Welcome to our KuppingerCole Analysts webinar, A Bridge to the Future of Identity, Navigating the Current Landscape and Emerging Trends. This webinar is supported by PING Identity and the speakers today are André Durand, who is CEO of PING Identity and me, Martin Kuppinger. I'm Principal Analyst at KuppingerCole Analysts. Today in this webinar, we will have more sort of a fireside chat about what André and me are seeing happening in the broader identity management space. So we'll look at what do we see as major trends in the market, shifts in the market.
We will look at how surely also the PING Fortwork merger is proceeding, what to expect here and look at various impacting factors, including surely also what AI means for identity, et cetera. So it will be more of a conversation and I'm looking forward to receive a lot of questions from your end because this is really what we will also like to do, responding directly to the questions you have. In this conversation, we will have for about the next hour, a little bit of housekeeping before we start. So audio control, you're muted centrally.
We are controlling these features, but so there's no need for you to do anything around it. We will have, in fact, one poll only this time. I will have a Q&A session and we are recording the webinar there. Recording and slide decks will be made available. In that case, as I've said, it's more a fireside chat. So there's sort of limited value on the slides.
Anyway, before we start, a quick poll here. And this is a bit sort of speak asking ahead of our conversation. What do you feel will be the most impactful area of innovation in digital identity and identity access management? So will this be a decentralized identity, all the stuff going on around it, call it decentralized identity, call it self-sovereign identity? Will it be sort of a huge take up of policy-based access controls across everything, using them not just for authentication, but way beyond that?
Now, is it identity fabrics for having a holistic approach on delivering access of every identity to every service? A term that became increasingly popular in the past. Number four would be automation of IAM for agile IT across all workloads. So dealing with all the workload identities and stuff like that. Last but not least, number five would be around AI and whether this is the biggest innovation. So the poll is open, it will remain open for a bit. And meanwhile, we directly will jump into our conversation. So first of all, let me welcome Andre.
Andre, pleasure having you here. It's my pleasure to be here, Martin. Thank you. So it's our first conversation of that style. And so I hope we can make it very interesting again. The topic I'd like to start with is a bit sharing our perspectives on the market. So when I look at the identity management or digital identity market, I feel that there's a lot of motion in that market. A lot of things happening, a lot of innovation we see, probably more than we had in many of the years in the past, for over two decades. So it looks currently being very, very dynamic to me as an analyst.
And I'm really curious to understand what your perspective on that is. Well, it certainly is dynamic, Martin. And so we're seeing, I've been involved in the space for 22 years now. And identity has grown. It's a little bit of a steamroller coming for adjacencies. And so over the course of probably the last, certainly the last decade or so, we've seen the purview of what, and the importance, both the importance and the purview of identity has grown. We're in an age right now to where I think we're shifting from kind of best of breed to platforms.
As a result of that, we're also seeing innovation. Innovation is happening in each category, but there's innovation across the categories. And that's one of the opportunities when you start stepping up and seeing the problem landscape from the eyes of the customer, who has to acquire technology and then integrate it to solve their business problems.
Now, all of a sudden, the convergence and the size and scale of companies such as Ping now get to see the problem a lot closer to the way customers see it, which is how do all these technologies integrate in order to achieve a user experience or security posture or an outcome for the business?
So we are shifting more towards some sort of a business perspective, business orchestration and business process perspective as well, where we say, okay, we really try or look at more at how do we really solve an identity challenge end to end journey of a customer and including whatever the initial registration flow, the onboarding flow, the recurring authentication flows and all what happens behind it when it goes into what is the person allowed to see finally? Yeah, no, you nailed it. And orchestration is actually a pretty major theme here.
When you look at the end to end user journey for the user experience, we need to weave our way through a multitude of technologies from initial onboarding, detection of, are we onboarding a human? Is there a bot trying to register, leveraging risk signals that can detect humans versus bots and then create different journeys for the different personas through risk engines, through, as we say, kind of the onboarding, the onboarding of MFA techniques or capabilities like registration of the phone is a strong authenticator.
We're starting to now see the user journey end to end and we're leveraging orchestration as a tool to architect agility in that end to end user journey. What I mean by architect agility is, is that rather than either configuring or hard coding the user journey through APIs, we're able to no-code or low-code visually design the flow or the user journey in a- Which allows us to change it very, very quickly but also allows us to either add, subtract, or change out different technologies much quicker.
