Good morning. Good afternoon. Good evening to you wherever you happen to be ladies and gentlemen, and welcome to today's webinar, external IM, and your CRM, a winning combination. I'm Dave Kerns. I'm a senior Analyst for cope your Cole, and I'll be joined today by Kimberly Johnson, the director of product marketing for IAM at global sign and Charles Sader home, the business development director at global sign. Just for those listeners who may not be familiar with your company, Kim, perhaps you could tell us just a little bit about global sign.
Sure. Dave, thanks so much. So global sign is a leading identity services provider. We're founded in 1996, have eight global offices, three research and development centers, and a strong network of about 5,000 active partners. Our products that we offer is traditional digital certificate solutions. I am and very strong interest in the internet of everything or IE about 300,000 companies interact with global science IAM solutions and about 4.7 million user authentications monthly. And of course you can find out more@globalsign.com.
Well, thank you very much, Kim. And we'll be back to you shortly, for those of you not familiar with my company. KuppingerCole is a global Analyst company headquartered in Europe, focusing on information security and identity and access management or IAM. We further specialize in governance, risk management and compliance over GRC. Our Analyst are experienced in deriving corporate value from securing and maintaining information security and privacy across cloud mobile and social computing platforms, Cola organizes conferences, workshops, and webcasts, such as the one today in the fields of information security. I am in the cloud, the European identity and cloud conference, which is coming up the first week in may is Europe's leading event for thought leadership and best practice in identity and access cloud and digital risk. Before we get started a few guidelines for today's webinar, you will be muted centrally. You don't have to worry about muting or unmuting yourself or making odd noises. We control the mute unmute feature. The webinar will be recorded. The podcast recording will be available tomorrow and all attendees will get an email to the registered email address, telling them when it's available and instructions on how to retrieve it. We hope you will share it with your colleagues. You can ask questions using the question and answer tool at any time in the go to webinar box. That should be on your screen.
We will have a Q and a session at the end of the day, but if appropriate, we will pick up questions during the presentations and answer them right away, especially if there's something that needs to be clarified or that you're not sure about. Today's webinar is going to be in two parts. First, I look at IAM identity and access management and how we got from there to Iram identity relationship, access management. In a session I call the unified field theory of identity relationships and access management catch you name that next Kimberly and Charles will focus on the present day and the easy way to control external user management within your IAM structure. Following that, as I said, we'll take your questions as time permits. And so to begin once upon a time, many years ago, when I was a corporate it director, the typical way I learned about a new hire was when that new hire showed up in my office, doorway introduced himself solved and requested new hardware and new software and access to the corporate systems.
I then have to contact that person, supervisor, perhaps even the supervisor, supervisor, the various owners or the corporate resources, the facilities, people in case cable runs were needed. The purchasing department in case new hardware was needed and probably others. It might be a week or more before that new person had all of the tools they needed to become productive. I decided there must be a better way. So I wrote a little hook into the HR system, which when a new hire was entered, popped up a form where the new hire's name, job title, supervisor dislocation and start date were populated and then verified by the HR entry clerk. That form was emailed to me and I could start the process of getting the new, hire all the tools they needed so they could hit the ground running on their first store. Well, maybe their third day, but life was good, not great, but good.
Some years later after I'd left the corporate life or the glamorous, well, no, not really. Life of an Analyst. I was strolling through startup city at network world plus IOP in Atlanta, Georgia, and stumbled across a new company. Business layers, touting a brand new service genre called E provision wear. I was intrigued. I had a few minutes to kill. I asked some questions. I stayed, I fell in love. Here was the application that could finally bring directory services and identity management into the mainstream. This was the killer app that got the whole IAM revolution started those of us. Well, both of us who covered identity issues at the time were ecstatic. Here was the application that would answer our prayers for an automated provisioning solution.
We should have paid a little more attention to that first release though, which was called E provision employee, but the good people at business layers promised me that another version for non-employees was promised sometime down the road, it was going to be a long and twisted road while provisioning new employees. And sometimes even new contractors can be easily handled by links from your HR system to your internal IAM system and while moves. And even separations can also be easily automated with all of the safeguards, such as segregation of duties or entitlement increasing, et cetera, that we need built in the same. Can't be said for those not getting a paycheck from the organization, vendors, partners, collaborators, and especially customers are all outside. That system major challenges began to arise when you need to manage large volumes of external user identities and their access to your extranets, your portals and your e-services.
