KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Implementing Identity and Access Management universally across multiple IT infrastructures and software platforms is a major challenge for any organization. To do their daily job successfully, users today expect to get access to information they need from anywhere at any time, regardless of the target system or application. IT departments are struggling to make this access frictionless for users yet maintain compliance with corporate and government-imposed security and privacy regulations. This task is even more complicated if business-critical platforms like SAP are involved – not only SAP has its own security and access governance requirements, it is usually managed by a completely separate team from the one responsible for enterprise-wide IAM program.
Cloud IAM (Identity and Access Management) is on the rise, and it is more than just Single Sign-On. Managing user journeys, directory functionality, access control, and governance is mandatory. Identity and access governance is a key topic in most organizations and, just as with identity provisioning, it does not become obsolete when making the shift to Cloud IAM.
As companies adopt numerous new technologies and establish new communications channels with their partners, suppliers or even customers, the amounts of sensitive information that’s stored across on-premises systems and cloud services are growing exponentially, and the task of managing secure access to this data by numerous third parties is quickly getting out of control. Hence, instead of managing access to individual systems with separate technology stacks, many companies are looking for more universal and future-proof alternatives, aiming for establishing granular, centrally-managed policies enforced across the whole corporate IT environment.
For these organizations, an adaptable Active Directory-centered (AD) approach can address the areas of highest impact. By adding cloud-based access request and access certification functionality to the mix, a company can achieve a basic IGA solution for a fraction of the cost, complexity, and deployment time. This approach also provides the opportunity to expand the scope beyond AD and Azure AD by embracing many non-Windows systems (such as Unix/Linux) and SaaS applications (via SCIM connectivity). Learn how to build a strategy for a modular approach to identity that can be custom fit to company needs, size, complexity, and budget.
This webinar will equip you to:
In the first part, KuppingerCole Principal Analyst Martin Kuppinger will give a brief overview of identity in general as well as of IAM, IGA and PAM strategies, and will look at what every business, regardless of size and industry, needs in IAM.
He will be joined by One Identity Field Strategist Dan Conrad, who will explain how to prioritize IGA capabilities for maximum impact and show why you should opt for a modular approach with AD-optimized tools.
Identity Governance and Administration (IGA) is continuing to evolve through more integrated Identity and Access Governance solutions. IGA products are often required to give deep integrations with other enterprise products and applications to deliver the expected business value, as well as a need for having one interface for IGA across the range of applications and services.
Good afternoon, ladies and gentleman, welcome to our webinar returning or finally bringing identity and access management to the user. This webinar is supported by a tier. My name is Martin Kuppinger of Ko Cole. And with me today is natto of our tier he's the founder and CEO and president and whatever of our tier and will introduce himself later on when he starts this part of the presentation. Okay. So let's start directly before we go into the details of the webinar, I just want give you some short information.
So, and calls Analyst company, we are providing enterprise it research advisory, decision support, networking for it, professionals, both for vendors and organizations for subscription services in our research are advisory services and our events, our main one, the European entity and cloud conference 2012 will be held in Munich, April 17th to twenties. You will find all the information at our website and you definitely shouldn't miss this event. Okay? Regarding the webinar itself, some guidelines you are centrally, so you don't have to mute around to yourself via controlling. These features.
We will record the webinar. The podcast recording will be available tomorrow, latest tomorrow at our the same website. And by the way, also the presentations of both presenters of today, both panels from, for me, will be available by tomorrow as PDFs for download and Q and a will be at the end. So you can ask questions using the Q a tool. Anytime we usually pick up the questions at the end, or in some cases appropriate during the webinar. So the Q and a tool tool questions, and you go to webinar control panel that you usually find on the right side of your screen.
There, you could just end the questions. So I always recommend that you enter questions once they come to your mind so that we have a comprehensive list of questions. When once we started our Q and a session after the two presentations, okay, the structure of the webinar is split into three parts. So the first part will the presentation of me, Martin Kuppinger. I will talk about a change as I am, as undergo, moving from a technology platform to a business tool. And what I am has to provide today, I also clarify the terms we are using and things like that.
Second part and Nelson will talk about sharing the experience and view on how to finally bring IM to the user based on customer reference stories he has. And the third part down will be the questions part. The overall webinar will take roughly one hour, a little bit less than one hour usually. Okay. So let's dive directly the content of the webinar. We're talking about IM or identity and access management mainly today. And about another term I will explain on the next slide. So the question is, what is this about?
