KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The IDaaS market combines Access Management functions with Identity and Access Governance capabilities, and delivers them as a cloud-based managed service designed to meet the common IAM requirements of hybrid IT environments, but finding the right IDaaS solution with a focus on Identity Governance and Administration (IGA) can be challenging.
The IDaaS market combines Access Management functions with Identity and Access Governance capabilities, and delivers them as a cloud-based managed service designed to meet the common IAM requirements of hybrid IT environments, but finding the right IDaaS solution with a focus on Identity Governance and Administration (IGA) can be challenging.
Hello, welcome to our Ko cold webinar. The market overview for Ida IHA solutions. This webinar is supported by Simo and the speakers today are Salva, who is senior vice president, product management and engineering at Simo and me Martin Kuppinger. I'm one of the founders of Ko and I acting as principal Analyst at Cola. Welcome Asif to this webinar. Thank you. Thank you for having us Martin looking forward to the conversation today. Okay.
And so, as, as usual, before we start a little bit of information about upcoming UN and some housekeeping, and then I'll talk about my part, which will be really looking at the leadership it HGA. So I'd like to, to highlight a few upcoming ones. We have two of our Casey life events, which are purely virtual, which is the enterprise blockchain day in on October 13 and the, and the event around six industry for oh, on October 27th. And then we have in November, we will have our cybersecurity leadership summit, which will be a hybrid event.
So you can attend onsite in Berlin or you can attend online, whatever suits you better. And so this is just something you should have a look at aside of that. We have some, some general information about the webinar. We are controlling the audio, so you don't need to care about that.
We, we will have two polls during the webinar, and we've look at the results of these polls by the end of the webinar we have for every of our webinars, we have a Q and a session by the end. So at the end of the webinar, we will do our Q and a, the more questions we have, the more interesting this will be. So don't hesitate to answer questions when they come to your mind so that we have a lively discussion in the third part of this webinar, and we are recording this webinar. And as usual we will provide the podcast recording and the slides used for download after the webinar.
Having said this, before we Trump into the topic, I'd like to start with the first poll. And I'd currently ask you to, to participate in this poll. And the question here is, was you already have a solution for IGA in place as Ida, so delivered as a service. So do you already use IGA as an it solution or not an IGA defined as identity governance and administration? So this combination of use lifecycle management identity provisioning the access governance, I'll give you a little time for entering your answers and highly appreciate if you participate in that poll.
So the more words the better is I'll leave it up for another 10 seconds or so, so more, five more seconds, and then we will close that poll. Okay. Thank you for entering your, your, your, your current state or your information into that poll with that. And without further, or do let's, let's have a look at the agenda.
So, as I said, the first part, I'll talk about the leadership com artists, IGA, which we have published recently, that leadership compass has been offered by my colleague, Richard Richard Hill, and by me, and in the second part, then as if some us will look at improving, I am with Ida IHA. So what, from the perspective added benefits of going for an Ida solution for the part of identity measurement for the IGA part of identity measurement, and then last, and at least we will have, as I've already said, our Q and a session.
And again, the more questions we have the better it is. So if you have questions, enter these questions. So where I wanna start is what were we looking for in the leadership compass on IDAs? So IDAs again, stands for identity as a service.
That means it is about solutions that are delivered as a service that are running easier from a public cloud, a multitenant, or that run maybe a single tenant from, from a cloud, but they which are really operated in an asset service model in contrast to the traditional on premise style of deployments of IGA and IGA, as I've said, the term stands for identity governance administration. It is in fact, a combination of three major capabilities, which are the use of lifecycle management. I'll talk about it in a minute identity provisioning.
So the technical delivery of information to the target system and the access governance piece, and this is also reflected in the criteria we have been looking at. And so, in fact, this is not only just eight areas, but when, when we look at a, when we do a leadership compass, we work with a very extensive questionnaire, which goes very much into detail. And again, several of these questions or many of these questions then can be well grouped into certain areas.
And from, from a functional perspective, mainly some of these things are more on the non-function side, but the, our core focus really has been on one hand on user lifecycle management, which is at the core of IHA. So how can you define, how can you set up and, and change and implement all these process and workflows around user lifecycle, which clearly includes trying move reliever.
