Integrating Access Governance and Entitlement Management

Good afternoon, ladies gentlemen, welcome to our equipping cold webinar, integrating access governance and entitlement management governance for dynamic authorization management. This webinar is supported by cross IDs. The speakers today will be me Martin equipper of a coal and Marco Auti from cross IES. Like always, I will start with some information from the call side and some guidelines for the webinar. So doing some housekeeping and other things before we then directly start with the webinar. And so the first thing I just like quickly to mention is cold and close Analyst Analyst company. We are doing enterprise it, research advisory, decision support, networking for it, professionals throughout subscription service or advisory services and our events, including the European identity conference. I'll talk about later to our events, which are interesting. I think for drama speakings people amongst the attendees, one is a half at the upcoming ITSA fair in Berg, October 12th, where S will talk about the risk and data protection requirement analysis for cloud computing.
I think a very interesting thing to attend. So if you're speaking German and or NBRA at the point of time, I think it's definitely worse to listed. Yeah. Other thing is industry round table, exclusively for end user organizations. So it's round table only for end users where we'll talk about cloud comput security and data protection. Also again, this will be done in terminal language that will be English language versions of this later on. So it's very worse to attempt to seven, which is mid-November and yeah, regarding the webinar itself, some guidelines for the webinar, you are muted centrally, so you don't have to mute or mute yourself. You control these features. We will record the webinar. The podcast recording will be available latest by tomorrow, and we will do a Q and a session at the end of the webinar. So you can ask questions using the questions part in the go to webinar control panel at any time. Usually we'll pick, answer the questions at the end of the webinar. However, we might also pick questions during the webinar if appropriate. I think it's always good to, to enter questions once they come up, come to your mind, because then we have a comprehensive list of questions when we start Q and a session can make best use of the time.
So to look at the agenda, the agenda, the first part is done by me, Martin Kuppinger. I will talk about drivers and requirements behind the Futureproof access governance spreadsheet and to around dynamic authorization. So I set sort of the, the fundamentals around this. So what is happening and what do you see as the, the major trends, the requirements, all these things. The second part then will be Marcou who will talk about combining access governance and entitlement authorization management, or dynamic authorization management to provide more value to customers. So that's what we are doing there. And then the third part will be the Q and a, I believe approximately 20 minutes. And the part of Marco will be approximately the same length. So we have some 10 minutes afterwards for the Q and a part. Okay, let's start with access management. So access management is something which is from my perspective, more important than ever before.
So when we look at it, what happened here is we have a lot of things around regulatory compliance. So if you look at the requirements for audit traceability, for the integrate integrity, the authenticity of data, and so on, all these things are around access. So who can access data, who's doing what was the data and so on. So that's one of the most important drivers we are currently seeing. And it's something which is relevant for any type of access we have to keep. And the control. The second thing is the risk of data loss, which is increasing. So we have to whistle blowing the weak leaks part, but we have also the information security by all these kinds of ATP. So the advanced persistence threats, for example, a matter of things where it's about having a lot of layers of security and access management who can access data and are this data access in way, which shouldn't be accessed.
That's a very important part of the story, the administrative workload still important thing. So, so we have an increasing complexity of environments where we have to deal with access controls, and we have sort of a cow. So the more environment we have, the longer they lift, the more complex is the access management in infrastructure there. And finally it's about integrating more types of users. So we have the end user requests. We have the end users who want to request access. We have more types of different users. We have to do the audit recertification of access in a very simple way. So access management is increasing important. And in fact, it's one of the things which is really irrelevant to the business. So if you look at what our businesses really interested in, and I think are two things, business trust, want the services, they need to do their job and they want, when they need it to add trial quickly, that's one of the things providing what business really requires.
And the other thing, what business really cares about when it looks at it, that's, it's not that much the cost that's something which is yeah, something business. I like to look at that much at, but there really, the big, second thing is business. One to keep corporate informa corporate information protected adequately. So information security is the second big thing. And, and looking at us that access management for sure is a very important thing within that. And if you look at the entire picture of it, and then we'll talk about this, this a lot more this the next time. So it sort of is we have to look at the business service delivery. We have, have to produce it somewhere, but in the middle of it, that's really where it management security starts. And that's about service management and information security, controlling access to services, to information, and to fulfill this use, manage and produce paradigm, which is important.