Yeah, and I think this is exactly one of the important points when we do it that way, we become way more agile, we can adjust our customer journey, our user journey way more quickly. And as you said, we can much more easily integrate technologies, including new technologies, which also brings us a bit to one of my favorite themes these days, which is around all this impact of which decentralized identity will have. So this motion to people have their wallet and how this works. And I think in that area, this is what I find interesting. We have a bit of both.
So we have on one hand, we have that we can weave that into what we have. On the other hand, this is also something where a lot of innovations come together and will play together. So what I mean by that is for instance, I envision that we will have decentralized identity as a means that sort of complements our different ways we have currently for registration, for onboarding process, for instance, because we, instead of having people typing stuff into a browser window, we can consume it from the wallet, make it much simpler and also much more powerful.
But it's not necessarily sort of breaks what we have. We can sort of orchestrate it. On the other hand, we will make sort of leverage the full potential when we use all these proofs, the verified credentials someone has in the wallet for also making, for instance, authorization decisions, whether policy-based authorizations and a lot of innovation on how we grant access to whatever plays together with another innovation. So it will be a mix of that.
In that context, by the way, I also liked what you said in the panel we had a while ago, where you were thinking about thousands and tens of thousands of proofs or verified credentials in the wallet, not just the very few.
Yeah, so I would say, you know, the trick for companies like Ping is as a strategic advisor and a strategic infrastructure provider to our customers, we view it our role to look into the future, see things that are potentially disruptive and make them evolutionary, not revolutionary, meaning augment how companies are doing things today to make incremental improvement, leveraging the new technology.
And what you described as an example, in the future when an individual can maintain a digital proof of some aspect of their identity and they can share that digital proof with a company, for example, in the onboarding experience, where they're asked to self-assert attributes about themselves that have to then be subsequently verified by the entity. Instead, we can submit in essence, pre-verified attributes about ourselves. It proves something about ourselves that the relying party can then verify in real time once submitted. And we can do things like eliminate reg forms, for example.
We talk about the friction of a new relationship where there's no trust between two parties and we're gonna have to bootstrap our way into some semblance of a relationship and trust, but we're starting from ground zero. But it will become much simpler. Much simpler. And we're gonna be able to go from low trust to high trust much quicker. Yes. The result of this. It's both higher security and it's a better user experience, but our goal is to make that new use case absorbable by today's infrastructure, to your point. It's just an evolution leveraging this new technology. Yeah.
And I think what a lot of people, to my understanding, currently miss a bit is that there's a huge potential in having a lot of proofs because at the end, it's like having a lot of signals in risk-based or adaptive authentication or in fraud detection. So if you have more signals, even if not all of these signals are super strong, by combining them in the right manner, we can massively increase the trust level. This requires some thinking, but we can do it. A quick hint again on the audience. There's a Q&A section in the webinar tool. So you can enter questions at any time.
So the first question came in. The more questions there are, the better it is, the more interesting it is. And you also can vote for the question. So you can also sort of move questions up in the stack so that they are, that we probably will respond to them earlier rather than later. So use that opportunity because it's a great opportunity to ask Andre and also me about things you'd like to hear our opinion about. So aside of, so we touched orchestration, we touched a bit of policy-based access controls, we touched decentralized identities.
So when we look at what is sort of happening in the market, you also touched a bit the convergence aspect, which is a topic I'll like to pick up a little later in the context of identity fabrics. But what else would you say is something where you see this as really one of the more fundamental shifts?
Well, I think fraud and identity are beginning to come together. So I think a lot of fraud and fraud teams have been focused on where fraud occurs. Fraud occurs typically around asset or value movement or exchange. So I think point of payment, point of sale, point of wire transfer, things like that. But what's happened is that a lot of the adversaries have shifted left. The focus on identity to see if they can essentially find their way around the identity controls prior to the transaction.
And so as a result, the identity detection, threats, response, all the, ensuring the integrity of identity and fraud hitting the identity. So the fraud teams are following the fraud and the frauds, some of it beginning to shift towards identity. And as a result, we're seeing more collaboration between traditional IAM teams that were responsible for, modernizing their identity infrastructure, centralizing their authentication authorization policies, integrating that into all the apps.
And all of a sudden now, we're starting to see more conversation about how do we ensure the integrity of the identity system and how do we make it more resilient to fraud? And because fraud is now targeting identity, we're seeing teams, the fraud teams, we're seeing identity teams are beginning to become aware of one another and collaborate in ways that we haven't seen in the past. So I view that as a natural evolution of the importance of identity is now becoming a primary target. I dare to say that there are really blurring lines in many areas.
