Identity Fabrics for True Digital Transformation

Welcome to our cooking and cold webinar identity fabrics for true digital transformation. This webinar is supported by fro the speakers today are Mary Ritz, vice president of product management at fro and me Martin and principle Analyst at Cole. Today, we will talk about how identity fabrics as a concept will enable businesses to better serve the demand of creating new digital service in the digital transformation while also serving the needs of traditional IM. Before we start some quick information about keeping a call and some housekeeping information, keeping a coalition global Analyst company, we are headquartered in Germany with teams in the UK and the us. We delivering content such as our executive view reports, leadership, composes, and others. We deliver events such as webinars conferences and our upcoming academy with e-learning. And we support our customers in advisory for selecting vendors, developing strategies, architectures, stuff like that.
We do that for identity and access for cybersecurity and for artificial intelligence. Our research is very easy to access. If you look at our website, you will find the area of KC plus, and you can get full access for decent free as an annual access to all the research we are creating. Just have a look at our KC plus offering beside that. We will do a series of events again in next year in 2020, including our flagship event, which is European identity and cloud conference, which will run May 12th to 15 in Munich, our cast tech event around customer technologies, such as consumer identity management, marketing automation, decentralized identity, and many more, which will run in October and Amsterdam and Cybert world, which will focus on AI and the evolution and how this helps in a new, highly connected hyperconnected world. This will be any event which will run sort of at a core in, in November with offsite workshops in Stockholm and in Abuja plus transmission between these various places for all the sessions.
I think that's a very interesting form at a very interesting event, to have a look at it. Some housekeeping you are muted centrally, so you don't mute yourself. We are controlling this. We are recording the webinar and our recording will be available. Usually by tomorrow. We also will provide a slide text for download. So you don't need to note down everything and there will be a Q and a session by the end of the webinar, but you can the questions at any time using the area questions in the go to webinar control panel. This is usually the right side of your clearing. The more questions we have, the more interesting our Q a session will be. So don't hesitate to answer or to ask, enter your questions. So for the agenda of today, I will start talking about what an identity fabric is, why this critical to achieving full digital transformation and why we need to shift to a so to speak BIMO or multi-speed approach on identity management.
In the second part that Mary will talk about concrete business benefits of successfully implemented identity fabric platforms, the key trends, digital transformation, and more, and as I've said, then we will go into our Q and a session by the end. So there's one statement you will, I've seen probably a couple of times so far, which is around every business is a software business. Factually this statement in debt form is wrong. Cause there are several businesses which aren't really a software business, but far more business than we would expect to be. When we just start thinking about our software businesses, there are the connected vehicles. If you look at the energy and utility business, it is a highly connected, highly more and more software driven business. There's more software and everything connected things, connected cars, connected, whatever else, there's software in so many elements of what is produced today.
And there's also more and more a shift towards a service than just selling the product to the services, becoming the revenue driver more than that. So it is maybe a little bit over the top, but the core of it is true. Businesses are becoming digital businesses are becoming software businesses, and they are creating more and more digital service. And we need to serve this digital service, right? We need to do it right, and we need to serve it. Right. And also I list that more and more intellectual properties of businesses reside in the, and the absence things. This is where the value is. This is the differentiator. This is at a core of the business. So what businesses are doing and many, many businesses are building on digital services. Their competitive differentiator is their digital service. The new offerings they bring to the market build on certain elements, which are digital services.
And obviously for all of these digital services, there are a couple of important things. There's privacy by designer security, by design and there's digital identity in it. A digital service is used by a customer or consumer, and you need to manage that digital identity and you can't do it per service. You need to do it per organization. You need to do it in a way which is consistent across all the digital services you do at least at all across all groups of digital services, which address the same. But if you do it, then, then you better do it for everything in a consistent manner. So we need digital identities for digital service, and we need to have it ready to consume from a time to market perspective. If we are not able to provide a digital identity service to the teams, to our digital groups, factories, whatever they are named, when they need it, they will lose time to market.