So the cloud, by the way, stress out deployment model, the important thing really is here in the middle tier. And when it comes to information security, then it's about all types of information security. If you look at services, for example, and it's about who is allowed to use, which services that becomes much more dynamic than trust saying, who's allowed to access this file. Who's allowed to access this folder and directory or whatever else. So we have to look at how can we protect our corporate information at any time at rest and move and use to pull the secure information lifecycle asset management is cursing there. However, and I think that's also important to keep in mind. It's not mainly about tools, there's this, this very well known saying, which says a fool was a tool, still a fool. I think the point is tools help us to do things right when we know what to do with the tools, as long as we don't know what to do with the tools, we really have to be very careful.
And if we look at the entire access and so on part, then it's what we need is, is a book of fruits. We need our security rules, our guiding principles, the implementation guidelines, core requirements. We need the basic concepts. So like access management processes, re-certification process audit processes, P OD approaches and the knowledge about protection requirements. So what has to re protected? We need detailed concepts. We need system specific access management concepts for different environments. And especially also for all the types of applications, which are out there, which we have developed over time, which we have all the custom applications. And for that, we need to processes organizational structures. Only if we have these things in place, then we can really move forward to the tool part. So we really have to build a framework in which we operate. And that's a very important thing.
And we have doing a lot of work and standardizing the way towards doing the advisory around these topics to assist our customers. Because I think that's, that's really coing before it really comes to technology. If you don't have the framework, which, which you operate your technology, that's not sufficient. So access management look at this I've I've recently started writing a series of documents, which we call scenarios. These scenarios are documents, which are in sort of the lead documents for, for everything we do at Cooper cold in our research and our analyzes and the, the first document, which is called understanding it, service and security management then is one which defines the entire big picture. And the second one is then understanding identity access management, which will be out there probably early next week. And I try to really restructure a little bit, this very fussy identity access management market.
Isn't this very fussy identity and access management market, but one important area as the access management access management is really the finals, what which business cares about. So if you ask a decision maker, what is relevant to you or access, or if you talk about identity and access, what is the thing business really understands? It's access business understands, okay. Access is an issue. We need to understand this issue of access. That's a very important thing to understand. And within access management, we have different areas. There. We have access governance, which is bigger than access management on the other side, but which is yeah, little bit complicated relationship to access management. On one hand, within access management, you need to implement access governance. On the other hand, access governance goes well beyond the pure access management part, but will be shown in the next slide. Then we have the authentication part, which is about who is the person is most likely the one who claims to be, we have the static access management, which is, let's say the classical part of access management, where we say, okay, we define our roles.
We say, okay, and this system, we define these associations of groups to specific access rights. So all the access control list, all the access control, answers, entries, all these things, which are around who's allowed to do. What's writing it down more in aesthetic way. And we have to part of dynamic access management, the dynamic access management part them is the part where it goes more towards what happens at run time. So if there's a run time request, which we have in many, many systems. So if you look at building systems and external oration, something I'll talk about later more, then we are in a situation where it's really about saying, okay, at run time, we have to make an conversation decision and say, okay, this person's allowed to do this, or it's not allowed to do this. And this dynamic access management part is becoming increasingly important.
If you look up a little bit deeper into this, so we have the entire identity and access management. There's a lot of other disciplines like identity stores and so on. And we have below the Idy access management, again, several different disciplines. And the one I look I look today most is discipline of dynamic our authorization systems. So I won't go to into detail on this, that there will be, as I said, probably earlier next week, there will be another document our, which really goes into detail on what is behind all these things and how your best structure IM world. So the scenario, understanding identity, access management, there will be others like understanding access governance out there. Soon access governance is sort of to thing on top of it, which really builds also sort of the relation to the business allows to control what happens there, implement the controls we need and all the type stuff listen, the dynamic access management, and we have again, different disciplines and which is for example, risk context based authorization.
