Webinar Recording

Rapidly Evolving Identity & Access Management to Meet Today´s B2C & Cloud Challenges


Log in and watch the full video!

KuppingerCole Webinar recording

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
Good afternoon, everybody, or good morning or good night, wherever you are in the world. I know that we have a lot of people from all over the, the globe attending this webinar today. My name is Peter Cummings and welcome very much to this webinar, where we are going to be talking about the evolution of access management to meet today's business tumor and cloud challenges. So, as I said, my name is Peter Cummings. I'm a senior Analyst with Coco. Many of you that have attended webinars before may not know me. I have recently joined the company before we get too far into the presentation. For those of you that don't know Cub, Jako just a couple of words about us. We are a company that provides enterprise it research advisory, decision support, and networking for it, end users and vendors. And we do that currently in three pillars, which are the research services.
As you may be aware, we have a number of different formats of that on our website. We also do advisory services on a more strategic level, advising clients in strategic durations and helping them with vendor selection for their projects within IM and cloud. And last but not least, we also do a number of events. And the biggest one of them is obviously the European identity conference, which this year will be from the 14th till the 17th of May in Munich. And I hope to meet a lot of you there. This will be our seventh and so far largest conference that we are having. And I am sure that it will be very, very interesting. And for those of you that are looking at the slide now, please be aware that the website address is little bit different it's ID. So CF not.com, a couple of logistic comments about this webinar.
You as attendees are all centrally muted. You don't have to mute on mute yourself. We have control of, of that feature. Also for those of you that would like to come back and listen to the presentation again, or maybe have some of your colleagues that are not able to attend it today, we do record the webinar and the podcast recording will be available tomorrow. We also going to have a question and answer section, it will be at the end of the presentation, you are more than welcome to ask your questions during the presentation, and then we will pick it up at the end of the presentation and go through that. So the format for today, we have this webinar in three parts. The first part, I will be talking a little bit about the evolution and how we use identity and access management. So I will try to do 10 to 15 years of history in about five minutes, and also look at some of the challenges that we are currently facing and are becoming more and more important for us as we move on in access management.
The second part is a foster from, for truck that will be giving their view on how we can solve some of these problems that there are today. And finally, we will have the Q and a part at the end. We expect around 45 minutes presentation time, and then question and answers afterwards. So let's jump right into it. So the evolution on, on how identity and access management is, is used. If we go back around 10 to 15 years and, and even longer for, for some of you that are there, it was clear that we needed some, some way of managing the people that use our systems the way they use it and, and what they've got access to. And there was a lot of evolution in the beginning on how do we do this? But the problem that we had back then were a lot smaller than what we have today, as we are in our own little kingdom, it all started about ourselves getting access to the services and the services that we had in house and, and not so much what we had outside.
Then obviously we had the introduction of the, the internet and, and that meant that the services started appearing outside our own little kingdom or our own company, as you will. And we now wanted to start using these services. Now, there hasn't in the beginning, there wasn't a lot of control around those issues. It was mostly manual processes that were around that, but as things they evolved, we wanted to have more automation of this and actually being able to manage users outside. And this is still an issue that we are seeing with all the different cloud services that we have. How do we actually manage our employees, access to data stores or other services outside of, of the business and how do we provision their access and make sure that the access is secure. And indeed, how do we make sure that our employees are removed for those services when they no longer need them?
Well, what we are seeing and have seen over over the last couple of years is that now we also have people that would like to use our services. Indeed. You could say that in enterprises today, we are creating our own cloud services, so to speak, and I'll get into that a little bit deeper. We also have collaboration across different companies. We see finance and insurance institutions that want to work together and exchange information. We want external parties to have a more or less permanent access, which they manage themselves into our companies and we want to access their data. And what we are also seeing is that where we traditionally have had, should we say different islands or silos within an enterprise, depending on who were the end customers of our solution, we would have different solutions. So for example, in a bank, we would have one solution that would manage for our employees.
And we would have a second solution that would manage for our customers that want to access the internet services that we have in the bank, or indeed their online banking or trading platforms. We might potentially have a third one. If we are talking about private persons versus organizations that need to access. And then finally, we, we might have one or more systems managing third parties, outsourced entities that we are working with to, to help us. Now, what we are seeing is that there is a drive in many large organizations today to unify this approach, to actually combine all these different systems so that we have one central global IM solution that will manage all, both our internal people, also our external clients that are coming in, and that is across the spread from end users to enterprise users that we've seen, but it doesn't sub there.