And I'll comment on your, just talk about how fraud and identity come closer. In a minute, I think the other one is, it's really this term of identity security, which I found a bit artificial at the beginning, I have to admit. But at the end of the day, I think it's, when I visually lies in my mind, sort of a Venn diagram between digital identity and identity security and cyber security, then I think it becomes very clear.
There are areas within the broader identity space that have to do at least not that much with security, which are really around the onboarding of customers, et cetera, which are really more a business aspect where we look at how do we deal with digital identities in a broader space. There are aspects in cyber security, which are not very closely related to identity, okay, we can argue that even network security has to do with the identity of systems and things, et cetera, but it's probably a bit further away.
And then we have this big overlap where it becomes very clear there's no cyber security without identity. And the other way, like you also talked about fraud and identity where things also come together for it. So cyber security impacts the way we deal overall with identity. So there's an overlap. And the other, what I personally see is, when I look at, again, the potential of decentralized identities and thinking further and saying, for instance, whatever our monthly salary statement goes into the wallet in a secure manner. And then I envision what does it mean for applying for a loan?
And what does it mean at the end for the KYC processes and banks and the AML processes? Then we have way more proofs to do these processes much more efficient, which by the way, makes it very interesting because in that case, we're not talking about, or we do identity management because the auditor had some findings, but we do it to massively reduce the cost of governance, the cost of compliance, and overall to optimize and to reduce process costs. And then we're talking about things that are directly relevant and interesting for the business.
So we move also into a very different kind of conversations with business. We're just at the beginning of that, I believe.
Well, yeah, so I do agree with that. I would say all tech hates redundancy because it's inefficient. So anywhere networking can allow a technology to either federate, say be done in one domain, but be leveraged in a second domain, it's inevitable that over time that will occur. So we did that with authentication. So open federation standards basically enabled the ability for authentication to be outsourced, centralized. So you could do authentication in one place. You could consume the authentication by applications. Every application didn't have to authenticate a user.
You could create a central authentication authority, use open federation standards. We haven't done the same thing for identity verification. So everyone verifies independently. Some do it better, some do it worse. In certain industries like financial services, it's regulated and the KYC bar is fairly high. But what we don't have is the ability for a strong identity vetting or identification or verification or proofing to be shared. And that's changing through decentralized identity and wallets. The notion that user has a wallet and they can run through a KYC by a bank.
The bank could issue a credential that verifies that certain proofing has occurred, but the bank now stands behind the identity of the individual, but a relying party could take that credential and rely upon it in order to do their own onboarding. So in essence, we've federated the identity verification process and we collapse it from being a redundant, costly business process that everyone does. Some do it well, some do it poorly. And now we can take the strongest vetting and use it everywhere.
So wallets are a propagation that will, in essence, I think collapse the redundancy that today exists in identity verification. And there's a lot of user friction today. And there's a redundant cost that is going to be eliminated as a result of verifiable credentials that allow individuals to digitally prove something about themselves. Prove they're an employee, prove they're a customer, prove they're a loyalty member, prove that they're insured, proof of their real name and their identity and their address.
All of those proofs now can be in the possession of the individual, carried around and used at will. Yeah. And I think when you're taking identity verification, it's even cumbersome for people like me who have some experience with IT and with identity. But when you go through these processes, especially when you have the humans you need to interact with via the web, it usually is not really smooth as a process.
Anyway, I think I'd like to go a bit forward here and look at a second element. We have a couple of questions here, so don't hesitate adding more questions. The more we have, the better. But the point I'd like to spend a few minutes about is before we look at identity fabrics, the future and AI is the merger. So PING Identity and Fortrock have merged. There was a lot of public attention on this. So maybe you can give us a bit of an update where you stand, how you see these things evolving, et cetera, and how this impacts the future of identity management, maybe.
Well, two great companies operating roughly in the same market of global enterprises who have a need for critical identity infrastructure wanna partner with a company that has been in the space for a long time, has a great reputation for serving the most mission-critical needs of the enterprise market for authentication identity management. That was the promise of Fortrock and PING coming together.
Over the course of the last, I'd say five years in particular, while the histories, if you go back farther than that, might've had what I'll call more core overlap, the innovation places we chose to invest in, of course, last five years were actually very, very different. So with two companies now coming together, operating as one, the bulk of the integration work is now behind us after about nine months. The roadmap for the combined entities is shared with our customers at a 24-city roadshow that we did at the end of Q1.