So deciding based on risk and other factors west for someone is allowed to access the system. And all these things, web access management is a very common discipline. Privileged access management is something which is then more around the roots and the administrators and other privileged users. Federation is also another topic where we have a lot of podcasts available around Federation. And then we have this dynamic authorization systems. And that's something which relatively new. If you look at heterogeneous environment where it's about, how can we externalize authorizations decisions out of applications? We have it, however, in, in some areas, so some organizations have implemented much way before. If you look at mainframe environments, we frequently suggestions where all the host applications call sub brokers or other things to further authorization decisions to work against the central access or dynamic authorization system. And I personally tend to use this term dynamic authorization system for that market because we have a lot of different terms used by the different vendors.
And we need something that truly describes what happens there. In reality, I will come to these terms later on. So the challenge we are looking at is externalizing security out of applications. So the externalization of security is a key key thing. We need external user management where we are not that bad. We rely on active, direct service, other things, external authentication, something which is also moving forward versus more and using ADR things, car or Federation for authentication logging, auditing that's nightmare currently because we don't have really good standards there. And we also need to externalize authorization. We need to build on a consistent set of rules of business rules of rules and other information, instead of trying to reinvent the wheel of authorization, every single application, it doesn't make any sense to do it for application because we end up with a lot of challenges and one is we end up as hard coded security.
So business rules, hardcoded into applications. If the, let's say the credit limit, someone can have changes. You might end up with, you have to change the code, which is a nightmare. And we can also not, we can't centralize security management across applications, as long as we have built in security. So externalizing these things is a, is a key thing. And moving forward towards this is very important step. And I think currently it's really gaining ly momentum. So standards like say CML and other things, but also with the, the increased understanding of organizations, yes, we have to move forward on that. So there are a lot of solutions out there. Not that many, honestly, they have a lot of different names. So we have policy service or entitlement management systems. That's the reason why I say let's talk about dynamic authorization management because that's the common denominator policies are only a part of the problem entitled management.
So managing the entitlement themselves is a part of the problem. The problem is, or the thing we are addressing is dynamic authorization, management, fine grain authorization systems. However, they call it some few provisioning systems have limited capabilities in that area. Some web service security systems have limited capabilities, but at the end of the day, the, the point behind it is really dynamic authorization management. That's where we have to look at where we have to move forward. So we need some few consistent layers for access controls, the defining points of controls instead of the non approach of having hard, coded security across many applications. And so we should focus on these standard layers, but we also have to gain the ability to, to manage and do access governance for these layers. So when moving forward, just externalization of authorization, it's about, first of all, we have to understand what it's about making our concepts SCOP.
What, where do we externalize build a strategy, build an architecture, your Fu future authorization framework and your control framework, organization, processes, all these things, which is really about building your strategy, the backend building the backend, your entitlement infrastructure. And then you can externalize these things. Then you have to do it in the context of governance. And when you look at this governance part, then so where access governance is and where should be, things are moving forward. And there's something I have to admit. However, currently the situations more absurd sort of access governance today provides access warehouses, where we collect information, access analytics. So re-certification at a station strong part, role management, usually a strong part when it comes to access request management. So closing the loop, and we also have a lot of podcasts around access governance and where it's heading. So closing a loop, allowing to also request access the business roads or other things, then things are a little bit, yeah, not as glancing as they are in the other areas, risk management sometimes, sometimes not.
If it comes to dynamic authorization management approach, there are very few things we see out there. So one of the things of course ideas, and they will talk about what they're doing there later on, but besides there are some sort of first partnerships happening there, but it's still something where we sort of like control. However, what I expect to happen is that we have an access governance tomorrow, which allows us to implement one access governance, one set of controls, but also one set of policies, all these things for all types of access, whether they are more static where we write down ACLS ING, or whether they are really dynamic across all that type of ostracization systems, static access management, dynamic access management than including the full support for dynamic authorization management. So dealing with rules and a broad range of attributes in use and decisions, which allows them to, to do all these things.
So if you look at it, we, we are relatively good in saying, okay, let's look at which roles does marketing or have. But if we have the dynamic part, which says, we have a business rule, which says this person is allowed to do this business transaction case, that it has these data, data that attribute. So it's according to a context, then it's much more dynamic. It's much harder to, to analyze this. There are things going forward there, but we, we are still facing a situation where, where we are not as good in governance as we are in the classical access management area. So when we go back to the big picture, my perspective is that's where we have to move forward. We have to map the policies to everything. So we have one set of information we are dealing with. We have one set of systems we are dealing with.