But we all know, I think that that it's that just trying or move reliever, because there are different types of trying processes, different types of mover processes, such as just moving into a new department or relocation to whatever subsidiary in an other country. There are different types of legal processes, such as some emergency leave. And then there are the whatever maternity leaves and many other parental leaves, many other types of processes.
So it's, it's quite a set of processes, including the related processes behind that. And so this is one part, how do, how good are solutions in, in doing that? The second element is identity provisioning. So there's equipping rest new user, and then there's account and some entitlements in whatever active directory and SAP and in whatever else, then there's the access governance element, which is then Martin requests, additional access. Someone is approving this access, someone's reviewed this access. Does Martin still need this access?
Martin might be in a certain role for instance, on the group of Analyst or the role of Analyst. There might be segregation of duty aspect conflicts to be, to consider, to be considered, et cetera. So this is all this access governance part there's excess intelligence and risk looking at. Are there maybe, is there an excessive amount of direct assignments of individual entitlements for Martin, which might impose a risk, which might be an outlier in some way, an anomaly. And then, so this entire intelligence and, and analytics piece is another area.
We look at how to create workflows, how to build them, how to change them. Can you do it graphically or trust by coding? This is part of our workflow perspective. We take in the leadership compass is I for IDAs. We also clearly look very much at the architecture.
So the expectation is it is run as a service, but it's also built on a modern architecture and modern architecture means typically microservices, architectures container-based deployments, or maybe even server less built for scale built for elasticity, and also delivering a broader, it's a comprehensive set at the end of the, of APIs, so that you can work against these functionalities so that you can consume these capabilities. The deployment approach is another thing.
So what is the deployment approach is that there's a range, which is from really, it, it's just sort of the, that, that, and the notion of public cloud multi-tenant and you more or less procured with your credit card, which rarely helps for, I S I G it would be procurer around that to more, more solutions, which are run as a service, but might also be moved to a private cloud environment for certain use cases, stuff like that. So there's a, some variety in that, which from my perspective also makes perfect sense because the customer needs worry.
And so at the end really important, it is delivered as a service. It is operated service. It has the elasticity. It also has licensing model, which is focused on, or which, which scales and, and sort of also downgrades, which is with the use of it. So it is really the adequate type of licensing model. These are things we look at, but last, not least. We also look at the technology integration. So how well does the solution work with other elements of identity, access management, such as access management, policy based access controls, privilege, access management, etc.
But also how does it integrate for instance, with it service management and other technologies that also goes on back to clearly to this API scene. So the more, the better APIs you have, the better potential the integration. So this is a very high level perspective on all the detailed aspects.
We, we, we look at when we evaluate these solutions and we then, and probably many, if not, most of you have already had a, a look at the one of our equipping, a co-leadership company. So we always have the same dimensions. And overall, these are nine dimensions. Five of them are more product service related for our somewhat more company related or partially product partially company related. So we look at security at Yelp, sec technology. Every time of it today must be secure.
And for management as element of security, this is even more true, then very much at the center there's functionality. So does the solution deliver products of functionalities? So post the bra and death in technology, we look at integration deployment. So how well this is integrated, how well, how, how, how can it be deployed? So is this a set of single elements, or is it really a central solution for as a service solution? The bar is very clearly defined.
It must be provided as a service, but still might have some flexibility that sort of in the deployment options you have for as a service department, that interoperability also very important seem, how well does it work with other solutions, again, APIs, integrations, to other types of technologies, all that stuff. And last, at least usability, how easy is it for, for the admins, the Analyst, the users to use. Then we have the, we have the other product managements, which are innovation. So how much innovations in the product, how much innovation is driven by the vendor, the market.
This is about customers global go to market, stuff like that. So really the market position, the ecosystem partner ecosystem, specifically both integrators technology partners, etcetera, and last, not least the financial strengths aspect. So is this a very established vendors and a new startup, whatever we have done different categories of leadership.
So when, when we created leadership combust, a couple of years ago, the perspective we took was that it is probably too, too limited to just say, okay, this is simple metrics, or it's just more a one dimensional thing, because there, there are different aspects to look at and there's the product leadership. So how good is the technology, the product service, there's the market leadership, which is important for, for many, because it's about the ecosystem. It's about the customers. It's about the strengths of the vendors.
And, and we know that many buying decisions that are, or we only go for relatively large vendors, not sure is always the best solution, but there's also logic behind that. And reflecting, this is important, but it's only one element that there's also the innovation leadership. So product leadership could can mean also that the product is relatively strong, but there's not much new innovation anymore. Or it could be that there's products not so strong, but there's a lot of innovation and can then make a difference for, for your decision.