Then they will show a tendency to create it on their own. Usually not in the perfect manner. So let, let let's better do it centrally. And that is what is sort of why we are talking about what we are talking about today. Before we do that, let's get a little back or more to the technology level first. So how will identity management architecture look like in future? How is increasingly looking? And that's also an area where we see large changes. So we see we have three topics here. One is identity services or identity as service. The second is microservice and containers and the service segregating identity applications, or code and data. So identity services. We need to think about delivering identity as a service, which can be easily consumed, getting away from, okay, we have this tool and it's still what I see talks with many people, oh, we need a tool for that.
Yes. At the end, you will need some technology, but start with, what do you want to deliver? That's a service, that's a service which helps you managing applications or a service, which provides to digital service. The ability to deal with digital identities, single services. And that also means applications need to be able to consume these services, which requires a consistent set of APIs and identity API layer. And the identity API platform does is your backend service or your set of technologies, which deliver these services. We need to take a service paradigm. We need to be flexible in agile and delivery, getting away from traditional monolithic architectures. And when we think about DevOps, when we think about the way where softwares is heading to data, and this is about microservices as an architectural paradigm containers of server, less as a deployment paradigm. So our solutions over time should be more and more microservices, which we can package in a way which we can deploy in the way we need.
This also opens us the door to hybrid environments, because if this is microservices, if this is containers, then we can run containers where we need it. We can do everything from full size to very private environments, whatever we need, we can deploy it orchestra. We also can grow easier because customization happens in a separate microservice, which consumes other microservices. This is clearly segregated if you do it right, microservices, a lot of the problems you're facing today in traditional, not only identity measurement and traditional ways of creating customizing software with trust disappeared, the same for deployment models. Okay. There are some other challenges like API security, but basically it's a logical and good way forward. And we need to, that's also a consequence. We need to segregate identity from business logic and business logic for data and data from identity. This is, these are separate things and I'll touch just the identity piece here because identity at the end is something you need for a lot of digital services.
So never ever start creating a digital service and build your, all your identity service in it. It doesn't make sense because with the next digital service you get in trouble. So we need to segregate these layers well. And when we follow these ideas, we pretty logically end up with something. We call the identity fabric, the central element of identity and access management, which is at that level at first, a logical architecture, an IM platform for unified access. And let's step back and think about what is, what identity management factually shall deliver. It is that everyone and everything. So all the stuff which has identities and all the people who have identities can access the services they need in a controlled manner. That is the reason why we do identity access management. Having these identities well managed and having a well managed access to the services we need access to at the end.
That's the reason why we do it. What also is changing is that we have more and more different IDPs identity providers. The days where we try to man to, to, to manage all the identities in our own internal directory service. So we had one for the employees. We might have added something for partners. We might have added something for our customers and everyone has to register. That's passed. We have different types of external IDPs. And yes, we do Federation for quite a long time. We have social logins for long time. This journey is already, we, we are pretty, we have kind of pretty long way on that journey down a little, very good part of the journey, but it's still, we need to be even more flexible. Think about how can we enable everyone to access the services in a controlled manner, as long as risk cetera as acceptable.
And that is where we then need a set of services to federate, to web access management, etc. Look at this again, logical architecture, look at this as a set of services, which deliver, you might have a technology which delivers more than one of these services. You might even specifically, when you look at the, the path from, from your current existing legacy identity management to a modern environment, which is full microservice, et cetera, you might have more than one technical service, which delivers to some of these logical services, but look at what is what you want to do. You need certain services to serve the, what identity management is responsible for, and then give controlled access to everyone, for everyone to every application. That is why we do it. And this is having this fabric. We also can work against. And this is done. Where, where, where, where another, I believe fundamental shift and change comes in.
When we look at this picture from a little different perspective. So after this identity fabric, which just delivers access management services, which delivers IGA services, but also things like content privacy and more, it's a set of services. And then we have two levels. And what comes into play is this. So to speak this new level, we have SaaS services. We have specifically also we have two digital services. We are creating in our organization, or we let create for us. We have these digital services and they specifically, digital services need access to these services we have, and we need services, which also allow us to integrate and deliver to disaster service. But on the other hand, we have still our existing identity access management. That is nothing we can just re out and replace no way. It takes years to replace an IGA tool very frequently.
