Webinar Recording

Four Key Components Critical to the Future of Privileged Access Management

Log in and watch the full video!

Privileged Access Management (PAM) has assumed a critical role in protecting the most valuable data and services within organizations from theft, loss, and unauthorized access. But as companies and other organizations have become more complex and embrace digital transformation, PAM is also taking on a core operational function to achieve better insight into data usage and contribute to agile working processes.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Hello and good afternoon or good evening, depending on where you are listening in from welcome to this latest webinar from KuppingerCole. My name is Paul Fisher. I'm a senior Analyst with the company today. Our webinar is supported by manage engine, which is a division, a division of Zoho corporation. And I'm also delighted to be joined by G who is a product expert with manage engine. And our theme for today is privilege access management and more particularly four key components that we believe are critical to the future of.
So just before we get started just a few announcements about some upcoming Cola events, we have our new digital Casey live events, which provide high level content, world class speakers, and they're all online only, and even better there for free next week. Actually, no August the sixth that's this week is the future of digital identity and that's happening between 12 and six Eastern central Europe time. And then we have August 20th, advanced privilege access management, and a new trends within that, which is probably something of interest to people that have dialed in today for this webinar. And that's happening also on, in between 10 and four in European time. And then on September the third, the three fundamentals to enterprise identity success identity is increasingly are central to virtually everything we do in our organizations. And that's on September 3rd, between 12 and six central European time.
So three events for Yaari. And as I said, they're online and free as for today. Just a few housekeeping notes. You are muted centrally, so you don't need to mute or unmute yourself. There will be a recording of the webinar, and this will be available very shortly after today. And we'll also provide the slide decks, download to registered users. And of course you can forward the recording to any of your colleagues. Question answers. We'll take those at the end of the webinar, that's right at the end, but you can enter your questions at any time using the go-to webinar control panel, which you'll see on your right and we'll pick those up at the end.
So today here's the agenda. I'll be talking a little bit about Cuba jet and DevOps and task based access and how they're gonna play a key role in keeping digital organizations more secure and more competitive in the future. And then GNE will take over after about 20 minutes. And he'll go into a little bit more detail about how manage engine solution is gonna address some of these core requirements and the evolving needs for just in time provisioning, user and entity behavior analytics. So that's our lineup for today. And again, as I said, there'll be time for questions and answers at the end. So without further ado, let's have a set of scene. And this is a slide that I use to basically outline the new business and security landscape that most organizations are facing in the world today. And even more so where since the virtual global lockdown, when so many people are working at home and how that has added to the challenges of being secure when working remotely.
So in terms of their business technologies cloud, the world is still gradually moving to cloud. There are still some laggards in some industries. For example, some manufacturing sectors are still further behind deploying in the cloud and say perhaps more forward thinking places such as it itself and financial services. But cloud is definitely brings in many, many challenges, security challenges. And with, as I said, the move to more mobile working, all of which is likely to be accessed from the cloud, securing the cloud and securing how we identified people accessing the cloud is becoming more of a challenge within that. We're seeing the rise of virtual machines. Again, virtual machines or virtualization is not new, but it is gradually being adopted, increasingly found to be in more organizations. And then we see hybrid architecture where we have legacy applications, leg, legacy infrastructure, working with much more up to date infrastructure, such as the cloud and virtual machines, which means that sometimes we have legacy apps, which just don't click very well with the new legacy, sorry, with, with the new architectures.
And again, that can provide a security challenge and an identity challenge. We're seeing changes in the way stuff is done. We're seeing the grace of DevOps, the continuous development of software and continuous in implementation, which means that both within organizations and externally where customers are demanding better and faster product updates, and therefore within companies, people management is trying to respond to that. And one way that they're doing that is through things like DevOps. And of course, containerization automation, AI machine learning are all adding into the mix. And finally, we have internet things which is affecting again, categor, such as distribution manufacturing, where internet things is becoming more and more common where in edge devices and intelligent devices are being used to, for example, control the, to use a very fundamental example, heating and ventilation, for example, in a plant. And all of these things at some point are access and again, cyber criminals or those that wish to try and steal data.