So do you want to have be more on the sort of speak safe side, or do you want to have something which has the bigger promise for the future? And so we take different perspectives here. There are number of, of metrics as a number of crafts we have in the document. As many of you already have seen, all of them are here. Not all of them will be shown here, but some of them will be, and then we have the overall leadership, which in fact combines the different types of leadership.
So for, for this leadership on IDAs IGA, we are had, I think, overall a total of 21 vendors we had integrating, and we have a couple of vendors we have in the list for vendors to watch vendors to watch sometimes are vendors that say, oh, we, we refrain this time from, from participating all vendors, which are maybe a, not yet a hundred percent fit for, for certain market segments. So there are different, different reasons. We always try to cover as many vendors as we can also to have as many vendors as we can in the rating. This is always our target.
And I think 21 is already a, a quite interesting number. I'm very convinced that for the next edition. So that will be that be 2022. This addition for that addition, we will have probably even more vendors in the rating and more vendors to watch because this market is evolving this market emerging. And as I said, then we have an overall leader perspective, which is really the combined perspective of across product innovation market. So this is really the, the bigger picture.
This is, I have to say sometimes a little bit impacted by that vendors that are largely very strong on the market side. Also by sheer size by ecosystem, et cetera, always core a little bit better than, than smaller vendors.
So I, I strongly strongly recommend to look at not only one chart, but look at the various charts, read through their detailed sections per vendor. Look at the spider charts. I'll touch them in a minute. So really go into the details because there's so much more detailed information. And I think it's always good to, to look at leadership, but also to go into details and look at, is this the type of leader that fits to what I'm looking for?
So we have overall leadership perspective here, and we, we see it an interesting mix of, of sort of established layers in the market, but also some new entrance which really started with IDAs IGA. And we will, I think we will see quite, quite a lot of evolution over, also over the next couple of months.
So, so see a, when I talk with vendors and I talk virtually every day, so at least every working day with vendors, we, we see that vendors are really heavily investing in their transformation, in the innovation or in the, on the market entry. So this market has a high level of dynamics in it, which always need to be also kept in mind when making decisions. When we look at the product leaders that is just really looking at the, the functional strength. So how well are it capabilities delivered, but also how good is the underlying architecture.
And sometimes when vendors benefit a little bit more from the underlying platform address really benefit mainly from their functionality. Again, it's then really worse to dive deeper into detail vendors you are looking at. We also see that there, there are a couple of vendors we, we have as identified as product leaders, and we have many vendors, which are not that far away from becoming such a leader. And this all that mentioned all the innovation going on. This will be interesting to see for, for next year's addition.
And also for instance, who then moved up clearly on the other hand, always we, we are raising our bar. So the, the expectations we have are always changed and sort of raised year by year, specifically in markets, which are still under, under development, which are still so to speak emerging.
Another perspective here is our innovation leadership, which already the vendors where we see the, the most innovative features, see the best delivering to what we expect in innovations like leading edge features and access intelligence based on AI capabilities or innovative workflow capabilities and other things. So this is, as I've said, another perspective, and this often frequently aligns with product leadership. Sometimes we see vendors which are way stronger in the one or the other part of the rating. And that is something which gives them some interesting information.
And last least we also have the market leaderships, as I've said, based on the number of customers, the, the global ecosystem, the partnerships, and many other factors we have. So we have these, these charts. And as I said, the slides will be available for download. The report is out for, for quite a while. And I think we have some very attractive ways of accessing all of our research. So if you look at our website for the KC plus offerings, it's, it's really easy to subscribe to our research and we have done also the spider chart.
So for instance, aside of a couple of other ratings, so they are definitely way more, there are strengths and challenges per vendor. There are the detailed ratings for all the nine categories I've mentioned earlier. And there are the spider charts, which I look at some more functional in the Protestant functional dimension, this map to the eight points I've mentioned earlier at the beginning, where, which are our main areas. And then we see this, this, in that case for simile, which also shows that they are sort of relatively equally good across the various area. Sometimes it looks different.
