Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
I'm Dave Kerns. I'm a senior Analyst with KuppingerCole. This is my seventh EIC, both as a, a member of the organization. And before that, as a guest speaker, it is my privilege today to introduce to you the founder and principal Analyst from KuppingerCole Mr.
Martin, Kuppinger who as he traditionally does, will open the conference for us by letting us know what he sees coming in the world of identity management. Okay.
Martin, Martin, thank you, Dave. And my warm welcome to EIC 2013. I think for me, it's number eight, if I'm have counted correctly, but I'm not a hundred percent sure. So my topic today I've titled my presentation setting the right direction. So let information security become the business en enabler instead of being the notorious naysayer. And I think that's one of the big challenges we are facing in, in it in general and in information security and specific that there's a notion of OD always say, you can't do that. And I think it's different.
And so I will really focus on on this enablement aspect. I will not kill any technology. I won't declare the death of any standards today that might disappoint you, but I really will focus on the positive side of things. So when looking at business, okay, here, here we go. There are some, some typical challenges I've ordered them in sort of the permanent challenges. The long running ones like globalization, the changing competitive landscape, the need for grows. We have some occasional challenges. Some of them being nearly permanent like economic turmoil, these days like changing regulations.
And on the other hand, there are things like we have to increase earnings. That's what people are waiting for. There's always a need. So for the hand for talent, so that's sort of the challenge we are facing. And that means for businesses, there are several success factors and okay. Some of these success factors are, if I look at the permaning are for instance, the extended enterprise, something we are really seeing in virtually any advisory engagement of customers.
These days, the need to deal with customers, with business partners, to support business processes, which go beyond your organization, all these things, there's the need for agility, for growth on one hand. And when we look back to the economic, the agility for adaptation of your business, we need to support it in a secure way. We need to support growth of business agility in a secure way. We need to support innovation by for instance, working with other parties in a controlled way. And for sure there's compliance, which is sort of a little bit more the negative inhibitor maybe.
And there other requirements such as cost savings, the sort of notorious cost savings things we are always facing and there's collaboration, communication. How do we enable that? How do we support this? Some people call it social enterprising, etcetera. So that's sort of what it needs to support the challenges of business as success factors.
And we, when we look at information security, then there are a lot of things, information security can provide to business success. So in the middle, I have this common picture, my colleague Greg, once titled the computing drawing car. So cloud computing, social computing, mobile computing, which really are changing the way we do it. And we have done some, some typical information security drivers on one hand, which are compliance the preach notifications. So some years back it was when something happened. Okay. Then you might have appeared on page seven of the weekly computer magazine today.
It might happen that you're the opening use in TV. That's really a, a massive change. And that also changed the perception of the sea level. We have information value or something. I we'll talk about more, a little later. And on the other hand, we have the business drivers such as agility, extended enterprise, cetera, and we need to do that. We need to support it. We need to enable it in a secure way. And what we really see to today in organizations is people come and say, okay, you know, we need to onboard our business partners. Please support us in doing this.
And it, yeah. In fact needs to become the enabler for these business drivers. And the other thing which I think has changed is that business has to care today also for information security and starts to carry that they understand it. They just can't play matters anymore. So that's sort of the, the landscape and things are title related. And as I've said, one of the fundamental changes we are observing is this computing broadcasting. So we have this cloud computing, mobile computing, social computing, and we have to think about a bigger scope than ever before.
It's not our internals with their PCs anymore. It's a far more complex landscape. And a lot of the sessions in and during EIC will be around the topic of risk and context based authentication or, and authorization or risk contact based access control, which is one of the most important things we are currently seeing in information security in, in IM and in this landscape. I think there's, there's a, there are a lot of things where we're really doing identity access management, right, doing information security, right?
In fact, helps us enabling the business to better deal with their partners to better deal with their customers, et cetera. So we can have as an it, a positive role and not only the role of the victorious naysayer. And when we look at this information security business impact, so turning it around, then it's about enabling agility. It's about enabling the extended enterprise. It's about helping and cost savings. At least when we compare to doing nothing. So just look at the, the efforts.
