Good afternoon, ladies and gentleman, or good morning, depending on the time zone and touching from the domain names might be even in the middle of the night for the one order or a few welcome to our equipping call webinar. And the pricing on is there is still a need for selecting right combination of signon Federation technologies, picking vendors. This webinar will be done by me, marketing Kuppinger I'm founder and principal Analyst at call. And during this webinar, we will especially talk about the need for enterprise as an on their role can play and how to do sign on, on things and on how to enable end users. Also the look at the vendors in the market space based on our relatively new leadership composite enterprise and on etcetera, etcetera. Okay. So let's start with some information about Cola. Cola is an Analyst company. We are providing enterprise it research advice, services, decisions for networking for it professionals.
We have three types of services. One is our research where we provide various types of reports, including our leadership combust documents, which compare when there in a particular market segment, we have more than half a dozen out of them. Today. We've published one on provisioning. We have our advisory services where we provide advice to end user organizations and vendors. And we have our events which include webinars and which include our conferences, our main conferences to European identity and cloud conference, which will be held again May 13th, 16th, and Munich it's around solid leadership and best practice for identity management, digital ID, cloud security, tier C and related topics. So a lot of information security and that identity access related topics. It's the leader went in Europe and it's an event you definitely should not miss. So I hope to see you at se in Munich in some weeks from now guidelines for the webinar, you are mute centrally.
So you don't have to mute around with yourself via are controlling. These features. We will record the webinar and the podcast recording will be available tomorrow. Also slide, text, or slide back in that case will be available for download tomorrow. The Q and a session will be at the end. You can enter questions, time using the questions feature in, go to webinar control panel, or depending on the language version. It might be five also. So just if you have a question, enter it. And usually I pick it by the end of the webinar. Some cases I might pick a question earlier. Okay. Agenda simple for today. I will talk about enter pressing as I'm almost, there's still a need for, and afterwards we'll do the Q and a session. And so let's start, start, start with some definitions on that. And I will pick up this, the theme of user view versus system you again at later point of time, but basically there, there are two perspectives.
One is more the, the use of perspective from user perspective, single sign means he has one sign on to different applications without report repeated authentication procedures. So it's really signing on once to a number of applications, ideally to all in reality, maybe some are lacking, but it's basically what commonly is understood us single on there. Some variations such as simplified single and on if at all applications are covered, but standing and common term or single on for that. Even if you one write application missing from a system view, it's a little different. So from a system view, it's more, more the backend perspective where system trusts another system that this user has successful, dedicated successfully. So the importance thing behind us is that there are technologies on the thing we are mainly talking about today and the pressings and on it's the technology that changes sort of the use of you and changes how the single occurs from a user perspective, but it does not change to perspective of the, of the application.
So this is an important point to understand. And when we look at a broader picture of single on which I also do during this webinar, then it's important to understand that there are various types to do it. And some are really going down to the back end that others are really more at the front end. All of them have the value, so there's not single right approach. It depends on what you want to achieve. And it depends on some matter factors. So changing the use of view of sign on is simple, doing it in the backend is far complex. There are a number of approaches from single cell on. So there's this centralized single sign on enter commonly called enterprise single center on ESS O. Then we have local single cell solutions with some central managements based for instance, in tokens, which can store various credentials for different systems or which act as, as America.
But then we are a little bit more about backend integration. We have the, the low end of the market with the decentralized purely local single cell. So what you have in your per for instance, it's also some singles are on, or at least usually you have to, to click, but it's sort of a piece of bigger things. And on story, there are also various solutions for, for local password management, local singles and on it's. And which is important in that context is that many of these low end solutions are somewhat questionable from a security perspective. So as long as you don't store the credential securely disillusions might cause more harm than bring benefits aside of some convenience, but they might also bring more convenience to your hackers, which is not what we, what we should end up with. Then we have S is a very prominent standard, which is used, especially around active directory, but also widely used in Linux environment.
The challenge of car simply is that it does not work well beyond the boundary of an organization. So it's, it's fine for within the organization. It's not that fine outsiders. It's not most simple standards. So once you need to covers manually, also, already dive into details since become pretty complex there's X 509. So the digital certificates, which are used for instance, for a lot of other things, rather well established standard, which also can serve for some SSO for some SSO challenges themselves, some of them, because you can use the same certificate with a lot of websites, as long as they trust. As long as the thing is configured correctly, we have the good old web single sign on part of web access management solutions, which is then an ability to sign onto one Porwal or one web single and answer one web access management system, which then passes through to various websites in the back end.
