Webinar Recording

Using IAM Technology to Protect Information, to Defend the Brand & Increase Business Productivity

Log in and watch the full video!

KuppingerCole Webinar recording

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Okay, good afternoon, everyone. And welcome to this KuppingerCole webinar. The subject today is using IAM technology to protect information, to protect the brand and increase business productivity. My name's Mike Small, and I'm a senior Analyst with Cole and I'll be introducing this webinar and giving an introduction to this subject. And then following that, my colleague from Dell now, quest software Ramsey's Gallo will be giving a talk on the IAM solutions and architectures and processes that they, they have to offer. So to start with a number of little things, first of all, for those of you that don't know, co is a European and United States Analyst company, and we offer research services and advisory services to both end users and to vendors of technology. And in particular, we run events. This webinar is one of them, and we also run an annual event, the European identity and cloud conference. And this year it'll be held in Munich between May 14th and 17th. So that's a date for your diary. So there, we also produce a lot of research and some of this I, I write and this slide shows you some of the documents that are available from the KuppingerCole website. That might be interesting if you want to look in this subject in some more depth.
So, and in, in terms of the, the basic, the basics of this, this webinar, then you don't have to unmute your screen, your, your, your phones, because you are already muted centrally. And at the end of the conference, if you have a question you'll be able, you'll be unmuted in, in, in order to ask that question, we're recording the webinar and that will be a podcast that's available tomorrow. And this, this webinar is also available for continuing professional education credits. And in order to gain these credits, you will have to listen to the webinar and then answer a test correctly. And the test how to get this test will be sent in an email tomorrow with details of how to download the webinar itself.
So this is what the learning objectives of the, of, of the webinar are. So to get into this straight away part, all of this webinar will be given by myself and part two will be given by Ramsey's galago. And you can see here, what I'm going to talk about, which is effectively that in this area, there has been an enormous amount of technology, not all of which has been useful. And what we believe is the important way to achieve the objectives that are stated, which is to support the business and to protect information. You need something that is called access governance, and now define what we mean by that. And in order to know where you are on the path towards true access governance, you need to have a set of indicators against which you can measure your progress. And that is also what we will cover.
Then following that Ramsey will in fact talk about an identity and access management solution, which is simple and an architecture, which will meet the requirements of organizations today and going forward into the future. So to start with my part of the presentation over the past few years, there's been an, a variable tsunami of technology. There has been no shortage of this. There, there, there have been vendors that have been selling this technology everywhere, but the question really is, has this actually achieved some of the objectives, which the vendors were claiming, and to illustrate this. And I've got a couple of examples. First of all, there was an organization, and these are real examples about real organizations. And this was a financial services organization, which had a business need, which was to do with compliance and not surprisingly, the business realized that compliance, involved a lot of information that's held in the it systems and those had to be kept secure.
And so it gave the problem to the it department and the it department put a big powerful architect on this, who came up with an architecture that he said was going to solve the problem and brought in a vendor and went, the it department, went to the vendor and said, can you solve this complicated it problem? And the vendor looked at it and said, yes, it'll be difficult. And so the project started between the it department and the vendor. And as the project progressed, the it architect realized there were more and more complicated technical requirements he needed to meet. And so the project became more and more complex from a technology point of view. And after 18 months, very little, it was visible to the, to the people who'd asked for the solution in the first place, which was the business board. And so this led to a meeting at which the vendor was invited to explain to the board why they hadn't met the original requirements.
And at that point, the vendor had to admit that well, in fact, they'd never realized what the business requirements were because all they'd ever had was the requirements for a technology solution from the it department. Now, needless to say, that project was a failure, let us compare this with this other organization, which again was a financial services organization. And they had a business need, which was to do with compliance. And they gave the, the problem to the it department and the chap in the it department who was put in charge of this, realized that this was going to only work. If he could get the support of the board to make all of the people that were involved in this in the organization, realize what was needed of them. And so he said, I can only do this providing, I have a board level sponsor, and that there is a weekly review, which is wrong by the board.
And indeed, to begin with what he did was nothing more than create a spreadsheet, which said, these are the lines of business. These are the applications, and all of those applications are not compliant. And that was the trigger that caused the line of business managers to come to his office to say, what is it we need to do? Because we don't want to be failing in front of the board. And through that, they worked first of all, to find a process which was then supported by technology and progressively, this project was rolled out across the different applications in an order of priority, and the result was success. So the key to this is that if you are going to do these projects, you have to understand the business need, and you have to get the right kind of involvement of the board and the sponsors in the organization or else the project will fail.