Sometimes we have vendors which are, have some gaps in certain areas that might be then something which fits your demand, your requirements on that. So it's always worse, as I've said, to go into the details, and this is why we create these leadership composes and why they are relatively long to deliver really detail into the inside, into, into these markets, as we perceive these markets as Analyst. So to sum it up, what do we see? We see really accruing number of really excellent products.
Leaders was, was a really good mix of, of innovation product features and market share, but go into detail, really do a detail, rough analyze this here, we see this market growing. I've mentioned that, and we see this market evolving so different types of deployment methods supported.
I think, as it's very worse to look at, because it depends on what you need, what, what your, your current and future plans are. We also see that this market is evolving quickly.
And, and while in the previous edition, we, we saw really a significant gap between most of the sort of traditional on-prem. It solutions very mature. The emerging I HGA solutions, this, this gap is really close.
We, we see that it's very close to, to future parity, at least in, in top tier of this market, important, you can simplify customization. You can simplify rollout. I think a very important aspect of going for IDAs and also one of the drivers why we see many customers see moving there, we see a lot of change in evolution in workflows and workflows that can also integrate not only, or not only create an it China or move lever process, but integrative other platforms.
So it's integration piece and workflows is very interesting to observe, and we see some vendors going beyond it and saying we deliver really something which fits more to the, a called paradigm of identity fabrics. So a more comprehensive, more complete solution here. So have a look at our research before I end my part. I'd quickly want to launch a second poll, which is really about if you haven't an IDs IDAs IGA solution yet, do you intend to shift to an I I G solution.
And if so, when will you do that? So please answer or enter your input. I give you some 45 seconds or so. Okay. Another 15, come on.
The more, the more questions you paid the better it is, so, okay. Another 10 seconds.
Okay, then thank you very much for participating in this Paul and with dad, we are back to the agenda and I hand over to Asif who right now will do his part of the presentation. Perfect. Awesome. I hope you guys can hear me well, thank you, Martin. That's that was really helpful in terms of setting the stage for what the, you know, the ID a IgM market looks like.
And, you know, here at Simio, we've been focused on, you know, how can we further improve and, and get return on investment for the Ida IGA for, for the IGA investments that our customers are, are making, how can they drive value out of the, out of the investments they're making? And we really wanna start looking at it, and that's what we are gonna be focused. That's focused on in, in today's our portion of the webinar in terms of how we can assess customers drive value. And what are we seeing? The approaches that our customers are taking to drive further value, right?
We'll start out talking about, you know, in terms of what our observations of the IgM market is, you know, specifically delivered in an ID ask model that co are call Martin and Richard Hill have, have very and nicely covered in their report and taking some of the synthesizing that report. We see that, you know, really the ID, a IGA mark solutions are, are delivered in two ways.
One is, you know, a SAS based model and the MSP model uhmy ourselves. We are, we deliver, I IGA solutions in an MSP model. The real difference between, you know, the, the, the two delivery models are, you know, SA SA delivered solution is, is delivered, you know, with, with feature function capability, the customers then responsible for integrating it and driving the business outcomes themselves.
With that, with that solution in an MSP model, we deliver it much like a SA solution with the same type of architecture, microservices, and automation, and in a cloud based model. But we also take accountability to deliver the business outcomes and deliver the return on investments that a customer is choosing to, to move forward with an, with an IGA solution.
So, you know, while SME provide a 99, 9 99 0.9% SLA or uptime, or a hundred percent uptime, the kind of SLAs and response times that in MSP provides is more on the business outcomes. We will guarantee the customers zero day provisioning. We will ensure there's, you know, a hundred percent a remediation of all segregation of duty violations within, within a defined timeframe, whatever that business outcomes are compliance mandates that that organization needs to comply with.
So that's the real difference in terms of how an IGA solution in an ID a model is, is, is really delivered the difference between SaaS versus MSP. So in terms of what we are seeing, you know, Martin touched on it, there are about 21 vendors who, who, who talk, who deliver IGA capabilities. We've seen the real convergence of the IGA market between identity, lifecycle management capabilities and feature functions.
And I, and the governance functions and customers really expect their IGA service or their solution to encompass both those capabilities, right? It's not either, or, but really how can we drive, you know, our joint mover lever processes? How can we, while we are having our joint mover, lever functions happen, how can we ensure that our segregation of duty violations are being respected? How can we ensure that, that people have the right access to the right resources anywhere they are, and it's being used appropriately as well.
