Hello. Good afternoon. Good evening. Welcome to our latest KuppingerCole webinar. This one is supported by iC Сonsult, and we're going to be talking about taking identity and access management to the cloud, something highly topical. So with me today will be Dr. Heiko Klarl, who is the CMO of iC Consult Group. And he'll be talking a little bit later after my presentation. I'm Paul Fisher and I'm a senior analyst KuppingerCole. Before we get started, just to remind you of some KC live events that are coming up quite soon, we have on July the seventh, the cloud strategy optimization session ensuring efficient and secure collaboration on the cloud. July 21st, the access management playbook, securing today's organizations, and finally a hybrid event, which is happening a little bit later in September. Which of course, when I say it's a hybrid event is actually our biggest event, the European identity and cloud conference, which is happening September 13 to 16th in Munich. And that, as I said, is our biggest event of one that I'm very much looking forward to personally, just to let you know that we're recording all of the webinars today. So this will be available very shortly after we finish probably tomorrow. And there is a Q&A session at the end of both presentations, both myself and Heikki. And you can enter your questions in the panel to your right, where it says questions at the bottom. There we'll do our best to ask them at the end.
So a quick look at the agenda, I'm going to be talking about some fundamental identity and access management, planning and choices. And after that, Heiko, we'll be talking a little bit more about the insights that he's found from a wide variety of projects that his company have worked on. And then as I said, we'll have the Q&A at the end of all of that. So I am planning and choices. Where do we start? I think probably some of you will know what I am is about some of you may not, but I think it's sometimes it's worthwhile just thinking about what it means for you as a business. And what I am can actually do. If we strip it right down to its core components, we have like four pillars here of the things that I am can bring to your business. Obviously, the first one is access, as I said, they're the lifeblood of modern business processes is access.
If people can't access the stuff they want, then business grinds to a halt, but because we have to then manage that access and we need to audit it, the access so that people and non people get access to application services, machines, and databases, whatever they need to do their job. So without access, nothing happens. And without secure access, as I'll say in a minute, then the business is at some risk compliance is the other good and great reason. More and more regulations are coming on top of the ones that we already know very much about like GDPR, et cetera. In the United States, there is another legislation that is soon will be in, in law for companies that wish to work with the department of defense and they have to prove that they are compliant. And the interesting thing about this is it's a binary choice.
They either are, or they're not. So if they fail the compliance test, then they can no longer pitch or for contracts. So compliance is extremely important and access that is unauthorized could easily bring organization to conflict with those compliance regulations and could have knock on effects, how the business is conducted. Security is fundamentally important. We have to prevent unauthorized and malicious entities from gaining access to our secrets and our networks and without a robust identity and access management platform. It's very hard to put that security in place. And it's also hard to get identity and access management or identity and access to work with the security tools that we already have in place. And finally, efficiency is something that is not often talked about when we talk about identity and access management, but any process that improves access, compliance and security is going to make the business more efficient.
So it's another hugely important part of getting identity and access management to work. So rationalize user access and faster data flows are going to improve the efficiency and productivity of your business. So it isn't just about security. Isn't just about compliance. It is actually about making the business better. And I think it's always good just to think about some of those four pillars of what makes IAM important and a very simple diagram here of how identity access management works. Again, some of you will obviously know this, but we have on the left there, all our digital identities. And we increasingly at KuppingerCole about identities rather than people and things because it's identities that the organization is going to have to deal with. And it's all identities that identity and access management is dealing with privilege, access management and identity governance. And, and those systems don't really know or care about who or what the identity is, where they need to know whether that identity is allowed access to certain things.
So our identities can be things they can be objects. They could be even a cat. I haven't yet seen a cat in working in the environment, but it just you'd never know what identities might be wanting access to your organization. So we have all our digital identities on the left there. And then I add the systems in the middle. We'll either use case they use biometrics or old, good old fashioned passwords to allow people to get access to the digital resources on the right, and then buried within identity access management, the all-important analytics service. So that's a highly simplified version of how I am works, but it actually just gives you, I think the takeaway there is think of identities and think of resources and how are you going to get the right identities to the right sources, resources in a secure manner.
