Webinar Recording

The New Role of IAM in the Age of Digital Transformation

Log in and watch the full video!

Organizations are under pressure to change in the current age of Digital Transformation. One of the key differentiators of innovative digital business models and thus new revenue streams is the profoundly changed relationship to customers and consumers. Creating innovative consumer services, collecting and managing better customer information and even just optimizing the reach of everyday marketing activities – all this depends on the ability to manage consumer identities in a flexible, scalable and secure way.

Finding the right balance between rigorous privacy regulations like the upcoming EU General Data Protection Regulation and the urgent business-driven demand to open existing (and often still entirely on-premises and siloed) Enterprise IAM infrastructures to entirely new classes of identities and applications is a challenging task that calls for a very careful assessment of the company’s readiness for such major changes.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Good afternoon, ladies and gentlemen, welcome to our Ko, a call webinar, the new role of IM at the age of digital transformation, presenting the results of Ko a Nicole's recent survey on organizations readiness for the new digital economy. This webinar is supported by beta systems. Speakers today are needs from the who director market development at beta systems software and me Martin I'm fr and principle Analyst at Ko a Cole. Before we dive into the topic, I just wanna give you a quick overview about a Cole and do a little housekeeping. Look at the agenda. And then we directly start with the content. So Ko a Kohls, an Analyst company, we're an international independent organization founded back in 2004. We provide mutual advice, expertise of leadership and practical relevance based on breast practice information nation. Our main focus is information security. We have a long history in the field of identity and access management identity and access governance, but also look at many other topics, particularly around digital transformation.
We deliver our services in three pillars. One is research where we provide market research, where we provide ways our leadership documents, which compare when defined market segments on many other types of research, our events, where we do conferences, webinars, and special events, where we bring together the experts from the industry with the end users, where we allow to work the end users together. And we do advisory for end user organizations, support, ending supporting them for instance, in tools, choice, processes, and strategy development, and other areas. When we look at our upcoming conferences, there are a couple of conferences. So first, next year in may, again, there will be European identity and cloud conference, which will be held in Munich side of that. We have started our consumer identity world too, with a very successful event. We did last week in Seattle and auto. We approaching one in Paris, end of November and one in Singapore in mid-December.
We will do in February and next generation marketing executive summit. And we will do end of February early March next year, the second edition of our additional finance world, which then will look at the impact of the digital transformation on the finance industry. So topics such as blockchain, the impact of PST two and many other topics here for the webinar today, you are muted centrally, so you don't have to care about these features. We will record. We are currently already recording the webinar. The podcast recording will be available by tomorrow and there will be a Q and a session at the end. You can end the questions at any time using the questions. Featurely go to webinar control panel so that we have a long list of questions. Ideally, when we start with the Q and a session, the agenda for today is, is most called webinars split into three parts.
And the first part, I will talk about the results of the survey we recently run. This is also available for download via data systems. And I think also we are our website in the second part, then needs from the, who will explain the real life impact of digital transformation companies illustrating the key trends and developments that enterprise identity access management needs to adapt to cloud computing industry for and new regulatory compliance aspects, such as GDPR, as I've said, at the end, we will do a Q and a session. So let's directly dive into the topic before I come to the results of the survey, maybe a quick look at digital transformation and what it means. So what we currently see is that the, the trend to digital technologies at the end of the day, so mobile connected things and all that stuff that they, and new types of business model, that they really fundamentally start to change many industries.
So we see a lot of industries which already have changed while others are more at the beginning of this process. And there are a lot of types of changes. So we see a change in competitive landscape. We see the transition from product to services. We see more regulations. We see everything become connected. We see a increasing number of attacks. And when you look at many of the industries, B it's, whatever bookstores, music, automotive, energy, whatever, all of these industries are under change, what does this required requires from an organization? It requires three main capabilities, one agility. So the ability to, to flexibly adapt and, and react on these changes, it's also innovativeness. So really being innovative, bringing new business models, new products and services to the market and organizational flexibility, because all the change or leads to changes in the organization, the key areas, the of change we observe are the internet of things.
So is all the connected things from the smart meter to the vehicle, to the production, we see smart manufacturing. So the way manufacturing changes and becomes connected, we see the total different way to deal with customers as main areas that know your customer. And there are various technologies which help in digital transformation, but also which impact the digital transformation such as big data. So more data than ever. We can use to control things, to do things, identity, cognitive and AI, blockchain, ubiquitous sensors, robotics, security, and privacy. So we, we are in a situation of change. The landscape is changing. And so we asked companies about where are they in their digital transformation? How does this relate to their identity and access management and other topics? And what, what do they have in mind? You so want to present some of these results. So not all of the results, but some of the results here. So, so one of the first questions we asked was whether the organization has a defined digital transformation strategy.
