make the difference between what we can put on PowerPoint and the real life.
I would like to hear both.
And it is existing, a big gap between the two versions. Remember my Amberger slider. I mean, we still use unique system. We still use ITC password and we are talking about something which is 50 years ago. So why it'll be different with the cloud? From my experience, I think we still have, you know, this huge ability to add layers, but we have some difficulty to cut the older one. So if you think about it, it will not be a replacement. We will add something. And it's why I'm thinking about hybrid will be the way, because again, if you, and depending your, your activities, I mean, if you are, for example, in the industry and you are to run a factory, trust me in 50 years, you will still have 80 because what I'm seeing inside the factory is coming from 50 years ago. So depending your activity, depending about what you are doing, for sure, it will not be easy to cut this, you know, corporate directory story.
Okay. So you added like adding another layer to it. We added couple of layers as you showed in your presentation and it added complexity more and more and more. Yeah. And therefore we not only got like functions to it. We also got issues with it. So if we think now about it adding something new again, and adding maybe even more complexity, would it be worth
It'll it'll and again, that's because of our history. I mean, to know, I mean, to understand or to anticipate what will happen. We just have to see what was done before. Why do you want to change the behavior? It'll be the same because it's human behavior. We will still use some old stuff because we don't want to touch it. It's it's running it's production. We don't want to change it. So we will just add layers.
Yeah. Maybe in that aspect, I'm afraid that will happen. That's a big fear I have, but still it doesn't, it's the same thing, right? Only because we have did it in the past, it doesn't make it better. We might can take a chance out of new developments and it might be the chance to change the process. If you say like you have a factory 50 year old machines, it might be the chance to move your complete production, move your, it might not be done in five years, but it might be a, an option to transform your business and take the chance and learn from what you have done in the past. Because adding the layers might provide you with some security features might provide you with functionalities, but it increases the complexity, which basically leads to again, security issues. That's
You're right.
Really taking the chance of moving gives you maybe the option to cut and hopefully doing things better than in the past.
Okay. Thank you for that. And since you guys have a lot of experience with directories and restructuring them and also building new directories for companies, right? Can you give maybe some thoughts about what could be the opportunities of building new compared to adding structure and adding complexity instead of building new?
Yeah. So in the process of maybe transforming, it might be useful to build new because if you start from scratch, obviously no company can start from scratch. You have some defined structures, but if you take a different perspective and start a new project, maybe moving, transforming to a new directory, it might help you to fix some flaws you have made in the past. So in the transition of moving away from corporate directories or however, you will call it in the future, moving to a different model of identity and directory management, it might be a chance to move to a new directory as a transition period. And they're obviously removing flaws in different aspects.
Yeah. I, I mean the best way to do that is for sure to create a new directory evidence again, in reality, it's might not record. Yeah. It's different. If you think about, I, I, I was doing before to join enable I was doing a lot of tier model implementation in a, so I don't know if you know, what is a tier, the tiering model from Microsoft is a way to, to create free, separate layers inside ad to SEP, to do some segregation of duties in term of management. And so here you have two, two ways, or I was used to, to do some eight immigrations. And again, you have two ways to do that. You can decide to create a new directory and move everything to the new directory because the new directory is clean. It's, you know, you, you just install it. You don't have all these MIS configurations history.
It's, that's better way to do that. But I will say 80% of the organization decide to just restructure what they have before. So they try to make new with old stuff because it's simple, it's cheaper for sure. And, but you are totally right. I definitely think if you, if you start your journey to the cloud, or if you are in this journey, you need to create something new and you need to think new for sure. And that's that it may be effectively a possibility to thinking using a new way and, and doing new, new sort of identity management. But that's tricky because again, you have to think about this new journey, but in parallel you have to manage your production and you can have something different in the two hands.
Yeah. I think that makes it for especially smaller companies or companies. We just started makes it much easier as you as mentioned in your presentation. So for them, they are starting from a completely different situation, especially for big companies. It will be, you will have the risk of your existing environment, which is running. It works. And often identity management is the, is one important cornerstone of your company business. Cause if you can't, if you just can't log in, maybe your logistic is broken or anything. Yeah. So it's really a big impact if you break something and that's a big risk, especially for big companies, which have grown infrastructures and their move into the cloud might be to, as you mentioned, like moving parts of new services or certain aspects step by step in during a transition period to the cloud.
