Webinar Recording

Making Zero Trust a Reality: Basing Decisions on Valid Identity Data

Log in and watch the full video!

Cloud computing and mobile workforces have resulted in an expanding attack surface and a complex web of identify information. This means that traditional perimeter-based security models are no longer effective. A Zero Trust model of strict access control for every user and device enables businesses to be connected and secure, but an effective identity-focused approach is essential.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Welcome to our called webinar on making zero trust. A reality basic decisions on valid identity data. This webinar is supported by radiant logic and the speakers today are Wade Ary, who is the vice president of solutions, architects at radiant logic and me market equipping. I am principal Analyst equipping a call Analyst. We will talk about how important it's to have really good identity data for achieving what we need to do in zero trust, which is primarily about repeated verification. Before we dive into our sub of today, I wanna quickly on some upcoming events and do some housekeeping and then we'll directly get started. So talking about upcoming events, we have a couple of Casey life events in June, July, and later on the first one in June will be about the cybersecurity fabric. So comprehensive, integrated approach in cybersecurity. Then there will be one on the future by access management.
And then in November, we will have our hybrid event. The cybersecurity leadership summit, Casey life events are purely online events, CSLs the cybersecurity leadership summit run again in Berlin up to see you there in person for our housekeeping. We are controlling audio, so you don't have to care about, we will have a Q and a session by the end of the webinar. And so you can post questions at any time using the go to webinar control panel, which is usually at the right side of the screen. There's some questions section and the more questions we have, the more interesting and lively Q and a will be. We are recording the webinar and we are also providing the slides for download to you. So you will have them available. And last and least we also will run a couple of polls, in fact, two polls. And the first one I'll do right now. And I hope that a lot of you will provide an answer are I think those are simple pulse with a yes, no answer. And the first poll is about, did you ever run into problems with identity information quality? So someone complaining that you don't have to write data on hand in your organization. So it's a simple yes or no.
And so please take part in that and provide your answer so far. It meets my expectations, the results. So let's see how this develops. I give you another 10 or 12 seconds. So for the ones who haven't haven't voted yet, please do so. And we'll pick up the result later on. So I think we can close the poll and with a very stable result, I have to say, and we'll touch this later on. So yeah, agendas threefold us for most of our webinars. And the first part, I'll talk about five premises for handling identity well and zero trust. And then wait, able talk about the role of an identity data fabric in zero trust and how radi logic supports in addressing these challenges. And then in the third part, we have our Q a session it's mentioned already. So it's wanna start with one of my, I have to have standard slides about zero trust, but I think this fits extremely well to this public, the topic of today's webinar, because it's about the role of identity in zero trust.
And when we look at zero trust and the seven pillars of zero trust identity wise network system, application data, software, seven pillars, then all starts with identity. It starts with this, this Martin COER this device of marketing COER. Then we look at the network access. We look at systems and applications, its Martin are entitled to do so things again, it's about identity to use certain data. And then also we have software that, that topic that came in the last for years or so with all the software supply chain attacks. But what we need to look at always is, are we good enough in verifying identity? Because we know we, all of us know that guiding principle of zero trust is don't trust. Always verify all verify that it's Martin verify that's Martin using variety wise, verify that the context is what we expect and all that is about identity.
It's about well identity, strong identity information. And so a lot of the things we need to do in zero trust also when we do other steps where it's about looking at a context about looking at additional attributes, like for authorization, that we always need to have a strong group identity and the high level of identity information quality, and unfortunately the quality of identity information frequently. Isn't what it should be. And it doesn't become simpler these days when we are not only talking about workforce identities, but about partners, customers, non-human identities, devices, things, all of them have an identity. And so it gets more and more complex to deliver on that. And that means we need to care. I dunno, if you need to care more than we did in the past about identity information quality, which is not an easy thing to do. I think as many of, you know, as I know, because the IM team is not the only team which needs to be involved in that the data comes from different sources.
You need technology to, to integrate, but you also need processes. You need to reach out to others and define who cares for which data, how good is the data? I think one of the challenges frequently, also that side of the technical aspects, that identity teams have a tendency to, to take over responsibility for the identity information quality, even when they are not able to guarantee it. So we do to look at it in a relatively broad perspective. So what is this about? So why do we need this, this identity data? The first thing I touched already is, and, and how do we do it? So the first is we need to provide a strong identity for us indication. This is a key element in, in everything, because this is where, where zero trust starts. We need to deliver, but in the second step, we need to deliver context for authorization. So when we make authorization decisions specifically, when we go into policy based and runtime, authorization, trust, and time access, then we need to look at attributes is Martin could, or that organization and that role in whatever.