We also, of course now with the evolution of many other things in, in IM or in the it industry, indeed, we are looking at stuff like mobile social networks. And indeed we are looking at websites or web applications that are being launched, which grow from zero to hundred thousand millions of users in a very, very short time. Indeed, we read the news every day that there are problems with these sites, that there are data that are being missed from these sites users accounts that are being hacked. And we have the problem with many users needing to have many sets of credential for all the different services that they need to use. And it seems to be in, in the flux, there is a, a need to have a central service to authenticate and manage users as websites in the traditional sense that we know them are no longer websites. They are also now platforms and backends for mobile solutions that can be used on private scope or enterprise scope. And, and this is where we, we see some, some challenges now.
So the challenges that we, that we, that we are seeing in, in the direction that we are going is that we need increased performance, increased performance, simply because we are now talking of users of scale, if we can. So say, indeed, we are going from looking at our internal company and potentially our employees accessing an outside service or another trusted partner entity that access our services to now having to open up to let all our consumers come in as well. And this means that we are actually going from thousands or tens of thousands and in extreme cases, hundreds or thousands of users that need to use our systems to potentially now millions of users. And obviously that affects the, the whole system, the performance, how, how that uses, how that works. And also we want to make sure that for our consumers, we are able to provide performance services.
If we have services that are slow or people they need to wait to authenticate to get onto our solutions, well then our customers, they're gonna go away and they're gonna go to the next company that can offer a better performance. Time is money. And when we're seeing that today, increasingly we also need to make sure that we ensure security while having a consistent approach, to being able to identify users and authenticate them. And, and also the whole lifecycle management around them. You could say that we need to have, in the traditional sense, we've seen, we have one authentication mechanism for people that will come from an enterprise and access a service that will be a second mechanism for people that will go onto the website and access services. And the third one for mobile, and maybe even multiples depending on what mobile platform that you need.
This obviously is a huge cost for the providing entity, because there are simply many systems that need to be managed. And that's why it's important to have a consistent approach. And also it's some important to maintain the security around the solution because in scenarios where we've seen where Facebook and, and other very large platforms has had lot of data, people that aren't able to use in to, to use the service, people that are getting their credentials or indeed their whole identity stolen, that obviously is a very, very large negative impact on any company. And we don't want to have that. And that actually ties into the third point here is that we need to ensure privacy while also maintaining the trust. And indeed you could argue if the time has come, that we start looking at, shall we say a virtual identity or an identity in fact, without an identity, because when we are looking at these big silos of sensitive personal data that we have around in tax systems, in health systems and so on, when, when, if we are able to decouple the identifying factors from the data, we are now able to share this data and do calculations as statistics on it without actually releasing person's information.
Let's say we have a large government organization. They would like to do some statistical research around, for example, cancer and all that information. That will be very good to have indeed insists in electronic patient records all over the world. Now we have a problem with that because we cannot release that today on, and if we are going to release it today, there will be a huge amount of work around making sure that the data has been wiped off any identifying data. What if we had a repository where we are able to federate the virtual information with the identity of the person in such a way that if the right authentication has not happened, then we will only see non-relevant data without any identifying information. That is a way that we can ensure privacy and also maintain trust. This is quite forward thinking, but I do personally believe that this is the direction that we are moving.
So the things that we need to consider moving forward is on four levels. The way that, that I see it, we are looking at the enterprise and inside our enterprise or our companies today, we are looking to unify the systems for both to both service external and internal users. And we are looking to have one system to, to do this in order to obviously reduce total cost of ownership and, and improve return on investment. We also, in this model world, shall we say, have to surrender to the fact that many of us, we need to provide mobile services to our customers. Indeed, the customers that that we have today are, are no longer happy with the, the paradigm of, of this is the service that we offer. You be happy with that clients today, they will shop around until they find a service that are able to cater to their needs.
And mobile obviously has been for many years and it's continuing any every year to, to grow exponentially. So we need to offer services to mobile consumers as well. And that is both on an external and internal level. We also looking at social social media. We have many users that are already using social platforms for a education and Federation and many companies. They want to offer this. This again, is providing the customers with what they want and how they normally go about doing their business. And finally, we are looking at cloud. We are seeing an ever increasing adaptation of cloud services and, and obviously we need to control access to these resources, which we already trying to do, but that area would definitely grow. And also we are seeing that many companies are moving to the point where they want to offer cloud services to their users, to other companies in order to, to grow their business.