When I look at identity and access management, we have to a classical structure. And I think this is a pretty good one still, which is four A's. So the administration authentication authorization auditing administration does about managing the users. So how do I manage all the users, the identities.
In fact, you have a person which might have one or more identities, and which has more than one account for identity, and you have to manage this relationship. And I think this is an increasing interesting issue because managing the users and dealing with different users in a world where we not only talk about employees, but a lot of our types of users becomes increasingly complex again. So we might have solved the employee issue or the employee part, but then we have to think about a lot of other types users right now also indication that's about identifying the users.
So having them log in or sign on to the systems and identifying themselves by a set of credentials, which could be a username password, which could be moral, including biometrics or whatever. So that's the authentication part and authentication could be better or worse. Username password definitely is not the very best approach, but it's a very well established one. So that's second part. Then we have authorization, grinding them access based on your entitlement. So allowing them to access systems, information, all these things, which is a very important part.
And a lot of IM is really about saying, okay, these are the users and how can they access? What are they allowed to access? And are they allowed to do all this part, these things, and there only things about let's say finally understanding what has happened. And then there's another term because entirely related to IM which is I identity access governance or access governance only, or IG as an abbreviation.
So what if this is about, it's about questions to answering, this has become the same, much more return term because the questions to answer are the ones which are increasingly raised these states who has access to what. So if you look at many regulations in the compliance field, that's one of the, the very important things who has access to what, who has granted that access. So these are, let's say very, very important questions there. That's a very, very important part of identity access governance.
However, based on these questions, the field has evolved into, let's say some technologies, which are provided by one is access warehouse, which is sort of understanding which access controls are there collecting the access, the current entitlements from different systems access. Re-certification an element of many compliance regulations, trust the need from a security perspective.
So going through having people, for example, departmental managers, going through the access entitlements, so their, their employees, their, their, their have, and, and, and looking at them and understanding or saying, okay, yes, they are still correct, or no, they have changed and we have to change it in the systems as well.
So access analytics and intelligence is more about, and let's say more advanced, analytical capabilities, access, risk management, understanding what is the risk associated with access and, and acting according to this, because you don't need to have a very, very, very strong access control and everything. Some things are not much as, as much at risk as other things are. And so it's about finding the right mix between these things.
We have the access request management, which is a very important part of it, because what really happened over the time is that driven through driven by regulatory compliance, a lot of organizations ended up with starting doing access for certification. And then at some point of time, they learned, okay, it's quite nice right now are aware of the problems I have, but I can't fix them easily.
So closing the loop and allowing to change access, request, access to make these things very simple from my perspective, also very important part is you also feel that there are some overlap between provisioning on one hand and the light access management on that side and the, the access governance, NT access governance on the other side. And you also have this enterprise role management thing there. So a lot of things in access management are based on roads, but that's more sort of an established construct, which is underlying, but it's something which is more sort of a technology.
You need to do things better, which is not the only technology you need or approach method probably better than technology. So it's also sort of a part of the thing. So that's what we are talking about today. And what we are talking about mainly today is how to really bring this forward so that it works for the business users and not only GI guys. And when you look at what business really wants. And so if you look at our call model, which by the way also will be very important thing in our topic, in our conference, in, in April.
So I think the fundamental two things, business users, one, our business wants to the services, they need to do their job. So they want, they don't want to care about technology. They just want those things, the services, technology tools, the devices, they feel they need to do a better job. That's the main thing for sure. There are some, some aspects like sometimes they like to have a GAT device or things like that, but overall it's business wants to do their job. They don't want to care about it. They want to have a very easy, very simple to understand.
And the other thing is business wants needs to keep corporate information protected, I think is a very important term. It's not about protecting everything at a very high level. It's about protecting it at their level. It really needs. So it's about service delivery and information security, making things easy to use for the business and making it secure.
And that's where really I am comes into play as one fundamental technology, not the only one, but very fundamental one that leads from my perspective to a, to a view, which says, okay, we, we have a three tiered view of it, and that's sort of the foundation of our call it model on top there's. There are the business services, business service delivered. That's really presenting the things to the it, to the business user in the way the business user needs it.
Then we have an sort of an orchestration and management there, the management and security layer, where we, where we provide services, where we orchestrate services, where we procure services from external providers and all these types and where we manage them, where do the accounting and all that type of stuff and where we do information security. And then we have services which come from it, service production. So I want go that get deep into this model. It's a model which simply differentiate differentiates between use, manage and produce of the services the business needs.