So while the while around about 70% of the organization said, yes, it also showed out, turned out when we looked at many of the other answers in more in detail that some of these technology, these strategies are, is a very high level or not will communicate in the organization. But overall, we see that on one hand, a lot of organizations claim that they have something, but still also a significant number, doesn't have something. And that when we look at more in detail and it becomes clear, some of the other numbers are percent that also some of the number organizations which have claim to have a strategy are not really at a point where they successfully execute or execute on the strategy. So one of the, the following questions, when we then dived into detail was asking about what are the main target areas of the digital transformation strategy?
I think it's not very surprising to see that the sort of number one area is improved customer relationships and interactions. So close to 3, 4, 3 out four participants said, this is one of the main targets. So there were multiple lenses allowed here. And it's very obvious because digital transformation means that you have to interact far closer with your customer, because it's about delivering services, them getting data back and all the stuff which we see in many of these scenarios. So another surprise here, extending products by offering digital services. So looking at what can we add a service, I think is also very logical evolution, gaining leadership, yes. Staying competitive. So this is more defensive part. Half of the organizations really look at it more from a defensive perspective as well, entering new fields of business. And that was what I, where I was a little bit astonished to some extent that 38% talked thought about or had had as part of their strategy, digital transformation, did they want to enter new fields of business?
And then we also had cost reductions through industry for those smart manufacturing. So while customer relationship is, I think, well understood as a part of the digital transformation strategy in the area, when it comes to looking at what does it mean? How do my fields of business change and do I need to enter new fields of business? We see still some reluctance here. We then ask for consumer identity management and overall the, the role identity and access management plays. So, so how important is identity and access management? So clearly in, in our target group, identity related people are probably a little bit more frequent than in other businesses maybe, but I think it's very apparent. It's also something we, we see as an overall trend in the market. That identity becomes a key issue for the business. So we have here 70, 87% of people saying, yes, it's high relevance.
And when we look at how the topic of identity move from an administrative topic to a business topic over the past years, it becomes very clear that this was a very important field for other organizations. So what does it mean for identity and access management itself or, or how will be consumer identities be managed in the future? This is one of the areas which I find extremely interesting because what we really see here is so some close to one sort second pillars as they are part of the current I initiatives 21%. The second from the bottom say, they're managed in a variety of systems is different owners. But what we have is we have a lot of answers, which are so, so none of these has a really high number of answers here. So the highest is one search says they are or will be managed centrally.
So there will be a central consumer identity management, but what, what becomes clear when we look at these numbers and the distribution of these, the answers is that many, many organizations don't have a clear view on what does it really mean to manage consumer and customer identity in the future? How will I do it? So this appears to be rise or undefined. So on one hand, we had the number saying that the, the men, so the interaction with customers and customer and consumer identities will become far more relevant and also identity management. And it's very important, but it's also very clear that it's still not, not that defined in many organizations how this will finally look like. And I think it's very important from our perspective to make that next step.
So we also looked at that was more and more background information. So how, how are organizations working with different types of customers? So more the B2B customers out businesses or the B2C customers. What we see here is there are more than one sort of organizations which say, okay, we have one, one hand B2 B and the B2C customers, but we also have a lot of organizations which are, is either primarily B2B or primary, primarily B2C. So, which are, are more on the one or other hand of that. What that was the second element behind that question. What we also identified is that there, that we can expect the significant uptake of B2C relations. So organizations have a strong tendency to move towards B2C relations and see that they even while they might not have had the direct interaction with the consumer that might change over time. That's also what we see now, advisory that more and more organizations are moving to a, a situation or a scenario where they say, okay, we have to get in contact with our consumers, even while there might be some business partners in between. And that also means you have to take a totally different way on managed identities and not only identities, but also business models and all that stuff. So there will be a lot of change in that space.
How strategic is I am for the digital transformation? So on one hand, we also have seen, yes, identities are important. Identity management is an important thing, but when we look at it really at a strategic level, which is more than saying, okay, this is an important technology, but it's something which is strategic to make an organization succeed in the digital transformation. Then even here 44% say it's a strategic element right now from a business perspective. So it's not only it security anymore where it's located frequently. It's not only infrastructure anymore. It's really something which is about a strategic element of the organization's strategy. And I think this is a very important signal to the identity management market, but also it shows how important the management of relationships to customers, consumers, but also business partners is, and this is at the end of the day related to identity management.