So if you want to get started on an IAM project, we need to think about what is the outcome, what do we want to get achieve from identity and access management? So you need to think about, you needs to get a bit granular. You need to think about the usage. You need to think about the applications, the services, databases, and other components that you wish to be connected to the identity and access management platform. And it pretty much would be I imagine almost everything, but there's a great opportunity to audit and think about what you want to connect to what you want to protect. And then you need to think about the types of users you have. As I said earlier, think not less, less about users and more about identities. Think about your architecture. You're going to have all sorts of architecture in place.
You may have a totally cloud environment. You may have a legacy architecture, and you're going to have all sorts of devices and points the different architectures and of course, cloud within that. So you need to think about your architecture, how I get the access management is going to sit within that. And you might want to think about maybe changing things, but the most important thing is making sure that I am where however you choose it, whether it's on premises, whether it's in the cloud. And it was a managed service that it does work with your architecture, then you need to think about the best practices. We're moving from a world of administrators, controlling identity, access management, solely and more into a world of end-users having access to IAM lines of businesses. Having access at, I am given a bit more trust so that they can manage identities in their own line of business.
So you need to then educate your stakeholders, users, and managers on best practice for using IAM and then document the design process and think about how you're going to measure the efficacy of identity access management, what is in place. And by that, I mean the security analytics, but also the compliance analytics and the business efficiency return on investment and time to value. All of those things are hugely important, not just with IBM, but with any major application such as this, and then finally prepare a roadmap for, for your IAM journey. So define the steps and who's going to be responsible for each one of those steps towards your desired outcome. And the desired outcome should be more efficient, more secure, more compliant, but also the desired outcome should be the right identity, access management tool for your organization and how you work, how your users work, how you connect to things, how you connect to all sorts of identities.
So there are different choices, deployment choices of identity, access management, and that leaves different responsibilities for different stakeholders. So if we run IBM on premises, then you, the client is going to be responsible if we run an infrastructure service and the provider and software service and so on, as you can see, as we move to the right software as a service, or I guess D as a service, eventually the provider is going to be responsible for nearly all the technical details. So the infrastructure, the operating system middleware the application and maintenance most importantly, and the only thing the client is going to be responsible for is the actual users and the data and the access on a daily basis. So as you'll find out later are now different choices. You can run on premise. You can run in the cloud as software, as a service, or you can even have it as a managed service where everything apart from data and access is looked after by a third party.
So this is a slightly more complicated framework for how identity and access management sits within an organization. And we call it the identity fabric KuppingerCole, as I said earlier, we're now starting to base everything around identity and identity and access management obviously sits within that. So you can see on the left a more expanded version of what I showed you earlier. So we now have consumers in the mix, something called customer identity and access management. Whereas consumers are now welcomed into organizations, infrastructures into things like social media, but obviously in areas such as e-commerce, but also in things like market research and giving customers access is obviously a business goal. It's good for the business, but it's also a huge risk because we suddenly got identities and users that have never been part of the environment before we now have partners vendors also looking to access organizations and so on.
And then of course we have our employees that were using directory services or active directory, et cetera, devices that are all being brought into the mix. Things. We have a car that has no cats this time, but we have more seriously. We have things such as cars, software robots, software itself is, is needs access to application into application. You'll find in areas such as dev ops, that applications become an identity in themselves. And software becomes an identity and that software needs access to other pieces of code and so on. So you, that's a complicated frameworks, a complicated set of identity challenges there on the left. But within that, we are seeing new identities, new capabilities. So we have identity. We need to manage identity life cycles. We need to have identity betting relationships between identities adaptive authentications, so that we have a much more fluid and way of authentication for identities privilege.
Access management is becoming more important, especially as I mentioned earlier, with things like dev ops, where the traditional idea of privilege access, where it was simply for the administrators to do maintenance, et cetera, is changing quite rapidly into an environment where privileged users are those that need access and need access quickly to certain files, certain databases, they need access to things like social networks, social network feeds, which are also privileged because of if the wrong people get access to a corporate social media feed, then that can cause re relation, sorry, relationship problems. It can cause marketing problems and, and all of that. So we're seeing within that identity Federation, access, governments audit and reporting and so on. And then right in the heart of that, we have identity management service, the authentication service, access management service, and access governance service, which all becoming part of our identity and access management mix. So you can see that it is a complicated schema and it's a complicated thing to set up. And which is why we're now seeing different ways of managing this. So they can be on premise and be cloud, or there can be a managed service.