There are also some cloud approaches and that the cloud single sometimes also works that way. Sometimes it's more based on identity Federation standards, but basically this is a group of, of, of solutions which are occurring here. So cloud singles and all solutions are not sort of that new only cloud singles and on, and finally they're seeing identity Federation standard based approach, which allows to sign on and then excess thrust sites based on the standard protocol, such as Sam, other things are popping up. And this is one of the sort of the strategically see most interesting, most relevant ways to do single sign on however there's also good need and a good reason to first use enterprise single someone when looking at the approaches from a, again, from, from a, from a basic perspective, we have the backend or, or server side things we have to front end.
The client side things background usually is trust based. So if you look at curb RX 5 0 9 or identity Federation, then it's about having trust. So there's, and if you look at identity Federation, there's a service provider with trust and identity provider that the identity provider does the authentication correctly. And then the user only also indicates once identity provider and can access a number of service providers, basically the same concepts in S cetera. It's sort of the ideal solution, especially when we look at identity Federation, it's a standard, it works in, in every scenario from your internal on premise it to cloud applications.
It are established standards, a lot of tools available, a lot of technology available. So from that perspective, if it's, I would say rise a good starting point, it's the strategic approach, but the clear challenges you need back end that support that standard. And it's interesting. I'm currently working on our leadership composite cloud T access management. And when we, when we talk with vendors, many of them make the notion that a large portion of the cloud services, they don't support any of the standards around identity Federation, not to speak about standards around cloud provisioning or so. So there's still a lack of standard support and things are moving forward, but it needs the right applications. And if you look at all your legacy stuff you have in your, in your organization done, clearly a lot of these tools will not support any of these standards. So that means it's time to look again at the front side where it's about saying, okay, we do the standard user and password stuff, but we put something in front which makes live for the end users easier.
And maybe depending on how you do it, it also helps you from a security perspective, but especially it provides a single single sign on experience for your end users. So what do these tools do they care for the management of credentials? So they manage credential, centrally store. They hide them from the end users, or the end user does not know the credentials anymore, does not need to know them over time when they're changed automatically. He will not know them anymore. And they're passed to the application of the background, but from an application perspective, it's trust that they received the password, whatever. So it's simple to deploy it's non-intrusive, which is very important, depending on which product you choose it'll work with virtually any application you can imagine, in some cases, even down to screen scraping technologies for, for very old school types of applications, it's a, a tactical approach from that perspective.
But I will come back to that later. It's sort of a long term tactical approach. One that will last probably forever. So this is something which is still important on the front end side. As of that, before again, to approaches the Mon server based one with the central management, the central storage for the credential, some local support for local caching, so that you can hold credentials locally in the secure way for mobile uses, etcetera, there's sort of a client component, this client component, which need to be rolled out. That's a challenge, but usually organizations are capable of doing the data. And there are usually various ways supported by the, by the vendors. The client module factor is listening to, oh, there's a new application. There's a login window. So I need, I know which credentials to retrieve from the central store and to put into this sign on or login screen, this is straightforward way.
Overall, these tools are out for a while. They are overall, and that will come back to also later, they're overall pretty mature being in the market for, for several years. It's in client based approach. On the other hand, that's the client based approach I've talked about is before it starts with what your browser might support, it's decentralized a lot of different approaches, pro integrated different tools. Cetera, the credentials are stored locally, sometimes insecure. So if you look at the approaches in the one other browser, the questions, how are these credentials really protected? And that's where you might then end up with some challenges in that area, not necessarily highly insecure, but also frequently, not highly secure. It should be really secure. Then it should be more about talking about TPM. So using the TPM trick to trip, to trusted platform module, which is a part of a lot of hardware devices or using smart cards, cetera.
So there are secure approaches there. The secure one thing we will mainly focus on today's the, the server based sort of front and single center. So enter pricing and some on stuff. How does it work? We have a directory or, or a database or whatever, which holds the credentials. We have an application or a number of applications when a user accesses, the application he needs to authenticate. So the ESS O client identifies the situation. Accesses. The credential, puts them back to the client. The client has over this three application and done. So as long as the credential is correct. And then, so the user does not have to do the login itself. It's done by the client makes life far easier. And from that perspective, it's a positive thing. So, so what is the impact of this, the impact of not having enterprising and on, and or related solutions.