On the other hand, when we then look at where, where our organizations in their IM then less than half of them said, we have an IM really an IM in place. Some have partially partially in place implementation. So have some elements of it, but don't claim to really have a, a full blown IM with provisioning access governance and other required features in place. And in fact, these numbers to some extent are alarming given the fact that the relevance of IM is very clearly about to increase. So it looks like still a lot of organizations have to do a lot of homework when it comes to supporting the new role of identities in the digital transformational. And what also is part of this alarming situation is that a very large number of organizations still relies on at least some part of homegrown solutions. So sort of fuel play standard software implementations.
That's around about one fifth of the respondent, while many, many others really have either primarily customer of the shelf software commercial of the shelf software or some mix of it. But it still means we have a lot of home current solution. Then when user requirements arise, that's currently the case with the digital transformation experience shows that that home current solutions tend to reach the limits RA quickly. And so we are on the other hand, from what we see in, in, in our advisory, in our contact to the customer, we also see a strong need, our, a strong demand for updating many of the existing deployments of commercial of the shelf software. So there's a need to invest in IM and it's interesting then to see that when we look at the, the investment criteria, so it's still more on the governance part access, right? Transparency and control security, but less when it comes really to sort of next generation and business enablement stuff.
So there's still a gap between the business understanding more and more how relevant identity and access management is, and identities are to succeed in digital transformation and what they're doing in practice. And I think it's very important that businesses start to close the gap with really renovating if required IM or bringing that to a level, which is good enough for what they need to do, looking at a consumer identity and many other elements. So when these projects are run and that's the other side, and I think that's an experience, many people have done have, have made when they have run. I am project.
The, the point is that most identified organizational deficits or deficiencies during the road track, which are not yet. So, so 60% claim that this is the case, which is a, a vast number to say, and this is another area. So when we want to succeed in digital transformation, then we need to close that gap between IM as a technical element. And the business role IM has to play that identity management has to play in the digital transformation to, to make businesses succeed. Darin, another point, as I've said, we looked at many points, I'll only pick one or two more here. Another point is when we look at how good are you with your identity management in managing cloud services around about one, one out of four organizations that we, we are really at a point we can manage our cloud services centrally with IM tools, which means three out four are not.
We see more and more of these tools moving to the cloud right now, more and more of the stuff we see to the cloud. And this is what we really observe here. Then we have the data sprawl part. So there is really a strong need for data sprawl, not a strong need. There's, there's a lot of data sprawl. So organizations are not really good in understanding where does data reside and another very important area. And finally, to, to come to the, the last point, then the, the last figure I want to show show here, here in is what, what do you think organizations about? What will the upcoming huge GDPR, the general data protection regulation mean? And so round about one third and more than one third. So round about one third says, it's will have a high impact more than one. Third has a medium impact overall more than 70% expecting impact that require them to act.
So from an IM perspective, this means we need an IM including strong access governance capabilities in place that can control the access to PI wherever it resides. We need to get better from various aspects, but particularly clearly from the digital transformation perspective, this is what is numbers made very clear. So to, to end up with, to sum up with some recommendations, I think it's very important that you define as an organization, your digital transformation strategy, but also that you communicated, you need an to implement a comprehensive, I am beyond provisioning. So where access governance privilege management are two main technologies for protecting sensitive data and governing access. You need to extend your IM to support customers and consumers. You need to get ready for the cloud, and you need to prepare for the UTR at all levels where I am. It's one important element with that. I want to hand over to needs from the, who will do the second part of the webinar was his presentation. It's your term.
Thank you very much. Yeah. Thanks. My name is Neil Nilda from beta systems. It was, it is pleasure. And an honor to collaborate with copy a co with regards to the study Martin Martin just presented. So for the next minutes, I'll resist the idea to turn this webinar into an advertisement campaign. So I'll just at the end, show you a little bit briefly about beta systems just for, for the beginning V systems is one of the leading and the leading true European vendor of IM systems for more than two decades now. So I would like now to, to illustrate a bit more clearly about the impacts of digital transformation on identity and access management. And I would like to start with a figure. Martin has shown in the very beginning, speaking about something like two third, three quarters of their people participating in that survey, where saying they have a digital transformation strategy.