And then finally the technical architecture is changing. We're seeing much more with containers with microservices, with Kubernetes and all of those things. And finally out there, we can see how have access to the cloud partners on premises and embedded code. So that's a quick overview of how we see identity, identity and access management fitting within what we call an identity fabric. So assuming that you, and this is what Hy-Ko we talking a bit more about, but you figure off the same. Some of the challenges you've done, your roadmap, et cetera, you might think that IDASS, or as a S identity and access management as a service is the way to go. So here's some of the, the strengths and challenges of that. Some, a few things to think about, obviously you should get best of breed approach, which can be consistently implemented. A provider will, should be able to pick and choose the best component.
And they should be able to keep those up to date. There is in, should be reduced total cost of ownership. There should definitely be reduced levels of training, but there should also be more potential for scalability and scalability and speed, better interoperability and integration, but also support for all the things I was talking about just now, such as cloud microservices, container native, and much more flexible. On the other hand, you've got to think about how IDEXX might fit in with your legacy systems. Your legacy connect is some critical, critical functions are going to be outsourced you. Some parts of the business might not be so happy with that. You have to make sure that any service level agreement is absolutely critical. And that, that is really, really important to think about. And that includes who is responsible for what, what if the worst happens? What if there is a breach, et cetera.
So think very carefully about any SLL with an IDs provider. Whilst we said that reduced TCO could be a benefit. Don't make that the main driver for IDs, make sure that you get the right solution and not one that is just cheaper than if you did it yourself and make sure it meets the desired outcome that we spoke about earlier and meets our four pillars of access, security, compliance, and efficiency. So those are the challenges that you as a customer have to think about as much as the strengths that you might get on paper from IDs.
So just to wrap up my part four takeaways to remember about some of your choices here, first of all, understand what identity access management can bring to your business and what modern identity access management can bring. So, you know, we're talking about the state of the art here, the best of breed components, make sure you establish or decide outcomes for any identity and access management port up number three, create a technical and business roadmap for implementing the identity access management in your organization. And for ensure that you understand the deployment choices for identity access management that you have before you make that final decision. And finally, you can find out when you get the slides as part of the package, you can click directly on this, and that will take you to an excellent introduction to identity and access management written by our chief Keef analysts, Martin Kuppinger, and that's on our KC insights page on our website. So with that, I'll hand you over to Heiko.
Oh, Thank you. Poet hybrid model, when it comes through today's webinar, the IBM cloud journey. Thanks for the pretty good, good starting presentation. Paul was very helpful and gave him a lot of insights to the, to the audience. I'm Heiko Klarl, the chief marketing and sales officer for IC consult, and I'm responsible for helping our customers moving there. I am to the clouds, finding the best fitting solutions to their challenges. And during the last couple of years, we have been faced various customer discussions and various customer projects, which we have successfully delivered. And so we compiled the best practices and the learnings we had for various projects into the I cloud journey that should help you to ease your past to the cloud and give you on very good understanding what's what's needed.
I I'm starting with the last slide. Paul has shown cause it's in very good, good starting starting point. Why is Paul has spoken on all four topics? I would focus on the last two. So that's creating a technical and business roadmap for implementing IBM in the organization and ensure that you understand the deployment choices for, for IBM. So imagine you're an IBM project manager or am project team, and the decision has been made to move your new IBM system for the cloud, but honestly what's needed for a start. So within your organization, you all have been off my very successful it project minute manager, but it's always the first time and Ben you an I M project for the first time, you have to get a lot of knowledge to start it successfully. And we would like to give you some insights on what, what is needed for a proper start and how can you have a jump start that rocket start, whether you are an experienced it project lead barrier, whether you are experienced project manager or whether you are, whether you probably have some IBM background, but just want to have a refresh or recap what's important when it comes to moving your business
To the cloud,
We have defined three pillars and I'd like to start with the first one. That's the so-called I am. How does assessment? So as poet said, basically it's very important to assess on what's really needed to move forward for the new I am sister and in touring, a lot of of projects we have come successfully delivered in the past, the combined standard solution packages, helping to be an enabler for your, I am initiative by providing a roadmap, which is often very important by providing recommendations from a business, but also from a technical point of view and finally a TCO calculation. And basically the idea is behind. If you have walked through an I M assessment, you have everything at hand to go to your management, go to your steering committee, to go to those people who are approving your, I am project, present the results, and then you're ready to go.