So we have systems and information, and we have policies, which in fact define what is allowed to be done with these systems. And with this information where systems and policy are somewhat, Orgon only to each other. So we need one approach to manage the access. Something which much more consistent based on these policies and one approach to go access. I personally strongly believe that, that we will see a strong evolution towards systems, which allow us to, to integrate the classical. Let's say more static, dynamic, aesthetic authorization management part with the dynamic authorization management. I think that's, that's a very logical consequence of what is happening. This externalization with access governance, as the big grant you have to converge together. It's, it's a key thing because we can't deal with islands of access governance and access management over time, and we will need to externalize our authorship station. And then we have to solve the access governing as consistent as possible. Having said this, I will hand over to Marco who will then start doing this presentation. So Marco, it's your turn and from my side, yeah, go ahead.
Thank you very much, Martin. And thank you all for joining our webinar today. My name is Marco Vanu and I'm responsible for alliances and partner enablement across ideas over the next 20 minutes or so I will give you our perspective from an authorization management point of view of what Martin just presented. And then I will discuss with similarity that we see across a transition management, another part of the access management universe telling something about customers of and giving of, of whats approach to is like as Martin Martin said, the authorization of a from application to a centralized service involves numerous various advantages, including the fact that while you have a single place and a single model to manage authorization for the enterprise, and that's far more manageable than to build and parts approach. Another interesting advantage is that you have a correct segregation of application management and authorization management in different, in different people inside the company, which is much more appropriate.
And then reporting and auditing are much more simplified, but in essence, authorization management shares with other other solution like identity management and access governance, the same core problem. And you share the problem, the solution to the problem of managing application entitlement in a unified way. So in other words, what I'm saying is that there are pre solution premarket segments. There are basically the same playground where we didn't play different sports with different players. So just to maybe in a bit of an oversimplified way, just to be sure that we are on same page, then you just wait through a CAPA. It goes in these three different scenario. So if we start from an application development perspective, the story typically begins with the application developer or the architecture team. Let's say something like, well, we can make our life easier, centrally managing authorization for our own grown application.
That's what an authorization management system is, is mention to be providing us. We will be starting from the application that we're currently developing. And over time we will modify the previously released the custom application, changing them to leverage the new architecture. What we see is that, especially in the financial institution sector, many organization has been following this approach, not necessarily leveraging market solution, but sometimes also building in-house the authorization management system itself. And some of them are currently in the process of changing from a custom solution for market one for these specific needs to do a better support of common standards and to easier life also in maintaining the solution itself. If we look at how it goes from an infrastructure perspective, from increasing efficiency as core needs, what we see is that infrastructure team is starting the conversation another way they say, well, we can increase efficiency and provide better services to our user, automating some of the key user management process.
That's what identity management is meant to be providing. And in this case, typically we start with system and application with iron number of user or iron number of changes over time. That's what get prioritized. The third case is what starts from the compliance needs, and that's where the CEO, the compliance manager play. And as part of the, the GRC, a wider GRC program, they need better visibility and who can do what. So they need the it version of the GRC approach. And this is what the access government solution tends to, to deliver. In this case, the starting point tends to be the critical application from a business perspective, obviously, but in essence, the three of them seems to have some commonalities. And as a matter of fact, what we are seeing in the marketing these days is that identity management market and the access governance market are converging in a new set of solution that we can define identity and access governance, which is just the combination of the two.
And this is probably also because ever since there has been a vendor led distinction in between the two approaches rather than a customer demand distinction. So why should I integrate in two different way, the same set of system for efficiency, for compliance when I can do it once with one single unified solution. So that's what drives making a very long story short, the conversion of identity management and access governance. Another question becomes is that maybe the case that the same trend of convergence is applicable also to authorization management and identity and access governance. And if yes, what would be like the benefits of a unified solution? Well, rather than looking at this as a separate thing, let's check what an authorization management integration application is like. Okay. As soon as I have a central physician management system, well, I already have intrinsically an entitlement user pricing.