Now, if we look at those four areas and we start looking at the numbers in, in that sense, we are going from, as I said, in the beginning, thousands of, of users over to now mobile and externalizing our, our services as well to potentially millions of users. And with these four pillars, we indeed will have people that will be using our services at any given time during the day, meaning that we will now have an exponential growth in authentications in users that need to be lifecycle managed in information that is changing. And, and for there, we need performance systems. We need to have a change in, in what we're seeing today. We need to, to think new ways of how we are doing this. And with those thoughts, I know that the guys from, for truck, they have a, a number of, of faults on this. And therefore I will leave their presentation over to a foster now to tell a little bit more about
How for truck are looking at these things. Thank you, Peter, let me put this up here so that we can, okay. Is, is my screen now visible. Okay. So thank you very much, Peter. And yeah, I have in fact, many of the points that you just brought up are indeed key and sort of very central to the kinds of things that we are doing at the moment inside of, for sort of, to introduce myself, to introduce for, for is a relatively new company into the IAM space with a long let's call it an old soul. So for drug is an open source IAM company and inherited the open source project when the, from sun Microsystems, when sun went and was purchased by, and there were several open source projects, as well as some that we've been working on ourself. I was one of the founders of, for drug and now VP of community, which basically involved working with the open source community.
And we'll see how that sort of ties in over the next couple of seconds. So carrying on from your presentation, I had to smile to myself when I saw your presentation, because again, these same four slides or these same four pillars were the ones that you were focusing on and sort of to go into a little bit more about what you were talking about, these new technologies, these new paradigms that enterprise has to face doesn't make anything, any easier for the enterprise. In fact, it makes it much more complicated. And in fact, the, the complexity and the number of systems that have to be connected to sort of goes up exponentially while at the same time, many of the traditional tools that we had for protecting identity things like firewalls and protecting the physical network, protecting at routers, using VPNs become much less useful. And I'll talk about that over the next few minutes, because they are still there.
But the entire paradigm that we are working with has sort of worked their way around them. Some of the reasons I say this, first of all, cloud, as you mentioned, cloud is becoming more and more important to the enterprise and presents significant identity challenges from the enterprise perspective. The reason for that is, and I believe it was at the ping identity conference where the statement was made, that the firewall now is as hol as Swiss cheese. What we mean by that is that when we have services out in the cloud that are delivering enterprise quality services to enterprise employees, what we are doing is we are taking both access, identity, access management and the data of our enterprise. And we are moving it outside of our control. We are putting it when you have cloud services like Salesforce or Google apps or other ones like gen desk, who are all service providers who are providing enterprise quality apps to the enterprise employee.
That's not on site anymore. That's coming straight in over the internet. You mentioned mobile devices and indeed mobile devices present additional challenges, both from the perspective of needing to work well with the mobile kinds of devices. But along with that also comes the, bring your own device. We're beginning to see the devices, whether they are mobile phones, the new generation of let's call them tablets, the iPad generation, where people are bringing new devices into the workplace, into the enterprise and wanting to interact with the traditional applications, the traditional data that they have in the enterprise and out on the cloud, utilizing these mobile devices, many of the authentication challenges that we have with these devices and many of the solutions that we have used previously are cumbersome at best to try and work with these devices. You also mentioned the challenges coming in with big data.
So as our data volumes grow with big data, keeping track of identity or keeping track of the relationships of the subsets of that big data, that they are tied to the same identity without exposing important or identifying information about that identity becomes more and more vital. And we have to manage this data that has gone up exponentially in terms of what we are used to being able to manage the fourth sort of pillar that you spoke about was that of social and the, the social web, as we see with, with services like Facebook, Facebook, primarily, but various other ones, the people are using Twitter. These kinds of services are being looked at by users as authentication services, which they kind of are. They give us a, a very low level of assurance about the individual user and utilizing those services within the enterprise may be appropriate for some level of data and may not be appropriate for other levels of data.
But from the end user's perspective, their experience on the web, their experience with the network has moved now from simply being a web browser or anonymous access into personal access. They are signing on with their account and the, the, the internet knows who they are. So sort of putting all of these challenges out there. This has taken the traditional enterprise kinds of challenges and made them much, much bigger. None of those traditional challenges have actually gone away. So as we see the model to sort of move to the modern web, there's sort of four pillars to answer the four problems working sort of from left to right, going through this sort of table that we've got up here. One of the things that the modern web has done for us is we have lost control. And I mean that in a good way, you no longer have one single entity that is able to make a decision about how things work.