So not just about provisioning and, and, and letting that be, but also tying into other systems. This is where the interoperability piece is really a key driving requirement that we are seeing with our customers in terms of once access has been provisioned and created really being able to tie into access management systems where the access policies are defined and where the access logs in terms of, Hey, asset has access to Salesforce, but has he really been using that access? Where has he been using that from?
So using that to right size, the roles and privileges as well is becoming a key component of some of the requirements that we are seeing, right. In terms of an interoperability plugging into service management systems as well, to drive a common request service and so on. Right? So while these are the needs, we find customers don't have the time in, in terms of, you know, earlier I, you know, IGA programs where multi-year programs, right?
It, it took a year or so to deploy a solution, but today the focus is all about, you know, how can we get time to value for our investments? You know, customers are looking to get, you know, get going or get live with their solution in, in, within, you know, within a few months, right. So really get, get, get the value for their initial investments in a few months, and then incrementally drive, drive adoption across, across their enterprise. So that's one of the key teams that we are seeing.
So if you really look at, you know, we looked at all the, the, the key terms that popped up both with our customers, as well as, as well as on the, on the ER called report. And it was the key, the, the key terms that we, we saw a lot of was about adoption, you know, scalability, agility, interoperability, and these were the key themes that we wanted to focus on for our section of, of this presentation and all of these key themes tied to that common goal of getting, getting a return on investment and getting value.
And that's what we are gonna say, you know, how can, how can SIM enable that for, for our customers, right? So the, you know, realizing ROI for identity is, is all about adoption.
That's, you know, that's how we look at it. It's, it's about driving adoption. That's when we are really gonna get return on investment for identity. And what drives investments in identity is, you know, security and compliance mandates. They come in various forms based on which jurisdiction you are, you are in. Sometimes it's, it's, it's driven by. So sometimes it's, you might be in a specific vertical where you have to be TCI compliant, compliant. You might be in another vertical, such as healthcare, where you need to be HIPAA compliant, right?
So these are the high level mandates that are driving identity programs. And how do you satisfy these mandates?
You know, the, these mandates are satisfied by putting in place the right processes to ensure agility for the organization, right? At the same time, the right controls to ensure that while we are achieving agility, we have the right control framework to ensure that the access is, is, is still relevant.
And it's, it's secure. And it's, it's it's privacy preserving, right? So from an apps perspective, you know, we are seeing all types of applications today, and this slide is supposed to look messy, right? The message that we are trying to get across is getting controls implemented in our applications today is a very, very messy process, right? So you have different types of applications, on-prem asset service applications. We have applications which are moving from on-prem models to asset service models.
So for a period of, or in a, in, they are sometimes in a state of an intermediary phase where they're in a hybrid model where they're in certain parts of the applications are SAS. Certain parts of the applications are on-prem right. Organizations are moving towards a full cloud model where they're building their apps on the cloud. So both the infrastructure permissioning of, of those cloud services need to be protected while the apps still need to be protected as well. So we are seeing that transformation and identities, the identity ecosystem itself is split across multiple silos.
We see identity governance systems, IGA systems, which is what we are primary talking about. We're talking about access management systems, and we see privilege access management systems, and all of these have controls in terms of how IJ systems are more focused on, how do you address your JML processes for your everyday business users access management's focused on ensuring the people are able to use those access to access those systems from any device from anywhere privilege access systems are focused on, you know, managing the privileged identities within these business applications.
So we get a whole bunch of applications with no common layer for, you know, for visibility of controls and the integration patterns that each of these ID systems have with the various applications and, and, and the various environments that each application has as well. So all of this makes it a, a very, very complex anywhere in terms of getting, getting value and having, you know, a single way of onboarding applications into, into, into your various identity tools to ensure that, you know, you have a good security governance and control process, right?
So how have companies been, been doing it today? Right. Most businesses, you know, go down the path of, you know, implementing an identity solution. It may be any of the tools that, that we see there, right? And they go down the path of saying, okay, we need to onboard hundred applications or 200 applications to meet our, our, our Sox mandates. Right?
And then the only way organizations look at doing it today is while we need, you know, we need X number of FTE to do it, or we need a certain number of contractors because the whole process of onboarding an application is a, a very resource and intensive exercise, the way it is being viewed at viewed as, right. So they, they go out and hire BAS, or they may be working with a, a system integration type organization. That's got BAS that will come in and do workshops with, with each of the application teams. They will hire a team of, of engineers who are IGA technology experts.
