Event Recording
Interview with James Taylor
Log in and watch the full video!
Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.
I have an account
Log inRegister your account to start 30 days of free trial access
RegisterSubscribe to become a client
Choose a package
Do my very best to be as dynamic as possible at five o'clock in the morning. So just bear in mind. It is five o'clock in the morning for me, but yeah, it's a little introduction for myself, Martin. I've been working in the security space or particularly in identity in security for about 26 years. Now. I know I don't look that old, but I really am. I promise started my time out way back in the day was seeing K software Pasco technologies. One of the early single sign on vendors spent some time working at Noel Oracle. I've worked for most of the major vendors in, in most roles in the identity and security space joined CA about six years ago and have been with CA through the Broadcom acquisition and then into the semantic acquisition and have been in a product management or product leadership role for the last sort of decade or so.
So been around. So that's me in terms of, of the overall market and the macro trends, I think for those of you who were enjoyed Nick's presentation, you'll see that one of the, I mean, there are several trends going on right now. There's there are the macro trends around the current situation in the world, you know, very strange times with the pandemic and, you know, that's disrupting business and the work from home trends and companies are having to rethink that. So that's one set of trends. There's a set of almost environmental trends due to the current circumstances in the world. And then there are some broader kind of more, more kind of time based trends that have been happening through identity governance. I would say really building over the last sort of five to 10 years. And that's things like, you know, the, the convergence of capability into identity governance. We saw it what 5, 6, 7 years ago, with identity management and access governance coming together to form
More convergence around things like people wanting to take the governance principles and apply them to other adjacent technologies. Pam access governance is a big one. People wanting to do access governance around Pam data, access governance is another. So we're seeing these core principles getting applied to more and more different technologies. We're also seeing the technology environment change. So a lot of the customers that we work with, we've all been talking about digital transformation and, and transformation to the cloud for many years. We're now seeing a lot of our customers going through those journeys and, and most people, if I'm honest, tend to be in a very hybrid state, they've got a little bit of everything. They've got some legacy systems, some, you know, there's still plenty of mainframes out there. They've got on-prem hardware, they've got their own cloud and virtual systems and they're starting to leverage public cloud.
And it's never just one public cloud. Everybody has, you know, a little bit of Azure, a little bit of AWS, a little bit of GCP. So we see a lot of our customers are in this kind of hybrid state where they, you know, are all over the place. Then you enter that, you know, the new technology chains of containerization serverless it, it's really creating a very dynamic and complex environment for a lot of our customers, Martin. And from an identity governance perspective, the core kind of tenants and principles of identity governance is knowing and managing and enforcing who has access to what to be able to do that in the context of the chaos I just described is creating a lot of challenges. And I think Nick went through some of those. So they're just some of the bigger trends that we're seeing our customers spend a lot of time with us talking to us, asking us to help.
Okay, so, so we have these hybrid DevOps scenarios, which by the way, is the same we are facing. So when we talk with customers, virtually all customers, despite of most having a cloud first strategy are factually in some transition state. And that transition, I expect to take a, for most customers a very long time. And I think for when we look at DevOps and, and, and agile environments with, I would even say we trust at the beginning of getting a group on these environments. So it, it is without any doubt, a very interesting challenge. So, so when we look at some of the passwords, we hear these days analytics as well, machine learning, data driven. What is your perspective on these and how do you see the, the uniqueness or just sort of specific strengths of semantic Broadcom in the space. And I think we'll touch that many company names later on in this talk.
Yeah, that's, that's part of our security strategy. Martin is, you know, security through obfuscation. If we keep changing our name and address, then no one will ever know where to find us. But in terms of the key buzz words. Yeah. I mean, those buzz words, we've been throwing them around for a long time, but I, I think if you think about the changing dynamic of the environment that, that we just described, I think it's come to the point now where it's actually, you know, almost a survival situation. It's critical because we're seeing, you know, more and more kind of ephemeral or elastic or containerized type environments, because we're seeing this very, very dynamic environment. The ability to be able to manage things manually is impossible. I mean, it's a trend that keeps repeating itself in our industry. If we go back to the old days of why does access governance exist?
