Welcome to the KuppingerCole webinar "The fast track to optimize operations with IAM-as-a-service". This webinar is supported by Persistent Systems. The speakers today, my name is Matthias Reinwart, I'm director of practice IAM at KuppingerCole analysts and I will be joined later by Swapnil Mehta. He is general manager, identity access and privacy at Persistent Systems. Before we start, a quick look at what's going on at KuppingerCole right now, and this is just one hint that we are running a series of KClive events. This is online only they are for free. So just register.
And we really are convinced that this is high level content with world-class speakers, and there will be one event already, just tomorrow with about identity governance and administration and next generation access. And there are more to follow as you can read on the screen, and we would be happy if you joined us for these events as well.
And that's it for what's going on here at KuppingerCole right now. And let's switch over to the housekeeping for today.
First audio control when we are taking care of the audio of the microphones and you are all muted centrally, and we are controlling these features, so no need to mute or unmute yourselves and recording. We are recording this webinar and the recording and as a podcast will be made available short-term and there will be also the slide techs available for download so that you don't have to take notes for the stuff that we are presenting on the screen.
Of course, you may be want to take notes when we answer your questions, and that is the most important part of that slide. There will be a Q&A session by the end of this webinar, and please provide your questions throughout the, the webinars or whenever you think there is an interesting question to ask or that you just want to have answered.
Please enter these questions with the control panel, with the second question section of the go-to webinar control panel. And one thing to add here as well, there will be two polls in the second part of this, of this webinar.
So please be ready to answer the polls, to provide your feedback to the post so that we can work with these results as well. So the agenda of course, first mentioned again, questions and answers at the end. Very important. So then we can provide answers to your questions. I will start out with a short look at IAM project or IAM initiatives, why they sometimes underperform or typically underperform, and why this hampers a company's overall digital transformation, Then Swapnil Mehta will join me or take over first.
And he will have a look at how we can meet these IAM requirements of the digital transformation, and he explains that they can be met by process automation while optimizing costs with 24/7 hosted IAM service.
And I think that's an interesting and important trend just right now. And as I've mentioned, finally, we have the Q&A section to provide answers to your questions and just think of the polls in the second part. And that's it from my side when it comes to housekeeping agenda and all that I want to mention before we actually start.
So without further ado, we just start with my short look at IAM project and the changing environment for I am in general. So first of all, the changed role of IAM, I think that is an important aspect to look at because while say 10 years ago, I am was more or less an efficiency factor. When it comes to administration, it has changed completely from our perspective. And I think that is true for many organizations. I am is more important because it's moving closer to the business.
It's moving closer to security and what is required.
Of course, more and more organizations are waiting for their customers, their employees, their partners, to be quickly onboarded trustworthy, early identified and strongly authenticated. That is especially important trust right now with the COVID crisis, still in full swing. So it was strong authentication when you're working from home, it's an important factor, but there's more to that. The IAM is the system that is necessary to apply the right access rights, the right authorizations to every employee, to every person interacting with an organization.
And it is more and more imperative that we enable as much automation to start with. And if not possible, then more self service as possible.
Of course, if you are applying or if you are providing access to systems, an IAM system must be capable of being supportive to all relevant systems. Be they on premise be they homegrown self coded software or software as a service, wherever it is, and more and more organizations to be able to actually work in the digital transformation.
They must provide transparency and insight into the users and what they're doing and what they have access to. They have to provide documentation and evidence of compliance. And in the end, nothing is good.
As long as there is no that's, there is no adequate level of security across all systems. And that is changing for almost any organization in this way towards their digital transformation. And many organizations are not fully prepared for this transformation and the role of IAM because yeah, you see the quotes. We are not a software company and for most organizations, that's true. Nevertheless, they need to make sure that they apply the right level of, I am excess management, identity management for their organization, for their customers. We are not a security company, also true.
We cannot afford a big it team. And that is especially true when we look at small and medium businesses.