It is not a simple project. We have all these let's phrase it legacy systems. We have our mainframes and they will be here. Many of businesses still in 20 years and more, we have many other applications we need to integrate. We have our on-premise active director. We have all that stuff we need to integrate in some way. So we need also to be able to connect back, which means that we need to be able to do two different things. We need to be very flexible, very agile, very fast in supporting the new digital services and our shift to the cloud. So many of this, most of the business have some sort of cloud first strategy. So there are new SA services. We deploy. There are new digital services we create and we need to be ready to do that. Now immediately, the digital service can't wait, if there's a pressure from business to create such new digital service, to premium new digital product to the market, they can't wait for identity to be ready.
We must have this identity fabric, which then delivers the identity piece to this. On the other hand, we also need to work with what we have. We have a lot of identities down there. We have a lot of systems. We still need, we need to provide access, not only to a new service, but also to the legacy applications. So we need also to have the integration capabilities and support also a gradual migration of existing technologies into your new, more modern architectural paradigm. The concept of services into the concept of an identity fabric. So in the legacies, I am space. So to speak, we do, we do enterprise identity management, such things like our life cycle management provisioning. We do traditional traditional access governance. We have our authentication technologies. We have deployed for long authorization with roles, roles, and roles, and we all need to, we all know that it would be a totally different topic that we also need to really re rethink the way we do that. Because road projects usually are somewhat cumbersome.
We have sometimes some customer or consumer identities, and we need to make a step from there. The new services have different demands. They, they, they go for, for lighter approach and access governance, but they they've asked for this high flexibility, the delivery speed, software asset service support, building containers and orchestration access, Y APIs supporting these notions of zero trust. So at the end, we need to do both. And what we need to do is to bring up something which helps us serving the current demand, the increasing demand for digital services, for cloud first strategies, while not forgetting what we have and what we have for a good reason, and what we need to, when applications are changing, what we need to, to, to, to migrate and what we still need to support for many, many years, probably tens of years, because a lot of the stuff will not just disappear.
We will be hybrid for long for most of the businesses. And if you have a factory floor and even longer, when we look at this picture and bring it up again, then there's one interesting thing. So even when we look at SaaS services, it's still an approach where we manage from identity management. We manage the SaaS service. We put federated provisioning there, we do the authentication and provide something to that service. So we, it is sort of an, from an application perspective and outside-in approach. So identity management is doing something. It manages these applications. On the other hand, when we look at digital services, it is a fundamentally different way of doing that because that is the digital service requests and identity service. We are an API. This is the exact opposite. So to speak passive applications, such as assess service or traditional application, when we look at how do we do provisioning and traditional applications, it is really very much, yes, we trust, manage these applications.
We inject some, some, some accounts in these applications and some entitlements and stuff like that. Or we inject, take traditional web access management, HDP, header, Interac. We, we, we do things. We manage them from outside, with what we need for digital services. This is changing, and this is why it is API. Thing is even more important. We need to support this different way of doing identity management, the access from the outside. And we shouldn't end up with, oh, there's digital service, identity management. There's an identity management for rest that will not really work. We need to move to integration again. Two speed. BIMO different perspectives with that. Let's end this up with some key recommendations after this first overview insight into what we understand and why we think we, why we believe we need, you need anti fabrics. So one thing is gain sponsorship. You need to, to move an I am program, which is really enabling your digital business, where you have different sponsors, you have the digital transformation, the business sponsors, you have to identity the security sponsors go identity fabric, define this as your picture for the future.
How must your identity management look like in future and how do you serve and how do your existing tools map into that? How do you handle customization? Which new tools will you have? What is your evolution to that? What is missing? What is really important to you? This is the architectural work. This is the syncing work. This is also where we supportive our advisory services required, identify and prioritize. Yes, that's exactly the point. Look at what you need when and first do a correctional transformation. But also this helps you. If, if you do it right, it helps you from getting rid of some of the pressure of replacing and migrating existing stuff. First, you can concentrate on serving the new requirements. You can integrate back with what you have, and then you can decide on when do you need to change? What? So it's, but it's, you are controlling the speed, the pace, not someone external and educate, educate additional information, transformation, initiatives, and ensure that they understand it. Interestingly, when you speak with the architects, when you speak with the teams, the developers, and when they feel okay, that is something I can use now, or very soon, then they are happy to use that type of services because it helps them in doing a better job and having a lower time to market. That is what we need in this, the true transformation. So this were my first insights with that. I hand over to Mary who right now will then look at concrete benefits, key trends and more Mary,
Hi, I'm turning on my screen. Happy to be here with you. I run product management for four. So Martin gave us an overview of how identity experiences are becoming increasingly important to get, right? We're really living in an exciting time of innovation and disruption. And with the right tools, you, you can build this flexible fabric to use for your identity services. So I'm gonna spend about 20 minutes giving you a practical overview with some demos of what this could look like. My goal is to give you some insights about what's possible and how all this works in real life. Please do type any questions that you have into the chat, and we'll try and get to as many as we can.