And again, this is all very unique to which identity technology product you have as well. Right? You may have technology product a, so you might have to hire six to eight technology SMEs of that specialty product. It's a very hard skill to find given what we are seeing with, with the acceleration that we are seeing and our adoption that we are seeing for, for IGA solutions. And they go down the path of talking to all these application owners, conducting discovery sessions, ongoing follow up, and these application owners are busy, right?
They're, they're, they're already busy with their day jobs of maybe they're they application owners of, of, of a trading platform, right. They're focused on rolling out the next algorithm, driven trading capability rather than focused on.
Well, my security team is now coming in and asking me to onboard to the IGA system to ensure we have good join and over leave processes. So their priorities are, are mixed. They're stretched in different directions, and they are not able to always provide the time when an onboarding team is reaching out to them. And when the onboarding team does get their time, they are involved in, in a, in, in a design process that is specific to their specific application saying, okay, how does your application authenticate?
How does your application authorize right, having this conversation to try and take that application and fit that into a model that will support a specific technology product, an IGA product that's, that's kind of the process they undertake. And then they go through the testing processes and it all runs on, on a timeline that, that is, that works for that specific application owner or application team. And they do the test cases.
Again, you gotta pull them in for the test cycles, be it integration or UT test cycles, and then promote the application across the various environment. And each application has their own freeze and promotion windows. Every enterprise has their own change, change windows, right? Getting the necessary change management approvals set up in a different change management system, such as ServiceNow is again, error prone. So the deployment process is, is error prone as well, right?
Because, you know, deployments need to go through change management processes and doing all of this in a, in a manual, on a per application basis. The whole change control processes are extensive and, and time consuming and are missing as well. Right?
So through this entire process, the whole visibility is, is lost visibility in terms of which application is, has what type of business process is implemented, because a business process for a lowest application, maybe just a manager approval, whereas for a high risk application, the business process may be that it needs to go through a manager approval, a resource owner approval, and, and for a high privilege entitlement, maybe even an entitlement owner approval, right?
So there is no single place where all of this is track, right, or, or customer usually has to go into the IGA system, dig into configurations to go on and say, well, this application is configured and set up this way for this specific controls. So this is a traditional way of doing it. Some organizations, you know, have gone down the path of saying, you know what we're doing factory onboarding.
And again, factory onboarding has been all about throwing resources at the problem rather than a methodology and, and, and some IP to solve, to solve, to solve the challenges around onboarding, to really drive adoption and return on investment. So what's the business need the business need, you know, has been, you know, how can we build a model to, to onboard applications across multiple application, a across, across different environments that will scale, not just for today, but also for the future right today it's infrastructure as a service platform, as a service, we are building apps there.
How can we build an app onboarding model that will scale for the future app security requirements are changing. The threat landscape is changing. The control frameworks are changing, are evolving, right? So as they evolve, do we have to go in and reconfigure every single business process? Do we have to go and refi, you know, set up new controls to address new business requirements?
How can, how can an enterprise really, in, in, in a single pane of glass, enforce their controls and push them down to all the different applications and really even be able to look at what controls apply to which application? I think that's a big business need that, that we are seeing with a large fortune find at companies. And so on that we work with, which is really the market that Simo does, does a lot of work around, right. And all of this needs considerable investments, right?
So if we find some customers going down the path of, you know, heavy customizations on the, on the tools and the technologies in the IGA area to get those business outcomes today, but those investments, those investments could, could, could all be lost. If, if, if something happens with, with a specific technology provider going through an MNA process, or, you know, companies get acquired all the time, we see customers going through acquisitions.
So how do we make sure that the investments that are being made are future proof and aligning with, you know, a model where that supports portability, right? So, so what's the, what's the semi approach to this, right? The approach that we have really taken to this is around a model of what's the next gen way, you know, factory, you know, as we've, we've, we've been an integrator in the space in our early days, right. Really moving towards a platform player, and we've evolved to, to a platform payer today.
And what we've done in our integration days is we've done a lot of factory programs for app onboarding. And we've evolved in our thinking in our maturity and moving towards a, a more standardized way of doing things is really bringing in our expertise.