So what we believe in KuppingerCole is the key to this is something called access governance and access governance is if you will being able to manage these things without necessarily doing them yourselves. What you've got to do is you've got to have processes and rules and rule books and technology to support these processes, which it allows you to control what users can do, what users can can access and to audit their activities. And these are absolutely essential to protect information, defend the brand and increase productivity. And to give you some examples of the challenges that are leading to this, first of all, organizations in Europe are certainly well aware of the fact that there is the changes to the data protection regulation around Europe, that this was previously going done through directives with individual laws in individual com countries. And now there is going to be regulations which will apply university across European countries.
And they include things like notifying and breaches. So you have to know you being breached. You have to know what's happening to your information. You have to know who is accessing that information. And those are challenges which involve identity and access management technology. That in terms of protecting the brand identity and access management technology is now visible to your customers is visible to your customers. If your selling terminals, if your, your online presence disappears, that there was an example in, in the UK only a few months ago, where due to a MIS misapplied change to some banking systems banking for a whole range of banks was not working properly for two or three weeks and led to a great problem with, with, with the customers. Here's another example from Australia where banking online was not available. And this led to, and you can see on the slides, the reactions of the customers that internet banking down again, not happy customers now expect to have these different ways to get hold of you, to get hold of your organization, to use the products you offer, to buy the products you offer, to access the services you offer.
And they expect them to be available 24 7. And once again, access to those systems is controlled through identity and access management. And if it goes wrong, then your brand will be affected. Now, internally productivity is an important issue, and here's another real example from a real company and for cost saving purposes, they decided that they were going to introduce training for individuals through an internet outsourced learning system. And they told that outsource how important identity and access management was. And so they gave them the rules for creating passwords, and it turned out that those systems could only be accessed using a different password to the password, which uses logged onto their ordinary systems. And at the same time, there was a mandate requirement for end of year training. And the net result of that was in the first week, something like 27%, 26% of people who actually used the system had a problem with their credentials and this overwhelmed the helpless.
So they introduced the system, they introduced the need for proper security, which is good, but they didn't use fundamental technology. That's available to make that sign on easy. And that led to a dramatic fall in productivity. And it's still the case that single sign on is one of the ways of improving business productivity internally. It's not the only way, but it's one of many ways now. So what is access governance? And what it does is it enables you to enable the business to ensure compliance and protect information. And you can see that the objectives of this I've shown on here, that they are to reduce cost, improve service and facilitate growth. That compliance is slightly different from protection of information, because compliance is how you comply with the different regulations. For example, are you sure that information privacy regulations are covered? Are you able to account for who hasn't done?
What, which is often a very large issue to do with, with certain financial compliance regulations, and is there transparency of who has done what? So are your systems transparent and that implies knowing who's using them and what they're using them for. Then from the point of view of protecting information, there are these three major objectives of keeping the information confidential. I E that only people who are authorized to see it conceded that the information integrity is maintained. So, you know, who has changed it and changes can only be made by authorized people in the way that they are authorized to do it. And that that information is available on demand when needed, wherever it's needed by the people that have a genuine need to access it. So who's how, how do you do this? What is the process that has to be followed? Well, in fact, there is a process and this is a process which is guaranteed to success.
It starts with a business need and without a business need, there is no need for this technology. You have to understand what the business need is. And then you need to get an executive level of sponsorship to say, yes, that really is a need. And we are going to invest in it. Then you need to be able to show to the board that the current state needs change or doesn't need change. If it needs change, then you have a roadmap and that roadmap needs to start off with board level approval. Then you may need to put in place an organization. It's certainly true that many, many organizations and many projects failed because data was not classified. Nobody knew the sensitivity of data. So a starting point is to understand the sensitivity of the data that you are holding your controlling access to. Then you can use that to perform some kind of a risk assessment, which says, this is what could happen.
This is what the impact would be. And this is what the likelihood is. And that leads to a set of controls and metrics. And those metrics allow you to monitor compliance, to monitor identity and access, to monitor administration and privilege, and to monitor the infrastructure. Now, when you have done that, then there is a feedback process and who's responsible for all of this. Well, just about everyone in the organization. This is one of the things that makes identity and access projects so difficult that you need the application Analyst to do the classification and to say who should be doing what, with different things. You need the line of business managers to, to get involved because they know who the people are in their organizations, and they have to enforce at an organization level and at an approval level. These access permissions, HR on line management is involved because HR, for example, knows who is joining the company and who is leaving the company and line managers need to make sure that those processes are fully fed through.