A lot of companies currently are spending on fulfilling all this requirements by going through big stables of paper. And that's one of these areas where it really can be also a positive impact in the sense of cost saving. It's supporting collaboration, communication, enabling that communication in a secure way, without losing our intellectual property rights, etcetera, it's fostering innovation by enabling exactly this communication collaboration. And then I have two things which I was the, the text and red.
These are sort of the, I would say more negative inhibitors in the sense of, yes, we have to do it. We have to help avoid breach notifications. We have to achieve compliance, but all the others, the ones in Korean, they are really the things where there's a positive business impact of information security. And one thing we shouldn't underestimate is the, the fact that information value per definition is business value.
There was a survey I've read quite a while ago, which where a lot of decision makers have been asked about how they rate the share of the information value compared to the overall corporate value. And the numbers roughly were around 50% and information is one of our core assets and we need to protect it and protecting this core asset is something which is a positive thing for the business. Okay. Then the next question always is how to, to find a common language with the business.
And one of the things where we really have a common language or the chance of a com for a common language is risk because business thinks in risk business thinks in strategic risks and operational reputational risks. And it risks just are part of this view. I think we all have learned that incidents in it can massively damage the reputation of an organization. You might have penalties, which is operational. There might be, even if you look at some of the tax theft things or tax data, theft, things at banks, et cetera, there even might be a strategic risk.
And what we really need to change is instead of saying, okay, we can't do this because of these security concerns, we have to understand the business is pretty good and understanding, taking risks. They have some risk appetite and we have to deliver to that risk appetite. We have to show them options and say, okay, what are your alternatives? What are the benefits?
The costs, the risks, and the time to do it. You can't do it a little bit more complex than this small metrics are painted here, but we need to name the risk rate risks, and then allow business to decide about the risks and take the risks they are used to do that. That's what business does all the time. So it's about then saying, okay, what are our approaches and risk mitigation and compensatory controls? What are the remaining risks? If we put this to the table, then we can speak same language as business does. The other thing we need to do is we need to bring in people.
So my colleagues, Dave currents and Mike Small have written a very interesting report. They it's titled from DLP. So data leakage prevention to information stewardship. And one of the important things in there is you need to have an information security culture. You need to bring people on board.
And I, at another event, I recently moderator panel, which was around smart, smarter spending in it security. And I would say the most important thing that people named when comes to smarter spending was people.
So the, all the panelists said, it's about people get or built the information security culture. I think that's another very important thing. You really should have a look at it report. I think it's a very important thing. What also helps us? This is one of the new things I want to announce here. You will find it at our website.com/bii. It's called it's what I call the business impact indicator. So when we look at at it and the impact, I think it's important to understand how does it affect on one hand, what I call business enablement. So support for today's business.
So how does IP it help or some information technology, whatever you look at, help business doing a better job. And on the other hand, there's the business enablement, which is sort of opening new doors for the business, allowing them to, to, to create new business models. And that's some of the things like I can work other partners, etc. And on the other hand, so in the vertical access, I added the compliance fulfillment on the cost savings as two of the very important factors. And so the bigger one is sort of the ideal situation.
Everything is perfect, the right one is sort of the worst case scenario. It doesn't help you at all. And I will show you later some of the, some examples for this, but we have a website there with a lot of ratings for the business impact indicators for various technologies showing how they really help you. And I think that's something which might be pretty helpful to just say, okay, when I pick technologies, are they really helping me in enabling my business and aligning with my business and saving costs in fulfilling compliance?
And here, here we go, is that I have it here for some of these areas like it GRC clearly very good in compliance. Fulfillment also has a little bit aligning it on business, dynamic authorization management, a thing which is, has been set that as by, by someone else. I think it's has a pretty good rating here in my business impact indicator. So I obviously have a different opinion. I am actually clearly has for compliance fulfillment. It really done right.