Will you see all of these things as an opportunity to gain access? So our business processes are changing, not the least mobile working again, COVID 19 has seen probably the biggest shift in the way that we work in, in decades. And many people think that we will never go back to where we were and that many people will continue to work at home or continue to work remotely. At least for some of the days of the working week, we're seeing stricter and strict compliance laws come in. We've had already had GDPR in the Europe, in Europe, we've got the California privacy laws also being implemented. We should probably see similar laws in the Pacific regions and the middle east, et cetera. So GDP compliance is, is a global trend where people are, and, or governments are taking particularly personal data and personal privacy. A lot more seriously in terms of businesses themselves.
Customers are now being granted access through such means as social media, but in other ways, two vendors, third party vendors are also gaining access to the infrastructure. And as already mentioned, agile development in the form of DevOps is increasing as is collaborative working. Another thing that people have got used to in the last six months is working with other team members via zoom conferences, et cetera, and sharing documents online because of all this, we are seeing greater security integrations with existing technologies, such as SIM security analytics, multifactor access, single sign on customer identity, access management identity and access management. And of course, what we're talking about today, privilege access management and all companies are seeing their uptake of all those areas of security increase along with more traditional areas of security, such as firewalls and anti-malware et cetera. We've seen an increase in security processes.
Instant response has become a much more sophisticated process than it was maybe a few years ago. As organizations learn to accept that we're living in a world where at some point they will likely be breached. Therefore responding to such incidence is possibly even more important than prevention and within that becomes security management forensics so that people can understand what happened during a breach auditing and reporting is linked heavily, obviously with GDPR, sorry, with governance risk and compliance companies that do not audit and report correctly will be punished and underlying. All of this is risk management companies are having to take a much more risk, aware approach to deployment, to deployment of it systems and to investment in future it. So that's the landscape that we are sort of working around at the moment.
So within that privilege accounts, well, let's have a look at what type of accounts, what constitutes a privileged account and how they're being managed and how they might be managed and controlled by a cam solution. So we have individual accounts, vigil, privileged accounts, but increasingly because of the sheer number and growing number of users that want access to privileged accounts, these are often shared and they may not even be just human users anymore. But as we've talking about IOT and edge devices, we're seeing machines and applications that also count as privileged users and they have to be managed by a Pam solution.
It used to be the case that privilege access management or privilege accounts were only really for it users and it administrators because they were the ones that needed to have access to other people's accounts or other people's data so that they could do maintenance and also provide them with privileges themselves. However, again, as businesses changed, how we now have people in working in DevOps, et cetera, and we also have people in other lines of business, for example, finance that need access to privilege accounts, then it's no longer really a case of it versus the business. It's really just privilege accounts are becoming to use a common phrase, the new normal. And it's not a question of if you're in it, then you get a privileged account it's whether you or the thing or the application needs that.
And it's no longer just about servers and endpoints. It's again, it's about both it's about database and network devices, and it can even be L to social media. So one way that companies can for file of the law or for file of compliance is by careless use of social media accounts. And to make the account of social media account privileged is one way to prevent unauthorized access and to avoid those prevent those sort of things that we read about in newspapers when companies are embarrassed by unauthorized employee getting access to social media as has happened quite recently to that British government.
As I mentioned earlier, DevOps is now becoming rapidly becoming one of the key ways that companies not only improve their own internal systems, but improve the services and products they may offer to the public, particularly in the software domain. And so a DevOps increasingly need access to privilege accounts. And I'm sure that we'll be talking a lot more about that in a bit. It's no longer just internal it's external, and this can be right across the supply chain. As we mentioned earlier, this can, could include vendors. It, it may include contractors or temporary workers. It may even be an intern or a other kind of temporary worker, but we can no longer just think of privilege accounts of being only on the inside. They're everywhere, wherever the extended organization exists right out to the furthest in points, you will find people and things that need privilege access. Once again, it's about risk, whatever, a even if a privileged access management solution is installed, or whether it's, you are starting from scratch, cannot say more often, or with greater emphasis that a risk assessment would needs to be done before anything can be deployed, or if anything can be added to it. So, you know what the risk is about your privilege account, what the risk posture is of the whole organization.
So briefly then just some characteristics of a privileged account. They're high privileges, they're high risk. They're not in scope of ordinary in identity and access management. They often lack a life cycle management. They often lack request management. They're not always associated with a person and there's not often no any audited ability this as a, is a privileged account that it may exist now, not a privileged account in its best state or in a privileged account, as it would be in a well configured, well run, well managed privilege access management solution, but quite often businesses have privilege accounts, but they're disorganized. They're not managed. And they may even be just protected by very, very weak processes, such as username and passwords.