This is the ambition. And I am cloud assessment would always have that's the first step of an attorney be learned through to various project structure. The IMF initiatives are more successful. And so it's very, very strongly recommended that I am teams, especially for best practices and recommendations. So it's not, not needed to reinvent the wheel all the time. You can rely on the best practices from systems integrators like ourselves, but also for, from analysts like KuppingerCole who haven't good view on the industry and are basically collecting this best of breed approaches. I say it's one of our practice leads for the business consulting area has a very, very
Good, good quote.
He says only those I M program programs will achieve excellent and will be successful when they have started to the readiness assessment and a strategic planning phase. So it's always, you have to think about what you would like to achieve, achieve. You will have to work on it, whether it's an waterfall project or whether it's an HR project. So if you don't have a vision, if you don't have a plan, if you don't have a roadmap it's just starting and working around, but you will lose the focus. So basically from an starting point, first of all, you have to gain the approval for your, I
Am project.
Then as an expert step, you have to plan different phases and deliverables. That's very important because I am projects are always integration projects. So you can't finish the project alone with your team, with your department, you have a lot of interdependencies to other departments, to other teams in the sense that they have to give you access to their applications, that they have probably to change something in their application, that they have to provide requirements or that they have to provide insights on how the system is actually working. And so basically it's a big collaboration approach and you have to get everyone aligned to run finally, an effective I am program and to move forward step by step.
Yeah. So it's important to come from the vision to enrollment. And then finally to think about the architecture, what's the right B to deliver your, I am. Paul mentioned that advantages and challenges from standard IDAs offerings. Now, every vendor is offering into the market compared to on prem solutions, probably compared to own build solutions or what you have already. So we often see a mixture of our customers having something in use, whether it's an official I am or an official one, meaning you have a brown fetus scenario where every now and there is probably some functionality of an IAM system implemented, but it's not unconsolidated overarching approach. And last but not least, there's state implementation. And then they're on face off the walls. Basically an IMS assessment should cover. If you're starting one parts of the vision, the roadmap and parts of the architecture, why does it only include parts?
So basically division has also to do with your business vision so you can generate the vision before and then you can start the roadmap and shape the roadmap according to your vision. And basically the architecture has always high level architecture pieces and very low level architecture pieces. I'm, I'm very sure that it's important to have a good understanding on how should the high level architecture look like. So it'd be moved to the cloud, which are the leading systems. How is the, how are the data flows and all that stuff? I think it's too early at this point in time to discuss low level architecture decision, they are probably far better when you do it within the implementation team costs, but then the implementation team you'll have the experts for the separate products, offering identity and access management. And then you can really find the best fitting solution fitting to the approach, a product you have decided to go for the, I am assessment.
I said before, should give you everything to move. I forward to the cloud. So if you're starting in assessing your, I am vision, if you are starting in assessing your current landscape, you should take the following with you. So basically try to use a standardized approach. So whether it's some, some approach provided by us, or if you rely on the protests that are drafted by analysts like coping KuppingerCole or last but not least, probably your company has its half and standardized approach on how to draft and start the project. So in order though that you do not forget, and the thing which is required move forward, you should be able to cover Greenfield and brownfield scenario. So Greenfield is when there is no, I am at all. That's often Ray out because there is often some legacy. Some I am sex is half bit up by some departments kind of shadow it or it's brownfield. So we mentioned the customers, or probably reflect that as Mel who set up an IGA solution, five years, 10 years, or 15 years ago, there might be the need for an renewal in order to support new cloud applications in order to provide new standards or trust to decrease costs by reducing maintenance, by reducing development fees costs with an legacy solution, you have always to implement adapters by own versus combined to a new one. You get probably a standard integrations to various of state of the art systems.
You should become a, you should get some expert recommendations for your IBM cloud journey. And last but not least the I M assessment will deliver you a complete I roadmap for your cloud migration, which means also including the transition plan and the timeline transition plan is very important when you are working in a brownfield scenario. So then you have either through half a big bang transition, or you have a smooth transition, but you have to orchestrate or the projects and sub projects, and then various sophisticated manner that it works out last, but not least, especially probably your management wants to have those numbers to a TCO calculation, but the cost was three to five years period in order to be really able to compare various offerings, because it's always a mixture between consultancy B, between the work you're doing yourself, the license, or a subscription costs to the vendor, probably some maintain and support and integration fees.