So the people are quickly and efficiently given their access rights. And those rights are taken away when they change trouble, move away. The legal department is involved because you have issues like how do you let partners have access? And what kind of, of agreements do you have about who's responsible for what, when partners and suppliers have access to your systems. And then finally last but not least there is the it service provider who is involved in making sure that all the technology works. So it's not enough for an it, I IAM project just to involve the it service provider or the it department is important that all those people are fully involved in the whole project. So the processes that we are talking about and the technologies are the forays. There is the administration, which talks about things like provisioning, the changes to people's access rates, which leads external and internal users to authenticate to the system or prove they are who they say they are.
And that gives them access to authorization, to access the systems. And finally, what has been, what has been going on in all of this process needs to be audited in terms of who has, what, in terms of access rights and who did what in terms of activities. So those are the technologies that we are talking about, and those technologies need to support these processes and these business people that we have just previously discussed. So if you want to be able to measure that, one of the important things is that you need to be able to set the requirements for this, not in terms of the technology, not in terms of how well the product is configured, but rather in terms of whether it meets the business requirements. And these are growth brand protection return on investment and things like compliance. And that transforms into a set of processes and technology, which we've been talking about such as classification, identity management, access management, and monitoring, and the performance of those processes needs to be returned back or visible against the original business goals.
So I'm going to talk about some of the goals, which indicators, which will allow you to see where exactly it is you have managed to get to in terms of your, your, your individual projects. Now, it's interesting to see why controls matter. And only recently there a very large bank in the UK was fine. 29.7 million UK pounds for not preventing large scale fraud by a trader who was in fact sent to jail for his activities. And the interesting thing is that in 2008, there was a previous event, which was by another bank. And there was another trader who lost Associa general, a large amount of money doing similar kinds of things. And in the report that followed that there was an identification that a lot of the failings were due to poor processes, poor compliance, poor controls, and in particular segregation of duties and it security.
And those are the recommendations that you can see that were made at that point. Does the firm make sure that access controls are adequate and does the firm have scope to enhance segregation of duties? So these things to do with managing controls have a durability beyond today's headlines, and sometimes they get forgotten when they do get forgotten, they can lead to very poor consequences for the organizations. So I'm going to just talk through some of the controls that, that matter and some of the indicators. So there are six different areas of indicators, and I don't have time to go into these in great detail, but there is a, a co cold report, which you can see at the bottom, which goes through these indicators in considerable depth. So for example, do you have a single process in technology for managing identities? How long does it actually take you to make a change?
I, if somebody changes job or leaves the company and how many accounts are there in your systems that you don't have a user for how many orphan accounts are there, do you actually have formal access policies defined? And if so, are these actually applied and how many systems are they defined for? How do you access, how do you allocate access rights? Do you, is it just somebody gives a beer to the administrator or is there, is it based on your job and are those rights taken away when you change job? For example, so role based allocation of access rights is a very good way of managing things. And is there any, any formal definition of separation of duties or, and, and this is one of the problems that we were seeing in the, the previous banking things that the, the, the, the person that was making the transactions was able to override the controls that would have alerted his managers and the bank office in order to, to put some control on him.
Another major problem is to do with managing privilege, these administrative accounts that, that are used to manage the systems and do your, it systems all need administrative access. Do you adopt the principle of least privilege? Is that implemented as far as possible? Do you have a formal process for admin for giving out privileged access only when it's needed, rather than having offices full of people who have the password, because they might need it at some point. And so how many UN unmanaged privileged access people are there in the organization, then let's look at the remaining three to do with what kind of authentication, how many different identities do people have to have in order to do their job? Do you have the right level of authentication for the risks that are, are associated with your company? And since we now have mobile users, which are you bringing their own device and so forth, it's often a good idea to have this, what Kuppinger called called versatile authentication, where the level of proof of who you are depends upon what you are trying to do and where you are trying to do it from, and have you, if you are using the cloud, or if you are offering the cloud, do you use identity Federation as best practice for this?
Do you know who has, what is there a formal review for checking on the access rights that individual have and are these rights checked against their current role? And, and do you actually include separation of duties in that access, right? And in terms of reviewing what people have been doing, is it possible to attribute activities to individuals can changes that are made to the administrative infrastructure and to people's access rights, be changed, traced back to some kind of approval. And these are a way of having temp proof logs of what's been going on. So these are a set of measures against which you can judge how well your project has, has, has, has been implemented, and also a way to judge the technology that your vendors and the solutions that your vendors are offering you, that, that you should be looking for these kinds of things in order to make sure that you're getting the best match of best practice for your solutions.