So when we think about, you know, this, this modern world and choosing a vendor for an identity fabric, there's two opposing trends happening the horizontal line here, it's the trend for the comprehensive capability so that you can get identity, right? So that you can build this fabric API first with all of the features you need. And, but there's another trend, which is the vertical line. And that's the trend for getting very simple and easy identity solutions from the cloud. And historically you had to choose one or the other. So a vendor would've either offered a couple of very simple use cases and an identity as a service model, or you had to shoulder the burden of a heavy platform, or even a build it yourself, you know, identity capability. But I would say to get to this model of the fabric, you really need a vendor that offers you both.
And I'll show you one example here for drop course, cuz that's what I know best. So at, for drop, we have the, the complete platform, including identity management, access management. We can store all of those identities in a directory. We can do the access governance and everything is API first. And we have all of the full menu of application integration so that you can support that bimodal speed, both for modern applications and your legacy applications. And then also there's flexibility in how you would deploy the platform. So you could deploy it in the cloud. You could consume it as a service or, or you could run it yourself on premise. And if you zoom out, it's this, this product and platform that we offer is a part we know it's a part of a bigger ecosystem in your enterprise. So it's open standards based. And we pull in lots of rich context from the enterprise and we use that for real time, dynamic orchestration and access decision making, which is highly powerful.
And I'll show you how that works. But also, you know, we create great context ourselves. Cause identity is the center of people, services and things interacting with each other. So we can send rich context out to other areas of your enterprise, such as how you know, where you wanna have a single view of a customer and their preferences, or perhaps you wanna it to your security operations center for breach detection. So what I, the way I I'd approach this is Martin gave a recommendation for how new services should look. And so the top, right, little graphic, I just pulled directly at the screenshot from his presentation. And I'll, I'll just show you examples of what it means to be flexible and how this would look like in the product. So when we talk about being really flexible, you know, there's flexibility is something you need in a lot of areas, one area in how you can approach have flexibility is how you approach the end user access.
And so, you know, when I think about providing a great login experience, I think of myself as an end user, but you know, you log in and type your credentials and get access to something there's a lot going on under the covers to prove that you are who you say you are and that you should have access to that resource. And you need a lot of, of flexibility because you have, you have a wide demographic of end users. They might be on different kinds of devices and different geographies, maybe they're different age brackets. And so you need it. Can't be a linear journey that everybody follows. You have to be able to branch and split and loop and have some flexibility. Let me show you what this looks like. So what you're looking at, I'll show you a little demo, but on the right hand side is that end user experience.
In this case, it's a mobile phone and they're gonna log into an application called pebble bank. It's a fake application on the left hand side is the administrator console to design this journey. But what I mean by flexibility is each, each of these little boxes on the left is a little bit of microcode that solves a, a particular piece of the puzzle. And we assemble them together for that login journey. So it's pretty simple. It's drag and drop. You can think about how you want that end user to log in, but you also see what's happening now is you can change how that login works over time. So in this case, we're sending now every end user is going to accept terms and conditions. They'll prove they're not a bot with a recapture, they'll go through their KBAs and a few other steps. And actually this isn't a journey I would ever recommend.
This is way too much friction, but this is just showing you how simple and flexible it is to bolt on new pieces into that journey and just dynamically upgrade that journey. So the, the end user never had to refresh their application or refresh their browser just as soon as you save the new journey, it gets updated. But you have, you have, if you think about the flexibility that this gives you, if there's a new kind of strong authentication, you wanna embed you just add that in. If you, you can branch off so you can do AB testing. So you design a new access journey and you just wanna send 1% of your traffic because you wanna make sure it behaves well, you can do that. So, and we also can infuse the timers and the metrics and analytics so that you can make sure everything's behaving the way you want.