And is it then allowed, allowed to do something or not. And when the data has not welled, your authorization will not be as well as it should be. We need a reliable data because we build a lot of things based on identity. We need a unified identity information. I'll go into detail on all these subjects in a minute. And finally we need to extend to cover all types of identities. It's already said, it's not just workforce anymore. So let's dig a little deeper here. The first is we need to provide a strong identity for education, because as I said, it's the first step in verification. This is where zero trust starts. So to speak in reality. And it's very simple to better the identity, better, the quality of identity data to hire the assurance level of authentication. And this assurance level is what we are really looking for.
We need to deliver the context for authorization, cause this is the next step. And it doesn't stop with authentication. It is that we say, okay, we authenticate marketing. Then we think about what he can do, what he's allowed to do. And this is something which happens. So I also indicate once and then serious of authorization happens with all the steps I do in my, when I open a new document, when I access a functioning and whatever Salesforce system or whatever neuro authorization takes place. So it's in fact also sort of a repeated verification and this builds on what we did in authentication, but also the context and additional attributes touches already. And we must have single or limited source for that because otherwise authorization decisions come too complex specifically when they are not just based on static entitlements. And we, I think everyone of us that's understood that setting entitlements are not the smartest way to handle authorization.
So we need to move towards policy based authorization. And then the more we get modern in what we do in identity management, the more important it is that we have a strong identity information quality, and it must reliable as of that. So doesn't stand rock solid. We are in trouble. So we probably don't want to build the access to our crown tools on something that stands as, as the, as the stones in this picture, which can can tumble at any moment. We need to build it. We need to build a reliable set of data to enforce reliable identity data. This is really an essential aspect. And when, when I think one of the challenge behind that is data tends to get out of sync. Once it's held in more in one place, I think this is sort of a really an Axiom. It happens. So if you, if you duplicate data, it tends to get out of sync.
And so we, we need to be clear about it. That means that we really need to think about how can we reduce, and this has to do with reliability and with unification unification. So, so one of the things trust, technically several need a trust, a single source. It must all be. And it sort of, it's just that feasible to use multiple sources to collect data. Others can, but the more sources you have, the more complex it gets also from a runtime perspective, from a latency perspective, all these things, it simplifies what we are doing. If you have a good trusted source, then a lot of problems go away. And as I've said, finally, it's about all types of identities and zero trust such that is not limited to humans. It's first, it's not limited to workforce even more. It's many types of, of human identities, but also many types of non-human identities, services, devices, things, everyone has, everything has an identity.
And so we need to be able to deal with a vast amount of identity data and relations between this data and to keep it and the control. And this is what we need to achieve. When we think about identity information, quality, we need to reduce sort of the, the number of duplicates or, or at least say we have the trusted source or sources, but we know where data are sites that we can utilize. And we can bring it together for sort of a holistic perspective and identity data. Plus, as I've said, also the, the organizational work that is behind it, ensuring that, that we have a common understanding of which data is the source for what, where to changes start. So what triggers changes to data who is responsible for data, and this is sometimes the identity management team, but not always, it might be the HR team for workforce. There might be many, many other teams for types of identity data.
So to deal with data there, there are four things which must be given. Data must be comprehensive. So we must have something which delivers us all the data we need about identities. It must be correct. So we need to understand what are the trusted sources. Usually this is more than one or which type of data, how do we bring this together? It must be current and synchronization is a challenge. This might be needed, but we need those need to be clear when we sync. It is usually not real time. We can access it. We can federate it. We have a clear advantage here and it must be consistent. So it must be really data that is in itself, consistent with HR. And this requires that we sort of think about how can we, we, we unify, how can we unite identity information? And as I've said, it's, it's a technology aspect.