Obviously, we will present as one at Universe, our upcoming users conference that's also a global conference. We do several around the globe. But I would say this, the companies are looking to have fewer, more strategic suppliers, especially in these large enterprises where we're going to be dealing with too many suppliers, too much work to get the suppliers to pre-integrate their technologies so that the companies can get either the user experience, the security, or the business benefit.
So the opportunity here now to have been in the space for as long as we've been, worked with as many customers as we've worked with, to up-level the conversation, to deliver a platform that is pre-integrated for both the workforce and the customer use case so we can achieve with less effort on behalf of the customer, a better user experience and higher security, and also do it at the level of resiliency, scale, and performance. Those are all things that we individually, both Ping and ForgeRock achieved for our customers.
Now together, we've looked across the aisle of things that each company did well, and we've really raised the bar almost at every single department of the company. There were things that one or the other, we felt did an exceptional job, and we've taken the best of the best. So the promise here for the large enterprises is they're going to have a more strategic partner that covers more capabilities under a single vendor, and will pre-integrate those capabilities so that customers can get to value faster.
Okay, so beyond that, I think there's one question which fits to that, and I think there's been a lot of talk also about all the Toma Bravo acquisitions that happened. So this is something, and I've rephrased it a bit, which also sort of impacts your partner strategy. So we have clearly ForgeRock, Ping, but there's, for instance, SailPoint or others. So is this impacting at that level where it's not about mergers? Is this impacting also your partner strategies, or is this something where you stay rather independent? I'm not sure whether you can comment on that.
Well, so Toma is one of the largest investors in both security and identity. They have a concentrated portfolio. They've done very well in that sector. They like and know it. They make bold moves to allow companies such as Ping and ForgeRock to come together for the benefit of customers. But every investment is an individual investment, to be clear. Many times they come out of different funds. They have different partners. They're very focused on backing the best companies in their space.
On the fringe, at times, there might be a little bit of overlap in technology, but I don't find, or at least in my experience, Toma is not masterminding, if you will, a partner strategy or an M&A strategy. They look for great businesses in sectors that they believe have a lot of growth.
In the case of Ping and ForgeRock, the access management and identity management combined, serving large enterprise for workforce and customer with a particular emphasis, I think, on the innovation around the customer use case, it was very evident the combination of these two companies could serve companies better. And so that was the mandate. They don't get that involved in the partnership landscape. They leave that up to teams such as ourselves. So really our partnership strategy has not changed as a result of either Toma or even the integration of Ping and ForgeRock.
Okay, great. So let's look at the next point. And there's this talk about identity fabrics. I think we, as Google Analysts, we brought up this term a couple of years ago. I think we first used it, by the way, in a white paper we wrote for ForgeRock back in the days. And the idea is really, I would say, having a bit of both fabric in the terms of production, and fabric in the terms of mesh. So weaving together, and we talked about orchestration before, weaving together different types of services, but also delivering services in a different way.
So why are APIs to deliver identity services to applications you're creating? So this is a bit of the perspective. So I'm curious to how you see this. And I think there's a lot of talk about conversions in the sense of going back to monolithic things versus conversions via orchestration, versus best of breed in a very classical approach, how you see this evolving?
Well, fabric probably is an appropriate term. There's a different term I use at Ping that probably speaks to many of the same attributes of the fabric. If you think about identity, and the role of identity to secure the access of any individual on any device to any resource operating anywhere, it is a bit of a steel thread that has to weave its way through, not just its own technology, meaning the directory with the authentication services, with the MFA capabilities, with the risk signals, all of that needs to be configured and integrated and end user experiences orchestrated.
That's integrating identity into itself to achieve just the identity experiences. But the truth is those identity experiences have to weave their way into other business processes across omnichannel experiences, not simply the native mobile web app experience or the web experience through the browser. It's gonna find its way into call centers so you can maintain session between a digital experience on a web and a call center. Those are completely disconnected. You re-verified, re-authenticated the second you do a channel switch, if it makes sense.
So the perfect identity experience transcends omnichannel and creates a steel thread all the way through the marketing experiences, through the e-commerce experiences, if you've got those, through the onboarding. So it will become a fabric, if you will, a substrate that permeates every part of a business because every process has to be secure ultimately, has to be a level of assurance and integrity that the people initiating certain processes on behalf of a company that are directing company resources that they have appropriate access.