So a lot of flexibility with this orchestration pallet, which ultimately is this dynamic decision engine for access. Another thing that we can fold right into that same flexible pallet is identity management. So for drug has, you know, a complete set of features, not just access, but co identity management with identity management. You're doing things like as an end user at, I wanna control my profile. I want to reset my password. I wanna sign up for emails and newsletters. So this is the kind of thing that I'm talking about when I say identity management and self service. So again, just quick demo to show you what I mean by all of this in the video here, the left hand side is a browser for the end user. They're logging into a website, the right hand side now is the administrator graphical palette where we're putting this together.
And in this case, I'm showing you what we call progressive profiling. So often as you deal with managing your relationship, especially with consumer identities, you don't want the first time someone ever logs in to have a huge list of questions that they have to answer in order to establish a relationship with you. You haven't quite earned their trust yet. And it adds a lot of friction and can lead to them, abandoning the relationship with you. So a better way to do this is to do what we call progressive profiling. So in the same orchestration pallet, I can put together the pieces of asking little bits of information over time. In this case, we've broken it down into the first time they log in the second time they log in the third time, they log in each time asking them a little bit more information so we can make their service better.
And you have flexibility in how you would establish this. You might not wanna do it first, second. And third log in. You might wanna do it every 30 days or at a certain after a certain event compelling event. So a lot of flexibility in this, but because we're so we're API first, so you have the same IDP and you can dynamically change how these journeys work over time. So you're able to evolve identity separate from the business. So if next year, the new strong authentication is something that we've never dreamed of. That's no problem. You just pop it into here, save it, and then it's updated. So it allows you to move very quickly and evolve your identity strategy, separate from how you're evolving your application strategy.
Gonna change gears. Martin talked about, you have to have very high delivery speed for new digital services. So in this case, I, I always think about the developers in your enterprise that wanna move faster than, than maybe the identity team is prepared for. And, and developers in your enterprise. They're creating this business value with these apps they create. So they have a lot of autonomy, so they might not wait for you. They might just embed their own identity or find something off the web, or, you know, then you have an even bigger problem to reign in. So I think if these developers and I, I think, you know, they don't, they don't know identity. They don't wanna know how to do token exchange. I just wanna write their app. So here's an example of how quickly you can enable these developers to build modern applications.
And I mean, essentially all I, all I wanna do is log onto a SA service, register their application and get their client ID so they can just pop in identity into their application and they don't have to think about it. And that's what we have set up for them with this is a SaaS service we have, that's really just designed for developers so they can get up and running quickly. So it's integrating an SDK, registering that app, getting your client ID, and then selecting how they want a very simple ability to select how they want that login experience for that app. So do they want username and password or something different? So what you're saying is just, you know, grabbing the SDK snippet, popping it into your web app. And then here, we're gonna register an app. We're gonna do a native, single page app.
We'll insert the URL, we'll get a client ID. And that client idea is what we're gonna put into our app, but we're also choosing how that, how the login's gonna work in this case. We're choosing simple username and password. And so you you'll see in the screen here. So in your app, you're just, you're adding your, your client ID and you're denoting that you wanna use that username and password flow. That's been preset up for you the best possible way. You don't have to think about best practices and now the app's up and running. So in minutes, this developer didn't have to research identity, think about it just was able to quickly embed the spin. And again, with the flexibility to evolve identity over time, maybe they decide username password isn't right anymore. We wanna move to password list so that we can take advantage of I O web authentication. So you can just make that selection in the administrator area and automatically all of the applications get updated to use the password list policy. So very, very nice way to support this bimodal speed, where you have some developers that are moving so fast, you can't keep up with them. You just need to enable them and give them the tools while you gradually work on integrating the legacy app.
Another thing Martin mentioned a lot is is that the API. And I think when I think about this, I think about how you need all your features available as APIs and really needing that complete feature set from a vendor. So, you know, at, for drag, we not only have identity management access management, but we can also do that access governance to make sure the, the, the right people have the right access and there don't have too much access and you can prove that to auditors. But we also, when we think about access, we're not in identities, we're not just thinking about people. We're also thinking about non-person entities. So, you know, in the, the connected car, we, we may want a person to authenticate to that connected car. We need to treat that connected car as a appropriate identity, but also that connected core may wanna connect to a gas station or to a service mechanic. So we have to think about all the relationships between people and identities, and sometimes there's not even people involved anywhere when you think about service to service calls. So we've got all of that modeled out because identity, you know, you often think about people, but more and more if people attach their things or even things or robotics or services talking to each other, and each one of them needs an identity.