And it's also managed model, which pretty clearly shows that the cloud is trust, deployment model. But the reason important point here, this it's about a business services at the end of the day. This model is, or the success of it is based on the fact that you provide the business services, the way the business needs them. And that's also true for that's true for everything you're doing it. And that's true for IM as well. It's about bringing it to the user, not having the user learning it it's about doing it the other way around.
And then also means when we are looking at services, we have different types of requirements and we have non-functional requirements like security, auditability, reliability costs, things. We have to really look at it at, from a, from an it perspective, from a security perspective. But we have also these, the things like features, what are the things the business user needs are they easy to use for him?
So these things are other aspects we have to look at and when doing it, and when looking at business services and, and providing what it needs to provide, then that's a very important element there. So when going to IM and I G we have made sort of a journey over years and I'm, I'm in that industry for, oh, I think more than 20 years right now.
Yeah, probably well, well, more than 20 years. So in the early days, there, there were disparate directories. So some applications had their own user management data Analyst of users, their own internal directory. And so that's where things started. And then there were, let's say more or less at the same point of time, there were two bigger trends. One was the idea of unifying these directories.
So saying, okay, we have one directory and all the applications are accessing this directory. And the other trend was more about synchronizing the information between directories. I think the directory unification approach. So saying everything is in our novel directory or in our X 500 directory or in our, at that point of time in our windows and key domains that approach failed. So there are a lot of very important directories, but we are far away from a directory unification. I think one of the lessons learned is that having only one directory relying only on one doesn't work.
So synchronization is always a part, which says, okay, if I change something in directory, a it should change in directory B. It's a very, let's say very technical thing there. And then we have moved forward. And I think it wasn't the late nineties where identity provisioning came up, which was sort of saying, okay, we have, for example, started. So with the provisioning of an employee day, one sort of thing. So instead of having him, giving him a sheet of paper, it was about saying, I build a process which allows him to get the access he needs.
But even that was in fact, a relatively technical thing in most cases. So it was done by it. Administrative efficiency was one of the most important things when we looked at it. And so things changed over time. And one of the things which came in then, so around, yeah, late, so around 5, 6, 7 years ago, maybe in that area, it really started up, it was adding control. So term of access, governance of GRC governance versus compliance popped up, and it was about really understanding how can I manage this access? How can I re-certify users? How can I understand who has access to what?
And all these things with that was really done requirement from the business side and some of the vendors which came in there really came from a business side and said, okay, that's not really an it thing. That's a business thing. And I think that's there really things changed. And then another learning is that users need to work with these things in an easy way. And so what's next. I think there, there are two important things when we look at what happens in IM and IHG, and one thing is architecture.
So having more flexible architectures, which allow us to, to easier, let's say pick up new trends and moving, let's say closer to the business user. And the other thing is even more and better user involvement. I think there's still a lot of room for improvement coming from classical. It solutions like meta directories. So really making it simple for the end user to do what he needs to do. And I will talk about this a little later. I think that's still something we need to architectural.
I think the important thing is really in most organizations, we have sort of an environment where we have, might have legacy provisioning in there where we might have service desk systems, so systems where we can request some, some access and other systems. But what we really need is, is an upper layer, which is focused on the business use of which prices governance for service, for request simple user interaction that could include the legacy provisioning or the provisioning capabilities. So it could be sort of the integrated provisioning, what, however it is, it could be something different.
It could also use new types of approaches, but what you really need is a is layer, which is focused on the user, which integrates on one hand, was business GRC. So the higher level control we are facing, but which especially integrates with the business users, for their access requests, for them having, managing, managing the access policies, because it doesn't know really who should have access to what it doesn't know about access policies.
So having the business users doing that in a way they can do it is definitely the better way to do it, access analytics access for, and that leads us really to the point, how do you bring these things to the business user? And so I'm looking at what do business user really want from I, and it, I think there are, I've just picked four groups of users and for simpler requirements there. So what is the departmental manager, the departmental manager, what does he want to do? He wants simple re-certification and requests approvals.
So the, the area where he gets in touch with IM and IG is he has recertified once a year, every three months, whenever are these access entitlements. Correct.
And he, he doesn't work with his tool day by day. So it needs to be extremely simple and extremely efficient because that's not his main job. His main job is doing his business, running his business. So that's something he needs to do. And if he needs to do it, if it's sort of a, that really likes to do, then it has to be as simple as possible. What the end users want are simple and fast access requests.
And when, when I look at the reality, still see a lot of organizations which have end users within the department, which are responsible for managing the access requests of all their colleagues, because the tools are too complex. I think it's much easier to have everyone in a position where he can request access and all the responsible first like department managers, information or system owners in a situation where they simply can then approve these requests. So it needs to be simple. It needs to be extremely simple.