That's, that's in our people, methodologies and pro, which are basically processes that we've learned doing app onboarding over the last 15 years. And while doing that over the last 15 years, we've created some IP and our IP for application onboarding is built on top of our identity orchestration platform. Right? So what this enables us to do is really drive an agile app onboarding process that involves heavy collaboration, where people are no longer exchanging emails back and forth.
They're operating in, in, in one ecosystem of an app onboarding platform where they can communicate and converse and conduct those workshops with the application owners and have them have them pick a design model that bets choose works for their application. So we bring existing authentication authorization models that we've seen across the thousands of applications that we've onboarded and we've. And we work with our customers to, to apply the design model for app onboarding that best suits their application, as opposed to designing every time.
And then within the same platform, once the app is onboarded, the application owner is able to visualize without going to an underlying IGA system and creating new workflows and having a view of what their access request form would look like or what the certifications would look like for their application. They can visualize it all in an automated manner within the same onboarding ecosystem, right?
And then further integrating with the change management systems, through our platform itself, creating the necessary change management tickets, integrating that to get the necessary change approvals, to move from one environment, applications, have various environments move the, the app from a dev to a test, to a production through the same app onboarding platform without having to go in and, and, and configure and reconfigure things in, in IGA systems. Right? So everything can seamlessly move.
The application owner can do this all in that one platform, which then gives the organization that end visibility around, you know, which application has been onboarded in which model on which environments for what business processes, you know, what are applicable workflows that have been applied to it, and really look at it from, from a, from a governance perspective that tomorrow, if our controls change, we can apply that control or change and push it out to all applications through this one app onboarding service, our platform to across your multiple applications, right?
So that it's, it's centralized change management and centralized visibility for, for, for really driving value right now, the way to summarize, you know, what we talked about is, you know, how can we drive a process that is scalable, that not only applies for your applications and your infrastructure today in terms of access is governed and controlled. Having a standardized onboarding model that's scalable for, for the future self-service is a big team in terms of how we do it.
We we'll talk about the two different ways in terms of how we encourage onboarding from moving, from moving from a centralized model to a more distributed model, the onboarding platform that we provide enables application owners to come in and onboard their applications themselves, right? With, with a completely intuitive user interface where they do not have to understand custom languages and programming type tools that may be native to that specific IGA system, right?
They are operating at a much higher level, similar to how a business user would go in and do a certification or request access. And app owner is operating in a similar model to onboard their application to IGA, as well as, as opposed to going in and learning custom scripting systems or tools, greater visibility for executive stakeholders to really have an identity program management across IGA access management and privileged accounts is something that we provide today.
We heavily focused on IGA, but at the same on app, once you pick an application, we provide the flexibility to onboard it, not just for IGA, onboard it to access management policies at the same time for authentication authorization, and at the same time pick and choose the privilege accounts and onboard them into the walls. Right?
So that gives executive visibility in terms of identity program management, where an a CSO can look at their applications and say, what are the controls, access controls, privilege controls, and IGA controls that have been enforced across their, across their application ecosystem, which really gives them the portability in the case of an M and a investment, or should one of the IGA technology companies choose to divest their technology portfolio.
The investments that they've made in terms of onboarding these applications are more abstracted in, in a, in an orchestration layer that enables them to push those same configurations out. Should they choose to move to a different IGA platform in the future, right? Which really gives them a higher return on investment, as well as they don't have to go down the path of ripping and replacing technologies, just because a specific technology provider chose to stop investments in that area. Right?
So the two ways that, that we really do this is, you know, in a self-service model, we talked about that before the platform provides customers that we come in work with a customer, enable them to teach them how to fish in a way, right. We teach them, there are methodology work on the business processes that, that are really applicable to them. Ensure those business processes are available within the onboarding system. The controls are configured.
So the app, the enterprise can really turn this platform over and tell really hold their application owners accountable and security is, is not just the responsibility of the sea. So it's a responsibility of everybody in enterprise. So holding their application owners accountable to go in and self-serve and onboard their applications while an expert assistance team from, from Simio can stand by to assist app owners as they onboard, right. Really driving acceleration and really driving throughput.
And we were having this con, I was having this conversation with a fortune 10 organization yesterday, right? They are really in the business of delivering IG access, Ida service, internal to their own enterprise.