So how do we get all this data together in synchronization in Federation, we will mostly need both. We always will have multiple places where it is. And we need to also look at the organizational aspect because as I've mentioned, it is not that there's one place only where we can keep data. It will always be different places, different, responsible persons for different parts of data, for different types of data, even sometimes. And a lot of you probably have learned that it might be that the organization unit in a process comes from HR, but that that's then the move a process for the OU is triggered. For instance, by the IM system. Then we have even different, different trigger, trigger systems, different responsibilities. We need to sort this out to make all this work
With that. I am already done with my part of the presentation. I just wanna raise a second poll. And that is, and the way we'll talk about identity, data fabric, as something which have dealing with identity data, we are Cola talking a lot about identity fabric as a comprehensive concept. And what I'm curious about is, so you already have your organizational comprehensive. I am blueprint in place, which covers all major areas of identity management, such as we have to define the identity fabric or whether you just work on sort of more isolated project. So the answer options, yes, no, or somewhere between work in progress. So please provide your responses the more, more of you, their answers, the, the better and the more interesting and the mobile it is. It is. So I give you another 10 or 15 seconds. Okay. Then I think we can close the poll with that. I'm done with my part of this webinar. I'll be back for the Q and a, but I right now will hand over to wait. I came to moderator. Wait, it's your tone.
Excellent Martin, thank you very much. All right. So first of all, thank you very much for that information, that introduction and that overview. I, I found it very insightful. There's a tremendous amount of information there, and I, I recommend people even take the opportunity to go back when this is made available on demand and go over that again, it is a blueprint for what you need to look at as you move into the zero trust model. And you definitely want to incorporate that in, in the high points that you're hitting. We're gonna take a little bit more of a practical look right now on how do I get there? How do I actually start to move my environment towards that comprehensive zero trust environment? And how do I hit on all the high points, the requirements, the outlined areas that need to be incorporated in that model for that to work?
I think one of the interesting things about zero trust that we've found now is that more and more vendors in this space are agreeing. The zero trust is not a product. There's not one solution out there. You can buy that delivers this. This is a journey. This is a transformation of the way you interact with your users, your constituents, your customers, your devices, as Martin said, even non-human entities out there need to be able to be managed in a secure model that allows you to understand in every moment exactly what authorization, what access those resources should have and what endpoints they should be able to get to. So the challenge, and, and to back up a little bit from that, that ideal scenario is let's look and see where the real world is today. We haven't built a industry or we haven't built infrastructure historically over the last 30 years, that that was built around the concept of zero trust.
It was more built around the concept of a siloed model where each application, each constituency, each part of the infrastructure really worried about itself and not about interacting with everyone else. And the idea of building a comprehensive end to end solution that managed everything was not really the focus. The focus of applications was I need to do a certain function in the organization. I need to give certain people access, and I'm gonna manage that all myself internally, or maybe I'll manage a little bit of that externally with some active directory or other data, but it was not designed in a way that allowed everybody to work well and easily together. And this ended up creating a very brittle infrastructure where I end up having to route requests and, and transform information and trying to build aggregations of data, even in simple scenarios between ad and a database to get an application, what it needs can be been very complex and very difficult.
And at the same time, all this was going on, I was building up identity debt. I was building up platforms in my organization that weren't well integrated identity information, that wasn't verifiable more places where I was storing data that wasn't necessarily coherent and, and authored by sources of truth. I had a, a, a layer of chaos growing in my environment. If you think of your garage or my garage, it's a place where things go to get dealt with later and identity debt was that model that really sort of plagued and has plagued our industry. There's a lot out there that's sort of left for tomorrow, and that affects our ability to do anything going forward. It affects our ability to deploy an application, affects our ability to merge with another organization. It affects our ability to look at zero trust and say, I, I can start implementing these concepts here because I have a handle on all my data.
I know where my stuff is. I know that I can go back now and do really good authentication of who you are. I can authorize you as to what you should be doing. I can manage and administer that because I know where you are. I know where all of your information is. I know all the information I have about you is accurate, and I can audit this. I can actually give reports back to my auditors. I can give information back to my customers about where they exist in my system. I can see what people are doing. I can see the changes in my environment cause I have a comprehensive view of my data. That's essential, but that's sort of the, the antithesis of what we see in a chaotic identity get environment. So how do we handle this identity sprawl? How do we actually get our arms back around this model?
And in the old days, I, I had the advantage of being in the same building with all of my users. They were on my equipment. They were all connected to my applications. I had a chance to start managing top down and really drive organization into the infrastructure if I could, because I had a captive audience. Well, we've lost that captive audience. Now the identity management space to area that we're in charge of managing the environment that we're trying to move towards. A zero trust model is no longer behind a, a firewall and a perimeter in a physical building. I'm dealing with users now working from home, I'm using partners, working from other organizations. I'm integrating with vendors in their own platforms. And I'm dealing with customers now who are completely disconnected from my infrastructure, but need to be able to access resources in my environment, need to be able to get the right information at the right time in a frictionless interaction with me, the challenges have become exponentially larger.