And even if they have the funding to actually to, to have a big it team, you just can find the right people to hire with the skills gap growing and growing. So in general, for many organization that it's true to say our focus is on our core business and it, I am security in general. It's only just a tool to enable us to do what is required. And that leads to what we call the common symptoms of, I am an IAG with a G standing for governance diseases.
So we, we, we end up when user complaints, we end up in people just saying, it takes too long to get the excess rights that I just requested. There is somebody not approving an access. Revenue is always an issue. I am not well done. Usually comes with lots of manual work with work that needs to be executed in target system, creating accounts, assigning access rights.
Of course, this altogether leads to lengthy processes. So often these processes are not well-defined are not based on best practices and they should be, then they could be. And that results in bumpy processes to be polite.
And if all this happens, you have escalations, you have people talking to somebody high above in the, in the hierarchy to make sure that just their requests are well executed. And often these escalations are required. Audit findings, usually also common symptom of Mim and IAG diseases. If you do not implement your processes adequately, if you do not implement the principle of least privilege, then you end up with audit findings. And that is an immediate sign that you should take action to improve your overall IAM.
And finally, all of this usually is still that there's still a significant number of these projects, failing maybe too complex, not well-planned to too large and wrong approaches that just don't fit the organization.
So this is where we see the issues and we are, hopefully we hear a good solution. And the second part of this webinar, while at the same time, these challenges are growing. We have more users. We are talking to more partners to more external parties. As we are focusing on a more platform based approach with more partners and parties along the supply chain, we have more systems.
We have more devices that require identities, accounts, and access. At the same time, we have more services. So we expand our, it, we use the cloud as a platform platform. We use software as a service. So we are not longer just talking about on premises data centers. As we did say, 15 years ago, or 20 years ago, we need to talk about IAM for a hybrid reality. All of these services, these more users lead to more data and that's, that needs to be protected adequately.
That ranges from employee data to intellectual property, highly confidential financial data, but also data to share a shared data that you want to have provided to the individual users that you have. And all of this users services, data leads to more responsibilities, more and more organizations required to use to leverage their IAM, to meet these responsibilities. So to make sure that they have governance in place, that they have evidence, they have proof, they have the necessary certifications and much more. And all of this is heavily relying on IAM.
An important point that we see as analysts and advisors is that especially those organizations that were open to understand the importance of IAM very soon, that they are now in a situation that they have an existing legacy I am in place and that they are facing challenges that are a bit different to those of the digital transformation. They have a system that is run usually on premises with their own security, security team, with their own governance team, with a dedicated IBM team. And that usually leads to high operations effort and cost.
It's really a lot of work with highly qualified people. They started out and often customized the systems to meet and to, to, to, to mimic their individual processes. They deal with software upgrades and patches, and that means downtimes and lots of work, maybe even to, to at night or at the weekend.
And on the other hand, they also have to meet the requirements of digital services and the new digital business, while they need to be compliant, they need to make sure that adequate governance is in place.
And also again, they are still facing the skills gap just because you had a qualified IMT team 15 years ago, does not mean that there are still here and that you can rehire them and an adequate manner. We talked about the small and medium businesses. Now we really have to look also at global and international environments. So large groups, large organizations that of course needs to operate in global environments, of course, around the globe. And they also need to operate their IAM and global environments.
And that means that you need to have a consistent approach for all the IAM systems or the aura centric. One main, I am system taking over the role of the coordinating part here. And we see that in many organizations, traditional IAM deployments, they reach the limits at the moment that you really have to expand the scope when you are in an international or really a global organization. And that means technologies. That means processes, but also information quality, just languages.
And you need to make sure that you have one single, consistent operating model in place around the globe for the entire I am. Then there is no downtime available by night because there is no night.
You need to meet regional and local specifics together with regulatory compliance that is of importance. So data residency's maybe an important aspect to look at with the data being, having to be stored in the individual region or country. And finally running an IAM in each country in each region is just not cost efficient.
So there are many aspects to look at when it comes to running and operating ism in global environments. So that means that I am needs to adapt. So we need to adapt an IAM to modern architecture and deployment scenarios. So we need to look at hybrid architectures in a platform world, and that we need to do that in a global environment. We need to have a look at more and different identities.