You know, they, the identity team has their own IGSS service. That's marketed internally to their enterprise. And their comment to me is, Hey, self-service is great. Our organizational culture or the skills across the various application teams varies, right? So we are been tasked as an application team to really drive, drive the outcomes, right? So we operate in, in that model as well, where we come in and we can manage the overall app onboarding program, where we take a more active role with regards to onboarding these applications or working with them at the same time using our platform.
So we are getting the efficiencies and the benefits of, of automation and, and, and the standardized model with, with the governance and high and visibility. Right? So we did this, you know, we've been doing this, you know, for, for over 15 years at Sam and our, our products and services, we've, we've been innovating and evolving, you know, in terms of how we did, you know, back from the factory onboarding days.
And now we, we look at this as the next gen onboarding model is, is around, you know, we, this financial services customer that we worked with was working with within a, in a really resource based model where they said, Hey, we're only able to onboard 60 applications. Last year, we had a team of 15 SMEs. Some of them were business analysts. Some of them were engineers of a specific identity governance technology that, that needed really deep technical skills.
In, in that specific IGA area, we spent 27,000 hours, right? And we onboarded 60 applications with that same organization. We implemented our next gen app onboarding service. That's heavily processed and technology and automation driven. But at the same time, we are not discounting the expertise that is required as well. It just doesn't have to be 15 people. The expertise that was required was more along the lines of four people.
The throughput that we drove was 300 applications onboarded with this model and this methodology at one fourth of the cost of what that customer was spending for onboarding 60 applications. So we believe this is a new way to onboard.
And, and we we've had a lot of success with this, and this is what is really going to drive investments in and in, in return on investments for the IG investments is really getting that security and risk controls across, across all your applications. And not just to one, five or 10 applications.
The most of the enterprises that we work with, I think even in the, in a recent report was, you know, the average enterprise, even if you look at the mid-market space has over 200 applications and enterprises that are in the fortune 500 or global 2000 accounts have thousands of applications and organizations cannot wait years to onboard these applications. They need to onboard these applications in a really fast paced in a couple of years. And it's not at, at, at a clip of 60, it's gonna be, be never, right?
So that's, that was our focus around how do we drive adoption and how do we drive return investment for identity? And that's what we spoke about today over to you, Martin, Thank you, AIF for, for all the insights provided. And we have all the little time left for looking at a power results and the, and the questions.
So, so I propose, so if anyone has a question, please enter the question now. And I propose, we have a quick look at result of the first poll first, which was about, do you already have an I IGA solution in place? So we have, at a point that was in the webinar, we had 35%, which said we have something in place leaving two thirds, roughly, which don't have IHA delivered as, as Ida yet quite, quite likely the numbers will look a little different. Maybe we would look at access management, but today we are talking about I IGA.
And I think this is a number where we see the market is shifting to I IGA, but it's still some way to go. And I think this becomes even more, more clear when we look at the second question, which was for the ones sort, the second poll, which was for the one who haven't had Ida IGA in bla, and when will they shift?
And so some more than the three out of fives that it's now decided yet very few, that is a never or later, but we, on the other hand, see, see quite a number of organizations which will, or intend to that shift within the next 12 months or some which are already the planning, but say, we will not make it in the next 12 months, but probably within 36 months. So we see this, this shift, but we also see that a lot of organizations are near clear when and where they will shift with their IJ, how their modernization at the end of the day will look like.
So we are, are still in as also mentioned, we are still in some, some emerging market. And I think what, what was very, very important with you talk is, is really that, that you brought, you pointed out in a very clear manner that doing it as a service was, was all the various aspects of what, what doing it as service means. There are quite a, quite a number of opportunities you can have in contrast to the traditional way of doing, doing IGA.
And I, I think application onboarding for many who have IGA experience, I think it's very, very clear application. Onboarding is one of these things where frequently big promises are made at the beginning, and then it takes longer it's way harder than it's expected. The one thing I always bring up in conversations with organizations is the first thing you really need to just to understand or to define application better. So what is relatively similar because at the end, there are not that many patterns. There are few outliers, so speak, but there are many similarities.
And if you work on that, if you define that, well, then you can speed up your application onboarding very massively. So I would leave you with that, all the attendees, because as I've said, we are writing a little out of time. So not as much Q and a for today, have a look at all the documents of collaterals and your research. And thank you, Asif. Thank youm for supporting this webinar. Thank you to all attendees for joining to this could a cold webinar soon in one of our online or hybrid conference or webinars. Thank you.
Very, thank you, Martin. Thank you.