Why not? Well, we've got the enterprise and surely the CEO or the management team of the enterprise can make decisions and they can, but only for that enterprise, they don't have control over the services out in the cloud or devices and things like that. So in order to work with these, the only way that we can have a reliable, trustworthy working infrastructure across all of these different entities and different services is with standards, standards, and open standards are very important and actually give us the solution. They give us the solution because standards are developed in an open process with participation and collaboration from many of the organizations who are going to be working with this. So the cloud providers enterprise, as well as software vendors, some of the kinds of things that we see underneath their rest, open ID, connect, OAuth, skim. These are all standards based protocols specifically to Def to handle the kinds of problems that we have with this inter organization web or network that we have to try and deal with authentication and access control.
Likewise, the modular architecture. So the challenge that we have in this point is that things get more complex as it gets bigger, the number of systems that we have to interoperate with, we need to be able to have fundamental building blocks that we can put together and work together. And so technologies like O SGI enabled enables us to have a tiny footprint, a small application that does what we needed to do, or a small component that does what we needed to do and works together with other components in a defined modular way. This way, we don't need to have one gigantic big system. That's occupying lots and lots of resources and ultimately becomes a bottleneck. We utilize the technology that we need, where we need it when we need it. The third column flexibility comes from the fact that fundamentally the enterprises problem has not changed.
They still have lots of existing legacy applications. They have applications that were functional and working long before the web was even thought of many of these. And there may still be people in the enterprise that get teary eyed thinking of 32, 70 terminals and things like that. So we have to have a way to bring these legacy applications, these non web, and definitely non-modern web kinds of applications into our modern web experience. And this is in general, going to involve everything across the board from agents or plugins that can work kind of as gatekeepers in front of these applications, gateways that can do some kind of protocol conversion and work within these legacy applications. In some cases, straight connectors that we can actually provision and work with the connect these applications directly, and when all our fails APIs, so that any custom development that needs to be done can be done to a well defined, clear API so that it can be maintained and supported going forward.
The fourth column open and collaborative ties back to what I said in the first column. One of the challenges that we've got with this is that we have multiple entities with no one single point of control. No one can tell anybody you have to do this this way. And the way that we sort of work with that is with a community. And we work with a, with transparency so that we know what's going on. This is crystal clear. When you have a look at the various standards organizations that are working on these standards, organizations like Oasis and the I ETF, Canera all of these different kinds of community organizations, which encourage and work towards transparency so that we all know what's going on. Being able to collaborate in terms of source code here is how we can do something and everybody can benefit from it.
There's, there's a lot that can be done from an open model rather than a closed model. And I sort of compare this to the automotive or the car industry, right? The, the Ford makes a vehicle, but once they've made that vehicle, you have shop manuals and you can buy parts both from Ford, as well as some other people that are designed to those spec. And we know how it works. We know how to connect to it. And what are the components we have to do. So I'm gonna address each one of those four columns in the next couple of slides. But one of the things I think that becomes of overwhelming importance when we start looking at the modern web is the issues of scale traditionally in enterprise kinds of usage, thousands of users. So here, we've got an arbitrary 10,000 users, but thousands of users has been considered significant or big.
When we look at it on an internet scale, that goes up by orders of magnitude. It's not uncommon in the internet space to see users in the realm of hundreds of millions of users being sort of the norm. When you think of organizations like Facebook that are claiming a billion and growing different users or different identities that they need to deal with, that's some pretty significant scale. Likewise, in terms of user management, the provisioning, creating, changing deleting users, traditionally in the enterprise, a few users per second, and I'm being generously even at 50 creates per second, would be perfectly adequate to handle even the most advanced or the biggest kinds of organizations that we are dealing with. As we start moving into the internet scale, that quickly becomes overrun, and we need to go into hundreds of user management operations per second, same thing with authentication.
When you think of concurrent authentications per second, we have 50 authentications per second. There's a very significant number in the enterprise. But when we start working out onto the internet scale, that as well goes up orders of magnitude, you can sort of think of the kinds of things that happen when you have major internet kind of events. And everybody is trying to log in at the same time. This kind of scale is not something that you can invent after the fact, the problems that you have with scale is that unless it is thought about from the beginning and early on during the development process, and then is something at the forefront of engineering's mind throughout the entire development process. What you end up with is choke points or bottlenecks that are very, very difficult to try and eliminate. You have to address this issue upfront and design for this kind of scale, which generally means designing for distribution, designing for massive parallelism and those kinds of engineering needs in order to give us the ability to scale up to these kinds of numbers.