So, in terms of where we are, we've seen the challenges that are facing organizations and that in order to achieve these ends of protecting information, defending the brand and increasing business productivity, there is a large component of this, which comes through identity and access management and identity and access management is not a technology project. It is a major change to business processes. And so the only way these, these projects will ever succeed is if you use good governance. And that means that there is a properly defined business need, which is supported by the board with executive sponsorship, and that there is a clear relationship between that need and the technology that is going to be implemented, and that you set controls to monitor how well you are doing against that. So that is my part of the presentation. And now I'm going to hand over to part two, which will be given by Ramey galago, who is an international VP for Sarka and a security strategist with Dell quest software. So over to you,
Oh, thank you, Mike. And thanks everybody for attending this webinar, which is based on how to use identity and access management technology to protect the brand, to defend intellectual property, how we can leverage our existing deployments or how to complement and complete our existing investments and, and, and on home based development, if necessary that you you've already done to increase business productivity. We've been talking a lot on, on, on protecting the brand, defending and, and, and, and taking care of what's important, which is information, which is people. And I think it's fair to just to remind everyone and, and ourselves what security security is. A state is a state of being free from any danger or external and inside a threat security is as well, a posture, a state, the safety of, of an organization against criminal activity and security is as well procedures. So security as we have just been hearing from Mike is processes is a mindset, is that the guidelines followed on the measures taken to ensure that's safety.
So, so that's, that's pretty important, but if we are going to protect our company, we are going to defend the brand security is an attitude. Security is an attitude. And on the triad or the triangle people process and technology, we aspire to be that, that trusted advisor on the technology arena with build a portfolio around that, that secures, that ensures that the procedures, technology processes and, and, and the solutions that are implemented need business requirements with one goal in mind, protecting people, protecting data, protecting information, defending the brand. So we built a, we built a portfolio, holistic vision. We had a vision and, and we've built a, a all in one portfolio modular, flexible yet very powerful portfolio at quest. Now, part of Dell that gets amplified on, on the idea of protecting sensitive information and protecting the, the right information falling in the wrong hands.
So, so that vision is a, an overarching discipline that goes via management. That goes beyond technology. I may say, yes, we are a technology vendor, but I say, we have been hearing, this is not a technology project. This is about meeting stakeholder needs. And by stakeholders, I didn't say shareholders, which of course they're important as well, but, but, but I mean, it, I mean, all the stakeholders of a company partners, consumer internal users on all the people. So, so we at quest now, part of Dell, we had that vision, that holistic vision with, with where the sum of all of the parts are greater, that every part individual is speaking. So, so a modular, flexible portfolio, but really with that, with that vision in mind, however, as, as Thomas Edison said, you can see the picture here. He holds plus 1000 paintings or inventions under his name.
And he was the first that applied the concept of mass production and teamwork into the process of invention. So Zeon apart from many interesting thing, had a very interesting quote, which is a vision without execution that's hallucination. So we are proud to say that following that vision, we from the development side and engineering side, and we will go deeper into the architectural side of, of our, of our portfolio, of our solutions. We are really executing, hearing our customers following what Analyst say that it it's, it's coming again beyond management embracing the governance perspective, making sure that risks are managed and resources are used responsibly. So, so we execute following that vision because otherwise that's hallucination. And we are really proud that we at quest now a part of Dell with build that upon that vision, a vision which is taking into account the most important concepts or disciplines or dimensions that the governance that the governance arena is talking about.
So if we are going to defend the brand, if we are going to let the business know that we care that we in it, that we legal, that we in the audit team department or in community compliance department that we care is because we have to be able to make at station that let them know and let them that they get involved in the, in the giving the right access to the right people at the right time with the concept of recertification. So making sure that the right people has the right taxes six months from now, eight months from now, oh yes, you can do that manually, but unless you bring automation, unless you bring, trace the ability, unless you bring integrity in place on that, all those concepts will be very directed to human error, very repetitive task. So probably will not be coherent or consistent.
So we've built on attestation and governance on reification, on managing not only data, but, but information. And I think that's a very interesting debate. So information is made out of data. So we protect information. We don't really protect data, right. With, with obsession. If I may say I'm bringing simplicity to a complex world. So the world is complex already with many different system, it's probably in a way silo based. So with different directories named spaces, different identities, it's, it's too overwhelming unless you bring simplicity, unless you make it, you make it really simple. Unless you bring a visual interface that at three clicks of distance, three clicks of distance, you can know all of the entitlements of an employee, all of the resources that she or he has access to. That's the world of government, as Mike was just saying minutes ago, this is about policies, guidelines, procedures, but it's as well about technology.