I also think about the fact that you, you rarely do get to just select one vendor for identity. Every customer I've ever worked with has at least two. And so we think about, you know, in our dynamic orchestration palette, how we can punch out into the ability to connect the wider ecosystem. So this is where we could punch out to the latest, strong authentication. We have relationships with all of these vendors and they have their micro code snippet in our orchestration engine so that we can include them. And, you know, increasingly we see this as a way to bring in telemetry for decision making. So I wanna connect to a risk score or a security service to get information that would give me more contact to decide that I wanna let this person have access to this resource.
I take a moment trust because this has where a number of you headed and thinking about trust really as a disappears identity is a nice place to hook in security. So I'm no longer taking my corporate issue laptop into a corporate network to log in. And now I might be on my personal iPad in a Starbucks logging in to Workday or Google Schutze or, you know, my company app, but there's, there's less and less places to do security and identity becomes a really great place to do it. But the challenge with that is at, at, at the initial authentication, you have a very high level of assurance that the person is who they say they are. You've just collected a lot of data from them. They may have put their biometrics fingerprints. So you feel pretty confident they are who they say they're. But over time, that level of assurance degrade, maybe somebody hijacked the token, you know, something happened in the middle that, that degrades that level of assurance.
So the key to this zero trust model is, is basically this four steps and an identity platform like forr can service all of these steps for you. But at initial authentication, you wanna collect a lot of context. That's a good time to collect it. You, that person is who they say they are. You wanna know their IP address, their browser agent, you wanna fingerprint their device. You know, there's a lot of things you can collect and we can store them, store them in a variety of places, including destroying them right in the token itself. So you have a lot of autonomy over how you reevaluate that later. And then as they continue to access resources, you set policies so that we re-trigger collecting some of that information and comparing it to make sure it still looks right. And then, and then based on what you see, you have now a lot of context.
And so you don't just have to say, allow access or deny access, or step up authentication. You could say, you know, this, this could be a bot, but it's kind harmless. So what I wanna do is allow it, but throttle access to the so only allow so many calls per second to that from this, you know, this request, you could also allow this to send it to a honeypot. You could allow it, but redact data. So there's a lot of flexibility with the tooling we have with your response. So that's how zero trust is shaping up and how you can solve it with identity. And I know I move in a quick clip here, but just wanted to give you the, just a brief overview of a lot of areas on purpose. You could have a good composite of what's possible. So I apologize. Each of these could be an hour in and of themselves, but it's fun also to just get the quick, quick overview of everything.
So Martin talked about the bimodal speeds. You need a lot of flexibility and you need to be able to service both the modern apps and the legacy apps that so, you know, I've got same picture of the identity fabric, but it's having the tooling to service, both which ultimately comes down to having the modern API layer combined with a menu of application integration options. So you, you know, you, new applications often standards based oof, to O I D C. But when you get to legacy applications and sometimes even modern applications, you have to think about the best way to integrate them and you need, and it depends. You need a lot of menu choices, depending on the situation. Sometimes you wanna add an agent to a web server. Sometimes you wanna add a reverse proxy at the network layer. It might be that it's a microservices scenario and you, so you wanna embed right into the service mesh.
So you need a full pallet of options to help allow you to wrap modern identity around a variety of situations. Basically you have stretch the edge around a, a variety of situations. And because sometimes it's an app you're never gonna be able to touch. And so you can't, can't consider asking an app owner to rewrite it. They don't exist. So nobody knows how to touch that app. So I've gotta wrap. Maybe I'm gonna wrap a network perimeter around it and introduce modern identity that way. So we have all of these integration options for you. The latest and, and what's interesting to me with identity is you have to support all the modalities. So you're supporting applications on mainframe, but you're always supporting the latest and greatest. When we think about this move to microservices, that's been interesting because microservice to microservice call, if you compare that to a traditional API call APIs, we were seeing north to south security in the network, but microservices wanna talk to each other.