So looking back at the pillars that we were looking at, I just wanted to address some of the kinds of things that we are seeing, and we are working with the first one is the adoption of rest. Rest is the latest in the web service protocols, which essentially means how do we communicate with different applications using nothing but the HTVP protocol and rest has sort of come out of this. It is a, and actually can be thought of as an API. It gives us a protocol that we can use between different systems, very different systems, simply using HTTP, get and post using a payload of simple Jason, Jason, for those of you that haven't had a look at, it is JavaScript object notation, which is basically a text string of key value pairs. We don't need the very complex XML. The key point about rest and Jason is its platform independent.
It is language independent and can be implemented very simply. And this makes it ideal. As we start looking at some of the social and the mobile kinds of platforms, because complexity on these is difficult to manage. We want to try and keep things simple. But as you mentioned in Peter's presentation, we also need to maintain it as secure. And so all of the challenges we have with security are definitely still there, but this gives us a good, solid way to be able to interoperate with many different systems within the enterprise. We still have the challenge of flexibility. We still have to work with all of the legacy systems. We can't wipe the table clear and say, okay, everything we've done so far was good, but we are going to start again. We have to live with legacy applications. And so tying in with connectors and agents utilizing APIs that can be customized to work with these legacy systems and the different kinds of interactions and standards that we have to work with is still a very real reality when we start with the enterprise itself.
And really what this is doing is it's bringing the openness of the internet, possibly the more closed relationship that we've traditionally had within the enterprise, this sort of brings us to the openness of the modern internet space, as well as modern access management identity and access management. It doesn't have to be open source code, open source, nearly one business model. However, what is open is the standards and the specifications for how things will need to work. The big challenge that we have as we pointed out earlier on different entities, different system integrators, different vendors, different consultants, and programmers all need to write code that interoperates with each other. And one of the ways that we get to do that is by fostering both open standards and where possible open source, if we can share what we are doing and share how the code works, our chances of working properly as they try to interoperate goes up substantially.
The same thing is true. When it comes to development, we can have a group of developers locked in a room working on code. However, since we are all working on the same basic problem, collaborative development gives us scale and gives us capabilities that we don't have when we are working on our own. Everybody has traditional challenges and their own kinds of problems that they're trying to address. And if we're all aware of those, it gives us a more robust and, and easier to interoperate system. Same thing goes with transparency. We have to know how things work. Everybody has experienced. I'm sure the challenges of trying to hook up with a system that is completely closed, no documentation for how it works, no documentation for what the protocols are sort of. That is the, the very definition of hacking in order to make our systems work in a secure, robust way.
We need to have transparency as to what they are doing and how they're going to hook together. Likewise, when we start dealing with the enterprise, working with modular kinds of architectures gives us the capability to choose what we need when we need it and build solutions that apply where it needs to be applied. It's quite often that we could have bridges or other kinds of functionality that can be pulled together quite easily using different components rather than having to rewrite a whole new solution from scratch. Obviously, this is the holy grail of software engineering. I think we've been talking about software ICS or software chips for at least 20 or 30 years. I think as long as I've been in the industry, this has been one of the things that we are looking at. However, I don't think we're actually very far from this. If you have a look at the Java ecosystem, now there are many, many components that are utilized by many, many different projects.
For example, nobody at this point writes their own XML, harsh. We have tools. We have pre-built libraries that do it and do it very well. And we start using those moving up. We can now start building up these components that are made up of these differences, the standardized pieces. There's still a lot of work to be done in this, in the engineering world. But I think it definitely takes us down into the sort of future as to where we're going with engineering. So having looked at those sort of four kinds of stacks or four kinds of problems, the, I want to talk for a couple of minutes about the product that for drug has the, for drug open identity staff. So fundamentally there are three different products in this there's IDM and DJ. So let me start with DJ at the bottom. DJ is a standard conformant LDAP directory server.
All of the products are Java based and therefore platform agnostic and can run essentially anywhere where you can run Java open. DJ is really our directory services. It's the data store that can be used for users. Obviously it interoperates with products like open am and open IBM and there's sort of significant areas of overlap. And this is what I was referring to about the components and the modules that we were looking at earlier on the sort of second piece of this is IDM. IDM is the identity manager, and this is the provisioning engine. This is the piece that's responsible for the life cycle of development, creating user accounts, managing user accounts, synchronization between different systems. Because as we all know, we still have to work with lots of different legacy systems. Each one of which, as far as it's concerned has its own identity store.