Yeah. Right. I mean, it's, you really depends about the size of the company, the vertical of the company are you do? I mean, the, the really old fashioned way is done by industry as usual. So depending your vertical situation will be very different for sure. If you are, I don't know, you know, startup small company rising, you will start your journey directly in the cloud, and that's a good choice to do for sure. Cause you don't want to manage all these, you know, fighters and printers anymore. But if you are using, you know, computers from 50 years, that's another story.
Okay. Thank you very much for this. Yep. We have two questions from our online participants. If you could, excuse me, maybe I ask you feel free to answer because they didn't address any of your name. So, so the first question is where does movement from ad to cloud fall in the journey of zero trust? Do they run in pedal?
Hmm, that's a very good question. So I don't want to open a debate about what zero trust is or not, because it'll be very long, but zero trust is about thinking a new way of what is a parameter and you will use some sort of technology for doing that is ad part of it. Yes. For sure. Because you still have ad. So if you think about implementing zero trust, you will need to think about how ad can be used to apply zero trust. And second, how can I apply zero trust on 80, which is a little bit different and yes, you are able to do some advanced stuff even inside 80, but you will usually need to use external solutions, which are not provided by Microsoft. So for example, if you want to do, let's say MFA equivalent in 80, you will need to use an external solution because Microsoft is not providing an MFA solution for a, so you have some, some stuff on the market. Okay. So it will, it will need for you to think about providing additional pieces coming from additional vendors. And second part of the answer is yes. Ad part of the zero trust story, just because ad is there ad provide identities and zero trust is based on identities. So you, you need to put ad in your zero trust thinking for sure.
Thank you, Cedric. You wanna add something? Yeah.
So already brought a few points. I think one important point with the zero trust aspect. It same as with the moving to the cloud, it gives you the perspective to rethink how you do the processes. So in particular, in zero trust, as you mentioned, parameter changes. So in that aspect, it might be really a chance of rethinking how the process with the identity works. I think that's, we don't want discuss about Azure trust and all the things and more technical aspects, but it gives you the option, especially also in the context of ad and other identity management solutions to rethink how you do the processes and their, maybe their entrance into your trust with other solutions with other services in the beginning might be easier than with ad because if you integrate an ad, you have like all the things around what you have to consider in other solutions. It might be much easier to get kick started. Thank
You. And our second question is from Hannah, how would I convince my CFO to start from scratch with my directory, especially in an OT environment that has been heavily invested in,
I think
You start
Go. If, if you have a discussion with a C4, you shouldn't only consider on a cost perspective because obviously the cost on new directory or on this transformation period is quite high, but you should also consider the outcome what you achieve. So the cost you're saving, but also maybe the business impact you're having in the future because of new functionalities new features, what you can use, new process, what you can live. So not only the aspects of cost saving in the aspects, also maybe the, the gains you will have in the future in productivity maybe or other aspects. So the calculations, not only the costs, what you have for transforming to a different or new directory or anything, but also the costs you might save in the future, as well as the business impact in transforming your business.
Thank you.
If in your organization, the CTO or CIO or whatever is reporting to the CFO, the battle is lost. So I will not be able to answer the question.
That makes sense. Yeah. All right then. Thank you. Yeah. We would like to have couple of questions from our audience here. We still have five minutes maybe. Yeah, we can start from here. So since I didn't have the, sorry. Hello, microphone
Check one, two, three.
Yeah.