So there really is no limit to where this fabric ultimately is going to go. I think the opportunity has been, historically companies are forced to acquire best of breed technologies and integrate them in a manner that achieves the company's outcomes. And many times the companies don't have enough resources to do a world-class job at that.
They just, just running the infrastructure and keeping it resilient consumes the bulk of the resources. So they never get to the higher business value, the promise of identity. It's our job as an industry to collapse that complexity, to get to outcomes and user experiences through the pre-integration of these technologies. The way that it's coded, which is why orchestration is important. We have to deliver the fabric faster and cheaper, period. And I think that there are some interesting points on that.
So when we came up with the first graphic around the identity fabric, one of the things was that at the top we had, so two ways of interacting with the fabric. The one was more the traditional identity management approach, so to speak, inside out from the identity management to the application. So we create accounts, we do that in the application, et cetera. So we really connect to the applications. The other was really an outside-in approach, saying we need an identity API layer, which enables applications to consume the different types of identity services in a consistent manner.
And I think this is one level of this orchestration where we make identity available to the, so to speak, outer space. And the other point you bring up is we need to get better in sort of pre-integrating or simplifying the integration of the elements within the fabric, which by the way, this is the second point I'd like to make, are nowadays way more than we traditionally have in mind. It's not just IGA and PAM and access management anymore.
Identity verification, policy-based access controls and the all the authorization stuff, decentralized identities, fraud, intelligence, all these things are coming sort of into the scope of what we need to cover within a broader identity fabric that goes beyond the traditional workforce use cases. I think this also brings us directly to the next topic, which is about future. So where is all this going? So we touched the future. I think we touched a couple of points at the beginning.
What I'd like to do is, before we go into a more broader discussion about other things we see around sort of the future of digital identity and identity management, I'd like to look at some of the questions that came in. It's interesting to see that many of these questions are about identification, about authentication and about decentralized identity.
So, and maybe the first question to look at, which is one, that is when will become, when will decentralized identities become a reality? And we may combine that with two other questions that are also highly voted. The one is around the thoughts about the UDI wallet where some countries, Belgium, Italy, are already making sort of fast progress. Others probably take a bit longer. And how do you envision Ping and the rest of the private sector integrating with this new digital identity wallet architecture and the reference framework?
So it's a bit of a bigger scene, but at the end of the day, it looks like this is very, all very closely related. Well, I got asked back in the day, when's Federation gonna happen? And I remember early conversations, you know, this was early 2000s. I recall talking to one customer and I asked him, I said, so what are you gonna, you know, we were selling our new product, Ping Federate at the time. And I said, how many SSOs do you anticipate doing? And they said, this was over a dinner. And they said, well, we have two applications we're gonna federate with SSO.
And that same individual a year later in hindsight, when I said, so how'd the year go? How many federations? And they said, we did 200. So how could I have predicted, you know, the acceptance, if you will, of a new technology, which if you go back, people would say, no, we're never gonna accept an authentication. We're never gonna trust an authentication from someone other than ourselves. Like that's never gonna happen. Like we'll federate internally, but we'll never federate between partners.
Well, it turns out they did a lot of federation between partners because it was faster, easier and cheaper, and ultimately economics wins. So when you apply that analogy then to decentralized identity, I don't know that there is necessarily a distinct tipping point that says you're there. I think very similar to the, let's say adoption, if you will, of federation. You first have to have technology that is accepted in its standards and readily available.
And it will go through a technology adoption curve like most, you'll have innovators who will jump out way ahead and they will do use cases that are, you know, fully within their control and small. And there's probably gonna be lots of those. And over time we'll move from the innovators to the early adopters, to the early majority. And my suspicion is that will take place over the course of the next probably two or three years. I am distinctly now seeing the innovators in this space.
They are jumping out of our customer base and they are funding projects, pilots, and in some case, even production rollouts of decentralized identity. But if you look at the profile of the individuals who are leading the charge, they are very clearly the innovators. We are very clearly in the innovator stage of the adoption of this. I do believe that when we hit the S-curve, the steep part of the S-curve, that the adoption will be fast because the reward is so great. The early mover reward to certain industries, you don't wanna be a laggard on this one.
So I think there's a competitive pressure associated with many of the adoption because the user experience will be so dramatically improved. The security will be so dramatically improved that laggards in the adoption will be punished. And you don't always come across new technology that has those attributes. But as a result of that, I think once it is proven in not a lot of places, but a number of places, the competitive pressure to adopt will be pretty extreme. Yeah. And I think also that the two to three year timeframe is realistic. I think we came much closer to this point.