It's because all these poor security ops, you know, had these spreadsheets with millions of rows and they were trying to check entitlements, we, we just couldn't physically manually do it anymore. So we had to automate, well, I would say we're starting to get to that point now in the identity governance space. And those key buzz words really help us solve some of that problem. They allow us to become more data driven. They allow us to automate more processes. They allow us to operate at a scale and a speed that we just can't physically or manually do anymore. So one of the things that I've really enjoyed in our current circumstances is joining forces with Semantec. We took what was the CA identity and access assets, and we put them into the semantic business and Semantec has one of the largest, it's a, it's a capability called gin, which is the global information network. And it's, it's an ability whereby semantic gathers events and security events and data sources from several hundred million endpoints, devices, phones deployed software around the world. It it's the largest civilian cyber network around. And, and what that really does is it gives us access to a level and an amount of data that we can using things like analytics and machine learning process to provide context to those identity decisions and those automation decisions. So lets us just operate at a speed and performance. Never could before
James, while I get the point use analytics based on a mass of data, collecting the cybersecurity space, isn't it somewhat different when we look at the area of enterprise IM where you might have a few thousand or a few tens of thousand, or maybe hundreds of thousand users, but still frequently, not as many data points as you have when you're collecting data from hundreds of solids or millions or tons of millions of customers around cybersecurity. So, so how, how well and will machine learning work there and, and how do you see this differently?
Yeah, no, you are absolutely ran on, but what it does is it provides us it's capabilities that we can then take and apply to those use cases. So what we're able to see from an enterprise perspective is log on data, activity, data, a user behavioral type data. You know, what's a user like you doing what types of permissions does a user like you have, you know, what are the other analysts at group and Cole? What's their entitlement set, what's their behavior. And so we can provide, you know, with those algorithms and with machine learning, we can provide someone who's doing an at station run, for example, or looking at, you know, do you have the right permissions? Should you have the right permissions? The more data, the more context that we can provide them, even in the enterprise setting, the, the quicker we get away from just rubber stamping, entitlements and things like that. Cause the challenges become now, you know, we, we have customers where they may be doing an at station and they they're testing to thousands or tens of thousands of entitlements it's become unwieldy again. So we need to find some way to automate that and just highlight the risk, you know, see the word for the trees.
Yes. And I, I think that that is a very, very common challenge. Organizations are facing that they are too frequently need to re certify entitlements, which are, is not used or which are not really high risk or which haven't changed at all. And, and so on. And as I think technology really can help us to, to reduce it to the really high risk elements where we need to, to have a look at it. I, I also believe that with a lot of the innovation we see in this market, we can get hopefully to better and, and new level of, of doing access reviews with minimizing and focusing the manual part of access reviews, which are always the painful thing. Okay. Let's talk to another topic and we already touched it, which is the cloud. So, so there are two elements. One is the customer, the customer, somewhere in this hybrid state. Yeah. Which frequently, and there is the provider. And, and when I look at, at the, your organization, then there's also a little bit of a hybrid state, isn't it with CA being more on the on-prem side and Symantec being far, far, far further ahead when it comes to cloud. So, so what is your strategy on that?
Yeah, no, no, you're absolutely right. I mean like, like all like our customers, we are going through an evolution in a transformation process ourselves. And so yeah, we still have a very significant mainframe business, you know, as part of CA and, you know, we stretch all the way to some of the higher, you know, more modern cloud services that Semantec brings to the party. So for us, our strategy is really to provide the capabilities in the technology in the way that our customer base wants to consume. So we've been on a journey with our capabilities and I would say, we are, you know, moving towards cloud ready. I, I don't want say SA because our initial, you know, where we're seeing a lot of our customers want to consume our capabilities is in a cloud way. So it was some kind of virtualized, you know, on one of the, or have the ability to put that capability wherever they want it. So we have us joining with semantic, gained some SaaS services. So we are building more on SAS, but right now our focus is put those capabilities anywhere, wherever you want them, if you want put them in public there.