Why do people, why do criminals, why do nation state actors, why do they look for privilege accounts in a business? Because they often provide access to business critical systems and confidential information, the kind of information that all businesses and organizations need to keep secret. If they're to remain in business and to remain competitive intellectual property, we hear an awful lot these days about trade wars, about nations purporting to steal intellectual property from one another. But that course is something that has gone on for centuries. It's not the, a new, a new phenomenon. It's just the way that people do it has changed. And intellectual property will of course include things like blueprints for new products, corporate strategies, M and a data financial data. And of course the one number one bit of data that is sought after by criminals is customer data because they, anything that contains customer data, such as names, addresses, email addresses, password logins, all that is worth a lot on the dark web.
And that is what you often read about in most data breaches, the amount of customer records that were lost, but the other stuff happens too. It's just less well, less well publicized. And of course there is also company confidential communications, such as boards, communications, HR stuff, and legal stuff. And as we've moved to an extended organization, third party data is also gonna be found. And there is a kind of double whammy effect here because criminals know that they can access through a third party agent or a vendor to get access to the, the host organization. And the same is true of customers and social media. So that's why privilege accounts pose a risk and why they must be better protected.
So before hand over just a quick look at what I see as some of the key areas in advance Pam, and these are privilege access management for DevOps. I've spoken a lot about that. So I won't go to more, go on a bit more about that. We're seeing privilege it task based automation. So that privilege access is as well as linked to identity. It can be linked to at a more granular level by accessing by access that is specific to certain tasks and off and on wide time only just in time provisioning. We live in a weld of businesses. It's getting faster and faster, and Pam needs to keep up. Therefore we are seeing just in time provisioning so that people get the access they need extremely quickly and rapidly. And often as not these days, perhaps without using passwords and finally privilege user behavior analytics. This is becoming quite important for Pam solutions. If people, or if organizations are gonna keep track exactly of what is happening to privilege accounts. So they know who's doing what, where things might be going wrong. And of course they need such records when it comes to G GRC inquiries.
So I'm aware of time here. So I don't want to spend too much time on this, but quickly just going through that as the need, as the, as the demands on Pam change. So do the number of solutions and the type solutions out there. And I've taken three here. So we have, you know, basic Pam functionality, Pam for DevOps, and then integrated cloud Pam, all of which are things that are available now. And you can see that a basic Pam functionality is gonna have shared account password management, credential vault focus on the password, multifactor access account detection, session monitoring, recording account life cycles, application to our application culpability and anomaly detection. It probably won't have shortlived certificates and DevOps integration. And if we look in Japan for DevOps, then it changes the credential vault with focus there, prizes for the spelling area on keys and certificates. And it will also undoubtedly include application to application short lift certificates and DevOps integration.
And again, we integrated cloud pan that will have a cred credential fault. And we may have MFA for admins, account lifecycle, shortlist certificates, and DevOps integration. What is happening is that we're seeing Pam breaking slightly into in areas where we have full suites, where certain vendors will provide everything. And then we're seeing slightly more specialization at the other end of the market where you might see one vendor just decides to provide Pam for develops, or they might do a product which is cloud based. And it might be Pam as a service. And we're seeing, this is a sort of a glimpse into the future there of how, what I describe as the next generation hybrid, Pam stack may fit. And we may see some areas of Pam begin embedded right into the technology stack between applications and microservices and containers, so that the developer highlighted there in would be able to access, develop directly into Pam or Pam. I describe it and sort of bypassing the traditional Pam layer, which of course would still be there for all the other type of access requests. So that's a, a, a developing outline of how Pam may develop. And I will now hand over,
Right. Thanks for, thanks for this valuable information. I'm just gonna go ahead and share my screen. So my name is GNE and I've been with manage engine for the past 14 years. So just to give a quick introduction about manage engine, our company name is Zoho corporation, and we have three different brands under the title Zoho. We build on cloud SA solutions for business collaboration and productivity under the title managed engine. We build on-premise it management software solutions. And under the titles, we build enterprise IOT management platforms and projects. So the Pam solution that we're gonna look at today is part of our manage engines. It security solutions. So we have more than 18 years of expertise in building these it management solutions. And we have a global presence in over one 90 plus countries, and we also have a pretty big portfolio of products more than 90 plus point products.