The success of your business depends upon the ease with which your customers and potential customers can access the services. They need providing a positive user experience and reducing the burden on the customer support staff. So where do we start to get that same control on these folks as we have on employees, one such place to look is your customer relationship management system preceding Iams introduction by a decade or so is a way to gather collate organize act on information about an organization's customers and potential customers. Customer relationship management was initially an automated Rolodex coupled with a spreadsheet. It bears a relationship to today's CRM, much as my email provisioning system bears a relationship to today's IAM. This was a far cry from today's big data analytical engines, which can slice and dice the wants and needs of your marketing targets in a different ways. Just this month, for example, Amazon announced the Amazon machine learning service, a commercial version of its recommendation engine, which should help marketing departments focus even better on what the market wants, but to remind you what it was like back in the day, a potential customer would go to a trade show
And wander up and down the aisles and become glassy-eyed and be staring at your booth and really not seeing anything. So you stepped up the glitz and glamor to entice that customer into your booth. And sure enough, he'd stop in at that point, a salesman would take his business card or how modern scan the person's name, badge or credentials at the end of the show, the business card. So the scan database would go back to the company where a clerk would enter the data into the CRM and hopefully spell everything correctly and get the numbers right, and not transpose them. So that the phone number didn't work or the email address didn't work later, possibly weeks later, the customer would be contacted. But by then, they may have struck a deal with your competition or even forgotten what it was that interested them. They'd be confused about who you were, the message would be unclear or unsure if those numbers had been transposed, you might be lost. And certainly that customer would be perplexed while gathering the names of prospects at industry trade shows is still an important source of future customers. More and more. We rely on a web Porwal as the point of first contact and the place we can gather information for our target market, no matter what platform they are on or where they might happen to be,
Or when the mood might strike them to take a look.
But that web Porwal is also an ideal place to gather information about partners, vendors, collaborators, and even telecommuting contractors. It's not the same web Porwal perhaps, but one designed specifically for a particular group with the right forms and questions to gather the necessary data in order to populate the identity system so that the right people can get the correct access to the proper resources at the right time. Even better though, would be, if those externals could have a simplified sign on solution to access your resources by forging a Federation between your enterprise and the organizations you partner with their own corporate credentials might be used to access your resources with a federated approach. There's no need for you to track their employees when their own systems will do it for you. How neat is that beyond that we can use what's called social login or in modern parlance by O I bring your own identity.
That is to say, we could use Facebook login or Google login, which is in effect also a federated system whereby the person coming in authenticates to Facebook and then is allowed into our system. And at that time we can request the particular information that we need in order to judge which resources they should have access to. We can also gather other information about them, but in a way that's privacy preserving and allows that user to only share with us the information that they want to share still. Well, it's nice to have ways to handle the identity needs of your employees, your partners, your customers, contractors, vendors, everyone else needing access to your resources, unless you can integrate the siloed systems. There's a real danger of things falling through the cracks or even worse of malware merchants creeping in through those cracks. But that's a topic for another webinar.
That's where identity relationship access management comes in a unified system to ensure that the right people get the necessary access to the proper resources at the right time. Today's I am provisioning systems are robust, mature, well designed methods for creating and populating accounts for your employees, but also for those who can be automatically fed into that system, what we really need are the right hooks and funnels to bring data from those other systems in to create own IRA system. You could cobble something together on your own, I guess, as I did with my email based provisioning system so many years ago, but it was rather creaky and prone to failures and places where people could drop through the cracks, or you could find someone that's already solved most of the puzzles, but can still put you in control of all the access, your horses, I'm sorry of all the access that your resources can handle resulting in more efficient employees and partners and more satisfied customers. That sounds like a recipe for success to me now to bring us up to the modern day, I'm going to turn the microphone over to Kimberly Johnson and Charles Sater home who have the low down on easy external user management solutions. Kim, take it on.