And that's quite surprising to me. And I would question that figure as well, because I think that some people might be ashamed to confess that they have no real idea about digital transformation. And I, I tested that in my own company by asking people, well, can you do the elevator pitch and tell me what is about the digital transformation? And it's, it's not so easy. And it would cover more than the quarter of an hour or 20 minutes. I have now to discuss all the facets of, of digital transformation, just to make, to simplify that story. The digital transformation has many faces concerning the, the IM you can structure it like this, that there are aspects of the digital transformation that are affecting our customers, the companies themselves for their internal processes, their internal setup,
Of course, digital transformation has, is this more intended to have an external impact? So there is, of course, some, some aspects we have to consider for our IM strategy concerning your business partners and, and the way how to collaborate with business partners. And in, in many of the, the questions and the statistics Martin has shown, we are also speaking about the impact on customers. So you can see already from this slide, digital transformation is not a single aspect is really an umbrella topic that covers many trends, many developments in the market from more or less well known aspects like cloud computing to some quite fashionable buzzwords hype topics like industry 4.0 to, or really also future future roadmap topics. And I would like to take the chance and walk you a little bit through the, the direct impact that come from these developments to your IM strategy.
Let me feed you with some more statistics concerning the digital transformation in your own company. So what we can see is that for cloud computing, there are many figures available, and I think it's already common understanding cloud has arrived in companies. So according to the statistics, I've got 68% of all companies either use or plan to use the cloud systems. So for the IM system, that is quite a no brainer that if you want really to have a complete and compliant and, and, and convincing IM system, you must connect to all applications on-premise and in the cloud. And it sounds like a very, very clear statement, but this is also with regards to some of other vendors. It is not that the focus is shifting from on-premise applications to the cloud. It is an extension. So you, in order to have a, a real convincing IM system, you must extend your scope, not shift it from on-premise to the cloud.
Another aspect of course is its cloud is not only a target system from the, from the IM perspective. Cloud is also a potential operation platform. So of course it, it would be a, a, a much deeper discussion to see what are your expectations when thinking of operating in the cloud. And there are many disappointments, if you are thinking, I just have to subscribe to a cloud service and I can run. I am in the cloud. There is Martin and, and his colleagues are doing assessments of companies to see if they're matured enough to, to do cloud IM. And also in the survey we did, we showed that many IM projects are suffering from internal aspects in, in completing the, the IM project. But of course, to, to consider cloud as a, as a platform where your IM system can be operated either completely or as a hybrid solution is quite a smart move.
So that is clearly a trend. We see that more and more companies consider a cloud platform in order to avoid having all the skill levels on side, in order to have all the availability, clusters and, and full availability structures, backup structures, and all what comes in in providing an operating platform that this can be reduced by moving some parts of the IM system to the cloud. What else affects your own company? Mobility in the us, 72% of the us workforce are mobile workers. So they, it's not just sales or people traveling salesmen. It is also that more and more people work from home that more and more people have shifting offices that they, the one week they are working in that location, the other one in the, in another location. So it's no longer. So, so completely linked that an employee is working at a certain location.
Mobility is key today, and that has an impact also on your IM system. It means you must clearly provide digital workflows. If you think of access governance and access governance is, is workflow is request and approval. It is re-certification, it is analytics. All these systems must be digital because paper based and, and with paper based, some physical movement of, of the process from one side to another wouldn't work. So that's very clear. So digital is key with regards to access governance. Usability of course, is key from the beginning because we are speaking about the, the end users, the department level, no longer the technicians. And with that also with the mobility, also, the devices have changed your IM system today must support mobile devices for the governance processes. Of course, there are differences in the details. So probably you won't do 200 people user re-certification on your five inch smartphone, but clearly when you are on the road, you want to do access request and approval workflows.
You must confirm, you must reject. You must interact with the IM system also via the mobile devices and for your internal company. There is another aspect, smart factory looking to market statistics. 9.3% annual growth rate are predicted for investments in smart factory equipment for the next five years. So I see sometimes smart factory. That is something that could be subsidized under internet of things, because production facilities are some sort of thing. I want you more to understand it today as a, as a new it system. If, if you have new networked production facilities where you can, and, and typically the intention is to have a better quality and production in manufacturing so that you are having an automated quality assurance of what the, the engine is producing. But you can understand that if you network these systems in order to have a connected production line, it is more or less a service system.