That's east, west traffic. There's a lot of it. And so there's a, there's actually many ways that you could introduce identity, but it might be that you wanna insert token, token validation, token authorization, right in the service mesh to reduce latency and to increase offline tolerance. So you need even with very modern apps, you, you want flexibility in how you think about integrating identity services and what's right for your environment. And so we, this continually push forward, adding the menu of options to give you flexibility and how you build out the layers for the bimodal would the most layer abstraction layer when you're trying to separate business concerns from identity concerns is something that we call identity gateway. It's basically a reverse proxy. That's totally dialed in for identity, and it's got the drag and drop graphic. So you can add in the kind of modern identity token, but you can also do all of the interesting work-like reaction throttling, controlling traffic based on what's happening with identity. So this gives you a very flexible layer. And I would say our, our customers that use this say, this is what has brought them. That bimodal speed has really allowed them to evolve identity separate from business in a way that's really powered at their and accelerated their speed to support the business.
I, I think this might be my last one, but Martin talked about covering all deployment models because on premise stuff, just isn't going away. We're gonna be in a hybrid world for a while. And so with, with a platform that we build, we make sure that it's deployment neutral. So we have this great complete feature set, and that whole feature set that all the same APIs can be deployed on premise in a public cloud in hybrid in mob be cloud. It has a service. And so if you build, you know, if you deploy and build against one API, it would work against the other deployment model. So a ton of flexibility in how you would think about deploying. And, and I would, so we have this ability to, I mean, kind of the easiest way is just it's as a service. So we host it for you and you just take advantage of all of the best practices and having the platform just available, you have to run or operated or upgrade it.
But we have a fair number of customers that say, I have unique situation where I've gotta run all or some of this myself, I wanna do that in a DevOps fashion. Cause they need to be super agile, need to refresh my containers every 30 days. So we have that option always as well. And again, same stack across. So, and our DevOps has been really popular. We have it fully dialed in. You can run for in any cloud and within, you know, we have it all turnkey. We give you all the Kubernetes automation and a couple of minutes, you can have a hundred million identity production platform running. So a lot of flexibility and power with DevOps right now.
So yeah, what I, what, what we wanna do is when we think about the fabric, we're, we're trying to get away from having you to make hard choices and the hard choices above the water here are the choices that impact your customer's experience. We don't want you to have to sacrifice security over a fortune phrase experience, but below the line is this running and operating and identity fabric. And we don't want you to have to choose between a complete feature set or simple deployments from the cloud. We feel like you need both. So these are the, the four areas that we bring and of course supporting consumer workforce and things, all of the use cases. But yeah, thank you. I will pass the mic back to Martin. I think we may have some questions. Appreciate your time. Thank you.
Thank you. And let's directly move to the Q and a session. As I said before at the intro, the more questions we have, the better it is. So don't hesitate to enter your questions now so that we can pick up these questions. And I have already a few questions here. So maybe let's, let's start with, let's start with the first one, which is, I think primarily targeted to Mary, but I might add something around it. So how many customers do you see actively pursuing a zero trust initiative these days?
You know, I would say that zero trust is our, okay, it's our most advanced customers are actively implementing pieces of this, which I would say is the top 10 to 20% of our customers say, everybody's thinking about it on the rest of the 80% of the customers are thinking about it for not, maybe not in the next 12 months, but they wanna make sure they're prepared for it. And they're starting to organize their thoughts. So I, I feel like everybody wants to get here. It's still early days. People are still figuring out how they're gonna do this when they're gonna do this and building out business justifications, but it's certainly, it's certainly happening. It it's happening. The movement is happening, but only are, I'd say 10 to 20% of our customers are actively, you know, in motion making this happen. Have you seen the same thing, Martin?
Yeah. So I would say it is that when, when you talk with the, with the Cecil level, sometimes even the, the CIO level for, for very many zero dress is a, an important topic. I think one of the challenges around zero dress is that it is still somewhat fussy. So even while, while being around for, I think, close to 10 years right now, it appears that that is still somewhat of a fussy concept. And, and I think also sometimes there's an approach or sell zero trust product. There's no zero trust product that they help products, which help in implementing a zero trust strategy in creating or realizing a zero addressed architecture. But it's not a single, it's not a single product. It's a concept. And then there's a little bit of a misconception maybe behind it. But overall we see a tendency to saying, yes, our world is changing.