If you look at access governance at running business rules, through dynamic authorization management, etc, and forcing them, then it's a lot about business alignment, life management platforms, etcetera. I won't go into detail that much here, maybe want a lower ride edge IOTs or the internet of things and whatever. That's something which really is more about business enablement. So there are some interesting aspect around compliance around cost savings, but it's something which is really can enable you doing really new things in your business.
Another topic I will touch quickly, and there's also a drag on it. This is around the API economy. And if you look at the API economy from the business perspective, then it's sort of the extended enterprise plus plus it's about how do we in future collaborate and communicate with other organizations? How do we expose data? How do we use data? How do we pass data across the borders of our organization? So the it perception is more about exposing APIs, managing them, enabling developers, etcetera. So the better so are thing.
Whereas the business perceptions around orchestrating business processes, enriching data, making information smarter, there will be a session around smart information. I also have a slide on that, enabling collaboration with partners and customers on a very detailed level. So not only exposing a website, but really integrating applications becoming part also, that's another opportunity of the app business. And this is sort of a circle where, where different parties are involved to develop person one hand and then it ends up at the data level.
And I think this is one of the, the really important things, because there's a massive potential for business enablement by building new types of applications by integrating new business with other businesses in a fundamentally new way. So I think looking at this more from the business perspective, not fund with developer perspective is a very important thing. And then there's extended enterprise without a plus plus, which is very important as well.
So this is really, I think what has changed over the last year, last two years, maybe about really, I think during the last six to 12 months is that I've been talking with so many organizations, which that, you know, our business health, we have to cooperate with these partners. We have to deal with these external identities, whatever customers, business partners, all these things along the supply chain, along other types of business processes where business in fact right now is in this demanding situation.
They say, okay, you know, we want to use cloud services, access, business partner systems, collaborate in industry networks, professional healthcare, et cetera, onboarding of business partners, customer interaction, all these things. That's what they want to do and we need to supply. So it's really a demand supply situation. When supply means we have to look at identity Federation. We have to look at cloud directories and things which are happening there. That will be, I think, a very interesting keynote later today around this cloud directories thing delivered by Kim Cameron cloud computing.
In fact, how to use the cloud in where's the S occasion, how to deal with different types of logging and think about all the social login stuff, etcetera, how to deal with this and how to manage the risk of this risk and context based access management. In fact, so how can we make decisions given that it's not about our employee is sitting on his desk with his desktop PC anymore, but there are so many situations people coming in with social logins with various devices, and we need to understand how to make a greater access control.
So how to give them more or less access depending on the context and doing this at the end really helps us creating business value. If we supply, then we help business in achieving the agility they need in achieving the compliance in innovating and then collaborating, communicating the way they really need to do. So it's really about, there's a demand we can supply and we can help the business. We can really deliver positive things to the business. And it's not only about are we better in administration? It's about yes.
If you, if you spend that money for these things, then you can do your business better than before. That's what we always wanted to achieve. And here we are is I am et cetera. Another topic here will be big data, not only from a security perspective, but also from the perspective of how, how can we really deal in a good way and smart way with, with big data and sort of the common approach to big data. We collect masses of data, man, it through. So we process it and we end up with something that might be the needle in the haystack, or it might, it might just be, Hey, you never know.
I think there's, there could be more in, and that's where things like the API economy come into play and also live management platforms. I will have another talk on smart data, a single Thursday. So you take your data, you take maybe some other smaller data, you combine it, you processes, and then you enrich it. You use APIs to add data on runtime instead of trying to consolidate everything. I think that's far smarter. This is just a sort of a first look on this. I will talk more about this in another session, but it's about the right combination.
I would say between right combination of fat pipes and small pipes, and to do all this, to enable your business, you need an organization it organization, which is adequate to this. This is sort of the updated view of our keeping cold future it paradigm. I've introduced it last year in my keynote. It's basically the same. It's about how can I build an it organization that can deal in a structured way with it services regardless of their deployment model. So have a look at this again, I think it's an important thing here.