So you have a place where I can go to check actually, who did work when okay. But still even that application needs to deal with a typical entitlement life cycle management problem, like provisioning access with USB control and so forth. So in other words, the combination of identity, access management, access and access, sorry, and optimization management provides who can do what plus who did what unlocking a number of interesting use cases that I would like to, to share at least in a very simplified way with you. So rather than listing the use cases, let me tell you something about one of our customer. Okay. So it's, this is the Italian ministry of health, which is using ideas. Ideas is the name of our, our solution of our integrated product. That includes our physician management and identity management and access governance. They are customer of ours since 2005.
And they started for needs that were very well identifying in the authorization management space with a company with about 24,000 users, both from the central Rome and in other regional offices. And they have a significant number of customer application, 71 out of 78 of the role are you using ad as authorization management system? And there are many flavor of technology that are, that are integrated. What is pretty interesting that it took five years of a role to entirely convert the existing application of state to leverage the new infrastructure. And during that time, they also integrated the other application, which are not custom, which are be spoken application system like active directory learning system E P and so forth. So that's what they did. And in terms of architecture, they got to a centralized entitlement usage logging. So a single place where who did what is stored and that's applied on the entire customer application set, meaning 71 application.
Some of them has been integrated, also leveraging the application, logging centralization. So meaning that rather than just managing centrally the authorization process with also manage centrally the logging of the application logic. And this is currently applied only on nine application. And then we provide the integration of other application, which are not custom. So it's a static integration through synchronization mechanism, leveraging, let's say ordinary bidirectional synchronization techniques through the enterprise connector for the databases or directly and so forth, but to do what well, they got to a central management system for all user authorization on the entire application set, obviously with different level, depending on the integration way that has been adopted for a given application for optimization manager, there a very fine grain detail, maybe much more course grain on other system. Okay. They also have a unified process for provisioning and the provisioning for the entire application set, and they have other use cases which are just possible because of the combination of authorization management and identity access governance.
One of them is what is what we call the best before entitlement management, meaning that we manage the automatic removal of entitlement that hasn't been used for more than six months that has been used, meaning that I can track. And I have visibility on the last usage of a single entitlement. And that's what drives the, what makes possible the triggering of the workflow to validate the ness of removing that specific needs. Okay, this is one out of multiple use cases that we can implement. And this is what is currently doing ministry of health. And by the way, this was coming down directly from the privacy act that is applicable in Italy. That basically directly requires this other cases, just to share with you what can be done with this sort of solution with our solution is what we call the, without your access with you.
So I can automate the launch of an access campaign on entitlement that has not been used on a next month scale. And this obviously can be restricted on specific business process of specific application, just to make sure to focus the attention of the manager on the relevant portion of the actions, governance processes. Another example is the not always on entitlement, that to make it very clear, I just do apply it on a financial institution case on a bank case where for instance, I have trading activities that are allowed on during weekdays. So trader should not be able to perform creating during weekend days. Well, if I'm doing this on an access on authorization management, integrated application, that's something really easy to manage because it's just a constraint on the entitlement that I'm managing central in my policy server. So at one time the trading application will prevent the trailer to perform any trading activity just because it's Saturday.
But what about application that are integrated in other way, like synchronized, like I will do in an invented access integrated session? Well, I can still do that depending on the level of the granularity that I have in the application, in terms of interfacing to my system, I can either disable the specific entitlement that allow the trading activity, or maybe the entire long credential during the week, the weekend days. But what is relevant is that from a policy, from a business policy management perspective, I'm still managing one single policy, which is about preventing the trader to operate during weekends. Then I have different flavors of enforcement, but I'm still talking every single policy engine that is managing my business needs. So this is the sort of need so that we have been addressing with our solution for multiple customers here, you have a list of the most relevant names and out of under customer, let's say we have 85% of them are authorization management customer also, which is a very significant portion of our business.
And this is not, not really happening by accident. This is happening because of the history of our company and of our solution. Cross ideas is the new name of a company, formerly name N security, which was owned by large system, integrated in Italy and ends with a strong set of customer for application development and thus N security. Now, renamed cross ideas started building an authorization framework, just not to reinvent the way in any application that the system integrator was delivering. But what started as an authorization framework later became a standalone product. And later started also to address other needs like approval flow and managing segregation of duty. In essence, what started as an authorization framework evolved over time into what we currently call identity management and access to governance. Okay. So there's a reason why we end up with a solution that stills rely on a core element, which is an authorization management server with other components like the user provisioning parts, the access governance and the intelligence that orbit around it.