So if you manage to, to set up username password to the same, you might still have the need to log multiple times, but at least you don't need to remember a lot of passwords. So that might be a one step. You might only have web or cloud applications that you can rely on web single and on or cloud single and on. You might have put everything to identify Federation. Then the world is perfect. However, in most cases it's not, it's not that situation you're facing, but you're facing a situation where a lot of applications do not, or are not integrated in any other single and on solution. So in enterprise single comes play here. There's a business impact from a business impact perspective, it makes access to on-prem on cloud applications, simpler cloud applications, nothing else usually done a web application. And so enterprise is an on that can handle web applications.
Well can also handle cloud services. This is also about activities to onboard applications, etcetera. There's the common argument of reduced help cost that might turn out to be welded or not, but potentially you have less help password reset requests. Etcetera. Clearly user convenience will increase and enterprise singers are on still is one of the best ways to make the use of your friend because you really make his life or her life easier. Yeah. On the other hand, some sort of threats vulnerabilities, and some of them are addressed so insecure credentials due to too many passwords, common scenario, you're facing passwords that are written down somewhere on the desk, etcetera, a typical challenge we are facing here, security issues due to weak or inconsistent password policies. You can fix them far better with under breath, single, so on by defining the policy that needs to be used.
You can manage accounts. You can enable a single point for strong loss indication. So instead of investing in a number of strong, a indication technologies, you can say, okay, I have one that works well with my depressing and some, a few, again, that's an important, and you might help to become compliant with policies. So some regulations such as CPA are explicitly requesting enterprise things and on others are doing it more implicitly. It might also be something where you become better aligned with internal rules. On the other hand, sometimes internal policies are, are more challenging or an inhibitor for roll out of entering. And so at least as long as you don't have strong authentication deployed as well. Nevertheless, I think there are some very key benefits for entering and so on. There are some challenges we will talk about as more in detail, looking at some of the very concrete drivers.
So one of the, probably the most concrete drivers are at first two ones. One is too many passwords we have. And the second is that I think everyone has understood now that username password is not the best way for our syndication. If you look at all the news in Germany, we just think last week we had a use of 18 million email passwords that were stolen that were handed that ended up in the hands of, of criminal organizations. So there's a big challenge around that. And clearly there's a need to tackle this enterprise single and are not necessarily fundamentally changes it in the sense of you don't use the name password anymore. You can usually rise simple, integrated with strong authentication, but you still lead to roll out stronger syndication. But the good thing is the user does not have to manage dozens or hundreds of different passwords anymore.
So the need to keep a lot of passwords in mind or write them down and lose them, et cetera, is diminishing. And this is, I think one of the, the strengths that area, it removes inhibitors for using new applications. So it is, oh, yet outta application yet outta password stuff. This is something which becomes transparent to the user. It just accesses this new application. It's a quick one. And I think this is also very important. If you're running a large and access monitoring program, enter pricing signals an something which really provides a quick win for the users. It improves the convenience for users in everyday use. And that might be very, very important so that they feel okay, there's something going on. I see a benefit. And even that might make it well able to move, to enter pressing some on. Then there are a number of very specific scenarios, which are far better handled when using enterprise and so on.
So tier systems used by various various persons healthcare and sorry, healthcare professionals stop brokers. So think about people who have to log into a number of screens, control vendors and manufacturing environments. How can I sign onto a number of screens and with, with the signals and on how can I speed up these things? Cetera. So there, there really is a significant number of scenarios here, enterprise on the other thing is, should it, that it can be a very valuable project in your IM program? Is it the ideal industry project in this program? There's some, some arguments pro and come. So yes, from the perspective, it's a quick start, non-intrusive lean project at least lean in. If you compare it to other areas file and, and access management. So it's something which is done right. As simple you can learn who uses which applications you should ensure that you have discuss those agreed on this with your workers' council that are about something you can do if done, right.