It's about the mindset and the right attitude. It's about the right use, the responsible use of resources and technology and quest technology. No part of Dell allow us to govern beyond manage. We need to manage that's the running, that's the, the building acquiring, developing that's the ongoing day to day running. If I may say, but governing means that we are telling the business that we do care and that we are here because of them, because we are a quest, a Dell will have a saying that goes, business is keen, but then service is clean and that's very important. So we are here because of the business. So we let them know that we, we will protect the assets. We'll protect that SharePoint side. We will protect that unit investment. We will protect that mainframe or that active directory arena. And we will do that by not leaving any system behind any system, whether if it's a commercial system, a commercial application or home grown based solution, we integrate, we bring Linux and Macs within active directory.
We integrate LDA or any database within our, what we call our unique instance of the truth. And I think that's very important. So, so that simplicity that I was saying a couple of minutes ago, this will be brought by integrating, by leaving no system behind. And yes, many Analyst are saying that we are, we have a, we bring a fresh perspective to an entity and access management that we are good enough not to make the mistakes from, from the past of others. And then we have that simplified and unified architecture that it's about integrating and bringing innovation. So not only role based access control, you know, based on your role, but as well, context based access control. So we have a data model that allows you to bring some other attribute based access control. And this is what's coming. If you are going to protect the brand in a world, which is being cloudified or it's being bring your own device fight and all those kind of things.
So innovation is, is a key asset for our, our portfolio technology. And just as a, as our fellow, the senior Analyst was saying, you need to be metrics and indicators for a changing security landscape, the right metrics and indicators, because the, the, the business needs to know. I mean, HR needs one, one set of information, which is different from business line and different, a different set of measurements than what is really happening, who has access to what, when, why this is about making questions. This is about making the right questions to the right people at the right time. And we will see in a couple of slides and definitely that simplicity, integration, visual interface metrics, and, and that innovation will allow you with the power to do more. Because we just with the Dell position, which has been expanded, which has been amplified to protecting the two most important assets of a company, again, people.
So that's about people management. What I can do within the system, when, why, who approved it, and in our, with our time trace feature, that's very important. That's a cool implementation of traceability. Any point in time on a, on a, on a line of time, I should know, and I can know what was done over me as a resource, or if I'm a manager, what I did over the tool, the universe of resources that I hand, and I use the term resources because resources as I, or the needs, the same resources is processes, people, machines, machinery, applications, infrastructure. And that's pretty powerful because the moment you are talking about protecting information about governing data, that means that the, again, as per the definition of governance, they responsible use of resources. That's everything who allowed me to go into the SAP Porwal or into that human resources system.
That's, that's extremely, extremely powerful because we think that identity and access management is so unique because it sits at the core of every company, because it gets together people and information. Again, I didn't say data. I said information. It gets together securities at the core of, of, of everything we at at the quest identity and access management, the department area we do. But, but since it it's about protecting the ground, we tend to sing on security, unfortunately on, on the negative curve, which is about blocking, stopping, preventing, or, or denying. But at the very same time, as you can see here in the graph security about it's about ensuring and enforcing and enabling and facilitating. So again, we are, as for the title of the session, we said about protecting and defending, but you can protect, defend at the very same time that you facilitate, that you bring agility into place, that you allow the right partners connecting to your SAP environment or your mainframe environment.
As you can say here, of course, in a, in a, in a highly regulatory compliance world, everything is highly regulated and we've got the European data privacy law, which is the basics are the same, but the way to execute and to implement it is different from the Chile, the one or in Brazil or in Singapore or in the us. So, and access management is about that kind of double, double side on, on enabling while protecting, defending, while facilitating, blocking, while defending the brand, that's, that's a, a strong, important, and we built our, our solution in that we think that in order to properly understand business requirements, as, as, as Mike was saying, we need to ask the five basic questions who has access to what, how that access was given, who allowed it when, and from where to where this is pretty basic. But with those five simple questions, you can guess the why.
So the moment, you know, that too many people are a requester and approver, that's, that's inconsistent with the segregation of duties of the, of the least privileged concept. So governance, access governance, and the whole identity and access management identity and access management disciplines. It's about asking the right questions to the right people at the right time. And we have, we have just heard that it is equally important on, on the things on availability, confidentiality, and integrity. But let me share with you some of the questions that we at quest now, part of Dell are really building into, into our solutions, which are the concepts of authenticity being authentic as a company, authentic as a, as an, as an identity, as an employee and the concept of trustability building a robust and sound framework, that the moment you, you are partnering with a third party that, that, that, that you want to be a, that you wanna do business with.