I'm scattering my identity data further out. I control less of the applications now, and I have more sources of information that I need to incorporate. Especially as I look at a zero trust model where I'm not just going to be looking at what group you're in an ad and what title you have. I need to look at additional information. What training courses have you gone through? What security clearance do you have? What endpoint perimeter device are you coming in on? Is that information on that device accurate and patched and, and properly vetted. Am I able to see into your travel plans to know if you're making unexpected trips somewhere? And I need to incorporate that I recently was out of the out of state and tried to make some purchases of the credit card. And two of them were denied, turns out my credit card company, you know, thought I was at home and my car was being used in Florida.
When in essence, I was in Florida. So this ability to automate and manage and build a zero trust infrastructure really requires us to pull all this information together. And this is where the federated identity service from radiant logic works. What we pull together is all the sources of identity data, regardless of how that information is sourced, regardless of how that information may exist in your environment or outside your environment. And then we provide that to all the applications that need to consume that data. We'll go into a little more detail here on what that looks like in terms of everyone is consuming that information in the us. There's a organization called N it's a federal government organization that works diligently every day to try and build models for industry to follow, to be able to build national standards, national Institute standards and technology. That's what they're called.
And they're trying to tackle the idea of zero trust right now, they're working diligently and we're involved with that group on building out multiple environments that represent what zero trust would look like in different organizations of different sides and different scale. And the key focus in a, in a zero trust architecture is getting comprehensive, accurate data on the left there into the policy engines, into the components in the system that will actually authorize the user that will actually let the user gain access to resources. Those are the gatekeepers in zero trust. Those are the ones that say I don't trust you, but let me ask some more questions about you in the system and come back and give you an answer to your request and that comprehensive data flowing into those policy engines is a critical bridge that has to be built and has to be made available.
And this area of identity and access management now is where radiant logic plays. We are the arbitrator. We are the, the creator of a master user record, a unified identity set that can extend beyond just regular identity and access management out to incorporating data from endpoint, security, security, analytics, even data security, to be able to make even a more comprehensive decision about not only what role and context are you in right now, but what's the role and context of what you're trying to access. And if I combine the risk of both those things, do I end up with more risks that I want to tolerate, but how do we do this? How do we dynamically pull all this information together? How do we make this available in all the different formats and CHES and structures and protocols that our applications are looking for? This again, is not the way we built our infrastructure.
We built islands and silos. And as we went out into the cloud, we did it again. We stood up individual applications inside our SAS vendors with identity data in, we stood up iPads, applications or identity as a service applications like Azure and Okta and pumped identity data into them. Again, disconnecting that data from sources of truth or making that data easily available outside those platforms for use in other places. So I have a challenge of getting my arms around all this information to build my zero trust architecture and be able to, to feed that engine. Now, part of the good news, you don't need to boil the ocean zero trust. Isn't something that magically happens when you get to the end of a five year project and hit the apply button. This is an evolution. This is a process of, of building a richer and richer environment, extending my information, validating my data, making all the components I, that I need to add to my zero trust policy engine decisions available over time.
And as I incorporate more sources of information, as I incorporate more organizations, as I incorporate more constituencies, I increase the scope and the scale of my zero trust fabric. I build a larger identity data fabric to do support that, but I can start today with what I have. I can start with the applications you own with the I cam identity management platforms. You're using your access management layer, your governance tools, your Pam platforms, your steam tools, all these investments you've already made can be used in your zero trust architecture to build this out. But I'm gonna start this journey with just getting my arms around information. Let me look and see where users exist. How many systems and platforms can I connect to with radiant very quickly and bring that information into the radiant logic sandbox. So I can start to see that data. I can start to see users in groups and roles across the organization.
I can start to understand context. This user's managed by this user. That's part of this division. That's part of this national region. That's part of this subsidiary. I have hierarchies of relationship in my context, that is also valuable to be able to understand and be able to incorporate, because later when I'm authorizing access, I'm escalating privilege requirements. I'm making decisions about access, having that contextual relationship, knowing more about the user, not just who they are in the moment, but who are they related to? What are they related to? What projects are they working on? How are they integrated into the overall ecosystem? That has a real effect on what I do with my zero trust model. So let me start grabbing that information. Let me start getting ahold of that data. And this starts to allow you to start to make good decisions. If I have good data, identity data quality.