Thanks, Dave. That was an excellent introduction. I can't promise my graphics will be as fun, but I definitely will jump right into it. Let me just switch to this presentation. So like I said, excellent introduction into the topic. I'm gonna set this stage a little bit more as well as it's important to understand there definitely key differences between internal and external identities that we're talking about. When you look at internal IAM, which is for users, such as employees, we're talking about increased productivity, internal efficiency, and compliance to corporate security policies, managing the identities is something you can do with active directory and then managed by internal systems such as the HR system. However, the same approach is not suitable for external identities, including your customers and partners, convenience, improved customer acquisition and outsource management are all key goals, which an internal system and active directory just cannot support.
So similar to how active directory is a great platform for your internal users. Your CRM is your repository for external users and can be leveraged for your external IM strategy when paired with a strong IM solution. So let's take a closer look at the challenges of managing these external users. So without a strong external IM solution, incorporating your CRM, there are multiple identity repositories to manage. It's causes inconvenience for users who end up also having to manage multiple credentials. Also multiple credentials are necessary because users are not able to leverage their existing corporate or social identities. This means that your service creates another username and password to remember on the already long list of, excuse me, already long list that each user has to remember. So without self-service your customer service desk is also in the middle spending valuable time and money on onboarding customers, which lengthens the process of for users and creates a difficult user experience. Once those customers are provided with access, being able to manage authorization and their identity lifecycle is extremely difficult. If not impossible. This also opens the door to security risks, especially those from orphan corporate accounts.
So on top of the external IM needs, the CRM has specific importance to the external user management you're trying to achieve it truly is the greatest source of external user data. And often the lifeline of the business, the CRM contract between you and your customer can be used as an indication of a trusted relationship and a starting point for the customer identity. So by leveraging these CRM contracts, each customer should be given convenient access to the online services that you are offering them through self-service and automation. The ability to leverage your CRM is essential to a successful external IM implementation.
So integrating both your external IM and your CRM, as we've mentioned is a winning combination. The integration will link the identity life cycle to the CRM contract life cycle. You can now empower your external users to manage their own identities. The customer acquisition and support costs are reduced. The time it takes to convert a lead to a paying customer can also be minimized your sales and marketing teams can now work off accurate data and increase their efficiency. The customer user experience will be improved with better convenience and usability, and finally, external identities such as social and corporate identities can be used for user driven Federation. So for the rest of the presentation, let's take a look at the integration and the different functions and benefits it provides.
So the process to integrate your CRM to an external IAM solution is straightforward and leverages restful APIs, APIs, excuse me, most modern CRM systems, such as Salesforce, Microsoft dynamics have extensive APIs to facilitate the integration of third party products or solutions. These a APIs allow several ways to manipulate the data stored within the CRM, but for IM integration purposes, the need for extensive API usage or integration really isn't necessary making the integration easy, quick and effortless. Now that you have the integration established, let's take a deeper look at the functions that are available once it's complete.
So the first function is the ability for the customer to be invited, to use the online service directly from the CRM interface, either by sales, marketing, or customer service. This is done simply by a click of the button directly in the CRM interface, which will then send the customer a self-registration email. You can see on the screen here, the screenshot is showing the button within Microsoft dynamics, by being able to invite the customer directly from the CRM. It's easy for sales to convert leads to paying customers and give them access to the services available to them. Also, cuz this is done through the CRM and no new interfaces are being introduced, allowing sales to easily complete this action through the interface that they are familiar with cost savings and sales and customer service through these invitations are huge for your business.
So after being invited to use the external services, your customer would need to register as a user of the service. Normally this would be a very manual process, require extensive approval from the customer service desk. However, with IM and your CRM, the user can perform a self-registration which streamlines this mute customer acquisition with the CRM integration, the registration can check the information entered against the CRM and tie the identity life cycle. So the CRM contract life cycle, once again, this removes a lot of the cost and time spent by the customer service desk to complete the customer acquisition also critical to the external user management is the user experience by allowing users to go through a simple self-registration the user experience is significantly improved.