It will have an operating system. It will have access rights to that system for administrators to run upgrades and, and, and so on and so on. So you can view to smart factory as, as internet of things, but you can also just have a more traditional view to say smart factory. This is quite some sophisticated type of an it service system. And of course it must become part of companies. I IM systems, if you look to reality today, you will see that even manufacturing companies have not such a high rate of integrating their production facilities into the IM concepts, manufacturing companies, engineering companies, typically run development sales administration. There is an IM system in place. The production facilities are typically an isolated network outside of the rest of the, of the company. This will change. So IM must consider also these production facilities IM will have to consider also connected supply chains. We, we will speak in a second about partnering and with the digital transformation, production is no longer something that is site specific. It is something that works across many, many locations, many companies. So also the IM system must consider some cross site cross company concepts.
So how does this look, if you look for a traditional IM system, you can see that cloud has already reached that you must be able to connect to integrate cloud applications and platforms perhaps via skim or via proprietary standards. That's really depending on your individual platform, you want to connect, but it must be somehow integrated there you must, or you should. No, you didn't, but you should consider the operation of your IM system in the cloud. At least having an hybrid approach, having some governance applications in the cloud and having the backend system on cloud could also be private cloud, like having a very reliable, very well known provider of services and, and not in the, in the public cloud, which could cause some, some distrust and some compliance problems. We will about GDPR a little bit later today. Access governance of course must be site independent and digital.
In fact, the idea of access governance, at least how we are doing this PTA systems is from the beginning designed to be site independent and, and digital. And I am in future must cover networked production facilities. So this is just a, a brief, some summary of activities. There are much more things that are affected by digital transformation in your company, but for the limited time, this should be just our resume for that concerning business partners, which is the first step out of your corporate premises. There is quite an, an important aspect from digital transformation to how you partner with other companies outsourcing 72% of companies increase their outsourcing and outsourcing. And I was surprised to find that 60 to 90% of this outsourcing is nearshoring. So we are not speaking typically about companies who are putting production facilities or development to the far east very often outsourcing is pure partnering with other companies.
So depending on the industry, you have sometimes 60, 70% of the value creation is done by partner companies who are contributing to your value creation by, by providing services, goods, whatever in your development and manufacturing process. So clearly the IM system must manage the access of external partners to your it systems in a way they're doing this for your internal staff. And it is not just the access from partners from the outside to your on premise environment. We have a lot of customers who are currently designing or even implementing collaboration systems in the cloud because it's of course much easier for a collaborative environment to access shared file services or development systems databases, if they are operated in the cloud. So the collaboration system must be covered by on-premise systems and by cloud systems and access management to these systems of course is key because in, in such collaboration system, it's the intellectual property of your company. It's very often you will find in the collaboration system, the crown jewels of, of your, of your company with regards to design schematics of what you are producing or customer information, you name it.
Martin has mentioned that in his presentation business partners is also turning into customers. There are new B2B products planned. You can call it partnering, but you can, of course, every, every time you have a partnership, one is providing a service. The other is consuming that you could also name the consumer, a customer and 58% of companies will create new digital services coming from the digital transformation companies who traditionally had a, a, a more physical offering will try, will grow in new digital services. So to do that, typically the companies are providing an asset service offering, and that must be also managed in the, in the digital production. You must provide access to this. You forward the customers, as well as for your internal staff. It is a new type of, of IM system of it system that must be covered by your IM solution. So there, you will see a lot of companies implementing nowadays B2B portals, where you have like a procurement platform, you have an offering of digital services, the processing of a variety of services.
And, and this is like, like an eCommerce platform for B2B services. Very similar to that. And of course, this platform is, is crucial for access management for unauthorized access from the outside, as well as from unauthorized access from the inside. So it, it will be in the focus of your IM system to cover that as part of your digital transformation. So looking again to that, to that IM system I designed here, it means you need to give access to your partners, organizations. This could be, of course reached either via federated services, that you have a trust with other authentication systems of the partner, but it could be, of course, also that you provide some distributed administration to your IM system browser based user life cycle management, where partners can administrate their employees, the freelancers for your organization on their own. And you don't have to, to, to run this administration part on your own.
So Federation and, and traditional administration both could be options for that collaboration systems. You must understand that the partners will not just have access to very few on-premise applications. We see that very clearly that customers are asking to run collaboration systems in the cloud, as well as on-premise, and there will be, and there are already B2B portals that must be access controlled by IM systems as well to provide and to request the services from the partners from, from some statements I just mentioned, you can see that speaking about business partners in digital transformation and the way IM systems are handling that you are just one step away from having customers, because that's what partners are becoming. The partners are collaborating, but they're also acquiring. They are procuring services from, from the, the original vendor. So the digital transformation for customers is, is very much an further development of the ideas we just have seen for identity and access management for partners, eCommerce.