If I have data that I can rely on, I can start at the time of administration building my least privileged model. I can start removing excess access that people have, which is one of the tenants of zero trust. I give too much access out the door on day one provisioning on joiner onboarding. I just basically give them everything I can imagine they need, because I don't want to have them not be able to work, but I haven't really figured out what's the minimum I need to, to give them. And how do I then incrementally increase their access based on valid information environment in my environment. So that starts with building a good identity data management platform. And then I wanna be able to run this at real time. I need to be able to do these transactions, evaluate this data, make a decision for a user in milliseconds.
I need to have that data highly available. I need to be able to scale to the size of my organization, which may be hundreds of thousands of employees and partners. It may be millions or tens of millions of customers or hundreds of millions of customers in some of our cases. So I need to understand the scale of this model and make sure that the amount of information I have can, can perform at a level that doesn't add friction to the interaction with the employee or with the customer. A Microsoft that 30 years ago said you have 230 milliseconds before a user will physically start to have a reaction to waiting for a computer to do something that's a quarter of second before I get frustrated that spinning wheel on my sale point or my Salesforce screen is adding to the frustration of my day, cuz things should happen at real time.
So you need to be able to move and perform at that level. And then you need to have a visibility. You need to be able to verify that what you're doing is actually working building policies and enforcing policies is a wonderful process. But if I don't audit that, if I don't look and see what's the real world consequence of this rule that I made the opportunity for unintended consequences is very high. The opportunity for things slipping through the net is very high. The opportunity for simple human error to create a different outcome than was intended is high. If I can't see what's happening so I can build the best system in the world with the best intention I have to audit that platform and be able to tune it and control it and make it available in a way that actually works. So let's step back again and look at the challenges that we're facing today.
I have all this identity information in multiple different platforms. Now I'm using the term identity information as loosely as possible. This is data about an object that has attributes and relationships that I want to incorporate in my environment and manage. So that may be a user. It may be a service account. It may be a bot. It may be a physical device that I'm managing. It may be a piece of machinery that has to access other resources in the environment. It may be the fact that I can get a replacement water filter for my refrigerator automatically ordered from my appliance manufacturer, buy my refrigerator over the internet without me knowing there's tremendous amount of, of objects out there that we need to be able to incorporate. And the information about those objects is scattered. Traditionally. We used to just think, oh, everything's an active directory in a zero trust model.
You can't really get very far with everything's in active director or in Azure ad you need more granular information. You need more data from more platforms, more sources, and I've scattered a lot of that in cloud applications. I have a tremendous amount of value inside my HR platform that I may or may not be leveraging today. But when is HR authoritative for a certain attribute? If I have it for manager in HR, it may be the hiring manager in ad. The manager may be somebody that's actually assigned to the business unit that manages that person. So I need to also be aware in the context of when something's authoritative and when it's not. And if you look at your IGA platforms, my sale point, my savvy, my Oracles, those systems have tremendous value. You've built inside them. That's locked in there for doing role management.
Imagine being able to extract that entitlement data that's associations, that segregation of duty results, and be able to leverage that in other places. And again, APIs and skim all the places that data exists. I need to be able to make that data available now to all the components in my zero trust architecture as Martin laid out, I've got a very broad stroke of applications of endpoints that put together the pillars of identity management in a zero trust architecture that actually fulfill all the requirements of access management, customer management, governance, administrations, privileged account management, the AI and machine learning that goes into building risk scores and looking at behavioral analytics and starting to do predictive provisioning and minimal account access control my seam systems that sit over the top of everything and watch for violations, and then act on those to see if it's a true violation or it's something outside the bounds of normal, but within my zero trust model with the rich set of identity data that I have to make a decision, I can say that is a reasonable action.
Yes, let that go forward. Software defined perimeter, allowing me now to get my arms back around my distributed user force around the world in a way that allows me to start putting gates back in to control who comes and goes in my network, but in a way now very different from the old traditional firewall platform that I used to use, and then all those legacy applications, or as we start to call them now in the European space heritage applications that have a tremendous amount of value to the organization that are critical to the operations of the company. That can't be just tossed out tomorrow because they're no longer in fashion. I have to honor my investments when as I move forward. But if you'll notice there's a really big air gap between the world that I need to feed and all the food that I have, how do I provide that?