We've mentioned that before we really have more and more identities, even for one single user might be for a single customer, it might be relevant to identify a device or more than one device, an authentication factor to a single identity to understand that this is my tiers.
This is his iPhone. This is his iPad. This is his authentication device.
This is his, yeah, there's the application that makes sure that it acts as a second or third factor, but also contractors, softwares and software and services are important when it comes to more and different identities and all of these need to be managed as well.
And finally, we need to make sure that we look at ILM and all the building blocks of an IAM system as a service, as a well-defined service from its functionality, from its scope, but also a service when it comes to accessing it by our standardized protocols, by our standardized API APIs, to make sure that all the individual building blocks play well together and make sure that everything is scalable and can be provided and consumed, consumed from the cloud and from within the cloud.
So my final slide is actually the analyst's view on what is going on right now, because we see a clear trend that is visible and increasing number of organizations, plan to move towards.
I am services provided as a service. So they really do not want to have this large team sitting somewhere in the organization and running an IAS M system. As I described before, they want to benefit from solutions that have already successfully implemented workflows. So you are benefiting from best practices and you have as much automation as possible implemented based on broad experiences in organizations.
And this is also a trend that that is not yet on the slide, but I think that many organizations really see the fact that I am processes do not very much from one industry to the other. I think we will have them swap Swapnil talking about that as well. So in different industries, not necessarily very, very much when it comes to requesting access, having a user lifecycle, et cetera. So best practices are really a possible here.
So if you use an adapt existing expertise, which is then Cody fight within workflows, within systems that are operated as a service, that really means that you can improve the safety and the security of an organization, especially when we're talking about failing or underperforming.
I am project really using existing expertise does mean you do not have to reinvent the wheel again and again. So you end up with reduced design and implementation costs. So you can just build upon the experiences other have made, and you can skip the mistakes that others might have done before.
In different scenarios you end up with course with improved efficiency, think automation, you can make sure that you ensure the compliance that is required because compliance and governance is built into these best practice processes and workflows. And in the end, you also learn from this experience and you can optimize your business processes. And finally, maybe an important aspect here again is the reduced implementation time. So it's not only design and implementation costs, but you're really just quicker when it comes to the aspect of time to implementation. That was my final slide.
And before I hand over to swap the Maita and he can introduce himself just a quick reminder, again, that we have this questions panel within the go-to webinars office. So if you have any questions to swap and or me, please add them there. And with that, I want to hand over to spotlight Maita.
Well, you know, good morning, good afternoon, everyone. Thanks a lot for joining Mathias and me for this webinar for the session, appreciate you making time. That was a great introduction and presentation from RTSs. We'll take it out from there a quick introduction from my side, I'm the general manager for identity access and privacy business at persistent. And we as persistent, we are a global organization, you know, covering nearly all aspects of, I would say technology that, that are relevant for most businesses.
Nowadays, we divide ourselves. I should say we explain ourselves as a matrix of capabilities where the capabilities are divided between, you know, very deep and broad set of expertise and skills when it comes to some horizontals or technology horizontal, starting from the UI UX aspects of, you know, any technology or technology platform to, you know, data and, and data-based data driven capabilities.
And then obviously security becomes a core part of everything that we do.
And then on top of that, I would probably say cloud is an important consideration for all things, technology nowadays, whatever aspect of technology we are talking cloud surely gets through. And then as a part of that conversation, and also as a part of the capabilities that we bring in now, all of these technology capabilities are very valuable. And then in terms of, you know, the, the, the domain expertise that we bring in, or the vertical expertise that we bring in as well.
And there's a few areas that we really specialize in and have really deep skills in as well from a vertical standpoint areas where we focus include BFSI that's banking, financial and insurance sector. We are also very well, you know, expedience when it comes to healthcare and life sciences and the industrial area.
And lastly, you know, we also do quite a bit work with technology providers or technology vendors or ice fees, if you could say so where we are actually a partner for many of these companies, big are smaller midsize or startup companies, helping them build products, helping them put together product roadmap, or also, you know, taking their product and becoming their engineering and product team as such chemically. The goal is, you know, take all of these collective capabilities and help our customers accelerate their, you know, drive towards whatever their goals are.
