Event Recording

If it’s not Simple, Scalable and Agile, it’s not Modern IGA


Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
All right. Awesome. Here we go. I'll be jumping back and forth and pressing the button as we move on. But you guys already, or at least some people have met me already. My name's rod Simmonds VP product strategy at Ohana. I'm gonna tell you a little bit about what we do, but also I'm gonna tell you two key customer stories that we actually have. So hopefully this is not just a pure vendor pitch, except for the marketing stuff. My marketing group makes me do. So the goal for you guys in this session is to have just a couple takeaways, which is one, understanding the changes in the demands that you have from an organizational standpoint, as it relates to governance, understanding the goal for any governance project. Regardless, the vendor you go with is about quick time to value. As I said, probably my last session.
Most people don't wanna do governance, but since you have to do it, you have to get the organization behind you. And the only way you do that is by getting quick time to value, and then understanding that as much as every vendor wants you to believe even us, that IGA is about product. It's really about your process. It, IGA does nothing more than enables you to take what you currently do, whether it be in a manual business process and wrap technology around that to automate that. So if you have horrible business product proj process, it doesn't matter what product you implement. It's gonna be garbage and garbage out. So the first problem to solve is making sure that you have the right business process to sort of move through that when we, if you think, and I don't know where people are on their journey, and it doesn't matter where you are.
I say, you're never, you're never too old or never too young to start. Some customers sit in a manual process, which is today, a new hire comes in. Someone picks up the phone or sends an email and tells somebody to, Hey, I need you to create an account. Hey, I need you to order a machine. Hey, I need you to do this and make their access look like, Tom, just copy Tom. And away we go. However, it is, it works in organizations. That's the manual process. You might be doing some PowerShell scripting or Pearl or shell, whatever it you're doing, but you're in a very heavy user driven process. If you were in a legacy approach, if you've done IGA, if you have gray hair like myself, which I just shave it off, but if you have gray hair and you've probably done legacy approach, what likely happened.
And I said a lot of smart people in this room that do a lot of stupid things. And what we dealt with with legacy products in the past was you walked in the room and everybody tried to solve 99% of the use cases. Not realizing that what they did is they locked themselves into a, it was impossible to move away from the vendor. We're stuck with B nightmare. U upgrades became utter nightmares, and it just became very hard to manage high cost. And essentially we had to have a development team in our organization that was almost equivalent to the development team that wrote the platform we're on to make the products work, that doesn't work. And then you look at the modern approach, which is really more about cloud delivered, taking some of the things off your table. You don't have to manage updates. You don't have to manage this.
And fortunately, the way you got to modern was that that the industry actually made one very big transition, which is we moved to standards. So we are no longer trying to figure out how do I hook into this application that has no API integration. Most applications have API. We're dealing with rest and soap and whole bunch of standards, which made integration very easy. So we went from having to write code to really just doing configuration. And we went from trying to manage servers and boxes to just saying, let someone else manage that. I think we've all given up on managing email, hopefully by this point in time and just let someone else own that part. And we want to own delivering it as a service. So that's kind of as you move into the modern approach. So when we talk to customers, the one thing we see and I, I'm assuming that we have people across the spectrum.
So if you're in Europe, you're lucky you deal with GDPR. You guys got that a while ago. If you're in the us, it's a, or if your company is multinational, the us is a nightmare. One. We don't have a standard that goes across everywhere and every single state, I think there's at the current time in the us, there's 44 states that have data privacy rules that are either in flux or in place currently now. And that's only 44 of the 50 states. So the us is a total nightmare where Europe, they just figured out, created one policy and it just works. That's one of the challenges you're dealing with. Obviously you're dealing with challenges, either a legacy deployment you might have in your environment, or you might be dealing with, we made a homegrown app. And we finally got to the point where it's busting at it teams and we actually need to put something else in place.
Other place you're dealing with is that I, I, I honestly really hate the ideas that the perimeters moving towards identity. The reality is it's always been there. We're just finally figuring it out, but we're all now trying to focus iden of identity related and more importantly, our CEO CTO. And everybody's coming down talking about zero trust. So identity's becoming more important. I did a little bit of research one time before and I went through and I looked at every single Analyst. All of them have some document. If you go through their libraries, that will say successful zero trust programs start with having a good foundation around identity. And that's why IGA is so important. So as we sort of jump in and start talking about what I'm gonna jump past the slides to marketing, I can't say I'm marketing guys. All right. So when you start thinking about what challenges customers are faced with, I'm gonna talk to you about two of our customers and their projects and the value that they actually got.