And, and I think there's a logic in that. So when I look at, so I'm a tech guy, I think I even have a few more years in identity than you have from 31 or so right now. But, but when I look at today's architecturals microservices, DevOps, etcetera, that means if you do it right, we, we can create solutions which can run in everything from your own laptop. So to speak to the public cloud, because if I do it in container based deployments, I'm very flexible. And I, I think that is something which allows customs and also to define which parts of their, we call this identity fabric of their future identity fabrics, run where, and to shift these workloads whenever they need. And I think that there's a there's logic in that I'm, I'm, I'm definitely a believer in that approach also because it helps us handling customizations better when we think microservices and APIs, but that would be a separate topic. So having only very little time left for now, I I'd like to come back to this point I raised earlier, or I mentioned earlier a little there's Broadcom Semantec or there has been layer seven as well, and probably a dozen of other companies, not always easy to keep track of that. So what is the journey, which is the impact and which names to use best today?
Yeah, no great question. And it's an ever changing landscape and, and we are not done yet either. So, you know, I'm sure there will be more names in the future added to that role. So the way I best describe this, the way to think about this is Broadcom is really the overall umbrella entity Broadcom is a divisional based company. They were primarily a hardware company that really wants to focus on the overall infrastructure market. So Broadcom is getting into the software game. They started doing that, you know, the, the most significant major acquisition first software company they bought was CA when Broadcom acquired CA we really split the business into two divisions, mainframe and enterprise software, then Broadcom acquired Symantec. And they did that roughly about a year later. And the acquisition of Symantec gave us the opportunity to really have a focused cybersecurity division.
So we took all of the security assets, the identity and access assets, any, and everything that is related to security. And we hone that into Symantec. So Symantec is the name, the brand, you know, the identity and access tools from CA can all be found in Symantec. You know, that's where we live. So that's the structure. The journey for us has been definitely a learning one, I would say, as the CA acquisition was one of the first major software acquisitions that Broadcom did, you know, in all honesty, mountainous, I'm sure you're aware. We had a few bumps along the way, trying to figure out, you know,
Everyone has these acquisitions,
How to own and operator software company. I would say the semantic acquisition has gone immeasurably better. Did we get everything right? We a hundred percent perfect. No, absolutely not. We still have some challenges, but it's hugely vastly improved over the process of the CA acquisition. So it's an iterative process for us. We feel like we're doing a much better job with customers, with our partners, those kinds of things, and business is going great. So, you know, we now have a dedicated cybersecurity business.
Great. Great to hear. Thank you. And I finally have to stop thinking of CA site minder now.
Yes, you do. Well, we kept the site mind name cause we tried to change it for about 20 years, but the customers just wouldn't let us, doesn't matter what we call it, call it site mind. So it will forever be site minder, but it'll be semantic site mind now.
Okay, great. So I'll hand over back to any then. Thank you very much, James, for all this.
So been around. So that's me in terms of, of the overall market and the macro trends, I think for those of you who were enjoyed Nick's presentation, you'll see that one of the, I mean, there are several trends going on right now. There's there are the macro trends around the current situation in the world, you know, very strange times with the pandemic and, you know, that's disrupting business and the work from home trends and companies are having to rethink that. So that's one set of trends. There's a set of almost environmental trends due to the current circumstances in the world. And then there are some broader kind of more, more kind of time based trends that have been happening through identity governance. I would say really building over the last sort of five to 10 years. And that's things like, you know, the, the convergence of capability into identity governance. We saw it what 5, 6, 7 years ago, with identity management and access governance coming together to form
More convergence around things like people wanting to take the governance principles and apply them to other adjacent technologies. Pam access governance is a big one. People wanting to do access governance around Pam data, access governance is another. So we're seeing these core principles getting applied to more and more different technologies. We're also seeing the technology environment change. So a lot of the customers that we work with, we've all been talking about digital transformation and, and transformation to the cloud for many years. We're now seeing a lot of our customers going through those journeys and, and most people, if I'm honest, tend to be in a very hybrid state, they've got a little bit of everything. They've got some legacy systems, some, you know, there's still plenty of mainframes out there. They've got on-prem hardware, they've got their own cloud and virtual systems and they're starting to leverage public cloud.
And it's never just one public cloud. Everybody has, you know, a little bit of Azure, a little bit of AWS, a little bit of GCP. So we see a lot of our customers are in this kind of hybrid state where they, you know, are all over the place. Then you enter that, you know, the new technology chains of containerization serverless it, it's really creating a very dynamic and complex environment for a lot of our customers, Martin. And from an identity governance perspective, the core kind of tenants and principles of identity governance is knowing and managing and enforcing who has access to what to be able to do that in the context of the chaos I just described is creating a lot of challenges. And I think Nick went through some of those. So they're just some of the bigger trends that we're seeing our customers spend a lot of time with us talking to us, asking us to help.