Since I didn't have the chance to ask a question earlier, I'll, I'll use the chance. Now you mentioned all the services that active directory provides, not just the directory part. One missing piece often is, is P AI in that. Do you have any experience and recommendations on, on, on, on PKI solutions that works greatly, especially that when it comes to deployment and managing the certificates
In? Yeah. So that's a really good question because usually PKI is really a pain when we are thinking about moving to the cloud, because it's really, I mean, just to be sure everyone understand ADCs, which is the name of the PT service from Microsoft is really integrated with the a D DS, which is what we are calling about ad. So
You, when you start to think about replacing a or cutting ad, you will need usually to think about this PKI immigration to something. And yes, you have some vendors which provide a good solution because they are able to manage P P as a service, but in a hybrid grid mode. So because you still have 80, you know, because you are not able to cut 80 before to cut the PTP. So you create the PKI service. So P P service is able to use a, if you need, but provide P E outside of a as well. So you will be able to let's say migrate everything, which is related to the certificate during one year, two years. Usually we're using, you know, the certificate renewal period for doing that. And so yes, you have I've cert is a good solution. I was using cert for doing that a lot, and it's really a good solution because they provide really this hybrid story, you know, and providing the way to migrate, you know, during even years the stuff from the on-prem to a real P service solution.
Any other question? Okay. Okay. Quick, it's just comment. Really not a question. I think we've misled ourselves. You mentioned network on your previous presentation. Net gave us the capability of having a corporate directory. Then along came Microsoft. And because they had control of the endpoint they took over and, and that where went and at the, then we lost our capability of having a corporate directory. You know, the business came along and said, I want to add another, another field here in my directory. And the ad admin said, no, no, no, no, no, you can't do that that right. So what we are going towards though, is we're going back to a corporate direction. We are going to have graph databases that are gonna provide us all we need within our, our corporation to store all the information we want. And then we're gonna have these authentication points and they're gonna be distributed out in various cloud services that are gonna suck on that and then provide the authentication service. So let's divide the corporate directory between a proper enterprise directory and authentication services.
I, I like, I like the idea I, to, I mean, the first part of what you say is exactly what happened. Exactly. If, I mean, because if you think about it, you are right. Directory is a sort of database. I mean, you are able, you know, to manage attributes, which are the equivalent of what we can do in the database, for sure. And, but what we see is more vendors which provide really the equivalent of a corporate directory, perhaps behind the scenes. They have what you describe in terms of, you know, layers and technology, but still, we need to have some sort of integration, which are tricky. Let's imagine, for example, if you think about Azure ad, for example, Azure 80, you can use it. Like if you have an endpoint integrated inside Azure, 80 or hybrid mode with ad on tram plus Azure 80 and on the endpoint part, it's really complex. I mean, when you start to understand how it works, you understand it's not only authentication piece, Microsoft start to do some care barrel stuff against Azure ad. So how do you do that with, you know, only authentication service? It's, it's tricky, but I love the idea of what you described.
Do you like that? Something to this as well?
Yeah. So on the first part, I can't comment. That was maybe before my,
So I can't give you a comment on that one. I think on the second part. Yeah. So the functionality is what you will have authentication and all the attributes and all that. You will have that it, the, the question is how you will have that in the future. If you will have it in a corporate directory manner, like you have it today, that might be difficult because, because of the move for the transformation in the last years, and also the transformation, which is upcoming, we might not call it cover directory anymore, but the feature set of what we want to achieve will be obviously there. The question is how we will achieve that. Yeah. But the, as you mentioned, all the user attribution authentication all the features and what you want to have in context of identity and access management and managing users, identities in general will be there.
Thank you very much. Unfortunately, we are already kind of out of time again, but before we close the session, I would like to give both of you the chance to wrap up and give kind of a final statement on the question in your eyes and point of view,
Final advice adapt about yourself. And if you want additional information, please come to join me on the tenable booth. Thank
You. Thank you very much, Cedric.
I'm curious to see what's, what's coming in the context of user identities and directories there. I will. I think it's the next 10 years where we'll see which direction will recall.
Thank you very much. I expect both of you via. There will be very happy to invite everybody who's here on the expo stage to join you at your booth and ask, answer any upcoming questions for this. I like all of you to invite the expo area for lunch, because we finally did our first part of today's session. It was very pleasant with all the presentations, especially you. Thank you very much both of you, and thank you all for the patience and attending this panel. Thank you. Nice.
Thank.