And, and so on. I know doing a TCO calculation might be some sometimes cumbersome might be sometimes very difficult and probably sometimes it's just unrealistic to get all the numbers. Then it depends on you try to evaluate your budget and at least to, to produce comparable figures. So if you can't get all the costs within the organization, then you can at least compare things, you know, so in your operations teams are currently three persons working full-time for, I am. So whether, you know, the costs of them or not, you have it's three FTE working for that. And so probably you can find a way around in order to get those comparisons.
When you are moving to the I, I am assessment yourself or working together with us. We have basically a couple of views, which we are normally investigating. That's the process used to ensure that all areas of identity and access management are covered. That's the project approach and figuring out what is needed and what's not needed in the project. And at which point, the time combined with them kind of capability maturity model. So everyone wants to have that a hundred percent. I am solution, but probably not. Everyone needs to a percent, some areas are more important for you than others. So if you have as a business drive, for example, risk findings in the ITA space, then for you, it's very important to get away from the risk, get rid of the risks from your compliance findings list. Then you should probably focus on those systems who are affected, have an understanding very, you have to increase the maturity of your current solution or the future solution in order to fix that. And then you can decide all the areas of IBM. You would like to work on within your roadmap be today, tomorrow, or probably in the next year. And also that defining project phases as said, I am projects are very collaborative projects. So please ensure that all your peers have it on the radar that do it in that they consider their deliverables to be provided to you in their budget and time planning.
D I am child assessment that was compiled by us, basically contains the readiness assessment. So basically helping you to understand, are you ready to move to the cloud? So there might be some companies who aren't ready yet. So if you don't have a challenge strategy, for example, if you are a company that is restricted to two critical infrastructure to the other rules and regulations, so there might be valid causes that you have to say, I have to do it on prem icons, go to the cloud. And it's important to get the understanding, is it allowed or is it not, especially as you might have a couple of different voices within the company that some are very proponents of a cloud strategy, some are opponents and are a little bit hesitant in order to move things to the cloud and you have built to department get the understanding.
Is there a pro problem? Is there a blocker or I am, I'm ready to go do an assessment of the existing infrastructure to understand what's what's there and what has to be integrated to refu of the technology landscape to get another standing, which systems are used within your infrastructure, and then start to put Highlander and migration planning, just to figure out ability to work out or not consider multi region requirements in designs. When you are working around the bird, and that's often for the access management piece, the case, then you have employees, partners, or customers in Americas and Europe and Asia, and due to different requirements. For example, for our legal requirements, you have to follow the SOC Chinese cybersecurity law. So basically you will have to have a dedicated instance in China. So what's happening when your ideas provider doesn't provide any solution China to that, are you compliant to the cybersecurity law when you're hosting your Chinese employees and customers within an Europe or American instance will relate to work out from a technical point of view when it comes to latency and run times.
So it's very important to get an idea from the first beginning, where in the world are your customers are in the world or your employees and partners and audio technical identities. And is there a need for a mounted region set up? And of course, considering every other special requirements that are probably just known to you in the company, some of you may say, okay, comb, that's all good, but I want to get started right now. I don't don't want to do the assessment. I like the implementation stuff. Let's let's go on. Okay. So customer is king. I is Abe. I recommend at least to do an assessment, but if there are this there a big pressure, and if there are requirements, you have to start at least investigative workshop. We have personal experts, workshop where you and your team investigate, what are really the main drivers and the key objectives for your cloud migration to get 3d and understanding from that collect all the dependencies for the cloud migration.
So impact on legacy systems and technology dependencies to an assessment of your business processes and ref you of the solution currently in use. And I said, check the regions. You have to use around the world in order to be safe. I said, that's not the best practice. So it's recommended to start with this compact workshop and then continue working on the oil deliverables from an IMS assessment. But if it's causing really pain and you have to make some resides, or probably you have to prove to, to create a proof of concept, then at least a workshop with this kind of agenda might be very helpful in order to shop your minds, to get all the main, main key objectives and dependencies. And in order to generate at least some structure for the next, next steps going on.
The second part of the I am cloud journey is when it comes to implementation and finally to, to the operations are fully managed services around identity and access management systems, and does provide us, we call those for managed services. I am cloud ops. You run successfully standard Ida's offerings. The next slide, which on a couple of challenges you are probably faced with, excuse me, faced with standard Ida's offerings. So basically all Ida's offerings are promising a short time to market. However, you have to get up to things, things, right? So there is always a piece of implementation. There's always an architectural piece at best practices to follow. So despite the solution is there in a second, you have to do the integration piece and you have the integration piece following big, best, best practices. You have to let it challenges to leverage the value of Ida's providers for the whole enterprise.