So that in essence, what we deliver ranging from entitlement server to compliance for SAP into a unified solution. So kind of linking what typically is called the GC space and the identity and access management space. And that's why, by the way, why we choose the name cross ideas, because we believe that we kind of bridge this two universe with a unified solution. Well, that's basically from my side. So just to summarize what I just shared with you, we believe that there are clear benefit in addressing entitlement management and identify access governance in a unified way. We are also recognized as innovative for this combination of capability that we have in our solution. And interesting enough, because of the history of our company, we think that we have a very mature solution with many customer around, but just only recently starting approaching the intermission market and not only the Italian one. And so for that perspective, we are probably the most new in this segment. That's basically from my side and identity back to you Martin.
Okay. Thank you, Marco, for your presentation and giving insight on, on how these things relate from a practice perspective and what customers are doing there. Like I said before, we are right now at a point where we do our Q and a session. So I ask all the attendees to enter their questions, using the questions tool in the webinar control panel. So we can pick up the questions and discuss it, provide the answers and on. So that's first of all, what I'd like to do. So start entering your, your questions as long as we haven't done it yet. I think we have some, two questions. I'm I, 1, 1, 1 person questions targeted to me. So I will pick it. Do you see application when confirming to dynamic access management centers like or dynamic ization management centers like a so XMO is definitely the most important standard or I, I might even extend this, even opening up their, their applications in the way that they provide, for example, rest for APIs or other things, which we might use some set of the standards who have to stand.
If it's not a standard, at least interface. I still think that we, we see relatively little, there, there are some winners which are already moving forward in that direction. So really enabling their, their technologies to work based on externalized authorization management system. So it's a, it's starting slowly. What we see definitely more is that companies start for example, which have a strong, a lot of phone applications they have developed by theirself, which developed by, by externals and in that area. I think we have a situation where we, we have a lot of, we have a lot of companies really thinking about how can I do it strategically? And I think that's more murder point than really interest opening up. I think we will see in the cloud space, especially relatively quickly a tendency to worse because in the cloud, many vendors start to support Sam for, for the authentication part and they need to do the next step. And they know it. I think they increasingly understand it. So in that area, we might see more momentum than in the classical on premise first, however, I'm, I'm somewhat positive regarding my expectations for the next two or three years. Definitely see a shift towards this.
The other question is our application winners pushing back and attempt to keep security native to the application itself? No, I don't think so. I think it's easier. They haven't understood it yet or ties it high enough yet, or they're starting to do it. So that's, I think what will really happen. So we will see and evolution in that area. And we will see that we won't see, I expected when Friday to, to keep it in their, their application because there's no value neither for them nor for their customers. So I really don't believe in that. I think probably it will take some time because changing the way externalizing authorization, these are sometimes fundamental changes to applications, especially to not that perfectly architected applications. So that might be more the case than anything else. Then we have a housekeeping question here, which I also trust quickly will pick someone, had an already problem.
The recording will be available for offline rehearsal. Yes. And it'll be a, the latest by tomorrow that just as an information. And again, I, I just ask you to enter your questions and go to webinar control panel around dynamic organization management around X governance, and for sure relationship with so that we can pick these questions and maybe another question then to, to markers and marker. If, if you look at the, the environment in, in which let's say type of system environment, so is it more the head of routines or for example, classical Unix, only environments or host environments where your customers given that you have a very big customer base around dynamic authorization systems are using the technology. So is it really more targeted or how do you see it
Is a big diversity? There is not just a single answer to that. Typically this tends to be mapped onto web application. For some reason, even from a technology perspective, there is no constraint in applying the externalization of this logic to any sort of any sort of technology, any sort of architecture. What we see is that it consistently get applied almost entirely and only on web application. Okay. And that being said, there are many flavors or of technology used the various J platform on the.net. And also obviously the protocol access to the, to the authorization, to protocols that can range from the one custom one or the exact protocol okay. To, to interact with the authorization server.