So we have everything from it, service management, operations management, endpoint management, and it security management, and also advanced analytics solutions. So we basically started our Pam journey in 2007. So our team needed a secured place where we could store our own sensitive credentials and keys and things of that nature. So we built a simple vault that our teams could use in house, and that's where our Pam journey began. And over the years, we started adding more capabilities to make our P solution unified suite. So just last year we added the anomaly detection and advanced analytics capabilities. And so just to give you a glance at the modules that we have in our Pam solution. So there's a shared account password management. There's also a to a and a to DB password management and privileged session management to allow your users to remotely connect the devices with full session recording and monitoring capabilities.
And there's also just in time, pion delegation and user behavior analytics. So I'm just follow Paul's lead. As Paul mentioned, DevOps and type automation seems to be the way the, the industry is moving forward. So apart from the, the conventional Pam capabilities, like being able to discover accounts or change passwords or rotate keys, I'm gonna focus more on these advanced integrations and explain how it could be helpful for your enterprise. So we can start with the ITSM integration. So pretty much all the enterprises, they use some form of ITSM solution, so it could be ServiceNow or JIRA or Zendesk. So our Pam solution directly integrates with these ITSM solutions. And the idea is if somebody needs privileged access, we're gonna authenticate them against the ticket ID or the change request ID. So we're gonna talk to your ideas and solution to make sure the ticket is valid.
It is open, or it is assigned or approved. So you could provide us with a series of criteria that you would like us to match before we allow the user to gain a privileged access. And then we have in certificate authority integration. So we have TLS certificates used everywhere in edge prices, web servers have them databases have them in a lot of companies even use smart car type application, where they have active directory user certificates, and all these certificates has a short lifespan. So it's, they have an expiry date. And, and as technology evolves, we also have the challenges with regards to vulnerabilities that open up. So with our Pam solution, we have direct integration with, you know, certificate authorities where you will be able to basically get certificates signed without ever having to do any manual operation. Like if you have a goad account, for example, you will typically log to goad website, go to your account and order for a certificate.
So with our Pam solution, you could just store the goad API credentials with an RPA, and you will be able to order certificates or Revok certificates all within this UI. And it also helps you in managing the end to end life cycle of your SSL certificate by allowing you to create the certificate request, getting it automatically signed either using third party CAS, or you could even use your own internal CA. But the idea is to make sure the entire workflow is organized and audited using our own pan solution. And we integrate with all the major CS, like goad, very signed and all of them. And then we have C CD integration. So a lot of enterprises use Ansible or puppet for creating automation scripts to perform monotonous operations. So with our pan solution, we have dedicated plugins available for all of these platforms. So the idea is to make sure you don't have the hardcore credentials within any of your automation scripts.
So this is the screenshot from my Jenkins belt. And as you can see, you would be able to basically call up the variables and often get against our Pam solution to retrieve the credentials in real time without ever having to hardcode those credential within your automation scripts. So that's kind of the idea behind our C CD platform integration. And we also see a lot of enterprises moving beyond DevOps. So there are solutions like automation anywhere, or they're part of the robotic automation solutions. So it allows you to create complex workflow where you can automate a lot of activities. And based on the feedback of an automation script or a operation, you would be able to fire another bot that performs a totally different operation. So it allows you to create complex workflows. And with regards to our Pam, we have a direct integration with the, these RPA solutions where we have bots created specifically for automation anywhere.
So the idea is when you create these complex workflows using your RPA tool, you will be able to use our bots to retrieve credentials for privileged access. So even though it's not users, these are bots and automation scripts, but it is still considered to be a privileged access because these credentials are sensitive. It, it is going to give a lot of powers and capabilities for these bots and automation scripts to perform their operations. So that being said, we have these bots, that'll allow you to authenticate against for Pam and programmatically retrieve these credentials in a more secured and an audited fashion. So you can fully automate your bots and scripts to make sure they never fail due to the lack of credentials. And you don't have to compromise with having to hard credentials anywhere inside your automation scripts. And then we have vulnerability scanner. So we have a lot of customers using vulnerability scanners like rapid seven or so these scanners perform their day to day operations by scanning the entire ID infrastructure and their job is to make sure there are no vulnerabilities.