I think we have moved forward, but I think there's still room for improvement in that area, the sea level and risk managers, they're looking at quick and reliable controls for entitlements. They don't want to dive into the details. They want to just see, okay, everything is correct. Or we have some issues there. There's an alert. We have to act on this. Also pretty clear business process managers. They want to manage the entitlements, following the business processes. They want to implement the business policies in a simple way.
They want really to, to describe what their business view and really stay in their business view and ending up with the entitlements. So that's what we really need or what really have is expectations. And that's what we, what we are following. I think we have made great brokers over the last year. So if you look at some of the evolutions and then the overall evolution in the market, things really have gone further.
But I, I, I say I still feel that there's a lot of, for improvement in most organization. So what to focus on when, when talking about bringing IM and I to the business user family. So one thing is consistency. What we need is one consistent user interface for all activities, for particular user. So having a business user, using different types of interfaces for requesting different things. And I think that goes beyond access. So if he has to order UPC in a different way than to request access to a system than to, to other request things, then it's not the very best solution.
So having him or enable him to, to use one interface for all the things he needs to do in that area, definitely the best way it needs to be simple, easy to use. And even if it's used only once a year and many things are used only once a year. And then that's where you have to think about what are the paradigms. A user knows, the things like shopping carts, the things like using touch display, the things like following, let's say common designs of applications. So users are, are, are used to work in their windows or in their iOS or whatever environment.
It should be sort of that termin terminology, very important point used terms, business uses not the it terms and functionality. It still needs. That's the other side of those things. So it could be as beautiful as whatever it could be perfect from a, from a usability perspective, if it doesn't provide a functionality, it doesn't make sense. So you still need a functionality. So you need to have this, these things backed up by a strong functionality, but under the hood should be sort of printed bold in the slide processes.
So the processes you have should be implemented compliance requirements, a layered approach from mapping business to it. So how you do you translate these business views into the it thing. There's a lot of under hood, but I think it's very important. And I think we are better sometimes in doing the things under hood. It's important to, to have a simple user interface on top of this. Okay. So that's what I wanted to share with you as thoughts. And I think there are a lot of more things I could talk about, but we have limited time, just a, a quick note.
The PDF versions of the presentations will be available for downloaded the website where you registered for the UN. Okay. So I will hand over right now to Nelson and making presenter and will share his view and sharing the experience and view on how to finally bring I am to the user based customer reference story. Nelson's your term. Okay.
Yeah, there, there we go. Perfect Martin, thank you very much. I appreciate the introduction and, and really great presentation. Everything from access governance to user provisioning. I really appreciate that. I'd like to introduce the company before I get started a little bit about AER corporation, and then we'll get started with our presentation here. So AER was founded in 1995. We're a leader in the identity and access governance space.
We have solutions that encompass user provisioning, password management, compliance governance, and we're introducing risk analytics to the market in 2012. Aira is some great customers from all sectors, small companies like ESPN and I G direct and banking as well as large organizations like DHL Starbucks, 150,000 users at Starbucks, over 250,000 users at Marriott worldwide. And the United States air force with over a million user identities managed industry Analyst and our customers agree.
Avatar solutions represent the quickest time to value our solutions result in the best operational efficiency in the industry because of our graphical configuration approach versus a development approach. And in the future, we're from a future standpoint of view, we're leading the industry with innovative methods and technology avatar is the identity management company with the future because we put accountability back in the hands of the business user. A lot of the items that Martin was referring to is exactly what we do.
So with that, let me start the presentation here, returning identity and access management to the business user. I think identity and access management, as we know it is being shattered as Martin described, there's a big change that's happening.
The, this has to become simpler for everybody to be able to use this. I think a lot of that involves changing the way that we're thinking. And there's a book called the innovator's DNA. And in the book, they talk about some, some key skills here. And I think that this is very important to go into this presentation with these key key items. And that is number one, people need to have the courage to innovate and the way they they get that courage is they have to challenge what they're doing today.
The status quo, they have to take some risk, calculated, risk, smart risk, but they have to take risk and they have to adopt some behavioral skills like questioning, observing what other people are doing. And, and maybe how the business is, is reacting, networking with peers in the, their industry, and maybe with vendors and experimenting with software. They have to take that those cognitive skills and synthesize to create some new inputs, some associated, associating thinking. And that's when they come up with innovative business ideas.