Another using and another on new microsite we have@call.com is the CIO GPS. So the GPS, something which helps you finding your power pass in that case, you have pass for smart investment around governance, privacy, and data protection and security. I've looked at these three areas because these are some of our typical coverage areas as Analyst and I looked at it spent optimization business, it alignment and strategic procurement. These are on the left hand side. These are the things which always concern the CIOs. That's what I really thinking about.
And then I've identified one major area sort per Quran in those metrics where to look at, have a look at the website. We have a lot of information linked to our research. And one of the things here is that you need to focus on a big picture that you need to understand the big picture of what you're doing avoiding point solutions. And I think that's very important. If you do things you need to have two.
If, if you're in Western, it, there are two important things. And this is a big picture.
I am, I am I achieve, I will talk about this more in detail and out of sessions, but there are two important things here. First of all, before you start spending money on a particular technology, you should understand how this relates to the bigger picture, very important, because that helps you really saving money. The is it's always not only about technology, but about guidelines, processes, organization first, and then the tools come in.
Well, there's an even bigger picture. So how, and that's sort of the original title of this keynote. How does this all relate to things like the I O PTs life management platforms, API economy, etcetera. I think it's really about identity being a Bigfoot.
So, so if you look at IM IG, so the one was the red star, it has some relation to all of these topics it's related to cyber threats because identity understanding identity helps there. It's related to the extended enterprise to the API economy, etcetera. You can't do the same. Starting with big data, big data requires identity requires steam. It requires a lot of other things. It helps you in the I O PTs cetera. It helps you in analyzing security data and the same for live management platforms, which rely on a lot of things.
The same for the extended enterprise, which relies on IM I achieve, which relies on big data and a lot of other things. So the point is really that these things are very tightly related and in fact, information security is at the center and it's related to a lot of other things. And IM IG is one of these, I would say, not only fundamental, but essential parts of information technology. So coming to the end, I think I only have some formulas left. I want to go back to the BII.
So one of my advisory customers said, you know, when you talk about this concept, what I'd really like to see is your advised on which areas to combine in spending. So when you have to pick some, in that case, I picked six of the IM IE areas, which are the ones based on your BII, you would sort of recommend to look at that clearly depends on where you are in your organization today. But this is sort of my best pick for I M I E there's access governance and intelligence. It helps you to get closer to your business.
It especially helps you in compliance fulfillment, there's dynamic authorization management, really moving from static access controls to rule-based approaches, there's privileged management. That's sort of a must do thing which really helps you in compliance fulfillment, and you can avoid doing it. We will have, I think, two great keynotes on this later today, there's access management and Federation as a very prerequisite for your extended enterprise. There's risk contact based access management.
Again, if you open up your enterprise, if you want to deal with the computing, you need to have it. And cloud directories, I'm a hundred percent convinced the things which are happening there will also have a very big impact. So these are things you should look at. And then like always in my keynotes talking a little bit about trends. These are my sort of 10 top 10 information security tasks, implement information, stewardship, understand risks, define the big, big picture risk and based, and context based access management, restructure your it organization.
And ex enable the extended enterprise implement privilege management. How do do mobile social secure look at the live management platforms. It's a red hot topic and implement it GRC as part of business GRC. Another thing I won't go into detail on the next slide is we also have, I think, published today, our new top trends for 20 13, 14. So we have some for IM cloud computing, etc. I'm running a little out of time. So just download the report. You always can register for select access to have, I think this one is for free anyway, but just download it.
There are our predictions for the top trends, and I think it's always worse to have a look at this. So coming to the end, what are from these slides I've gone through pretty, pretty fast, pretty quick.
What are, I think the major takeaways have a look at the cooking, a cold BII. So which indicates the business impact of it. Have a look at our cooking, a cold CIO GPS, which have to navigating through it, spend optimized opportunities, it and information security they can support and enable business by thinking in risks. The risks are the common language and that's, I think a very important thing.
There are so many things in business agility based on the extended enterprise, cetera, which are supported positively in this really should focus on these positive opportunities because we are much closer to the business than we have ever been before in it. And look at new technologies, such as I O P T S and life management platforms that can leverage your business. So thank you and have fun at EIC.