And yes, one of the comments in the question section was about having had conversations almost 20 years ago with late Kim Cameron about how this is evolving. And yes, there were visions about it and ideas about it. And it took us a while, but I think it's the same, like when we take identity federation, it was, at the beginning, there were a lot of talks, a lot of concerns about liability issues and contracts, et cetera. And then it became a reality.
And I think when you also look at standards evolving, like sort of the intersection between open ID and verifiable credentials, then we see that this will be something which will be woven neatly into also what we have, which is not... So I always tend to say that there's a disruptive potential in the sense of we can create new and improved business processes in a really fascinating manner. There's an immense potential. On the other hand, it is not that it breaks everything you have so that you don't need to rebuild everything you can.
You have a lot of points where you can integrate decentralized identities in what you have. At a certain point, you probably then need to make the next step in saying, okay, then I start really also modernizing more on the back end to make full use of it. But I think there are a lot of things which can go relatively fast. And I previously already talked about potentials I see around business process optimization, reducing process costs, email processes, KYC processes, et cetera. And this will be, from my perspective, very impactful. Where I see the interesting point that will be around...
And you talked about the usability already. I think this will be a very important aspect. I remember just recently commenting on LinkedIn post, which was about... I think it was about how many different UDI wallets will we have in the EU? Probably at least 27, taking the number of member states. But there was a long list of comments and none of these comments talked about the user perspective, the usability. And I think this will be a key factor. At the end of the day, it must become super convenient for people.
And there's a huge potential you talked about reusing identity verification, et cetera. But that's, I think, something we really must keep in mind. We're gonna have a lot of wallets. We'll just have to get over it. And I think a lot of applications will become wallets. I think wallets will be embedded in a lot of things, meaning physical things will have wallets that will store credentials.
As long as some of the credential formats and the protocols to get access to the credentials, to share them, to create them, as long as we do stay focused on some semblance of standards, then the fact that we have a lot of wallets and a lot of credentials and I'm everywhere is, I think it's gonna be reality. I don't necessarily see it as a problem per se.
Ideally, the value of identity is when we have one, a digital identity, how many places can we use it? So to the extent that we have different protocols, we have globally different protocols that are not interchangeable.
Okay, now that becomes a problem. Now in Federation, we did have a few protocols. We didn't have one. We had Federation Hub, interchange capabilities so that tokens that represented, for example, your authentication could be transmitted as you cross domains. So you could be in a SAML domain, have a token and wanna exchange it for an OAuth token. And we built translation services, token translation services that would do that so that the same identity could traverse multiple domains and multiple token types. I envision the same thing will occur with credentials.
So I'm not naive to say that there'll be one TCPIP stack for digital credentials and wallets. We don't want hundreds, but there probably is gonna be more than one. And we'll create interchange services and try to make the interoperability as you cross domains as smooth and as visible, invisible as we can make it. But probably when we look a bit further into the future, there will be one stack. There will be probably some legacy support for other stacks, but there might be a dominant stack.
You know, I'm long enough around to have seen the battles between IPX and IP protocols and other types of protocols at the network level. And at the end of the day, it's IP almost.
Yes, you may find something like an NTLM protocol. You may even find sometimes in a production environment, an OT environment, an LM protocol, you may find in some very old environments, you can't remove also maybe an IPX protocol. Probably something like that will happen. I'm a bit more positive on that, but it will take a while and we will have this need for sort of translating, integrating communication.
But I'm very positive that we will make also quite some progress here because, so what I like, those are things like, as I said, open ID, the world of open ID coming together with the world of decentralized identities already at the standards level, which demonstrates that people really think about how can we unify these worlds instead of having different domains that are segregated.
Yeah, and some of the ping folks that focus on standards have driven exactly that, to make sure that there is a bridge, if you will, between the way that we handle identity today and the way that we are looking to handle it in the future and making sure that those are not completely separate. So to your point, I generally believe that we will end up, the world heads towards more and more kind of consolidation and convergence.
So until something disruptive comes along and breaks the whole thing and we start over again, it's like multiple S curves, if you will, of maturity through the disruptions. Given enough time, yep, I think that the efficiency drives, the need for efficiency drive towards more and more kind of agreement, if you will, a convergence of protocols. But in the meantime, we have ways to deal with multiple parties coming from, you know, multiple domains or geos that might find their own way of doing things for their own reasons and we'll create interoperability between them.