And that's really what this, this core presentation is gonna be around innovation and how we can innovate an industry that's been around for, as Martin said over 20 years. So our agenda, we're gonna talk a little bit about the past, how we got to today. We'll talk about today, briefly on some customers and what they're doing with this new technology. We'll actually show the technology. And we'll talk about where we think this is going in the future and how we're gonna continue to evolve and deliver an even better identity and access management platform and technology.
So in the past, we believe identity management was never intended for it. It it's way it, it was really needed for people to get their job done. And it had to facilitate that. So identity and access management was really the business user needed access. They needed access to a printer. They needed access to applications, and it ended up delivering that to them. Identity management in the past was really about two items control and transparency. And I would say until recently with a identity and access governance, it's been about accountability as well. Accountability is the key factor here.
It's easy to provide control and transparency through just by calling the help desk and having them fulfill a request for you. But accountability is a little bit more difficult in the past. Complexity is the enemy. The solutions were way too complex to really roll out efficiently to the organization. And then obviously for the business user to adopt much less an it person.
So it, people could adopt this, but they typically require programming and development. When we look at a chart of operational efficiency and time to value, and we chart our identity and access management solutions, this is what we saw. We saw that the quickest time to value is for people to keep doing what they're doing today. Use paper access that gives 'em the quickest time to value, and they can have forms.
They can, it's not good. They don't have to change their existing business process. But the problem with that is it wasn't very efficient. So people said, Hey, we can make this a lot more efficient, but to do that, we can do custom in-house programming. So people would try to write their own custom applications to provide excellent operational efficiency. But the problem was the time it took to get from one to the other took too long. So they looked at large, early legacy identity, manage management systems to help with that.
But the problem again was a lot of these solutions were more like buying a custom house and it took forever to deploy these type of solutions. So they, they looked at some legacy identity management solutions that gave them greater efficiency, greater time to value, but to get to the operational efficiency, it still took a, a bunch of development and a bunch of programming to achieve the ultimate operational efficiency that they desired. What we've done at a tiers.
We've, we've really tried to look at the next generation, how do we provide great operational efficiency with a very rapid deployment? When we look at the next generation of identity management, we have to look back at the past. And the past is shattered with people who have deployed their solutions through a bunch of code and script Pearl scripts and, and lots of customization, a lot of coding to get it, to fit exactly the business model and atte. What we've looked at is a configuration approach.
We believe that businesses are all modeled after a lot of things that we see in, in our day to day use. And that there's a way that we can achieve identity and access management without a lot of customization. So when we look at the world today, we see a lot of enterprise applications out there from Oracle SAP, IBM, and a whole host of other people that PeopleSoft, that provide applications. These package applications is what a lot of the core identity and access management solutions provide.
I would say that they, some of them also integrate with homegrown applications, but typically it requires a lot of customization, a lot of time to get those custom home grown applications integrated at a tier. We believe that it's even more complicated than just those two worlds. We believe that there's a world, a new world of assets and physical read sources like your laptop and your mobile devices and tablets and badges and keys.
And then now with Salesforce and Oracle on demand, success, faster factors, Google apps, there's also all the cloud applications what's needed right now is a solution that can sit in the middle and manage this whole mess, but present it to user in such a way that it's very easy for the business to adopt. So when at a tier, some customers that adopted our solutions are customers like intuitive surgical, AJ Gallagher, Miller, cores, and others, to give you some idea of how long it took for these solutions to be deployed at intuitive surgical, they were using another identity management system.
We swap that out in six weeks and they have one and a half FTEs that are managing the solution. In the case of AJ Gallagher, they have 12,000 employees that took about nine months and one FTE, a lot larger business, a lot more control in their environment. A lot more business processes that needed to be defined at Miller cores. They have 9,500 users. They did an implementation with SAP over 200 SAP servers. They have one and a half FTEs managing the environment. They're letting SAP drive the, the actual deployment and provisioning of their solution three months.
And our, one of our newest customers is the United States air force. They have over a million identities over 900,000 groups. Our software's gone through some incredible code scans over 62,000 code scans. And we're one of two vendors on the approved product list within the us air force. We're looking to save them about 173 million in one year. So let's talk a little bit about how we're doing this. We look at traditional identity and access management vendors, and we see our back role based access control.
The problem with this is as soon as you define a role, your business changes or your job functions change, and your role is out of date. So we look at our back as a, a technology that is used and we even adopt it, but we don't look at it as a growing technology. It's a technology that's, that's there and needed for just to get the system operational and get it up and running. We actually believe in a different approach, and that is something we call birthright roles. And with birthright roles, we're giving people just the bare minimum.