I do that with an identity data fabric. I do that with radiant logic. I use an abstraction layer that we've been building for 20 years. This is not a fresh startup that came up with a great idea. Six months ago that we're prototyping now in, in beta code, this is a platform we've been building implementing at some of the largest companies in the world and honing for this moment. It, it, it was a vision of our CEO years ago that we were gonna be in a position where we had to manage massive amounts of disparate data for consumption by multiple different platforms simultaneously to make the world work together, the United nations of identity data. And that's what radiant logic does where the identity data fabric that sits in this gap and fills that requirement and feeds all the applications that you're familiar with in the ICAM space, all the different tools out there.
And some of these may not be accurate cuz they keep eating each other as consolidation continues, but you can see the players you're familiar with. These are the companies that need this data from here. They can connect themselves, but it's a lot of extra work it's been in indicated that it doubles the cost of a IGA deployment to manually do the data integration. And you do it once for each platform. You don't do it once for everyone. And that's the value of radiant logic. Let us compose the orchestra's music and deliver it to all the instruments and then we'll make a symphony together. So looking at this model of the identity fabric that that Martin relates to all the players in the space that are orchestrated now to deliver a full identity management, zero trust architecture is dependent on the identity data fabric that's being delivered by radiant logic.
And this integration again has a lot of components that are built in. But the wonderful thing about radiant is we've done the heavy lifting we've built wizards and tools and graphical interfaces and mouse driven or command line driven functions that allow you to integrate and translate and transform and build integrated views and automate group dynamic group generation and make them look like static groups and deliver the scalability at the tens of millions, hundreds of millions, billion object, potential and syncing all that data where it needs to be moved in a way that it feeds all the components of your identity fabric simultaneously. This is the key of radiant logic. You've got a tremendous amount of identity debt. We've got a tool for cleaning the garage. You need to get all this identity information in a usable context that understands relationships. We build context, we are all about relationship and you need to deliver this information to all these different players on the field in exactly the way they need it and they want it and they wanna see it and consume it.
We provide that transformation translation simultaneously to each platform and you need to do this at scale we scale. So that delivery of that capability solves this major problem of identity debt being in the way of you being able to get to a zero trust model. And we can actually take this information and start to model this. So you have an idea of relationships. You start building integrated models. You start understanding that this user has this corresponding account and this training system that by this course allows him access to this resource based on a dynamic group generated by radiant logic, filtering on training and other attributes. If his training expires his group membership is automatically adjusted and these groups are delivered to the applications as a list of static users or a member of attributes. So the applications, your heritage platforms don't have to do anything differently to incorporate more sources of identity, richer data, and a contextual attribute driven access control.
As you move and further into a identity management platform that is mimic in zero trust model. And I can start to build this platform with what you have source your identity, source your context, and bring this forward in what we call a policy decision point a master user record, an entitlement catalog. One place to go to get all the information you need to make your decisions about authorizing the user. And again today in your applications that you're using in the moment that may be simply group admin group membership, that may be all the application to do in terms of granularity, but we can help you build granularly populated groups based on attributes that appear to the application to be static, update those in real time as information changes and give you a policy enforcement point based on group membership, as you move and evolve into a more modern policy engine where you start to bring in access control with your access management layer, that literally looks at authorizing a granular policy based on attributes, then takes that author policy and puts it into a decision point that evaluates the user's request for access in real time against the policy that was written calling back to the policy information point radiant logic, to get the accurate source of truth data for each attribute that needs to be evaluated in that policy.
Does that person work in Chicago? Is that person managed by Peter Schuler? Are they in sales? Are they attached to large accounts? Do they have these three accounts under their direct control? Yes, yes, yes. And yes. Wonderful. They can access this particular set of information now going forward in the CRM system, that kind of granular access is what zero trust is about. I didn't just give you access to the CRM platform and let you run wild. I incrementally gave you access to resources inside the CRM platform based on information about you. That was true. If you, you move to New York, that request will be denied because you are no longer in the right context. And that is all implemented by a policy decision point and a policy enforcement point in a policy engine. Again, if you remember back to the original this slide, this is where we're driving the industry towards this model and zero trust of making real time decisions.
All that relies on the policy information point. This data is not sitting already in your network available for consumption, ready to go cleaned up normalized and ready to be consumed unless you've already brought in radiant logic and started to make this information available and consumable for this model. So with radiant, I'm gonna connect to multiple platforms in my system. Again, this is out of the box point and click. I'm gonna build a normalized view of data. I have my information in different formats in my different departments and systems. They may be named differently, but I need to normalize that data because as I build out my policy information, I need to have a normalized set of data. So I'm building much simpler policies in the system. And now my policy authoring point uses that information to build the policies that are then going to be authorized by my policy decision point against the actual data that user has in their environment, that has also been normalized.