I mean, we don't have to discuss about the importance of eCommerce nowadays. This is just indicating if I ask you, when have you spoken the last time about new and old economy, it's, it's like ages ago that people differentiated between this type of business. So eCommerce is part of very traditional business models, as well as a number of new startups have grown complete new types of services, like, like the Netflixes of the world, which would not have been possible without having the digital transformation, but with the growing importance for eCommerce, even on, on traditional players, your IM system becomes challenge that it must manage the access and the profiles of B2B and B2C customers for B2B. It sounds just like a, a small shift. If I'm speaking, I have to administrate the life cycle of partner profiles, or if I'm speaking, I have to administrate the, the, the user life cycle of customers in the consumer area.
Of course, this is, this is coing really a scalability aspect that even large scale installation of ours with, let's say a hundred thousand, 150,000 user profiles in the system are requested now to process millions of, of profiles in that system. I can, at this point, just say, it's possible. Of course, the, the positive aspect is the complexity per user is reduced compared to your traditional system. It's for the IM system. The, the, the scalability aspect is a different story. If you're speaking about a powered user as an administrator with having connections to 30 different target systems with fine grained entitlement each, or if you're speaking about, let's say a million of user profiles that are more or less completely the same and where your transaction period is much lower compared to the administrator. So it is possible also to run large scale IM systems with also having B2C customers.
But of course it is some it's a project. It is something you have to design with regards to scalability of your system. With regards to the, to the performance aspects, you have to consider if you grant access to customers to via Porwal systems or whatever, it, it's clearly a shift in CIM, which is the consumer identity management. It's nothing completely new, but of course, the focus in CIM is more given on the access management as a combination in access management and identity management. If you run your internal staff or even partners, then IM can also be just regarded as the authorization question. Whereas in customer identity management and consumer identity management, there is quite a stronger importance in also the questions of authentication of having multifactor authentication of, of running social media Federation concepts. So, so clearly the overall story must consider both access management, as well as the identity provisioning part.
There is one more aspect, and that is more the, the, the future intention of, of companies, what they would like to see. And that's customer profiling 92%. And also in the, in, in, in the study, we have just released high rate high share of the people you're asking companies you're asking, want to have the whole customer view, want to have a better understanding of what their customers are doing. And with that also, besides the access management and the identity management part, there is also a third component coming into space, like some customer activity tracking that you are able to understand to profile. What has the customer done in your environment? What is quite tricky in the physical world to, to have a sort of a video cam surveillance system for supermarket visitors is of course, something that is technically, well, I don't wanna say it's easy, but it is it's, it's, it's quite some, some challenge that can be managed to have a customer activity tracking and to monitor where the customer is, is acting within the Porwal system of the eCommerce.
The challenge here is more coming from the regulation side, because Martin has mentioned, and we have asked that also in our survey, what is the impact of data protection, data, privacy regulations like GDPR. And this is tricky enough if you just consider the processing of the customer profiles of the user profiles. So when you do customer identity and access management, you must, of course, store the user and some of his attributes. And with GDPR, there are some, some challenging requirements coming from the regulation that you must be able to, to present the, the purpose, why you are processing this data and that you are processing this data according to quite well known information, security standards, providing integrity, transparency, security, auditability, and so on and so on. So even just storing the user and his attributes is having quite some attention from the auditor with regards to data privacy of these individuals.
But if you go into activity tracking that you really do profiling of what the user does, this could cause even, even more attention from the data privacy site for the PII. So this might and will clearly give a challenge to the extensive data processing of customer profiles. But of course, and, and I don't say it's impossible, but I'm saying this will become interesting to see, because today we don't have the regulation of GDPR it's in place, but it is not executed by the, by the authorities so far. So we will see the next year, what is the interpretation? If companies are implementing cm in a way that they also do customer profiling, how much this is compliant and what has to be considered in order to be compliant.