And we want our users to make it look like there's only one. And so we have to synchronize passwords. We may want to enforce password policies and to be able to connect that out into multiple different systems and, and enterprise systems that we are working with as well as cloud systems. And so here we start seeing things like skim and oth as being some of the protocols that leverage there. The third component over on the right is am open am. This is access management and essentially open am is takes on the responsibility of user authentication as well as user authorization, who is the user and what can they do? And there is a lot of components into that and it's worthwhile to have a look at them and, and see what's in there. That's also where we put the Federation and the Federation was when Peter mentioned being able to have a Federation where we can specify that, yes, we have authorization to get to the data, but I can't tell you who the data is. Federation is one of the ways of doing that. And Sam two at the moment is probably one of the most standard. However, there are other protocols as well, O is used. And so is open ID connect for doing some of those kinds of things.
So the three products are up on the for website, feel free to download them. The source to all of them is fully open. And I invite you all to try the stack, see how they work for you. Remember that these products are designed specifically to meet enterprise kinds of problems and the scale issues that we were talking about when I first started talking and as a result, sometimes they can appear quite complex. They are definitely enterprise quality products that you can go in and solve many of the traditional enterprise kinds of things and, and challenges that face an enterprise architect. We will be at the European identity conference in Munich. I'm sure that if you find us there, there will be an opportunity for some beer and to sit down and talk about the products. So I invite you to stop by the booth as well and come and see us. And that is the end of my presentation.
Thank you very much, Alan. Let me just get my presentation here, back up. So thank you very much for that interesting presentation now is the Q and a section. So if any of you have any questions, you are more than welcome to raise your hand or indeed write them in the questions box and then we'll take them one after one. And just to get this started a, let me ask you a question in terms of, of the, the scaling of, of things, how are your clients reacting to, shall we say a more traditional approach of, of solving these problems and, and how are they doing it with, with, for truck? What, what is, what is the, the status of place so to speak?
Let's see my, I believe I'm, I'm on. Yes. So yeah, this is, this is a challenge that several of our customers are coming into, especially as they start moving into the internet space, they are sort of thinking about, as I said earlier, tens of thousands and are discovering that they need to think in terms of millions. So the products that we have are designed around that kind of scalability, for example, open DJ being the underlying directory server, we've had tasks and performance cases where it functions quite happily into the tens and hundreds of millions of entries. In general, when you try to move up into this kind of scale, it generally involves implementing multiple servers, working in some kind of distributed environment. And all of the products are designed in such a way to work with multiple servers and distribute the load out. And so with open am, for example, you can have four or 16, depending on how far you need to scale up different servers.
And the, the underlying architecture, all of the servers know about each other and recognize where the load is going to go. And so adding a new server actually adds new load capabilities. It has quite an advanced session failover and session management, so that it doesn't reach sort of a theoretical maximum. You can start adding new servers into that. Likewise, with open DJ, the ability to have a advanced and scalable replications so that you can have multiple servers. Obviously one of the things with directories is that they tend to be read quite a lot more than they are written to. And so there's sort of some very traditional directory techniques where you have master directories that take the updates open DJ supports the concept of multi mastering so that you can scale up and have multiple masters and will replicate to each other. So all of the products are designed for those kind of scale. However, the, the challenge that comes into this is that to many of the customers simply dealing with that level of scale is quite intimidating. There is no silver bullet here. When you start dealing with a hundred million users, or you're dealing with a thousand authentications per second, you need to have the infrastructure, the capabilities, and the, the general, if we can call it the IM to be able to handle that kind of load.
All right, thank you very much. And we have a question here regarding the enterprise block. What are the pros and cons regarding separating the external and internal users? I'm thinking there could be huge different in SLAs between between the two. And let me start that off. And, and Ellen, then I'll, I'll hand over to, to you. I would say that there are more pros than cons, sorry. That was wrong. There are more constant pros of, of separating the external and, and the internal. What, what we've seen through many years is that we have a problem or a challenge within identity and access management, which is very discrete, very particular and, and, and, and, and only really applies to one area. So what do we do? We go out and we get a point solution to fix that problem. Next year, we have another problem and we go out and we get another point solution to, to, to fix just that for only a small population of our users.
Now, what has happened is if we look at at many medium, to, to large indeed enterprise clients today, we do not only have one system managing IAM, and I'm not talking about the different areas, but we have multiples of the same functionalities from different vendors for different, for specific part problems. And, and so what is the issue there? But the problem is that many of these systems can potentially, but do not talk together or, or work together. The, the one issue that, that I'm seeing a lot, when are my clients, is that we have a, a tendency to the guys on the ground, the architects, the engineers, they have an, an understanding idea of how they want to go strategically. It seems that that also from, from the very top level of organizations, the, the, the CSOs and the CTOs have the, the idea that we need to have a strategic roadmap that we need to fulfill.