So they're probably going to scan your ports interfaces and all of that. And in order for it to do this job, it requires credentials. So more often it becomes a problem where if you changes service account, then you have to go to hundreds of places and manually update the credentials to make sure no application breaks. It also brings in challenges where enterprises choose not to change some of these service account credentials for months, or maybe even years, which opens up its own big challenges. So we have integration with vulnerability scanners and the idea behind it is if you ever change an account credential, we will make sure that we automatically update the credential inside your own vulnerability scanner. So for example, this is a screen where our Pam solution has imported all the services from the inside BM vulnerability scanner. And you will be able to associate an account to define, like, this is a service, and this is the service account with which it is running.
So you could change the service account password a hundred times that would never break your vulnerability scanner. It'll make sure the credentials are brokered on time as then when the passwords gets rotated. And it makes sure your vulnerability scanners never stop from working. And then we have S IEM integration. As Paul mentioned, this is one of the critical areas of Pam solution, where we should be able to correlate events aside from granting privilege, access and auditing privilege access. We should also be able to give you the full story of everything that happened during a privileged access. So our solution integrates with the, all the major stem solutions like Splunk or aide or Sumo logic. And the idea behind this integration is to basically make sure that we correlate the events with the help of SIM log analysis. So the Pam systems provide connection and the privileged sessions to the users.
So they authentic get into our, and then they connect to the target system to perform their operation. And while they're doing our system requires their activity. But in addition to just having the recording or allowing an administrator to shadow the session, we also correlate the event against your SIM solution to give you the full story of what is being done at any point in any part of your ID infrastructure. So if a particular event has been identified, say, for example, you granted someone access to a critical window server for a, a particular activity, but the user decided to just go to control panel and uninstall something. We, we get to know about this particular operation from the SIM solution. And because we are able to correlate the event, we would be able to send you an alert where you can trigger another action, like get an email or a SM P assist log message send to your own it operation management tool, which can further raise an alarm to the right authorities.
So that's the idea behind our SIM integration. And in addition to these advanced capabilities, as we saw in the initial slides, we in manage engine have more than 90 plus point products. And each of these products specializes in a particular area, and we integrate between our solutions to offer you solutions to basically tackle complex use cases. So just in time, pion is a good example. Say for example, you have a user, they have their own domain account with which they log into their laptop and use it on a day to day basis. They do not have administrative rights, but in order to install probably an important software, they need administrative rights. So they will be able to log into our pan solution request for privileged elevation and with the help of our ad manager solution, which is our primary active directory management solution. We will basically elevate that user to be a local administrator in their own laptop for a configured and approved timeframe, say for example, 30 minutes.
So for that 30 minutes, the user actually gets the ability to be an administrator in their own laptop to be able to install or perform whatever activity they would like to perform. And the system will basically demo the user after the timeframe expires. So this is one of the use cases that we solve by integrating with our ad manager solution and then lock 360 is our own SIM solution. So as I mentioned earlier, we do event correlation based on the users' privileged access and the operations and activities that are happening in that particular device at that time. But beyond that, our lock 360 solution, which is our own SIM solution also gathers logs from other managed engine products. So in addition to the logs that it gathers from the endpoints, like for example, you have a firewall or load balance or Linux systems. So we, we gather logs from all of these endpoints, but in addition to that, our lock 60 solution can also gather logs from other manage engine products.
And that gives us an edge in annoying what exactly is happening in the systems beyond the even correlation just in your endpoint. So we also see what is being done in our IDSM solution or what is being done in active directory management solution. So that could potentially stop unauthorized access or even help you from threats of how much information is being correlated, our SIM solution. And then we have analytics plus, which is our analytics solution. So it has a deep learning and machine learning engine with which it basically takes a lot of data points like the user, the data and time, the kind of operation they're performing. And with all that data, it basically records the risk assessment score. And when the risk score goes beyond the threshold, it's going to raise an alarm and say a particular anomaly is detected. So this would come in handy to potentially stop from exploits.
And even with regards to insider threats, like you have users working on nine to five shifts, for example, and suddenly one day somebody decides to log into the, at the middle of the night and try to get to some mission critical application or a server. So without any prescheduled reports or alarms or alerts, the system will be able to raise an alert by understanding and detecting the particular operation to be an anomaly. And that's kinda the idea behind our analytics integration. So this screen is just to give you a, a top architectural design of what we are trying to achieve with our Pam solution. So as you can see, we've pretty much covered all the areas like BI SM DevOps. AAPM is one that as you can see is something we're applying the work this year. So we'll be adding more capabilities to expand our offering into areas as well.