That's the role of individuals such as ourselves. Maybe it might be also a great time because we talked a lot about de-synergized identity, which obviously is one of the key themes for the future of digital identity. Might be a great time to quickly display the results of the poll because these results also show that at least in our audience, which is probably a bit biased on some of the things because it's an identity-centric audience, de-synergized identity appears being really the big theme for what is going on. So let's look where sort of polls show up here.
Otherwise I quickly try to do it myself. Hope that works. I'm not a super expert.
Otherwise, if it takes too long, I never figured exactly out how does this feature of the US works. Basically it is that some 55, 56% of the attendees rated de-synergized identity the highest one. Identity fabrics and AI being in the around 15% range and the other two being so automation around workloads and policy-based access control being quite a bit lower. So I think that is not really unexpected. I think policy-based access, which is very close to my heart is still some way to go. But it's a very complex area we are talking about.
So it's, I think, a very logical thing that this takes a bit more. Okay, but back to our final topic, basically, which is AI. And maybe before we start talking about AI, one question I'd like to pick from the audience, which is going a bit more back to the future things, that is, are you seeing any industry trend to, and I think the keyword is finally, move away from passwords. So we have seen a lot of evolution there.
We surely use lesser passwords, at least in certain use cases like workforce, but also on the other hand, passwords are still ubiquitous when we look at all the customer consumer facing interaction. Any thoughts about that before we then shift to AI? Passwords are like cockroaches. They're hard to kill.
And, but we do have the techniques now, and I say techniques plural, because there's not a single technique that can span all the different equipment and user populations, that many of our large customers have. But somewhere between say pass keys, which is FIDO based for consumer authentication, during registration, if a user has a pass keys enabled device, we can register the pass key rather than ask the user to register a secret password. All the way through kind of like some lower techniques like email magic links, that are also a form of passwordless authentication.
You just follow the link and you can presume that the email account is secure, but not require a password. We do have all of the techniques now. And I think we're in the phase where companies that do have formal passwordless initiatives, the desire to eliminate passwords entirely, we are seeing companies move down what I call the maturity curve of passwordless. Holy grail meaning the entire elimination of passwords to everything below that. And we've seen some pretty sizable deployments of passwordless.
So it is definitely no longer a technical challenge so much as it is an implementation challenge that requires project management and an effort to understand your user population, both new and existing workforce and customer, what capabilities are available to your population and then which technique maps to the capabilities of your population that you could deploy in your authentication policies. Your authentication policies now can basically strive for passwordless as the goal.
It's definitely doable, but it's a journey and there's no one size fits all, which is what's making it more challenging. Yeah, but it's doable. I think this is the point. And by the way, trust is a side note. So one of the sentences I really hate is the user is the weakest link in security.
So in that world of where we have all the techniques in place to move to a stronger and more convenient authentication, getting rid of passwords, should we really blame the user of falling trap to a phishing attack and handing over a password or should we better blame the fact that there still are passwords around which we easily could avoid nowadays? I think this is something which is worth to think about, but given the limited time we have, let's jump over to the AI aspect. So clearly always the big password these days, I think at RSA conference, runs every one side, it was all about AI.
I think there's a lot of fuss behind it, but there are also a lot of things happening. So the first thing I'm curious about your perspective is about how you see the impact of generative AI on what is going on in identity management and digital identity, for then maybe dive, given that we have the time into some of the other aspects.
We'll start by saying, so Ping has been investing in AI for some time, generative is new as over the last year or so, but our view of AI is that we wanna take all of the signals, both generated by our own identity infrastructure and everything around identity, meaning endpoints on both sides, end user endpoints, and the new network edge is defined by SASE and these new cloud services that represent ingress and egress to your services.
All of those signals need to come together and we anticipate leveraging AI to help understand the signals and pull out the salient points of mountains of data, not just pull out the anomalies, but pull out the insights of that data and then feed that into the policies of the authentication and authorization engines that represent the identity control plane. So we really want a virtuous feedback loop of all the signals that are available to us through our own infrastructure and everything around our infrastructure processed or augmented, shall I say, by AI and fed into the policies.
So that's Ping's higher level strategy of this. Now, the generative AI stuff is intriguing to us in so much as, and I'll start with low hanging fruit, documentation. Many times the tagging and the search engines on documentation did not correctly map to the way users wanted to ask questions. There's an interpretation of a question. If you didn't hit the right keyword, you wouldn't find the right document.