So you pay a yearly subscription, you pay probably a lot. However, you have to get all the menu into your organization. So why didn't you features being released continuously in the ITEST providers? And that's the paradigm of Ida's. They are bringing features every, and then, so we have far more faster paced delivery process compared to on, on prem soft, wherever you have probably one big release or a year, or just every two years make a continuous usage of new features. But how do you cover those and how do you get the value from those those features? And what happens if I am, does not work. So if you have problem in integration and that's always the piece, all those interest listed our vendors, we are partnering together. We try to talking about the leading. I am vendors in the market. They are in alphabetical orders so that no one is pushed to the first place or the last place.
And they are all providing a standard Ida's offerings. However, you need those, what I said too, in order to overcome the challenges you provide a loan, I was consulting for a kickstart for all those providers. So you have a clear yeah, plan. What do you need? How can you start with dedicated standardized packages? That's very important for them. I had a solution as well as to have a dedicated service delivery manager. So someone who ensures that the service is delivered when it comes to the project piece. So when it's working with the implementation and the integration, when you're connecting all those systems, but after that, when it comes to runtime, you have to have a tight integration with your it landscape to have really the highest value. If there is trust every now and then system integrated, and you have a loosely coupled I am system, some are covered by that a solution to some or not.
You want X, you will experience a bad user experience and have a need for 24 7 services and support for what integration. So, as I said, I am, does not work. So you can be sure that the itis offerings from those vendors I mentioned will be up and running or at a time probably there might be a downtime for a couple of minutes or something, but at the end of the day, they are in charge and they, they are in control of their environment and you can rely on their SLS and KPIs. However, you will experience as an ism manager all the time that someone is approaching using my, I am, does not work. I want it to look lock in it to myself, sales force into my office, 365 into my conference. And I got an arrow icon to my possible reset. This does not work.
If this does not work. Basically if you check it back with your writers, providers, everything will be fine. So those services will be up and running, but the end user, that's still a bad ex bad experience. So this is where our 24 7 support and services offering comes into place, helping you to cover the application integration support piece. You're a Salesforce administrator. It's changing an end point when your asset P administrate, that is changing the data scheme. So that provisioning doesn't work anymore. When your office 365 administrate traitor limits your access for provisioning and you can't update any, any identities anymore, these are real challenges you are faced with and the bigger your enterprises and the bigger the connected applications are, the bigger, the problems and the amount of requests and tickets, maybe. So please be aware of this and please have it in mind to establish those, those structures.
You can build it up by yourself. Then you have an probably best of breed approach within your organization. You have some people train for implementation for the 24 service, 24 7 service piece for the continuous integration of new features. Or you can just rely on the full managed services providers like ourselves saying, okay, I C I M as a kind of standard offering, there are people out who can run and manage and implement. I am far better than I do. And I'm happy just to get the contract with them, having a subscription like with the Ida's providers and happy having an up and running without being worried or part-time.
However, there is a such scenario when you, as a customer are a bit hesitant to move to standard Ida's offerings. When those are not fitting really, really better to your requirements. For example, you are a very big international organization with complex and demanding challenges and, and use cases where you have those region assignments. I said before, you are having a spread installations all over the road from Americas through to Europe, to Asia, when you want to rely on market-leading products on prem products, or probably if you have already bought an on-prem version from four shock ping identity, you will one identity in the last couple of years, and you just have to run it for the next couple of years in order to justify your business case. Then we have a third pillar that's service layers. I am cloud ops service layers is our broad brands for identity and access management as a scalable managed services.
And what did we do with combined the best of both worlds, the best from Ida's providers and the best, the best from on-prem software, we combined it. And so we took the best of breed products from the market fitting for this purpose to solve. The vendors mentioned below we, we are falling more in paradigms, like infrastructure as code and configuration as code and a hundred percent automation approach. So within our service leaders, we were able to provide identity access management as a managed service, without reaching the borders we can do on deployment, often production ready. I am stuck based on this product, but in a couple of minutes, following a highly automated approach, and you can do it into your own cloud. So we are very independent of spended Ida's offerings. We can deploy it into your public cloud, be it Amazon, Microsoft issuer, or the Google cloud platform.