It's important that they know that you care, that you will protect your information and their information to the best of your abilities. And then you have to have, again, that try it, the right people with the right processes and definitely like technology. And that's what we at quest now, part of Dell, that's what we do asking the right questions, and then understanding what are the requirements and what are the stakeholder needs. And then we'll see how to get there. Where are we going to go and how we'll get there. That allows me to open a, a quick emphasis about on frameworks. This is actually the implementation, right? For COVID five, as you can see, there are seven questions around the circle. 1, 2, 3, 4, 5, 6, 7, which are, you know, number one is we're at the drivers. What do you wanna do? What the business want to do as Mike was saying, then where are we now?
Number two, where do we want to be is number three, and what needs to be done to get there. Number four, which is the path to get there. Number six, did we get there already? Even if we achieved halfway, that's good because we've improved from where we were on question number two, and number seven, keeping the momentum identity and access management identity and access governance is not different. And we quest with our quest identity solutions. That's what we do. Understanding business requirements on how to protect information, how to get the right people to the right access and the whys who has to approve this in six months from now, how will we get that the right information, or who has access that, that mainframe account or, or, or whatever. So, so whether if you use it version three or the ISO 20 700,000 series or co or cos, or, or some other framework, our technology has been built in order to align in order to synchronize, actually with, with, with the business needs.
Let me tell you something, which is probably one of the takeaways of my, of my speech, which is we built a technology, which is business focus, process oriented, and results driven. Let me repeat it. Business focus. This is about business process oriented with we obsession with building workflows and a very highly usable visual interface that you, you will see next slide and a results driven in weeks or months, not years deployment and implementations. This is one of the graphs just very quick at the center of everything is the, you know, the, the, the employee, the user, and around it with paradynamic links, you have all the resources, entitlements, all of the access, access to shops, requests, what the, in a timeline, what are the requests that I've done? That's at three clips of distance, a highly acclaim and awarded visual interface that is about business oriented and employee center, role management vision in the very same way, workflows our unique instance of the truth that allow us to actually draw a process.
So, so a, a, a unified and simplified way of building what needs to happen in order to get the right people to the right access and definitely dashboards, metrics, and indicators for the changing, secure landscape, the right dashboard, the right information for the right people at the right time. So probably HR wants to know one information while security people needs to know another one about, you know, blank passwords or, or people with more than one role or accounts that have been on accessing the system for the past six months or strange attempting access to, to the systems. So metrics and indicators are, are really, really important through dashboarding and through balances, scorecards dashboards are technically nature by balances. Scorecards are more business oriented, and the moment we Dell, we request no part of Dell have a have that, that dashboard and that business orientation. This is a very powerful tool in order to tell the, to, to tell the, let the business know that we care.
Why, because we can, we can be the rot stone for, for it. You know, the Rotta stone has the upper at the upper part of the Rotta stone is a nation Egyptian heroes in the middle part. That's the MOIC script. And in the, in the, the bottom is ancient Greek, the Rotta stone provided the key to modern understanding on Egyptian heroes. It was kind of a dictionary. It was a key to understanding Egyptian, right? So in a way at VNS management, a business business focused process, oriented results, driven solution, or technology like the one we have, we request a Dell, it can provide the, the, the understanding of what is really happening, who has access to what basically who's touching my data because the time has come to live behind our fears, have one fellow that says that there's a big temptation of not approaching, not embracing identity and access management project, project, or program or portfolio.
I think that's interesting approach as well. So program is made out of projects and portfolios made out of programs, you know, so, so there's a great temptation of not embracing a, an, an identity and access management program or project or portfolio, because, because of, cause because of, because of fear, but failing to do so will mean problems into the future for the business, not for it for the business, because you will be blind. You will not know who's touching your data, what's happening. That's the difference. So having that attitude, I started saying that security is an attitude. I started saying that with obsession, with, with the definition of a business, a business orientation through technology, that's what we do. That's what we do at quest. Now, now Dell, but we protect information. We protect intellectual property. We defend the brand through technology, but with business in mind, that's having that mindset is the different between success and failure.
And that's my invitation for you to do so. Let me finish. I start with a Thomas Edison quote on hall nation, but let me finish on a more positive note. That's Sinatra where the very last song he sound in public was 25th of February, 1995. The song is the best yet to come. And we feel that that for the identity and access management, with the right technology, with the right set of solution, with the right mindset, the best is yet to come. And we at Dell that we have been amplified with the, with, with the vision and the investment, actually the, the, the, the song goes that you think you form before by doing left to ground. So we, we are just started, we have been praised by Analyst by many customers that we are, that are using our technology, our flexible and modular technologies on identity and access management to protect the ground.