So I clean up the data. I normalize the information. I make policy offering much simpler. I make policy decision points based on the same data set. So I don't get an unins unintended consequence. And now I can deliver this platform in my environment. Again, incrementally over time, you don't have to boil the ocean, start with a couple of data sources, start getting this model running, start, building this out and where you don't have the ability to do policy decision points. Use the group maj group dynamic model side radiant logic that allows you to start modeling this information immediately. Now, in addition to building this out for authorization and current zero trust model, we're still in a, a scenario where I need to provision data into endpoints. I need to populate my directories in the cloud in Okta. I need to have identity data sitting in AWS, close to my applications.
As I migrate off my my on-prem environment into cloud environments, I need to be able to push data out to other vendors that need that information. So this formatted controlled generated view of the data, the filtered set of attributes groups, memberships that is sourced from truth can also be a source for provisioning those at information out to other organizations or at the same time, it can be queried and consumed by applications by access management platforms, by governance tools, by legacy applications, to allow you to do the authorization we've been talking about in a zero trust model, but again, using the same sources of truth, the same data cleaned out properly formatted the subset of attributes you wanna share and push that out to wherever it needs to go in the organization. It's a two for one benefit. Again, build it once with radiant logic, use it over and over again in your organization.
And this is possible because we can reformat restructure, build this data out in different structures. Simultaneously I can reorganize context and relationship. I can build information out of attributes coming in from non-direct resources, like databases that don't have a set schema I'll generate schema for you. Don't worry. I'll let you manage the attributes, excuse me, on an attribute level. So I can remap attribute names and reformat information, make given name first name and, and SN last name because that's what my applications are expecting. I can manage this data and model hierarchical relationships in the data again with graphical tools, driven by a mouse and make this available and deliver on the idea of a unified capability of a union of all my users with all their attributes pulled in and, and connected to their profiles regardless of how they were identified in the, in the environment, building on dynamic groups and group correlation between my platform translating and transforming that into any form, the data is needed.
Rest, skim L D SQL flat files. However, my endpoints need that data. I can deliver it and then scale, scale it out, deliver to performance, make that directory available, deliver that to the endpoint. So this is all part of a, a family of, of applications at radiant logic. The federated identity engine is primarily what I've been discussing today. That's the heart and soul of our application in our system. This does all the heavy lifting of pulling in the data, correlating that information. Again, I don't write code. I can't give you a Java script to make something happen or write something in Java or C plus plus, but I can configure an extremely complex environment. I can clean up a lot of identity debt with radiant logic with my mouse. And then I have additional components to bring into that we can add on single sign on the ability to bring in Sam Ws Federation, O I B C oof, directly into accessing this data in addition to SQL rest and LDAP.
So even more sources can consume the data, a universal directory to store this information at scale and performance that can be used to replace legacy LDAP infrastructure in your environment can be stood up in cloud applications like AWS and is Azure as a fully accessible directory. And that exposes data again in LDAP and skim and rest to make that data available locally and scale for storage. The ability to migrate into those directories with tools built around radiance ability to transform data, to synchronize information, to move data within the organization to provision endpoints. If I need to, to make sure that my source of truth is what is propagated my environment. If ad is authoritative for manager and I am manager in seven places in my environment, one of 'em made me sourced from old data in HR because that's the way it was configured. I can now synchronize my source of truth to all the endpoints.
So whatever queries, a point of information in my environment gets accurate data. And then insides reports and administration. The ability to actually see this information run reports against that. Show me, everyone terminated in, in HR. That's disabled in ad that's still active and Azure. Wouldn't you like to be able to see that with a mouse click across your environment, imagine that across all your cloud applications, imagine that across all the platforms in your system, show me everybody that was onboarded in the last week and what systems they got access to all that's available. When you start to bring this information together, when you start to provide a valid identity data for authentication, rich kinda context for authorization, you start to enforce attribute management. So your identity data is valid across the organization based on sources of truth. And then you unify that identity data regardless of source and type.
So it can be consumed everywhere. And you deliver that across all types of data in a comprehensive data fabric. This is what data that radiologic delivers in an identity data environment. This is how you start to get to a zero trust model. This is how we deliver on the, the world that, that Martin has outlined that we want to move towards to add security and to add the level of maturity in our environment and clean up our historical atrophy that we built up doing that with the zero trust architecture, as a journey starts with radiant logic, we can touch on every piece that's critical and we can deliver that to you. Now, I'm gonna turn this back over to Martin. He has some questions I believe we've accumulated during the session. Hopefully we can touch on those as we close out the hour. Thank you.