The ability to live generative AI natural language query on documentation is a massive uplift and Ping is releasing new documentation that has a completely new interface for how you query and find the right documentation, as well as generative AI's ability to summarize documentation, but then also link to and cite the original document so that you can fact check the summarization. So right there, there's a massive lift. I think the other thing we're very intrigued is the ability to feed it our orchestration patterns and allow you to build new experiences through natural language.
Design me a passwordless experience that leverages X, Y, and Z and has these parameters. And so we're doing that as well. And the third piece is allowing it to see the policies and to either assist, recommend or change policies based upon the anomalies that we're seeing in the system.
So again, that's all part of that feedback loop. And the generative AI on both the policy creation, as well as the end user orchestrated experiences, I think we're in a whole new world. And I believe that for instance, orchestration pieces for Trent AI are super interesting field because you really can augment users. And I think this is really what that part of AI is doing. And augmenting intelligence in the sense of AI, helping users to do their job better and orchestrations.
One application onboarding would be another example where you can massively support and augment the users and doing a relatively complex job by providing them the right hints and the right help. So given the fact that we only have very few minutes left, I'd like to look at another identity related and not only identity, but also security related part of where AI comes into play. And it is deepfakes and deepfake detection.
And I'm curious a bit about your perspective on that because so I'm not that scared about deepfakes on the sort of a bit mid to longer term because I believe we have an interesting advantage here which is usually in cybersecurity we say, okay, the attacker only needs one working attack vector. We as the defenders need to defend ourselves against each and every attack vector. For deepfakes, yes, the attackers are using AI and there are a lot of tools for building deepfakes.
But at the end, we also can use AI to spot the minimal anomalies which can happen at various places from rendering to lip and speech synchronization if you have more data about the individual of what someone is saying is just very likely. So we probably don't only need one engine but a lot of these. And I believe that we have a relatively good situation here probably better than a lot of people fear that we over time will be able to at least bring down the risk and the impact of deepfakes quite significantly by fighting AI with AI. I'm just curious about how you see it. Might be controversial.
Yeah, no, no, I actually see it the same way. I think we're vulnerable, we're very vulnerable near term because as humans, we are programmed to trust our eyes and our ears and in digital channels they're no longer trustworthy. When I say digital channels, for example, the Zoom session. So I think near term, the population is very vulnerable, unfortunately. Mid to long term, what you described as AI to detect AI and infuse it by default into our digital channels because not infused by default should protect people the same way email filtering protects people.
And we don't recognize that it's there anymore. There was a moment in time where if you didn't have it you really saw it, things got pretty abusive and now you just never see this stuff it never makes your inbox. So I think leveraging AI for AI to detect AI on deep fakes will kind of follow a similar path. I also think that there are ways in which decentralized identity can also provide a level of authenticity and assurance, if you will. And those are all things that Ping is working on as well.
But those are, as you say, kind of to make that ubiquitous as more a mid to long term, not a near term thing. So I see the market the same way. I think it is a significant threat in the near term. Mid to long term, we've always been in a bit of a cat and mouse or an arms race, and that's not going to change. The change through AI will accelerate through this moment in time. Yeah. And by the way, we also will need to continue on that sort of integration of what we do in cybersecurity and identity with other fields like the fraud detection.
So clearly also the alarms of the business system must be tuned differently to ring when there's a $25 million transaction. Just closely following a Zoom meeting, then we need to integrate this.
Again, we need to orchestrate. There's a lot of things to do. All the signals that would show lateral movement, because there is lateral movement across domains, all of those should be brought to bear to either alert or block in real time through our authentication and authorization policies. So I believe a very interesting conversation. There are still a lot of pending questions we can't pick. A lot of them around decentralized identity and identity verification, what's going on there. A quick hint from my end, June 4th to 7th, the European Identity and Cloud Conference is running in Berlin.
The place to talk about all these topics in detail, four days packed with, I think, 230, 250 sessions, and many of them are also around decentralized identity, all in some way related to identity. So don't miss meeting us in Berlin. And with that, it's time to say thank you and to say thank you to you, Andrei, for all your insights, to Ping Identity for supporting this Copenhagen Core Analysts webinar, and to all the attendees for listening to us and entering their questions and making it so interesting.
So thank you very much and hope to have you back soon at one of our other Copenhagen Core events. My pleasure, and I'm looking forward to it, Martin, and thanks everyone for joining. And we will see you either at EIC or one of these other conferences. Take care. Thank you.