But we are just starting because we are, we have that fresh perspective that it's being adopted by many customers around the world. And actually the song goes, you think you seen the sun, but you ain't seen shine. We are really shining with that visual interface, with that three clicks of distance visual interface that allows anyone in the company with the proper access, of course, with the proper rights to know what's happening. Who's touching my data who approved that I had the access six months from now two years from now to that strategic sensitive information. I think that's important, but I will go thank you for, for your time. That was quick, but I wanted to have those 10 left minutes for probably for Q and a. So Mike, thank you for, for hosting that I'm giving, I'm giving it back to you in order to have about Q and a thank you very much.
Okay. Well, thank you very much, indeed. Ramey. That that was very good. And I'm very impressed that someone who isn't as old as me can remember Frank's intra,
Thank you.
That's and he certainly was a popular singer. So we now have a, a chance for people to ask questions and just so that everyone understands on your screen, there should be a little bar at the top right hand corner with an arrow on it. And if you click on the arrow, you'll get a control screen, which allows you to ask a question. So if you have any questions for myself or for, for MCs, then please ask them now. Well, while you're having a chance to ask these questions, I'm going to say one or two things. So it I'm, I'm very interested. Ramey is that, of course now quest, which was a software company is part of Dell who everybody thinks really just makes boxes. And yet I understand that Dell is making a big improvement to the way that you can offer a complete solution to these things. For example, you are very well positioned in governance, beyond identity management. So could you explain a little further what these benefits see or getting from all of this are?
Well, yeah, thank you. Definitely. I, I understand that that idea that people may have, but actually we are, we are becoming the foundations of that. The Dell software group, the investments are being made. So this is not just a technology acquisition, but also people acquisition talent acquisition, if I may say so, I can, I can say that from again, defending the brand, protecting the, the, the, you know, the, the, the company protecting organizations and enterprises. We, we are being expanded or amplified if I may say, because when it comes to identity and access management, then you might be thinking that what happened with Stuart, what happened with networking? What happened with the whole business style? We having, how we fit into that over overarching architecture, that, that, that being now part of a, of a how company that gets definitely amplified and, and expanded again, simplicity work. So a unified and simplified vision, although now part of 100 plus thousand employee company, being with that focus on, on protecting the brand and, and defending corporations that gets PL amplified, that's really a unique opportunity. And we are really looking forward to sending the message message out. Yeah, definitely.
Yeah. So that's a very important point. You raised that. So you, you, you are telling us all that Dell's investing in your, your products and you are actually doing developments and so forth really now.
Can you expand on that?
Yeah. Yeah, that's correct. Actually, one of my, one of the topics on my coral force slide, as you remember, was innovation, and we are being praised on, on, on, on, on, by Analyst like you and others saying that, Hey, they have a fresh loop. They, they are really investing on the, the key things that are happening. So beyond the basics on, on identity asset manager, beyond the basis of provisioning, which, which is necessary, but what happen with a single signoff? What happened with that geolocation based access control? Let me repeat it. Geolocation based access control will live in a way, will in a world where, you know, everything can be gel allocated, what happen with bring your own device and authentication through my mobile, all those kind of things. We are, what happens with the integration, easy integration with, with, with directory servers, different directories. We have the technology called virtual directory server. That, that, that make it really easy. I mean, it, in days in days, and by days I say, you know, 5, 7, 10 days, you can be easily integrating different directories in geographical clusters. So, so we are Dell is investing a lot because we believe because we care because that, that's what we want to become that trusted advisor on the governance perspective and defending the brand. Definitely.
Okay. So I thank you. I've got a question here from Jergen Stein and he asks what's the best way to convince businesses or the need of IM first its regular compliance cost saving productivity gain, or is it ease to work? So how are you finding you are, are being able to convince organizations of that
One thing? I mean the easy answer is with, with fear, uncertainty and doubt, you know, just say, Hey, what will happen? What will happen? You will be in the newspaper by tomorrow. What we don't do that. Okay. So that would be the easy answer. However, I'm a romantic in here. And I think that again, by telling them that you care, that it's very unfair and let me repeat it unfair that an it manager or a security manager or someone of the service desk is responsible. Let me change the, the, the word accountable of, of giving access, giving the right answer. So business has to be involved. So we in the security arena, in the it department, in the legal department. So it's very unfair that we have to decide who has access to what? So you go back to the business apart from the, from fear or apart from, from that, that already used argument is, is the ideas I care.