And for many businesses, it is the fact that they have services somewhere and they have their users and their devices somewhere. But the network, the traditional enterprise network is not at the core anymore. Obviously this looks very different if you have a factory floor or OT environment. But so back to that, I, I see a strong trend, a strong tendency, but yes, it's a long way to go because it really requires a, a very different architectural thinking. So, yeah. Second, second question I have here is, do you see the same trends you, I am around or across consumer identity and workforce identity?
You know, it's interesting. I do see, so both sides are coming together more than they ever have before. So we see more and more customers wanting to use a single vendor to solve as many use cases they can on each side of the fence. I will say that when it comes to the digital transformation, I see more, more activity and more innovation on that consumer side because it really does change the business. So I see a big focus on consumer right now, but what's interesting is I, I, I see convergence in a couple, a couple interesting ways on the workforce side, we have some business models that require that you have your workforce up and running in minutes or hours. If you think about tax season and onboarding a thousand tax professionals as quickly as possible. So that then you get into this level of speed that historically was on the consumer side.
And we also see them coming together in when retail and service sort mashed together. So I, I, I come into a shop. I also physically, but I've shopped online. And the, the, the agent, the sales agent working with me can log in on my behalf and see have an employee logging in on behalf of a consumer. So we do see some interesting intersections all in all. I'd say they continue to get closer and closer together with the emphasis in a lot of innovation happening really in that consumer side right now, here's what you're seeing in the space. Martin, if you're,
I think one, one interesting indicator, which comes to my mind is when you look at this entire adaptive authentication topic. So, so the ability of using different authentics of having risk and context based authentication, cetera, this was a topic which was relevant to, to sort of very limited industries for very limited use cases for pretty long period. So it was banking online banking and a little bit beyond that. And this is becoming something which is increasingly relevant for enterprise workforces for different types of consumers. So we, we see definitely certain trends we see there. We also see see more discussions around, for instance, bring your own identity or external it piece. Even for certain workforce use cases, mostly more on a, on a, on a, on a high level discussion level, but these are things we, we, we see increasingly. So I think it, it is that, and there are differences also the way you do access governance will be different and remain different from workforce than from consumers. But overall it is that there's, I think an increasing tendency to also think about how do we need to, to workforce identity in the future.
So when, when talking about, when talking about trends specifically in the context of identity fabric, the one thing I also would be curious, Mary is how, how many of few customers, I think you have a number of very interesting showcases around very digital service centric solutions. So how many of your customers do you see that really shift towards an approach where they say, okay, I, I build all my digital services against central identity infrastructure. I know a few, but I also knew somewhere it's not yet the case. So I know insurance companies, which I know insurance companies, which aren't yet there. So, so what is your perspective on that? Where, where, where are the other companies?
Yeah, no, I see it in, we, we do see it. And so when we get together, you know, four drug has a pretty great customer base and we have an advisory board of about 20 of the top companies in the world. And when I look at those companies that are really successful with identity, 80% has moved to the, the fabric level where they've, you know, identity is a key part of their business. And they don't think of their business as a banking business. They think about it as a service business. But I, I would say that that's, those are the advanced customers that we have that are guiding us and showing us, you know, best practices. The rest are still we of a fair number. I'd say more than 80% of our customers are still kind of trapped in that legacy model and looking for a way out. But the ones that have moved to the fabric are extremely agile. We see it in a couple areas, definitely see it with banking, the banking with the high digital focus, we see it with media and entertainment, where you have a direct relationship with your consumers and you need to give them really great experiences and think of where else I see it. Most, those are the two areas really that I've seen really interesting pioneering work and building out these fabrics and already having it established for the last year and having great success from it.
Okay. Thank you. So we are done with the question. We are very close to the end of this webinar. So thank you to everyone for listening to this call, webinar, hope to have you soon Beda or one of our other webinars or one of our events, by the way, when you look at EIC 2020, don't miss the early, early bird booking option. We have, I think until Christmas or, or around the end of the year. So have a look at this. Thank you, Mary, for your insights, for your information, you provided very valuable. Thank you everyone, and have a nice day.
Bye bye.