Okay, so, so we have these hybrid DevOps scenarios, which by the way, is the same we are facing. So when we talk with customers, virtually all customers, despite of most having a cloud first strategy are factually in some transition state. And that transition, I expect to take a, for most customers a very long time. And I think for when we look at DevOps and, and, and agile environments with, I would even say we trust at the beginning of getting a group on these environments. So it, it is without any doubt, a very interesting challenge. So, so when we look at some of the passwords, we hear these days analytics as well, machine learning, data driven. What is your perspective on these and how do you see the, the uniqueness or just sort of specific strengths of semantic Broadcom in the space. And I think we'll touch that many company names later on in this talk.
Yeah, that's, that's part of our security strategy. Martin is, you know, security through obfuscation. If we keep changing our name and address, then no one will ever know where to find us. But in terms of the key buzz words. Yeah. I mean, those buzz words, we've been throwing them around for a long time, but I, I think if you think about the changing dynamic of the environment that, that we just described, I think it's come to the point now where it's actually, you know, almost a survival situation. It's critical because we're seeing, you know, more and more kind of ephemeral or elastic or containerized type environments, because we're seeing this very, very dynamic environment. The ability to be able to manage things manually is impossible. I mean, it's a trend that keeps repeating itself in our industry. If we go back to the old days of why does access governance exist?
It's because all these poor security ops, you know, had these spreadsheets with millions of rows and they were trying to check entitlements, we, we just couldn't physically manually do it anymore. So we had to automate, well, I would say we're starting to get to that point now in the identity governance space. And those key buzz words really help us solve some of that problem. They allow us to become more data driven. They allow us to automate more processes. They allow us to operate at a scale and a speed that we just can't physically or manually do anymore. So one of the things that I've really enjoyed in our current circumstances is joining forces with Semantec. We took what was the CA identity and access assets, and we put them into the semantic business and Semantec has one of the largest, it's a, it's a capability called gin, which is the global information network. And it's, it's an ability whereby semantic gathers events and security events and data sources from several hundred million endpoints, devices, phones deployed software around the world. It it's the largest civilian cyber network around. And, and what that really does is it gives us access to a level and an amount of data that we can using things like analytics and machine learning process to provide context to those identity decisions and those automation decisions. So lets us just operate at a speed and performance. Never could before
James, while I get the point use analytics based on a mass of data, collecting the cybersecurity space, isn't it somewhat different when we look at the area of enterprise IM where you might have a few thousand or a few tens of thousand, or maybe hundreds of thousand users, but still frequently, not as many data points as you have when you're collecting data from hundreds of solids or millions or tons of millions of customers around cybersecurity. So, so how, how well and will machine learning work there and, and how do you see this differently?
Yeah, no, you are absolutely ran on, but what it does is it provides us it's capabilities that we can then take and apply to those use cases. So what we're able to see from an enterprise perspective is log on data, activity, data, a user behavioral type data. You know, what's a user like you doing what types of permissions does a user like you have, you know, what are the other analysts at group and Cole? What's their entitlement set, what's their behavior. And so we can provide, you know, with those algorithms and with machine learning, we can provide someone who's doing an at station run, for example, or looking at, you know, do you have the right permissions? Should you have the right permissions? The more data, the more context that we can provide them, even in the enterprise setting, the, the quicker we get away from just rubber stamping, entitlements and things like that. Cause the challenges become now, you know, we, we have customers where they may be doing an at station and they they're testing to thousands or tens of thousands of entitlements it's become unwieldy again. So we need to find some way to automate that and just highlight the risk, you know, see the word for the trees.