In most cases, the goal typically is, you know, increase their reach to, to consumers increase, you know, their capabilities in terms of what all things that they can provide to, to their consumers, our customers, and then increase monetization, right? So our goal is, you know, use this technology, use our technical capabilities to ultimately help you fulfill your monetization goals as a, as a customer, as an organization, when it comes to information security.
You know, one of the core areas that we focus on is identity access and privacy aspects of identity and access management as well.
This is an area where we've been working for good 15, 18 years. We have a global presence when it comes to identity and access management in all our, all our security team is close to about 500 people, but, you know, the core IBM capabilities are probably, you know, with about 250 practitioners of sorts. And these practitioners provide all sorts of capabilities. It's not just the implementation capabilities, but there's, there's advisory aspects of it as well. There's quite a bit of movement that happens in the IBM world, every 3, 4, 5 years.
And that movement maybe driven because of, you know, some of the changes happening in the technology space. Nowadays, we see, you know, quite a bit of this moment is happening because our organizations are moving from legacy to modernized platforms, next generation platforms, or could be because you are moving towards a cloud based infrastructure as well.
And then, you know, it comes in some of our capabilities associated to manage services. We can help organizations manage their services, manage their platform, set up their platform, such that they can be run as services.
You know, whether it is just, you know, as a SAS service or a managed service. And we'll talk about some of those aspects as we go along.
And then, you know, we, we work with nearly all the major players, you know, within the identity and access management space, whether these are some of the big names, very well established names or some of the upcoming players as well. And these are partners for us in, in various regards. Some of these organizations are also partners for us where we are actually doing some level of, you know, engineering work for them as, as partners for them. We are surely implementation partners.
And in most of these cases, we can also be managed services partners for some of these products players in the space, a quick look at when we talk about identity and access management. I know a lot of the folks on the call possibly understand the space really, really well, but there's, there's various different layers of identity and access management. When you look underneath the coerce, you've probably see in other areas, different sets of capabilities that need to be enabled that need to be supported, that need to be, you know, provided integration for us, right?
So we try and cover nearly all aspects of identity and access management. And if you look at the central block of this matrix, all aspects that are laid out over here are areas that we provide support for in terms of implementation consulting capabilities, our managed services as well. And we take all of these capabilities and integrate those quite well, whether it is with, you know, your data here or with some of the common services that you might have in terms of logging or UI aspects of analytics, which is important nowadays for nearly everyone.
And then also in a while, doing all of that, the focus is that, you know, this is ultimately helping meet your business goals, right? So the top tier that is something that many, a times we as security professionals, we tend to forget that ultimately all the services that we are providing need to enable the business capabilities that a business has, and not only business capabilities, but some of the regulatory and compliance requirements that that need to be, you know, adhere to. And that would probably need to be complied with as well.
There's a quick poll I would like to put out or here and would appreciate if in case you can give us a quicker response to, you know, to this question and, and share your thoughts with us. We're going to probably give everyone about 15 to 20 seconds to respond to this poll. We'll share the results as well with everyone. And then we will move on to the next set of my slides and my presentation. Hopefully everyone can possibly, you know, respond to this question and give us some insight and, you know, some information regarding, you know, what you're thinking about.
It's good, good to see the results. Right. I see that the second and the fourth point is where the focus is, and this is what we've been thinking as well. Or the last three, four or five years possibly view seen that security is not our, I is not just a security tool, get our platform. It's becoming more of a business enabler. And I think my guess is probably in a couple of years, we'll see the business enabler number moving further up as we start looking at more and more of I platforms providing support for consumer identity and access as well. Thank you.
Moving on to my next slide.
So, you know, we've been talking about digital transformation then last two, three years, or all in the industry, everyone's been talking about this, and this is surely having a big impact on identity and access management as well for, for, for multiple reasons. One is I am platforms themselves are being transformed. They are being transformed either as managed services or access services or as improved on-prem solutions, which can work in an hybrid environment and can also support hybrid infrastructures.