We want to have unification. We want to have one system, the same processes covering the whole business. However, it really fails when, when we run along, because now there's something that is very urgent. That is either going to cost us money. We need to have a project finished because it inflicts on, on someone's personal performance view in the company. And, and therefore, we, there is a tendency that you jump over where, where it's easiest to jump over and just fix one discrete problem. Now, so what we end up with now are many, many small systems that requires huge effort for a company to, to, to operate, to change. And we, can't only just consider what's going on in our own business. If we only had that scenario, that's fine. But now we are not actually controlling the evolution of how the company operates and what services we need to offer our clients they are.
And that evolution that's happening there is explosive. I would say, obviously you could say that, that there are also pros. One of the most pertinent ones that, that, that I would say is, yes, we have two different systems that are completely disjointed for accessing our information, which you want our clients to get access to and accessing information, which is internal information, which should not come out of the house, but we need to consider that with the level of the systems that we're able to get today, we are quite capable of, of managing that split in, in one system. And, and that's, that's, that's my feeling around it. Alan, do you have anything to, to add onto that?
Yeah. The only point that I would add on that is the fact that I don't see the users as being fundamentally different. They are only different in a when viewed through the eyes of a particular application and sort of going on to your point is that if you try to deal with them differently, pretty soon, there will be another use case where the split between them is somewhere else. And then you have to deal with the problem of having a single user that starts living in multiple for one to read word, let's call it multiple domains. And so I think that it's, it's about keeping things simple. If all users are treated the same, it's easy for us to be able to scale up and let you know, to handle millions, tens of millions or hundreds of millions, because we know how to do that. That just means throwing more hardware and more infrastructure at the problem. Whereas if they are, if we start treating the users differently, then we start having to have multiple different systems where the user is sort of a different kind of user in different use cases. And so I think anytime you start trying to separate your users out, it's going to lead into a swamp as we move forward.
Yep. Thank you for that. And, and actually, I'm, I'm thinking a little bit, you know, to, to, to quote Martin and Luther king, I have a dream that we will not only join ex external and internal users, but, but also actually touching on the point that, that you mentioned with, in terms of collaboration, how do you, or for truck indeed look at the potential of having businesses within the same vertical being able to collaborate on. And I am a solution. And the reason for me asking a question is that I have done a lot of consulting in the financial space. And it's, it's funny when I, when I travel around two different organizations in different countries, and actually noticing that 60, 70, sometimes even 80% of the challenges and the problems that we are trying to solve for each client, they are indeed the same. Would it not be interesting? Is there another possibility that companies could collaborate more on that? And, and, and potentially now we are talking about an open source IM solution, as we've seen with, with Linux and, and other open source solution that you have, shall we say, distributions that are targeted at different business verticals? Would there be an opportunity to, to do something like that with, with, for
Absolutely. I, I think that the, the, you know, collaboration is an important aspect of sort of the pillars that I was talking about in my presentation. And I think that the single biggest problem with this is not technical at all. The single biggest problem is one of, if we can call it political or management acceptance, there is still on the business side, a lot of distrust and, you know, business is fundamentally about competition and not working together. I think that that's a flawed outlook, but it doesn't change the fact that to most businesses they don't work with, they don't work with their competitors, they work against their competitors. And so much of the challenges to getting these kind of collaborative things resolved are changing a mindset. They're changing a, a belief within the management structure and it's, it's slowly happening. And I think one of the things where we're actually seeing this happen is with a lot of the identity projects, especially in Europe that are government based.
So we've got people like the, the UK identity project, the Norwegian citizen ID project, Belgium has a citizen ID project. Germany has a citizen ID. Austria has a citizen ID. And many of these projects, you've got the collaboration with organizations like stalk and things like that, where working within federations, there is this cooperation and, and sort of inter yeah, the sort of collaboration between the different entities. I think the more we move into commercial enterprise, the harder it is to actually get the, the business leadership, to see the benefits of it, unless it, it gives them something directly on the bottom line. So it's a, it's changing a mindset rather than a technology.
So there's a, there's a thought that we can spend the, the next 10 years of, of maybe trying to, to implement, alright, we are shortly coming up on the hour that we have for this webinar. I will just on my presentation, scroll to the last page here, where if you want to read a little bit more about the, the things that we've been discussing today, we do have some related research on our Kuppinger dot com website. For those of you that already are subscribers. And indeed these reports are also available for, for direct download and the numbers that you see correspond to them. So just type them in, we have time for one final question. If anybody has got one very quickly, that does not seem to be the case. And in that case, I would like to thank you, Alan, for attending and giving us a very interesting presentation and some, some good answers to a few hard questions. And thank you to all the attendees that have been here. I hope that it's been an informative webinar and looking forward to seeing you next time and also ensure if you already haven't registered for the European identity conference, please go and do so now. And first BES on me, talk to later and have a nice day where we are.