So one of the more important aspects, and I've mentioned it a couple times now is being able to link the CRM contract life cycle to the identity life cycle. This allows you to actually grant or deny access based on the existing CRM contracts a customer has. So for example, if a customer has an active contract for a certain product, then they can be allowed to only access online services related to that specific product. Similarly, when the contract expires and they're no longer a customer, all access can be denied. This is important. As many times orphaned accounts can be a security concern. This functionality provides appropriate access to each external user and keeps these two pieces of external user management in sync.
So one of the concerns is how to manage external users and more importantly, their roles or what they have access to often. This is a task that can also be time consuming and costly for you to manage delegated. Role management allows you to delegate the management of your customer's users and their roles to an administrator or designated manager from the customer organization. For example, your customer can have their HR manager administer user access to the company retirement plan. They can then invite, add, or remove users and set the appropriate roles for them. This allows for easy role management and role mapping between business roles and application roles. And even more importantly removes the role and user management responsibility from your customer service and sales teams.
So one of the additional functions of integrating your CRM is the possibility to keep your CRM information up to date. So on average, a CRM installation has 30% of outdated, incorrect or corrupt data about customers. This is quite understandable in normal CRM installations. When your organization doesn't really have visibility into what's happening with your customers. So when you give more control to your customer during the self-registration process, this information can be provided and the accuracy of the CRM data can be improved during the self-registration process, the customer can update information, which is then verified by email, as shown here or phone or identity information. So with more accurate CRM data, your sales and marketing can target the correct customers with accurate information, which has been seen to increase their efficiency by 20 to 40%.
Now let's take a look at the whole external IM picture, along with the CRM functionality we just covered. It's important to remember some of the other pieces that an external IM solution should have by implementing IM you have the ability to provide all the necessary functionality that you would need to manage external users. Some which are highlighted in this diagram include single sign on and providing your users with convenient authentication and allowing federated log on using social and organizational credentials, such as Facebook or office 365, even though the customer experience is extremely important. Don't forget. Making sure security is maintained is also important. A complete external IM solution will also provide stronger and step up authentication. Finally, role-based access control is implemented to translate application roles to business roles and allow for fine grained access control.
So now that you've seen what functionality we have with the external IM and your CRM, let's take a look at how to avoid some common mistake of making it complex and time consuming. It is key to keep it easy to implement. So what would an easy solution look like? The key is to have the solution be deployed in weeks and on a fixed time and budget. You achieve this by leveraging preconfigured workflows for self-service such as the steps a customer will take to complete a self-registration. This saves a lot of customization and drawn out planning cycles. As mentioned, integrating the CRM can allow for easy onboarding and customer acquisition. The solution should also include SSO and Federation to address all access requirements and delegated role administration. Finally, an easy solution should give you the flexibility of being able to deploy this either on premise or in the cloud, depending on your environment.
So here you can see the comparison of the traditional time consuming, customized IM solution and an easy IM implementation. So with these preconfigured self-service workflows, you can save time and really cut down the project from months to weeks overall, keeping your IM implementation easy and simple allows you to save on cost and offer services to your customers that much faster. So F about features and benefits. We're gonna look at a real customer example. So with 3 million customers and 80,000 corporate customers, DNA is Finland's largest cable operator. And the third largest mobile operator DNA was looking to strengthen its position in the corporate segment with better customer service. They used the information from their CRM to assist in the automatic provisioning of the customer accounts and often, and after implementing their external IM solution had a large cost and time savings and was able to reduce the time to onboard a customer from 45 minutes down to two minutes, DNA launched their, my company online service in 2013, allowing business customers to view and manage the services provided to their active contracts.
They can manage their own contracts and invoicing from this Porwal corporate customers can manage their accounts and services around the clock, minimizing the need to contact DNA customer service, trusted customer administrators and or managers can manage the organization users. In addition to customer service and assign rights to provided services, even outside their organization. This means that DNA and DNA's corporate customers have realtime visibility into who has access to what services also, the good news is for more detailed presentation directly from DNA themselves about the solution. You can see them present at cooking or Kohl's European identity and cloud conference and Munich on May 7th.