So Byron is gonna be the first customer I'm gonna talk about and what their goals are, what their challenges were. So for them, their challenges were just meeting their compliance requirements. So the challenge you deal with with any healthcare type organization is that, or financial services or manufacturing or retail services, your customers are entrusting you with their data. And that is fundamentally the first and most important thing. When a customers trust you with your data, you have to prove to your customers that you're doing the right things with their data. And often that comes down to you being able to demonstrate and show that you're meeting compliance requirements and then centralizing that. So from an organizational standpoint, it's high cost. When you have to jump from 10 or 15 different systems to sort of trying to manage that when we talked to them, their real goal was they wanted a central point to have full visibility of what was going on inside their organization.
They wanted to have from one location, they wanted to sort of provision deprovision across all the different applications and platforms. And again, the another challenge we were faced with is that the amount of time it was actually taking them every time their auditors came into meet the audit was just way too high. So again, how do we get cost savings for doing that and not the largest organization, about 11,000 identities. We've dealt with customers 200,000 plus identities. And we deal with customers down to like several thousand identities. So about 11,000 identities. And again, they wanted to start with our, our jumpstart program, our rapid start program, our accelerated program. What the accelerator program is designed to do is get that quick win for you whenever you're rolling out one of these programs, again, not hugely popular for some organizations. The goal when you first start with the program is I want to get the organization behind me.
So they took the rapid star program, 12 weeks or 90 days get up and going and get some value with inside the organization. The value they saw immediately was that once people started to realize that, wow, we can take some time off the help desk of people calling in and asking questions. They saw immediate time savings from the help desk standpoint, they saw time savings from just dealing with the audit. So it was actually a 50% reduction in the amount of time they were dealing with getting themselves prepared for an audit. So if you're thinking it takes like several weeks right now to deal with an audit, taking that down from like two to three weeks to about a week time to get prepped and sort of dealing with an audit. And more importantly, it's fully automating what was going on in their environment. So early on, they didn't have really good visibility across the organization, like who has access to what?
How did they get those access rights? When did they, when those access rights removed, who said they should be removed by putting it all through an automated system, a centralized system, they were able to say these rights that rod has, he was provisioned as birth rights into the department. He was in, when the rights were removed, it was removed because he switched from department a department B these are the rights that Rod's explicitly requested. They were just able to get better visibility. It's all the core things around IGA, nothing super magical, but for them, the other key thing that drew value for them was that they moved to a model that was more standard space. So rather than having to deal with very bespoke integrations, cuz you'll deal with vendors who will come in and say, if you wanna do this level of integration, we can do it.
However, it's gonna be your one off. You're a snowflake for us. They wanted something that was standard. So I, the most frequent thing we deal with customers today is saying, I don't want you to build something unique for us. I want you to build something for us that works for all of your customers, cuz that means that you're gonna continue to support it moving forward. So for them it was very important that everything was based upon key standards and it was based upon something that we could provide and deliver to other customers. As we take a look at another customer for us, which was DECRA, they had a slightly different scenario. They were dealing with a homegrown solution. So again, many organizations, they start off where they say we have a product we're gonna build it up because the beautiful thing about building something from ground up is it meets all your use case.
What every organization realizes after building a product from ground up, that it meets our use cases is that we don't actually wanna maintain it as it goes to the out years. And that's what software vendors are. It's like, we wanna build a product and maintain it. You actually just wanna do what it takes to run your business. So the challenge you run into the out years of the product is that a, no one wants to maintain it. And B most of the people who built it have left the organization and nobody now wants to touch it. So if you talk to anybody running mainframes today, no one wants to make any changes to it because the expertise is left the organization. So it's very hard to make modifications and changes. So they wanted a solution that, again, we don't wanna over customize this. We want to keep the simple key focus on the sort of standards.