So wait, thank you very much for, for the insights provided and all the details we have a few minutes left and I wanna start with one question that is, you talked about integrating all the data from different sources. Are any of your customers trying to use authorization information in their access decisions that are provided by partner organizations or party authorization sources?
We're seeing more and more now a, a movement towards integrating identity from outside the organization. That may be information coming in from a partner organization that I actually use as a vendor so they can supply additional data that I use to authorize my user. We're seeing now the, the looking at how I can do identity vetting. So I can actually start to look at outside sources of information to vet an identity I have coming in, especially on the consumer side. How can I assure someone registering my organization is who they say they are. So I can call outside now and gather data from other sources. We're seeing some really interesting things in organizations like telcos that have a large constituency of vetted identities with people attached to devices that I can now potentially link into my organization and start to use as valid sources of information. And that is more and more. What we're seeing now is this idea of identities and farther out.
Okay. Got it. Thank you. I think we look at the results maybe first of the first poll, which is, and not really a surprise. I think a, this clarity, it is a little bit of a surprise because really everyone who, who participated quite a number of people said, yes, we already run into problems. Was identity information quality in the organization. So it's 100% score. And I think we can go back from the displaying, the results it's 100% score is to me. It's not surprising, but it's something which is very clear in that because it's really a, a recurring problem everywhere. I have one, one more question I'd like to touch and interest of time. We probably limited to this one more question that is, if an organization has this we or scattered or unreliable identity data, what's the starting pointing it.
I think basically that the place to start is to start to, to survey what you have. If you use the metaphor of cleaning your garage. And I actually went through this last weekend, I spent the whole weekend trying to get a car in my garage, which was a monumental task. The first thing to do was stand there in the corner and look at everything I had move around and see where everything was, understand the nature of that information. Is this stuff I'm gonna keep? Is this stuff reliable? Is this stuff reusable? Is this things that are critical to me? I need to start to be able to do this with identity data. Unfortunately, historically, we've not had a single place to go with that single painted glass to see everything. I look inside active directory. I see very nicely tools to examine ad data, but it doesn't help me see how that data's related to security information and security database or CRM data I put up in the cloud. So being able to get that holistic view, start to get your arms around the data, bring it into a platform like radiant logic, where you can start to model that information in a common format, a common structure. And now you can start to see the scope and the, of have, and evaluate stays. What goes what's truthful, what's inaccurate. And how do I move forward?
Yeah, I, I think it's interesting. One, one of the exercises I also did with customers is we say, looking at which objects do we have, which attributes do we have? What is where these come from? Where, where do they exist? What triggers the change, cetera. And when you then go through that and look at what triggers the change, the trainer or move or reliever processes can be very different sources. This helps you. And also to understand which, which other organizational units you need to talk and about responsibilities and process. And I think there's really also some so to speak paperwork, to be done ahead of what you're doing. So unfortunately we are at the end of the time already. So I'd like to thank you, Wade for your information, as I'd like to thank RA logic for supporting this call webinar. I'd like to all of the, for participating this webinar, hope to have you in one of our webinars. Thank
Everyone Martin.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Championing Privileged Access Management With Zero Trust Security

A modern approach to securing privileged accounts is to apply the principle of Zero Trust: Never trust, always verify. While Zero Trust is not an off-the-shelf solution, it is modern vendors of PAM solutions that recommend using this security principle to cement the technical capabilities…


Continual Access Control, Policies and Zero Trust

Trust no one, always verify. We know that Zero Trust phrase already. But this principle is rather abstract - how and where exactly should we do that? Martin sits down with Jackson Shaw, Chief Strategy Officer at Clear Skye to discuss one very important part of Zero Trust: Identity and…

Webinar Recording

Implementing Zero Trust With Privileged Access Management Platforms

Among the many approaches to do that, Zero Trust is one where organizations apply the principle of “never trust – always verify”. Since Zero Trust is not a single product or solution, implementing processes that work accordingly can be a challenge to IT teams that want to…

Webinar Recording

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…

Webinar Recording

Effective IAM in the World of Modern Business IT

Digital Transformation promises lower costs, and increased speed and efficiency. But it also leads to a mix of on-prem and cloud-based IT infrastructure, and a proliferation of identities that need to be managed in a complex environment. Organizations adopting a Zero Trust approach to…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00