It increases not only usability, but he also can increase security. On the other hand, it's not necessarily the initial project. It can make sense at any point of time, if you don't have strong indication in place, it's a challenge because then you're ending up in the discussion of, do I create sort of the golden password because I only have one username password combination, or is it still better? Because people are, are able to, to use one strong password and to keep it in mind one strong password, but they're not able to keep in mind that's or hundreds of strong passwords for various applications. So this is an interesting discussion. I think there's not a single right answer in that, but something you might consider here and clearly there's the argument enterprise single on. Why should I do that? I can't do it better strategically Federation, etcetera, but then you end up with all these other arguments.
So how long does it take to roll out Federation? How complex is it to do for everything, etc? Right. So enterprise is an sort of this quick win. So usually that really helps you, and that will provide a benefit for a long time. You might also consider combining enterprise singles, an Analyst underwriter, I am technology, or, or use things. So if you look at the privilege management tools, so tools for, for managing shared accounts, route etcetera, and all that type of stuff, they increasingly commonly have some privilege signals around capability to provide a single set onto various privileged and or shared accounts. Some of them might be better for that specific use case, but your enterprise singles an on might serve well as a starting point on that to put a little bit more protection control on the use of these accounts. Also with the auditing capabilities, understanding who has used, which account when, because you then sort of personalize the use of shared accounts because Mr.
Rex locks in and then he use singles and on and uses another account. So you can practice even here you're better than without any of these technologies. So it might influence your privilege management. You might integrate it with web singles and on. So having one token, one integrated approach, which allows you to either go through the enterprise singles, sign on all the web singles and on, depending on the applications of the backend, where you come from, depending on the device, whether you are in the organization or not, some of the vendors have rising good implementations right now, integrations between web single sun on enterprise single sun on, and clearly there's also the integration to your provisioning and your user management. So that's something I will touch on the next slide, but potentially an increasing number of tools of supporting this. You can identify who has accessed which applications. So you can learn. Who's really using which applications which helps you then and, and optimizing your licensing, which helps you in setting up your provisioning, processes, cetera, identifying who really needs what optimizing your roles, whatever you need. So what are success factors for successful enterprise single center projects? I think the first thing is it's important to understand the opportunity. So where is this technology did and where are the limitations?
It's a tactical solution. However one will be pretty sustainable. It's something without strong location where you have to be really careful. And this is where you need to define your security requirements and advance to balance. Yeah, it's, it's about understanding that at the end of the day. And it might also be that you say, okay, I have a few applications, very high security risks, which I won't integrate for, for some reasons, as long as you have better authentication than another user user and password for them, this is clearly a good idea. If not, you should keep carefully think about, is it better to have one really strong username, password combination, or a lot of media crew. Once you need to talk with the workers council, if you plan to collect data on application access or other groups in parties and you're organization, and you should ensure that relevant applications are onboarded from the very beginning.
So make the life for the user simple, but this is something usually, which is usually done RA so well, RA simple, as I've said, tactical from a tactical perspective, enterprises, not as strategic solution in the sense of it really solves the challenge of single on from, from scratch. It's a patch if you want, but that case is something I, I, I consider has a positive and relevant because it really helps you with a, a business problem. There was a channel for the users, and then we go back to the year, 2000 and have, and remember how many applications from the seventies had arrived the year 2000. It's very clear. There will be for a very long time, there will be applications which do not support Federation or so it helps strive non intrusively. It makes the life very user easier. Strategically seen as about identity Federation.
That's the strategic strategy, but it requires support at the application level might require changes at the application level. And within a foreseeable period of time, we will not have a full, complete out of the box Federation support. So ideally you have a sort of a two-fold strategy, more saying, okay, enterprise Analyst makes life the users easier rest of now. And then we move forward towards IDC Federation. You might have other approaches in place anyway, such as web access management, etcetera, but these are the sort of the two major directions. And from that perspective, there is to answer the, sort of the, the title question of the webinar. Yes, there is still a need for press single and there's a value in, so looking at some of the key capabilities, some of the aspects look at as secure credentials, clearly it's very important that credentials are managed in a secure way.
It's very reverse to look at the support where for specific use cases, cases such as keyest mode, fast user switching. So if you think about nurses using the same desktop computer, they need to be able to switch very fast between the various user accounts, unlocking multiple systems, etcetera, the configuration of applications. So how many are pre how easier or complex is it to configure is, does do, does the product use a graphical user interface or a strip, whatever can you manage all these things centrally? What about roaming and mobile users mean these days of ever growing mobility? Are they integrated with ING cell and without anti provisioning? So there have various factors. And as I've said, Cola is doing what we call the leadership compass, which is our, our approach on comparing products in a particular market segment.