We can do the deployment into your data center. As long as you provide us a managed Kubernetes interface, and we can host it ourself within our service layers, service layers cloud, which is based on the Amazon, AWS. This has the big advantage from you when you're using your cloud out, stack your virtual private cloud rooms. That those are exactly following the compliance requirements, the security requirements, your security has raised your corporate, that he has graced according to those offers and the way dater and audit functions belongs, excuse me, belongs completely to you. I want to give you some more details on the surface layers layers piece, which is basically, I said, it's falling modern paradigms, like, like chips. It's a perfectly fitting venue or want to have on the one hand, a best of breed solution approach and the actually agility based on continuous delivery principles. So if you have a dev sec ops teams with a lot of developers who want to interact very quickly, then it's probably a debate to, to go for. We have one, a very big international customers utilizing the service layer stack and what to get put in service leaders. You see that the bottom right of the page, you get the free paid and CICT stack. So you do not have to take care about that's the piece of reinventing the wheel to build up the build NCI stack. It's based on an IBM product.
It's based on an M product that is proven in the market. It includes security and order security and pen testing assessment. It brings it a 24 7 monitoring support and operation. So you can rely on a software stack. That's just working and the top on it, of it. You have additional custom features supporting your I am product and your, I am a project by providing application on a portlets allowing your, I am business owners, your application owners to access services in integrating applications by themselves. We have been working for our customer, which who has given us really great feedback, and obviously to speak to Dimitri. I'm really excited on how happy is about the solution. They had compliance findings and risk findings in, in the first person. So the customer has to get rid of those findings within one year and be contractually agreed to migrate thousand 600 application in one year.
And do the math thousand 600 application are a lot of work. If you do it manually thousand 600 applications that are a lot of work. If you talk to every application owner, giving them a briefing with the migration to a debriefing and so on, it's metal consumed an incredible amount of time. It costs you an incredible amount of money. That's nothing, no one wants. I figured. And that's probably it wasn't nothing. No one wants really to deliver cost. You will need huge amounts of consultants to the job in order to, to achieve that. We used our application owner portal, allowing application owners to migrate applications by themself in a self service approach. Then the application is basically fitting to more than authentication standards, like open ID connect or a Wells two. And we managed to migrate more than 80% of the thousand 600 applications in a service model.
So it was very, very speedy for the customer. The experts, the consultants have been able to focus on the legacy application that needs really a lot of technical approach that needs more architectural thinking to find that solution. And at the end of the year, we have managed to migrate more than 2000 applications successfully. So this was a very big and headphone approach for the customer in order to provide this kind of divide and conquer approach. Because within the company, there was kind that a fan community was, was starting. So other applications owners have seen, oh, this migration has been running very smooth with my colleague and now he's integrated in the assets. Oh, my, my users still do have their own password and are always complaining. Why, why we are not already integrated into the SSO, that they had a lot of benefits to move it forward and based on the session. So is that pros approach they had not had any dependencies to the project at all. So each application owner could find the best point in time when doing the migration, which was really a big, big success story. Basically. That's from my end, I'm happy to answer your questions and back, back to poet. Thank you very much.
I go, thank you very much for that. Excellent. So now we know that we have more than one choice for identity and access management. It's time for questions. If you already, can you hear me? Hy-Ko I'm ready? Yes. Okay. So w we have a question it says, apart from the vendors mentioned, have you any experience with Azula or AWS? I guess so, I guess. Yeah. Does, does that make sense to you?
It does make sense to us. Yes. We have assure as well as AWS, but also as combi has, of course built in. I am an, I am features. What we see is that it's sometimes specific to the use cases the customer wants to implement. And on the other end, there might be some limitations in the scope in this ends of who provide the proper user experience. You have to add some additional work, so at some customization, but for basic use cases, those are of good enough considered please, if you have an hybrid cloud strategy. So when you're not using Azure, but Amazon, and in another region of the world GCP tool, then you have to combine them somehow that could work far, far better, better standardized projects, product preaching the gap between the, those different providers. But as I said, it's very depending on your, on your challenges, and I'm happy to connect you within some of our issuer AWS experts. Afterwards, my email is on the, on the slide deck, it's Hy-Ko dot cloud as econsult.com. So feel free to reach out to me at any time, and I'm happy to have a deeper conversation on that.
Great. Yeah. Well, I, the, this account quite read the, the name of the question of that, but obviously you're listening, so please do get in touch with Heico directly. And he can tell you a lot more about your particular area there. You mentioned the service layers approach, is it right? That you can deploy into our, sorry, our, the question is saying our cloud, but into a customer cloud.