They need to get access to the particular department or location where they're gonna be located in our world. We're asking everybody to really forget what they know about identity and access management. I know we have a lot of very sharp people on the phone in a, in this webinar, but we really need to take a radical approach And the approach I, I look to Steve jobs and I look at what he said, AER models, a lot of what we do after what he talks about in, in his environment.
He said, the simple can be harder than the complex. You have to work hard to get your thinking clean, to make it simple, but in the end, it's worth it because you can move mountains. And that's really what we have to do with identity and access management. I believe you can't manage what you can't see. So you need to be able to see your business before you can manage it. And we believe it is managed like a store constructed a aisles. You have the SAP aisle, you have the active directory aisle. You have a, a PeopleSoft aisle.
You may have some in-house application aisles down each aisle at each aisle. There's an aisle owner. There's an application owner within SAP. You could have two sub aisles finance and HR. My question that I pose to the group and to the team here is can your parents order from, can they order something from amazon.com and will it be received to their house? Chances are, most of you are gonna say yes to that. My next question would be, could your children order something from the apple app store? Can they download their application that they're looking for? And most people would answer.
Yes, they can. And in some cases it's a little bit too easy for them to do that. So we believe in our world that identity and access management can be managed like an it store. And what I'd like to do is give a brief demonstration of this type of technology. So over here, we're looking at a screen of a tier's main menu here where I can select a user. I can request access. I can maybe make some user request. I can approve the access and notice it in this screen. I can also link to different websites. This is just a website link, and I can also proxy my authority to other people.
This view, I, in this view, I can drag items around and I can save that. And it will maintain that setting. The next time I come in here, this view is all delegatable as well, meaning that what people see here is completely controlled by department or organizational unit or individual user notice here.
Also, I can close items too, like approve access and I can do a save. So I can really simplify this screen. I can even display the screen in such a way that there's a description next to the icon. So you could describe what you're seeing, what we're gonna do real quick is we're gonna go back into the small view and select a different image user. So right now I wanna manage a person name Walker, Steven Walker. I'm gonna click, okay. And up here, you can see I'm logged in as demo admin, but I'm managing Steven Walker and now I'm gonna request access.
So I'm gonna walk into a store in this case, I'm gonna walk into the entire store very much like walking into a grocery store, but we could design the store in such a way that if a person walks in and they're just looking for produce, they don't see the, the canned goods or the bread aisle or any of the other aisles. They only see the produce aisle. If they're looking conversely for cold meats, and we could only show the meat aisle and, and hide the rest of the aisles. So let's go to request access. In this case, we're gonna see the whole store.
So as I come in here, I can see my badges, my computer equipment, my mobile devices, office keys, mixed in with active directory, Salesforce, SAP, access, PeopleSoft, et cetera. So I'm looking at the store in a, in a very unique way. Now this store's not very descriptive, but I could display the store with actually a description and notice it's a little bit more complicated, but I can even link to batch policy and which I do if my badge is lost.
So I, I can put very good descriptions with hyperlinks and build that into this store. This it store you can think of as a business services catalog. Now very much like Itel. In this case, we have Steven Walker and we're going, going to request some access for Steven. The first thing that we're gonna request, if I go into mobile devices here, you can see that I show the mobile devices and we're displaying this in euros and not us dollars for this demo. But again, I can display this in different views. In this case, we're gonna select for him is a tablet.
So we'll go into tablets and you notice here that we can have this organized by departments as well. So now I could go down staff or it engineering. I'm gonna go into the tablets aisle. I'm gonna select the new iPad three or whatever this thing is called. Now we'll add it to the shopping cart and you'll see the shopping cart gets one item added. If I go into the shopping cart, you can see that there's a new iPad here. I can even find out who the owner is. And a little bit of information about my B my item in the shopping cart.
I can continue shopping and maybe go into active directory or SAP will select active directory. And I can organize my directory by country, or I can show you what we did for the us air force. Here. We have the us air force. We have their headquarters. If I go under that, I can see their bases. So I can go into Langley. I can also give a description, a map of the base. I can go to the homepage. If I go to the map of the base that just pops me into Google maps, and you can see the base there And get address information, but let's go into the base itself and I can add SharePoint access.
So now I have two items in the cart. I'll click on the cart. Here's my windows access. Here's my iPad notice here. There's some information. So I'll click on the iPad and I can actually select the color. I can select the size of the iPad that I want. And actually the provider in the United States we have at and T sprint and Verizon, I'm gonna select sprint and say, send to home and then do a save. So I'm logged in as the demo admin, I'm requesting this iPad for Steven Walker, and I can type in my justification.