And what I have on was in the next slide are, are some of the, the results of the leadership com enter pressing. And so on the thing I have to say first is as every of these comparison, it's not that you should just pick the vendor, which is right. Most it's about understanding new specific requirements and then mapping vendors. It might help you selecting vendors for shortness, but even there, there might be arguments saying, okay, I go for a regional vendor because I have a better feeling there, et cetera. We have various types of leaders. So we have a market leader overall leader. So the overall leader sort of combination market leaders is about the customers, the ecosystem, the regional, or the global presence, etcetera. We have the innovation leaders, so who are best and, and driving forward innovation have the most innovative features. Etcetera.
We have to product leaders. When we look at the sort of the standard capabilities of today, which renders our best in that area. But as I've said, it's not only about looking at these charts and saying, okay, I take the one most to the right. It might be the one who does not fit at all to you. It might be someone from the other side. So I start with the market leaders and we have looked at a number of vendors and some decline participation for rare, various reasons. But, but we have, I think at least most of the relevant players in these charts and it shows that they are, there are a lot of companies competing for the market with some products and significant market share. The smaller ones are more to the left and small doesn't mean bad. And I think this becomes more clear when we look at the product leaders because sort of competition is even, even tighter, even closer here with a number of companies who are in the leader segment.
Most of them, in fact, this is a clear sign of a very mature market, which is I think a very positive sign because it means this market is, is one where the vendors are, are doing their job for a long period of time. They have experience, they have dealt with a lot of customer problems. They are in fact, when they're innovating their focusing on very specific and new issues, but also they are all good in what they, what these new issues affect. So this is really another area which shows the maturity. So most of our leadership compass are, are, are showing a far broader distribution of the vendors from the followers, which are really trust entering the market or, or, or at a very low level to the challenges and leaders, enterprise singles on Analyst, almost probably the most mature single market segment within the identity access management market space, maybe side of the directory service market.
When you look at the overall, we still see a number of overall leaders. The ones more to the left usually are more to the left because they are relatively small. They have a lower market share, but they also might be an excellent pick. Also, depending on the region or on the type of products you have chooses forever more from focused, more on the administrative tools coming from that at ice print in the Asian market, the French American French speaking countries. So there, there various arguments and a number of vendors in here, but it gives you an impression. We are talking about a pretty mature market. It also means that most of of the vendors are in, in, so we do some other metrics. In that case, we compare the strengths and products and the market leadership. And in that case, it shows that most of the vendors fall on the category of the market leaders.
Some are what we call strong potential. So pretty good products, which are not market leading from a market share yet, but which have good potential here. There are, in that case, no specialists or specialists are usually vendors that have a very focused product functionality, etcetera. We don't have them here. We don't also have market performers or products, which are not extremely good, but have, have a good market share. So this is really a little bit different than other market segments here it's even shows even more in the product innovation metrics. So all of them are in the technology leader space. So they are not the me toos. We frequently see market segments, which are winners that, that are just copying what others have. We don't have the innovators, which are very innovative, but are lacking a lot of features. So this is really a sort of a very, very, very crowd, not extremely crowded, so that many vendors, but a very tight from a competition perspective, a market segment, which reduces your risk and, and the smaller ones in fact, sort of fall to our category of hidden GS. So again, here, it shows the view of a pretty mature market. This entire report is available for, for purchase at our website. So could be a call com reports. So various leadership, C lot of other reports, but basically this gives the impression of, of where this market is. So what we really have is here, the enterprise single market is a very mature market with a number of interest, a number of mature offerings, interesting and strong offerings.
We see a need for enterprise and on. So I'm definitely convinced that enterprise single on is an interesting market segment. And I think it's worse even for more mature organizations and not anti access management to look at it because it helps making your users happy. And if you combine it with stronger education, with some form of strongness occasion, it's more or less ideal. So this, this sort of my first part of the agenda, what I wanted to present to you right now, I'm open to take questions. So if you have any questions, just ask these questions so that I can pick them the first ones here. So I will start answering the questions. If you have any further questions, don't hesitate to enter them the go to webinar control panel so that I can pick these questions. And the first question is more an organizational one how to download the slides.