So for the customers also, just to summarize that the cm must provide lifecycle management for a large number of customer profiles. This is, this is a must, and it is also, again, it's an extension. It's nothing revolutionary to an IM system because also for the, for the customer profiles, you need the user life cycle, like creating new user accounts, customer accounts, updating them, deleting them, reviewing them. So you really have the point of access management that is having a stronger importance compared to your traditional identity management, but you still need access management, identity provisioning, and access governance to have a convincing offering for customer identity management. Traditional IM systems are to be extended, not replaced. Well. Sometimes we, we see customers who are saying, ah, I don't need this, this connector landscape and these provisioning agents. I just have information in one system. And if you drill a bit deeper, you can see no, that's very often not the case. You perhaps have one central Porwal system where the customers are accessing your it, but the, the data pools where information is taken from are the applications that must be accessed are still spread over the company on premise and in the cloud. So what is valid for your own digital transformation becomes valid for customer identity management as well.
Activity tracking must be designed in compliance with better privacy regulations. We personally, and beta systems here. We don't have a, a complete answer right now. We think it will be possible, especially in Europe to do that. The us might be a little bit different as a position, but it is, it it's it's, it will turn out to be some, some more sophisticated aspects of implementing this in an IM solution. So let me just briefly summarize what, what are the lessons learned from the digital transformation, the major headlines for that, first of all, continuity, no, you don't have completely to remove your existing IM system. If it is in place, digital transformation is an evolution, not a revolution. And the traditional features like governance and provisioning will still be key to, to any future solution, but there are aspects of expansion. So IM is growing beyond the corporate boundaries concerning the users and the systems you have to manage.
So you must speak to your vendor, speak to beta systems about the options, how to grow outside of your corporate boundaries by having either Federation, concepts or browser based governance systems. And of course, having the suitable connector framework to connect also to all types of target systems, the collaboration in B2B is increasing the need again for federated identities and collaboration platforms, scalability, scalability becomes an issue. Of course, I say it is possible. We have large scale installations in our customer basis, but of course, customer identity management, consumer identity management is currently on its way to grow. And the systems we have seen so far are not at the end of the scale. So we as a vendor, but also us customers will have to have an eye on, on the scalability of the systems and of course, access management and identity management move closer together.
And, and then that's of course, something to be considered in your design aspects, concerning roadmap topics, topics that are from our perspective, not applicable today, but probably tomorrow is the question about new smart factory facilities. We will have to consider them as a new type of it systems being integrated in, in the IM systems. And they will very likely, according to what we have seen and discussed with customers today, they will very likely require also some slightly adapted governance processes. And last but not least the compliant options for customer profile will substantiate in mid future. We will understand better what the authorities are requesting with regards to, to GDPR, but also to other already existing data privacy regulations, to understand what is the space to maneuver concerning customer profiling. I would like to, to thank you for your attention. And yeah, as I said, at the, in the last page, I would just in case you don't know, beta systems, just in a nutshell, tell you, we provide full-blown IM systems from provisioning to governance.
We are now in the market for more than 20 years. So IM is a business field where experience is key. And we provide that experience. We are very successful project implementations by providing professional services with enhanced selected partners and our own professional services team. We are very proud to have satisfied customers. And if you come from, from Europe, we have local partner being headquarters in Berlin with subsidiaries all over Europe. So in case you have questions on this presentation or concerning our offering, don't hesitate to contact me. Thank you very much, very much at this point.
Thank you, Mr. Fonda, who I'll make you meet presenter again, and then we can directly start with the Q and a session. So we already have a couple of questions here, so let's look where, where to start. So let's maybe take this question first. What is your recommendation to support child transformation projects the best way? So, so getting solutions, I think that's probably looking at the IM part for it because one digital transformation, so using is not available in that sense, but getting solutions from one vendor or to buy and build the best of breed installation. So what is your point that, well,
My, my perspective is very clear. Of course you need, you need integration. So the, the, the point is you can buy and build because your, your needs will be unique. Every customer has its own privates, personal digital transformation. And so there is very likely, no one size fits all product suite that is strong in the explicit aspect you need for your digital transformation and what, what I can see from the disciplines, especially for the customer identity management. My recommendation would be speaking with one anchor vendor, like Abeta systems and to combine best practice, best of breach components for access management or for activity tracking in, in combination with such a solution. So best of breed works in that concept quite well. But yeah, let us talk, let us have an individual meeting because there is no general truth in this, probably.