Yes. And I, I think that that is a very, very common challenge. Organizations are facing that they are too frequently need to re certify entitlements, which are, is not used or which are not really high risk or which haven't changed at all. And, and so on. And as I think technology really can help us to, to reduce it to the really high risk elements where we need to, to have a look at it. I, I also believe that with a lot of the innovation we see in this market, we can get hopefully to better and, and new level of, of doing access reviews with minimizing and focusing the manual part of access reviews, which are always the painful thing. Okay. Let's talk to another topic and we already touched it, which is the cloud. So, so there are two elements. One is the customer, the customer, somewhere in this hybrid state. Yeah. Which frequently, and there is the provider. And, and when I look at, at the, your organization, then there's also a little bit of a hybrid state, isn't it with CA being more on the on-prem side and Symantec being far, far, far further ahead when it comes to cloud. So, so what is your strategy on that?
Yeah, no, no, you're absolutely right. I mean like, like all like our customers, we are going through an evolution in a transformation process ourselves. And so yeah, we still have a very significant mainframe business, you know, as part of CA and, you know, we stretch all the way to some of the higher, you know, more modern cloud services that Semantec brings to the party. So for us, our strategy is really to provide the capabilities in the technology in the way that our customer base wants to consume. So we've been on a journey with our capabilities and I would say, we are, you know, moving towards cloud ready. I, I don't want say SA because our initial, you know, where we're seeing a lot of our customers want to consume our capabilities is in a cloud way. So it was some kind of virtualized, you know, on one of the, or have the ability to put that capability wherever they want it. So we have us joining with semantic, gained some SaaS services. So we are building more on SAS, but right now our focus is put those capabilities anywhere, wherever you want them, if you want put them in public there.
And, and I think there's a logic in that. So when I look at, so I'm a tech guy, I think I even have a few more years in identity than you have from 31 or so right now. But, but when I look at today's architecturals microservices, DevOps, etcetera, that means if you do it right, we, we can create solutions which can run in everything from your own laptop. So to speak to the public cloud, because if I do it in container based deployments, I'm very flexible. And I, I think that is something which allows customs and also to define which parts of their, we call this identity fabric of their future identity fabrics, run where, and to shift these workloads whenever they need. And I think that there's a there's logic in that I'm, I'm, I'm definitely a believer in that approach also because it helps us handling customizations better when we think microservices and APIs, but that would be a separate topic. So having only very little time left for now, I I'd like to come back to this point I raised earlier, or I mentioned earlier a little there's Broadcom Semantec or there has been layer seven as well, and probably a dozen of other companies, not always easy to keep track of that. So what is the journey, which is the impact and which names to use best today?
Yeah, no great question. And it's an ever changing landscape and, and we are not done yet either. So, you know, I'm sure there will be more names in the future added to that role. So the way I best describe this, the way to think about this is Broadcom is really the overall umbrella entity Broadcom is a divisional based company. They were primarily a hardware company that really wants to focus on the overall infrastructure market. So Broadcom is getting into the software game. They started doing that, you know, the, the most significant major acquisition first software company they bought was CA when Broadcom acquired CA we really split the business into two divisions, mainframe and enterprise software, then Broadcom acquired Symantec. And they did that roughly about a year later. And the acquisition of Symantec gave us the opportunity to really have a focused cybersecurity division.
So we took all of the security assets, the identity and access assets, any, and everything that is related to security. And we hone that into Symantec. So Symantec is the name, the brand, you know, the identity and access tools from CA can all be found in Symantec. You know, that's where we live. So that's the structure. The journey for us has been definitely a learning one, I would say, as the CA acquisition was one of the first major software acquisitions that Broadcom did, you know, in all honesty, mountainous, I'm sure you're aware. We had a few bumps along the way, trying to figure out, you know,
Everyone has these acquisitions,
How to own and operator software company. I would say the semantic acquisition has gone immeasurably better. Did we get everything right? We a hundred percent perfect. No, absolutely not. We still have some challenges, but it's hugely vastly improved over the process of the CA acquisition. So it's an iterative process for us. We feel like we're doing a much better job with customers, with our partners, those kinds of things, and business is going great. So, you know, we now have a dedicated cybersecurity business.
Great. Great to hear. Thank you. And I finally have to stop thinking of CA site minder now.
Yes, you do. Well, we kept the site mind name cause we tried to change it for about 20 years, but the customers just wouldn't let us, doesn't matter what we call it, call it site mind. So it will forever be site minder, but it'll be semantic site mind now.
Okay, great. So I'll hand over back to any then. Thank you very much, James, for all this.
Stay Connected
How can we help you