And I want to protect your stuff. You are the owner of the database. You are the owner of the user, of the universe of users, of our company, whatever you do, you sell cars, books, or shoes or whatever you do. So I care. So let me to the best of my abilities, choose the right technology because I want to protect the brand. So I, I, I can use, you know, return on, on security investments and all that kind of things, but we will Del leveraging productivity and protection minimizing the, the, what I call the exposure factor. You go to the CEO and say, Hey, you will be less exposed if you let me do the right things, rightly building the right technology, talking with my case quest, no part of Dell and applying the right, the right attitude. You go tell the C level objectives. Security is an attitude. And then you cross sprinklers. Apart from that, that we heard thing again. And then, and then start thinking on governance beyond management. That, that, that, that would be my, my take little bit romantic, but, but it works. It works common sense.
Okay. Thanks. Thanks very much for that Ram earlier on you were mentioning the, the, the issue of geographic location, and that's one of the things that co refers to his versatile authentication. So that's an important factor now. So we've got another question which has come from the same chat. And he, he asked when we look at the stakeholders, is there a preference on who to address and on which the, who are the most important? Do you have a view on that Ramses?
Well, yes. You know, by stakeholders, you know that the, I mean, again, these are not shareholders, so a stakeholder means a lot of people. So I would go and I would invite our, our, the people who who's asking the question to take a look to a race chart. Race is Theron for responsible, accountable, consulted and informed, again, responsible, accountable, consulted and informed the race chart. And then depending on who has to be responsible of, or who is accountable to in front of, or who has to be consulted or informed if he's the chief financial officer, or is the chief risk officer, or he's the CEO. So depending of level one contact or the, the, the kind of approach that you want to take, depending on of that GRA chart, that for instance, it has one and, and OSA with COVID five for information security has, has another. So depending on how are you approaching that identity and access management program, project or portfolio, you would go to one of another. So a stakeholder means a lot of people, but then do your map. So, so, so define your, your design, your path, and then decide who, depending on how are you gonna approach it with that chart in mind? That would be my answer.
Yes. Thank you. Yes. And I think you've mentioned COVID a number of times, and, and yet COVID five is really very important as a, a guide to doing this. And COVID five is sort of emphasized this business of the different enablers that make projects successful and the stakeholders and the Rocky Schutze are very important in that. So I think we are coming to the end now, but perhaps you'd just like to finish by just answering one question rather quickly. What do you think the next steps of evolution of all of this are for IAM? What do you, how do you see the market evolving?
I'm seeing it evolving. Thank you for the question very quick on simplicity. So with the power to do more, being, building a data model that we already have, by the way, but one single architecture. So forget about building servant servers, and then, you know, the middle where server and then the so server and then the policy server and, and, and many, many things, simplicity will be one driver. So the world is complex enough. So, so as to make it more complex, so think governance, I will answer with three sentences. Think governance security is an attitude and bring simplicity and modular, get flexible architecture, but powerful enough that are three clips of distance. You can get the right information, otherwise you will make it more complex. And, and, and that that's very unfair for the world we live in. So simplicity that that would
Thank you very much, indeed. Ram Smith. Thank you for that. So we are coming to the end of the webinar now. So just to remind you that this webinar is being recorded and the recording will be available tomorrow. When you receive an email, giving you a link to be able to download that as a podcast, or to listen to it online. And if you would like to contain your continuing education credit, then you will have to take a test and you will be sent some questions, a link to how to get those questions tomorrow. And so you'll, if you complete that correctly, then you will be awarded to credit and you get the certificate. So I'd like to thank all the attendees for participating. And in particular, I'd like to thank Rek for his very interesting and presentation on, on, on this subject. So this is the end of the presentation, and thank you very much for attending everyone. And thank you very much, Ramey.
Thank you, Mike. My pleasure. Thanks everybody. Thank you. Bye-bye.
Thank you. Bye-bye.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Evolving Identity and Access Management for the Digital Era

Join Identity & Access Management experts from KuppingerCole Analysts and Broadcom as they discuss how business IT is changing, and the implications for IAM. They will define modern IAM and explain why and how IAM needs to change to support modern app development, regulatory compliance,…

Analyst Chat

Analyst Chat #154: 2022 Wrapped Up - Major Trends in IAM and Cybersecurity

Another year gone already! It's time to take a look back at 2022. Martin Kuppinger and Matthias talk about what happened in the past year and identify top trends in IAM and Cybersecurity. They go beyond technology but also look at processes and business models. By this, they also…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00