Steve needs this to show off to his kids and SharePoint required for time sheet reporting. So I typed in some information here and I'm gonna submit the request.
Now, once I submit the request, these are now off to a queue. Now, in what we're envisioning at AER is that we're gonna make the shopping experience very easy for the user, but it should be just as easy as the experience for approving an application. So imagine here, if I got push notification into my approver application and I was able to come in and see the privileges that were requested and notice here, this changed from 31 to 33, and I'll click on the privilege request and all from an iPad or iPhone or, or mobile device, maybe a Verizon or Samsung galaxy. I see Steven Walker's new iPad.
If I click on that, I get some information here. Add the action is a new iPad. Steve needs us to show off to the kids. I can change the duration. I can look at the workflow that's occurring. So Steve's go, it's first gonna go to this person. And then to this person, I can also find out what color their iPad is and how much memory that they're requesting. Now in here, I can come in here and approve this. This is approved by the corporate Workflow Administrator. Now I'm logged in as the administrator for all workflows.
If I was not, it would go right to M Jones and he would only see approve or deny. But since I'm logged in as the corporate workflow administrator, I see all the workflows for everyone. So I could skip this next approver. I could cancel the request, or I could send a reminder to him, or I could even recover. So in this case, I'm gonna approve this. And as I approve it, the request is submitted and an item disappears from my approval king. And I can look at SAP. Here's Bob Frank, and I can look at his SAP request as well. So we can get that type of information.
So all of this can occur from the convenience of your mobile devices. Let's move back over to the presentation. Let's talk a bit about the, and then we'll open it up to some questions. So in the future, AER sees an environment, an identity and access management environment that is not only cloud based, but multiple cloud based to provide the highest level of reliability and assurance as identity and access management or pieces of that are moved out to the cloud.
We look at identity and access management or identity and access governments offered as a service very much like you by electricity today, We believe that identity management should occur from anywhere, anytime. So very much mobile agnostic. The ability to do it from an iPhone, from an Android, from a, a windows, mobile capabilities, et cetera, we believe actually identity and access management. As we know it is dead.
What we demonstrated today is really not an identity and access management system, although it is fully integrated, but it's more of a two person accountability to existing identity and access management. But it's beyond that. As you saw that we requested an asset as easy as access, and once things are approved, of course, the access is automatically granted. We believe everything is moving to a request and in the future, you'll be buying the best request system.
What's the easiest and most familiar to your users to use, and the easiest for your employees to, to understand and adopt and roll out. Again. The focus here is you can't manage what you can't see. What we believe at AER is that yes, you can have your roles. You can have your R back. You can have your birthright roles where you need them traditional identity and access management still there under the hood, but let's make the business experience. As Martin talked about the business services layer, as simple as possible. And let's the way we have to do that is us as it professionals.
We're now in a new world, we're managing an it store there's items that we're putting on the shelf there's items, we're taking off the shelf, and it's our responsibility to define those in layman's terms so that anybody coming into our world into our it environment understands what they're looking for and what services we have to offer. And that is searchable. And then what we do is we present that and make that available to everybody. So the first step is to define it and put it all into the store. At that point, your identity and access management is deployed. Thank you for your time.
Thank you, Nelson for your presentation on the information you've provided. And for sure we are waiting for your questions. So please enter your questions. I'll make me presenter again in the meantime. So we can pick your questions directly and have an interesting Q and a session at the end of this webinar.
As I said, you can enter your questions, the questions, tools that you go to webinar control panel. And I think that's important thing to really provide us with your questions so that we, we can talk about the things you are, you have in mind and, and provide you with the answers you need. Okay. Maybe one question I'd like to start with from the ones we have here yet. One question is Nelson. You you've been talking about the, let's say everything, moving to a request, but behind request, there's always the fulfillment part, meaning things have to end up in, in other systems.
How do you solve that issue? So really connect to other systems, connect to let's say an order system or other things. How do you deal with that?
Yeah, there's really two, there's a few areas to handle the actual request itself. The, the traditional application access, that's all handled through connector development for your, all your applications, the enterprise applications for in-house applications.
AER has a, a proprietary capability that allows you to integrate those in-house applications with minimal programming in most cases. So that's how we handle the traditional stuff. How do we handle the assets, the fulfilling, the mobile device and things of those that nature built into the system. If we don't have direct connectivity with the mobile or the phone provider, we give you the ability to, to have the request sent to a granter.