So in conclusion, I'd really like to highlight the title of this webinar and highlight some key points to remember by integrating your CRM. And I am, you can drive business forward and help gain control of your external users by using automation and self-service functionality. You're gonna reduce time and cost associated with managing these identities, linking your CRM contract life cycle and identity life cycle allows you to provide the appropriate access to the appropriate users and prevent security risk associated with orphan accounts, sales and marketing also feel the benefit of this integration. As they're able to invite users from the CRM interface they're familiar with and leverage the up-to-date CRM data that comes from the user's. Self-registration finally remember, keep it easy implementing this type of solution. Doesn't have to be a long drawn out process by using preconfigured self-service workflows and the CRM integration. You can easily take a project that would normally take months and have it up and running in weeks, realizing the benefits that much faster. So Dave, that is my overview of the current day and how to use your CRM and external IM. And I will hand it back over to you for the Q and a session.
Thank you, Kim. One thing I would really like to point out there that impresses me as a security Analyst is the fact that you have deprovisioning built in so that you can decouple those accounts. When the CRM contract runs up too often, as you say, we let these things just go on forever and ever leading to a bunch of, or accounts leading to security problems, somewhere down the road. Now I'll invite our audience to enter their questions into the go to webinar bar. We have some things already, but you know, this is the time that you should put some in and Kim and possibly Charles will jump in and, and give you the right answers. So the first question is when the CRM is integrated with the external IAM solution, is it used as the main directory for user identities? The same as say active directory is for internal users, Kim, Charles.
Yep. So I'll actually let Charles answer that.
Okay.
Yep. I can answer that. Thanks. Yeah. So yeah, we, the CRM is, is actually not used as the only single repository, but it's sort of an addition to, to, to the setup. So for instance, we use the customer ID database product that we as the database for the external identities. So, so there we check the, the access permissions against the CRM contract information and in the CRM. And then we can check information during the session red one as well and during the life cycle as well. Of course.
Okay. That makes sense. Next question up when you say that you need to keep the IM implementation simple or rather when you say that to keep the implementation simple, I should be using workflows. So what do you mean by that?
Oh, what we mean? I mean that instead of going into a long, very long possibly process of, of before you haven't ever come to any, any real benefits along that process, you should start have a look at the, the, all the really readily available workflows that are part of, part of the package. And so you can have a more rapid deployment scheme and, and reach, reach the benefits sooner, and that doesn't prevent you from them continuing after that. And, but, but you are sort of get a quicker pass to the target and to the goals where you want to be
Service
Workflows.
Okay, good. Okay. Another question we have here, are there any privacy considerations when using social login such as Facebook?
Yeah, well obviously in the security market, we are aware of the, the, the, the issues with, with the social login and other external resources of identity and using that. So you should be cautious of course, but what we can then provide is a capability to, to strengthen that, that identity you combine that can combine that identity. Also, we call it step up authentication. So you can combine that with, you know, identify the user with other means as well. And, and, and then you can offer that identity and enter that identity into the, that more trusted identity into the, into the system. For instance, our certificate authentication can be successfully combined with, with the Facebook login, for instance. So you, you then can be sure that this is really who this person is claims to be. So that's a special feature you can, you can deploy.
Okay. Follow up on that. How is the mapping done when using the social login? What if there's a mismatch? How do you ensure it is matched correctly? So I assume you do that by using a step up authentication, correct? Yep.
That's exactly a step of authentication and you can also provide, or we can provide different means of vetting that, that identity as well.
Okay, good. Well, we wait and see if there are any more questions coming in, remind our audience that the recording of this webinar will be available most likely early tomorrow. And you'll get an email telling you about that. Remind you also that we will all be present in Munich in two weeks for the European identity conference, global sign will be doing a presentation there, and you'll be able to find out more and ask more questions at that time. And of course I will be there and you can find out more from me, but it looks like we've run out of questions. So at this point, I would just like to thank all of you for coming today for listening to our presentations, for submitting your questions and hopefully for enjoying yourselves, a big thank you to Kim and Charles for their great presentation. Remember to be sure and pick up a copy of the podcast tomorrow and share it with all of your colleagues. And with that, we'll say good day and wish you the best of the rest of the day for yourself.