Okay.
Your question.
Yeah. I think it's, it's, it's, it's a larger, I think it's, it's really interesting to see. We currently see the most mature when some ones, which are really customers are the ones which are really having a, a lot of homegrown applications in a standardized application environment. But we see a, see a tendency to support us in heterogeneous world, which by the way, can be very interesting if you have, for example, and, and very legacy host environment have to integrated this new types of dynamic authorization management. Okay. Another question I have here, I just have to read, I am in the need to implement temporary authorization where one user carrying rights to do so may need to transfer task handling to someone else authorizing the new person to play substitute and the role from no on until the end of the task assignment, the action should be applied immediately. So this is something which works with that type of systems you are looking at, or you're providing.
Yes. Yes. That is a combination of managing runtime authorization and managing delegation. Okay. So at least, at least if I got correctly, what is yes.
You've got it correctly. Yeah.
Yeah. So that's again, another interesting case of a benefit that derives from having a combining unified solution that includes authorization management and access Godness also because typically the delegation criteria and, and processes are more belonging traditionally, at least to the access governance space rather than the authorization management space. So in the solution that you provide is absolutely part of what you get out of the box, the capability of managing the fine grain title you wanna deliver to the user and also to deliver the user interface, to manage in a self-service fashion, the ability other for the user himself or for the manager to assign delegate people to impersonate from a functional perspective, that individual in a given time range.
Yeah. Another interesting question. How could you have helped UBS not to fail?
Oh, that's an interesting question. I'm not sure to be that entitled to answer the question to answer this correctly.
Yeah. Maybe you just bringing some ideas.
Well, let me say that as much, as long as you reduce the number of control points that you need to deal with, the easier becomes the another degree of control. Right? So again, if, if I, you think back for a second, an example, I gave around that in the single policy, which was around the trader, not allowed to work on the weekend, but different way to implement that now from a business perspective, from an perspective, you really don't care about technical that you need to be, to put in place to deal with that policy. Right? So that's where we can make a difference moving part of the complexity. Otherwise you wouldn't, we believe that this greatly simplifies number goes up in terms of application, in terms of, in terms of user and basically my well, a possible answer to, to reducing the risk of disasters. Okay. In terms of breaches and trade like that.
Okay. There's another question. What's the most popular request that you're hearing customers ask for regarding role management, entitlement management. So if I ask it from my perspective and maybe mark could add, I think the most popular request currently is still re-certification. So how kind of social re certification problem, however, customers don't stop there. So they, they quickly understand I have to, to manage access requests. And I have, they also start to understand they have to go forward beyond, let's say this classical static part towards the dynamic part. I think that's, that's really what, what we see. And we see a strong increase, especially around all the dynamic parts. And then the next step from my perspective then will be that customs increasingly understand that these things are highly related so that you need one access governance there for everything. Mark, what would you like to add this?
Well, I, with you the most frequently asked starting point is to manage access with certification. This is the most UN fashioned let's say limit like that request we get. So the example I gave for instance, around the ministry of health that started as an authorization management and they are now realizing that they also need this sort of functionality, which we name recertification. But the starting point in these days are more on the certification side with a very light integration of the application. Most of the time, a real long integration. And then moving over time in a tighter integration to automate the process of delivering the changes back to the system and when applicable in changing the application to leverage the authorization management part of our solution. But this is typically phase two is not phase one.
Okay. So any other questions from the attendees? We, again for it, I think so. I just wanna quickly highlight our European identity loud conference 2012, which will be held in April, 2012 in Munich, definitely worse. The attend about educate in weight connect and its lead conference around these topics and Europe. And for sure there will be a lot of things around governance because that's one of the big parts to send this. So definitely worse to, to be there. So if there are no further questions I'd like to thank you all the attendees for listening to this copy and call webinar, there will be a lot of other webinars during next week, have a look at our homepage. So there is at least one webinar every week, sometimes even more. And just have look at this, have a look at our new research. We are publishing at com slash research reports. And as I said, thank you to you as attendees. Thank you to Marco for presenting his experience from practice. I'd hope to have you soon again in one of the called webinars. Thank you.