And we wanna be to be able to meet the compliance requirements. We have a lot of companies I talked to now like early on, we thought, no, company's gonna want to go IGA in the cloud. Now every company we talk to is their cloud first strategy. They have to make business justification, not to deploy solutions in the cloud. So IGA first in the cloud was one of the key things for them that they wanted to work on. So for them, they wanted to get quick time to value while we did the jumpstart program, got them up and running within the first 90 days, which is roughly three months, they started seeing real good ROI within nine months. So once they started to adopt more of their applications, their critical business applications into the platform within nine months, they were actually seeing good return on investments.
So time savings across the organization, returning time back to people for not managing this from whether it be audit the help desks, not receiving all the calls of saying, can you grant me access to this particular group users were able to do self-service other key things that they probably saw within inside of their organization was like, when users were saying, I need you to create, create me an account here, or grant me access to these resources again, all of that stuff. Even if it weren't the most typical IGA use case, when you're dealing with a product that's super flexible for you, you can actually customize to meet your requirements. So if someone needed access, I think I was talking to a customer earlier today on the floor. They said, one of the things that we wanted embedding your product was the ability to request access to a physical key, being created, to unlock a door.
And it's like, can your product do that? Well, they already adopted that type of capability into the product. So just knowing that you have a product that can, you can mold around your core business process, that when someone needs a physical key, that's gonna be cut and generated for them. You can do this kind of things. And those are the key kind of problems that our customers are trying to solve. All I wanna check my time, how I'm doing there. Six minutes, six minutes. All right. Awesome. So when you're, when you start thinking about what you wanna accomplish with any governance solution, again, it's time to value you. Don't I, I always say when you start these projects time, the, the time clock is ticking. Because again, it's, it's a high cost project when you get into it, you're buying software, but it's also a high cost from the organization standpoint, cuz you're pulling in people from HR finance and across your various business units to understand how the business works early on like the first week or so.
It's really about that discovery phase of trying to figure out what's going on. And more importantly, figuring out how the business process is gonna run. Having HR at the table or not having at the table can be so detrimental because what you're trying to do is trigger a lot of your business process off of data that feeds out of HR. But then if HR doesn't know that you're driving what fields and what data you're driving off of, when they decide to make a massive change to their data, it breaks all your core processes. So early on in the project is making sure the right stakeholders at the table to understand how are we gonna actually drive the business forward and that's within our jumpstart program next it's again, I've always said in order to be successful in IGA, you need to, you need to always go through the loop.
However, for many organizations, when they first start, they say, we're just gonna be happy if we can just get provisioning working and then we can deal with people moving across the organizations first start is right now, we have contractors coming in hundreds of contractors coming in per week and we can't have them sitting idle and paying thousands of dollars per day. So let's start with that and then move over to the next phase in that project. So for some customers, it's like certain systems, we'll start with joining move reliever for other systems on the fringes. We'll just do the initial provisioning for other organizations. It's we gotta get deprovisioning, right? Cuz we've got dinged in too many audits that people remain in our systems for far too long after they leave their organization. The next is just reducing complexity of the program. Stop trying to solve every single use case, identify up front, the use cases you want to get to.
And every time you have to move something that's outside of that wheelhouse go through business justification. Having strong leadership is probably the most important thing. We did a very cool project with a Kohler. They were actually doing a presentation at another conference. And one of the key things that they talk about was that anything that was gonna go outside of their standards, they forced you to go through a justification process and then last, but that leads from our standpoint, we try to remain customer centric. So I spend a lot of my day, even though I do strategy talking to our customers, understanding the use cases. And if you go to our booth and talk to our team, you'll find out that they're, they're heavily focused on the success of our customers.

Stay Connected

KuppingerCole on social media

Related Videos

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00