And in terms of our products, additions and licensing. So we have different additions to suit different business sizes and also different level of Pam maturity. You might have. So you could be a small business looking to start your Pam's journey, or you could be a large enterprise with offices around different role and different continents. And even in that case, we have a multi-tenant architecture and a different addition for you. And we also don't charge for user or the number of devices you wanna manage. So these two points are basically changing every day. So we only charge for a number of administrative users, people who will be setting up and deploying the Pam solution, and potentially it could just run in an automated fashion. And we also have an annual subscription model where you can renew the license every year, or you can go for a perpetual model where you can just purchase a product outright.
And we also support the different architecture. So if you have five offices, then you will be able to actually deploy the solution in a multi-tenant design, where you have five installation, all failing over. So even if the network connection goes down for a particular office, the users in that office will be routed to another installation. So they will be able to check out credential. So we have both the master master model designs and also multi-master model designs where you can have a completely load balanced and failover design for Pam solution. So, yep. That's pretty much what I have in terms of managing engine spa solution and how we have tackled some of the problems that Paul was mentioning earlier in the session. And with that, I'll be happy to hand over the session to Lauren. And then I guess we can start with the Q and a session.
Thank you so much Ashford for that overview. Some interesting stuff. We do have some questions, as I said earlier, and there's still time to send some more in if you wish, but you talked a lot there, ness about integrations, which is one, do you have any available with E R P or SAP solutions, which obviously would affect many people listening?
Yes. So we do have a restful API capability where most of the operations of our Pam solutions are basically exposed by API. So that could be used for integrating our Pam solution with any E R P like solution. And we also have a SDK available. So if you have a small development team, then you could go even further by tightly integrating our solution with your or ER,
And we, we, we talk a lot these days, time to value for clients and deployment speeds, etcetera. And that that's, that's true enough when, when you're deploying Pam for the first time, but is this complicated any way, do you need agents to, to use your solution?
No. So, as I mentioned earlier, so our Pam journey started at the time where we actually needed a, a simple walk from there. Our journey began. So we made sure to keep the product simple in a way where it'll suit all sizes of businesses and the agents are still kept to be optional. So our solution will work in a completely agentless mode where you can manage all of your endpoints and change passwords. You only need agents if you were like to manage a completely isolated location or a demonized. So, but otherwise the product was completely simple, straightforward, and it works in agentless more.
Thanks. And what about managed service providers? Obviously these days are interested in perhaps providing Pam solutions. So could this be used for providing, sorry for managing multiple client networks?
Yes. So we, so we have different editions, as I mentioned earlier, and we also have a dedicated service provider edition of our Pam solution. So that will allow you to be able to have a, sort of a compartmentalized storage of data for each client in the sense where it's actually compartmentalized at the database level, and you will be able to manage the infrastructure and ed access of multiple.
Okay. And, and I've got a, a bit of an off to cuff question soon as we've got you here as, as an expert for one of the leading providers, where do, where do you think that Pam is going in the future? What will be the main? We talked about DevOps obviously, and remote working. What, what any others that you think will, will drive further development of Pam?
Yes. So just in the last three months, just from my personal experience, because of this pandemic situation, we've had number of requests for architecture change or design change, where there was a time when people thought of Pam to be something of a internal challenge that enterprises phase on premise. But with people having to work from home all over the world, pretty much everything is going, has to be considered to be a privileged access these days. So people working from home, they are going to need access to critical infrastructure equipment inside the office. And so I would say that moving forward, the, the primary focus will be making Pam to be a SA solution or better yet a hybrid solution where you have these tiny agents or like probe stuff deployed on your internal infrastructure that does the heavy duty work of managing your it infrastructure, but you allow access to basic information of credentials and keys over. So I think that the Pam solution and the industry, as such as moving forward, where it's going to be a situation where all the Pam vendors must have their solution operating in a hybrid mode, if not mode,
I, I, I really totally agree with you there it's it's and I actually genuinely quite excited about the develop a panel as, as we go forward. And I think you're right that the, if anything good has come out of the COVID crisis is that it is increased our awareness of the importance of securing remote access. And, but also, I totally agree with you on hybrid model and perhaps Pam being embedded much more deeply into the it stack. So with that, we don't have any more questions. So I'll like to thank you all for listening today. I hope it was worthwhile. I certainly enjoyed it and obviously big thanks to GNE from Zoho corporation for your presentation. And, yeah, thanks very much. And hope to talk to you all once again, soon on another webinar or one of our other digital events.
Thanks, Paul.
Thank you.