Yeah. Th that's that that's right. That was one of the design principles we had in mind when we were creating the service leaders approach. So we've seen that customers won't have the last word that customers feel sometimes better when everything is on prem, even if it's their virtual cloud instance. Cause all the governance and security regulations are applied to and the customer has probably sometimes offer them a better, better experience. So we know customers that have a direct connect integration between their data center and Microsoft Azure or AWS. So ensuring that they have really a traffic priority, but when it comes to very real-time specific in the extras, for example, in the access management area. So there can be a lot of advantages to provide it directly into the customer's cloud last but not least when you are a big customer, you get really good positions for cloud space at Microsoft and AWS. So does this also have an a on a, on an advantage from the pricing point of view?
The question here is they're very interested in the clouds assessment, but they have well, very specific needs. So how, how flexible, I guess is the question, is your assessment.
Yep. I understand. So basically we drafted the standardized packages in order to have customers to have a trumpet and rocket stop. So if you're not an IMS experts, you are off not in a position to ask the right questions. So if you have a standardized package, you can rely on, you have a trustworthy, the provider or systems integrator who can say, okay, I don't know every question I have to ask, but there are guys out there who have the questions and which can help me in creating the answers for it. This was the intention of these standardized packages for the IBM cloud assessment. However, of course there are customers who have very specific needs who have specific requirements. And at the same time, they have often already a very good background on, on their vision of IBM and what they are heading for. And we are, we are happy to, to, to draft and work on, on kind of individual customized cloud assessment, especially in order to cover those, those demands. And I've seen that for customers, we discussed, for example, solutions within China. So then it's of course a bit out of the standard and you have to have a good understanding what they are looking for. And yeah, that's doable.
Yeah. Sort of related to that, a question here that says, do you have any restrictions on certain cloud providers and you mentioned above, and it says, can you run SL on any cloud that provides Kubernetes, for example, Alibaba, Yandex. So I think you kind of answered it just there.
Yeah. I'll answer a simple, yes. So the common denominator is the managed Cubanitos so it would work on the Alibaba cloud and other cloud systems too.
Yes. Okay. Thanks Stefan, for, for that question, sorry. Th the, the, the panel is very small. I can't read it very well finally then why some people said, why do I need to do this? You know, why do I need to get surface layers on top of standard IDAs? Because they're saying, well, that's what I would pay them to do. So what's, what's the advantage.
So th th the advantages it's gives you already possibilities for a customized solution. So when on standard, either solution, you have to follow the best practices from your vendor vendor. That's good. If you're happy then with the standard features, that's not that good. If you want to have a tailor-made solution, I compare it always with the church like this one. So you can always buy a standard shirt to be cheap. It's looking good, hopefully at least, and it's doing for the day of your business, but probably when you have an very special event, like your wedding, also, you want to have something extraordinary. You have special custom requirements, and you want it custom fit match in your body. And then you you're buying a tailor-made shirt. And that's what goes for writers too. So if you are happy bit standard features that are provided by the standard artist providers, if you do not have special requirements with data re residency with international mobilization.
So we need to not need, have no need for a cover in Russia or China. If we do not have the need for big customizations, if you do not have dependencies to your products like connected cars, for example, then an Ida solution might be a very good fit. However, if you have dependencies in that area, as I mentioned, then you should think on what are the consequences spend by itis provider, for example, that pre-K, it's one of the API APIs, which have been recently built in, into my connected car, which would be 10 years on the road into my fridge, which will be any years, 15 years, and the kitchen of your customers, what happens and how do you incorporate this need for change into your end to end product chain? It, this could be far easier when you're completely in control of data, of functions and of processes of your whole item system.
Fantastic. Well, we're nearly out of time and that's actually all the, all the questions that we've got for you Heiko, but please follow up afterwards, directly with Heico. If you want to ask you more about service labs or the other services they offer, but don't forget also that you can find more information on KuppingerCole website. We also have a white paper coming out very soon, which we've done with IC consult. So look out for that, but in the meantime, let me just thank you all. We had a great attendance today and we had some great questions. So I think that is Testament to Hy-Ko's presentation. So thanks very much for being here today and thank you all for watching. So until the next time, have a great evening afternoon, morning, whatever there is in your part of the world. Thank you.
Have a great time. Thank you. And thanks. Porwal
Okay. Bye-bye bye-bye.