The granter is the person who actually either orders the device from a particular provider, or the grantor is the person that takes the device off of a shelf and maybe an inventory person and mails out the device to what we call a recipient. The recipient is the person who is granted access to that device and built into the, the system is the ability for the granter to be part of that. It's a separate workflow step, the, and then the recipient to approve that they actually received the item that the was ordered with the right serial number in the right working condition, et cetera.
So it's really a closed loop system, a anywhere along those lines, there's web service interfaces that would allow you to integrate with electronic data interchange systems or ordering systems, et cetera. So all of that is capable because of the form capabilities that we have in our system. The form capabilities are non programmable forms that you can build them, but they do output into, you can save those forms into HTML and be able to basically add to those forms, any code that you want. So you can integrate those codes right into your purchasing system. Okay.
Another question is, how does user access governance is managed in our tier, or how is user access governance managed a tier? Well, that's great, great question. It's fully integrated into the store. So actually the way the stores organized and the way with the workflows, the workflows derived from patented capability that we have from the actual organization of the store.
And so is the access governance and the certifications we're actually going to be doing another webinar later this year with KuppingerCole on our, our identity and access certification capabilities, product called compliance auditor. So it's fully integrated into the system and we're very excited to, we haven't announced that technology yet, but it is it's touch aware. Martin has seen it and it's a platform independent, so it will run on any mobile device and any website.
So we're, we're very excited to introduce that capability. You'll have to tune in later to see that. Okay. Another question for us a little bit out of, out of topic for, for that webinar.
However, I want, want to pick anyhow, it's around, how do we consider the privileged identity management today? So looking at the BS, the let's say more sensitive accounts, and so maybe last you want to start. And I add my on that.
Yeah, Martin, I can't announce any of the new products that we're working on, but privilege identity management is an area that, you know, a tiers basically doing a lot of the capabilities. I, I would say that we handle the privilege. Identity management is integrated into the fabric of the technology until we release another product. And it's integrated through risk scoring. It's integrated through identifying or excluding accounts from the identity and access governance application and user provisioning application deprovision application.
So we have exclusion capabilities, we have risk scoring capabilities. There's ways that we can corral those accounts in terms of actually managing those accounts that can be done through the system. But the system's not optimized. It's not a privileged identity management system per se, or product offering today.
Yeah, Martin. So I think, first of all, I want, let's say refer to a several podcasts we have on this topic.
One of, one of my, my most important thoughts around is is that over time, you shouldn't end up with having a set of solutions for managing privileged users in worst case, different types of solutions for different platforms or different requirements, and another set of solutions for managing in one privileged users. So bad, we should end up with something which is much more integrated. So overall what I'd like to see, and, and there's still not that much to see. So there's some tendency it's really a tighter integration there.
Currently, most of the vendors is really solve by, by saying, okay, we have this I core IM sub provisioning and then governance features here. And we have some integration with the third priority provision, privileged identity management tool, which is a way to go. I don't think that it's the last step of evolution over time. So I think we should end up as a tighter integration. But as I said, it's a little bit out scope of this session also because let's say manage the specifics of privilege identities, probably one of the, let's say less our users oriented things in that field.
Our, I think these are some short answers in that. So if there are any more questions I'd like to attend is to, to provide these questions. I think it's an important part there to use this Q and a session. Okay. Anything else that you'd like to add to the, the questions we had before or any other things you'd like to, to mention before we end the webinar?
Yeah, I, I would just like to add that. I think it's important again, for people to get organized today, you're managing an it store.
I, I think it starts with the business services catalog. Why not make that business services, catalog visual? Why not layer that on top of your existing identity management system? So that's something that you can do there either through AER or build it yourself or, or contact your existing identity and access management provider. But I think it's very important for you to look at managing things as a store and simplifying the interface in the customer experience.
I, I think AER is, is one step along those lines. I, I think with our latest release, we have the abilities to have favorites like you do in your, your store. We have budgeting. So there's a lot of capabilities that we've done to really beef up our, our business service catalog and store store it store offering.
So again, thank you. Yeah. I think that's, that's an you've, you've racing very important part or topic again, it's, I think it's also about layering things and integrating things and, and for sure build on what you have, but really improve it and, and move to the next level. And I think that's, so my architecture review is about in many cases, not the best way to, to rip and replace, but to add new functionality, to layer things, because also that provides you more flexibility. And that's, I think the same thing you've just said. Okay. So thank you to Nelson.
Thank you to all the attendees for attending this coming call webinar. We will have a lot of other webinars within the next few weeks and months and hope to see you all. It's European at anti conference in April. Thank you. Bye.