Stay Connected

KuppingerCole on social media

Related Videos

Analyst Chat

Analyst Chat #125: Leadership Compass Access Management

Access Management refers to the group of capabilities targeted at supporting an organization's access management requirements traditionally found within Web Access Management & Identity Federation solutions, such as Authentication, Authorization, Single Sign-On, Identity Federation.…

Analyst Chat

Analyst Chat #124: Market Compass "Policy-Based Access Management"

Shortly before EIC, Graham Williamson and Matthias sat together virtually and discussed the recent publication of the Market Compass on "Policy Based Access Management". In this episode Graham gives a great introduction in this evolved market segment and talks about hybrid and cloud-native…

Event Recording

Panel | Protocols, Standards, Alliances: How to Re-GAIN the Future Internet from the Big Platforms

In talking about a "Post Platform Digital Future", it is all about a Vision, or better: mission to not let the current platform dominance grow any further and create the foundations for a pluralistic digital society & business world where size would not be the only thing that matters.…

Event Recording

Enhancing Cloud Security Standards: A Proposal for Clarifying Differences of Cloud Services with Respect to Responsibilities and Deployment

Widely used cloud security standards define general security measures/controls for securing clouds while not differentiating between the many, well-known implementations that differ with respect to the Service and/or Deployment Model they implement. Users are thus lacking guidance for…

Event Recording

Panel | Decentralized, Global, Human-Owned. The Role of IDM in an Ideal (If there is One) Web3 World

The Internet had been created without an identity layer, leaving it to websites and applications to take care for authentication, authorization, privacy and access. We all know the consequences - username and password still being the dominant paradigm and, even more important, users not…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00