Yeah. And so, so maybe when I added that's something from my, my perspective as an Analyst, I think there, the problems we are facing or the challenges we are facing in the requirements, we have our broad, when we look at whatever, protecting access to valuable assets, which is part of GDPR, but which is also part of the more you do in it, the more you have in software and, and other stuff, which sheets protected. And that's where more the enterprise I am players. And then we have new requirements and I don't see that there's one single tool which can really solve everything. And, and most organizations also have something. So in most cases, it'll be something where, where you think about what is the best combination to end up with not too complex infrastructure, but also to be able to support complex requirements and then ever growing requirements in an efficient way. So another question we have here is what, so, so maybe let's take a one which came just in one to you, Mr. Van, what are the main deficiencies in today's IM software when solving smart factory facilities use cases? So you brought up a smart factory point.
Well, I, I had a noise on the line, but I understood the question what exactly our smart factory aspects and what is the change to in over time to the previous generation, our factory systems, is that correct? Did I get it back? And
That's IM so what, what does, what does we need to change in IM systems to support the requirements of smart factory? These cases? Well,
The, yeah, the point from, from what I see for the technology, very probably concerning the agents. It is, it is not so special. We are typically also speaking about some embedded service system that is in there running like CNC systems are doing already for a DEC. But what we see is of course that the, the traditional way of, of role-based access control might fit, but you have to adapt. If you are speaking about a production line and about the necessity to access one system, then you have to really match the idea of role-based access control to the, to the idea of having a complete production line as a process with the various aspects of entitlements given per station. So it is not the challenge in smart factory is not so much the, the idea how to connect to the systems. This is more something unknown and, and new to the, to the people running the, the production facilities. They are not used to think of their production line as it systems though. It is more to, from the project I've seen that you really have to speak if the, if the process production is similar to the process in administration. And very often you have to, to adapt the, the process description in order to have a suitable role concept to cover this as well.
OK. Another question I have here, and we have to have a look at the clock already, so I, for one product. So for his clients, I am as typically under the network management organization, not it security or other organizations. So what are we, so you from your best practice experience and we, from what we see in the fields, seeing at clients, where is I am commonly located? What is your point here?
Okay. So again, summarizing, I understand what is the, the best point in organization to run identity and access management?
Yes, we could. So, yeah,
There, there, there is also no general truth on this. I have seen, we have customers where it is very closely linked to the compliance department. Some companies run it as, as a special division in it, but I would say most often this is really some, some extra division, the identity and access management. And that is to, would be my recommendation really to make it something that is getting backed by the CIO or the, the information officer, however, it is named in your organization to set up an extra department to cover questions of identity and access management, because it is not, you can as described very often, you can't directly link it to technology. It would be a big mistake to put it directly as a, as an it challenge. It is very often influenced by CSO by information security aspect, but not only. So the, the customers who have solved that from my personal feeling, the best really made it an independent, but still very powerful entity.
Okay. So, so what, what we see is we see also a lot of ways to, to anchor IM and the organization and network management is more, I would say a little bit of traditional view, which is driven more from, from an administrative focus while when we look at the, the more modern organizations to be careful with the term, but we, we saw a tendency then to move it more into the it security organization, or affirm that it security organization also to really have it as a somewhat separate organization. And when I look at more the consumer coming in and the need to manage identities from the employee to the consumer in a, in at least an integrated way, then, then my views. And my perspective is that we really should focus on making it a separate entity, which then works with the various other departments or range from HR to network administration, to marketing, and many others in a, in a, in a defined way. And, and, but, but really have this understanding of ID and identities are central element for, for the success of organizations, with the digital transformation. Okay. With that, I think we are at the end of the time. So thank you very much, Mr. Fondel, who is, thank you very much to all the attendees for listening to our call webinar, hope to have you soon in one of the other webinars we are running and see you at one of our upcoming conferences. Thank you.
Thank you. Bye-bye.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Evolving Identity and Access Management for the Digital Era

Join Identity & Access Management experts from KuppingerCole Analysts and Broadcom as they discuss how business IT is changing, and the implications for IAM. They will define modern IAM and explain why and how IAM needs to change to support modern app development, regulatory compliance,…

Analyst Chat

Analyst Chat #154: 2022 Wrapped Up - Major Trends in IAM and Cybersecurity

Another year gone already! It's time to take a look back at 2022. Martin Kuppinger and Matthias talk about what happened in the past year and identify top trends in IAM and Cybersecurity. They go beyond technology but also look at processes and business models. By this, they also…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Standards & Regulatory Frameworks Are Static, Security Isn't

Current frameworks from Cyber Essentials in the UK, to the NIST Cyber Security Framework, HIPPA, PCI-DSS and even ISO27002:2022 often take at least 18-24 months to agree by their governance bodies. The world is much faster moving that that, the fact many regulatory frameworks will take…

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00