If you go to premier call.com/event and to the past webinars. So then pick the one today, which will be a past webinar tomorrow. Then you will have the ability to pick the slides there and download them. The second question I have here is do you see UTF or Fido? I think Fido is, is probably more well known. You will find a lot of block posts around the Fido Alliance at our website. Do you feel Fido is that are up late to this field strongly, which is a pretty new approach. So the idea behind this is saying, I have a client, this client has a, so it might be for instance, a smartphone. It has a fi client component, and it has support for some form of strongest indication, for instance, fight fingerprint. And it then provides that authentication information together with sort of some identity information to an application supporting that standard. So example is the Samsung galaxy as five together with PayPal, where you can use the fingerprint authentication there potentially you then can use the same strongest indication for a number of sites.
It will, from my perspective, it will influence the single sun on field, but it will not that much influence the enterprise single sun on field. So it's more, if you look at the, how do you securely look into cloud applications, especially consumer facing, but not only there, I really see that this is a, a very good technology to use their definitely a strong potential. It will be interesting to see how, how things evolve, but potentially there's, there's definitely a potential here for the enterprise space. I do not see that much as of now, it might change over time, but, but even there, it's more about the mobile users accessing. Maybe we'll see it in combination with some of the mobile clients, even so women see maybe not directly against enterprise single and so on, but it has a clear potential to impact single and on, and especially replacing such social social logins, which have a lot of sort of negative effects. And I have blocked about it. So if you look@myblock.com or blog.dot com, I recently blocked about social logins. I have blocked about the final Alliance several times, have a look at that things. Second question I have here in general, do enterprise single products have versatile and adaptive authentication capabilities.
So the question behind this, so adaptive authentication or versatile authentication means versatile. In fact, first of all means I can use different types of authentication technologies adaptive means or what we call risk contact contact space means depending on, on who is accessing, they are allowing specific access to applications or not, or requests scenario authentication for the first thing versus the tool of usually all these tools support the number of various strong authentication technologies. So versatility, I would say yes for the risk and context based part tendency. No. So it's more this, if you can authenticate to authenticate to this applications you're done. So there might be some, some sort of lower level adaptiveness and ossification, but it's not a primary ability, but when it comes to versatility, most of these products have a, a pretty good support for such technologies. Given that they're a client based, they usually are focusing on supporting things really from the client perspective. So it's not that much about integration with other types of versatile adaptive authentication platforms.
Then there's a question what types of strong authentication work well with the easy notion of ESS O? Yeah. So if you want to have easy and quick win and, and you want to have strong indication, things are getting a little bit more complex because when you look at strong indication, it might be then more about rolling out about logistics, part about associate cost, cetera. And then, then it's not that easy from not that that much a quick win anymore. One thing clearly you can do, and we can discuss this is strong O or not. It's really moving to very far, far stronger passwords, etcetera. But I wouldn't say that that this is really strong, authentication over time. I think we will see a tendency towards integrated, for instance, fingerprint, really other stuff. We are seeing more, more in smartphone side today, but it might happen other areas side of that simply use B token based smart card stuff, et cetera.
So might be an option you can use here depending on your scenarios, what you have, etcetera. So this is not a simple question to answer probably at the end of the day. Depends on the, the specific use case of your organization. What do you already have? What can you deploy? Which hardwares used, etcetera, etcetera. Another question I have here, do I have to select an enterprise single on, on product from a vendor that also sells management solution? Or can I select product from different vendors? Simple answer. You can select products from different vendors. So you can say, okay, I use product a for enterprise singles and on from that vendor, especially due to the sort of non-intrusive nature of enterprise single salon, this ISAs as simple and straightforward to do so you, you're not required to use the same, the product from the same window. So this is, as I've said, we have a lot of research in that space. We have some far more research around, stronger indication. Other topics, have a look at call.com/research. I'd be happy to see at our upcoming European identity and cloud conference. I've mentioned this before. So if there are no further questions, then it's up to me to thank you for participating in this group. Call webinars. Thank you for your time. Hope to see you in Munich. There are a number of other upcoming webinars. Hope to have you in one of these webinars. Again, thank you for your time. And if there are any specific questions, don't hesitate to get in touch with us. Thank you. Bye.