And we've also seen that nearly all technology platforms are probably going through the same, same cycle of evolution, right? You know, most of the platforms are going towards the approach or pure place SAS models, a goal for that is to try and make sure that your technology platforms are agile wiping, obviously secure and efficient and provide, you know, support to most of the business goals that you are your business teams would have.
Right.
You know, ultimately technology needs to be an enabler. It shouldn't be a hurdle, but, you know, to make sure that that's how technology is performing quite a bit of work needs to happen. And nowadays, when we are talking about in a very fluid set of technology platforms, identity and access management becomes management becomes furthermore critical because a lot of this movement of information, a lot of this movement of user experience from one part of technology to another, or one application to another, or one service to another is made available by identity and access management.
And it's not easy to sometimes manage the IBM platforms because of multiple reasons. One is it could be because the platform that you are working with is a legacy platform doesn't really lend itself well to a hybrid environment. Or maybe it's because, you know, you don't have a lot of applications onboarded, you have a pretty good IBM platform, but you don't have the, the ability to take that platform and integrate it with all the right type of applications.
And lastly, all of this could also be because of the skills gap that you might have, you might have the right platform that was set up by the right team, but it was a team of two people. And that team is just not scalable enough to onboard all the applications that you might have, especially if you are a global, you know, organization and obviously provide the support necessary towards it as well. Right? So what we've seen is, and, and my colleague called us out that, you know, many of the IBM platforms possibly could be called out as not so successful initiators.
And there's multiple reasons for that. One of the things that we've seen is that I am for compared to all other platforms still tends to be quite complicated, right? And when we're talking about identity and access management, as one of the previous lights that laid out, it's not just identity and access services, there's multiple different layers that one has to deal with.
When we are looking at each of these separate capabilities, there's multiple different, different integrations between all these different threads of identity and access management.
There's also integrations with various parts of your applications and application platforms. It's not easy to monitor what's happening, where it's also not easy because of all of these integrations and in payroll and ness of this infrastructure, it's not easy to maintain, enhance the infrastructure, right.
You know, you need time effort and the skills commitment to get some of this. Then secondly, you know, there's also been unfortunately lack of automation that we've seen, you know, with IBM platforms, especially in terms of onboarding of applications or maintenance of the applications as well, right? Some of these things are changing, but some of these things could also be managed better if in case you are looking at the platforms more as a service, you're working with someone who can provide that platform to you as more as a service, right.
Then lastly, you know, about five years back or six years back, we were still looking at, I am more as an afterthought. It was not being part of as a strategic component of your infrastructure. I know that part process is chaining. Surely everyone's looking at, at IBM as, as, as a very strategic initiative, but having said that Matt, when it comes to execution, it's still sometimes doesn't get, give, get the importance that you need to provide it. And maybe some of that could be provided.
If in case you can take a look at it as you can take away some of the operational burden, pass it onto someone else that way, as you can for focus on some of the critical aspects of, of IBM platform and the business aspects of the platform. Lastly, you know, the move to cloud is possibly going to help improve the value that everyone's going to be driving out of the IBM platforms and the IBM platform need not just be a SAS platform.
It could also be a managed platform if in case you don't want to go towards a pure place SAS model.
And with those things in consideration, we've laid out some of our capabilities. And while this is a presentation, that's kind of focused on persistent, but probably you would see that many of our, you know, competitors or many of the peers that we work with in the industry, they're also going towards this model where you're trying to make, I am as a, as a platform, which is much more manageable. And you take away the burden of, you know, the skills that you would have to maintain as an organization to maintain it. So what are the key aspects of IBM as a, as a service, right?
And my guess is, you know, everyone on this call has been dealing with something as a service. You probably have been dealing with your middle where your data, your, or your front end as a service, right?
Everyone probably, you know, makes use of Salesforce type of applications.
Now, you know, you kind of understand the typical implications of moving something towards a model. Lot of those are pretty relevant for identity and access management as well.
Now, you know, a few things that we've tried to provide to our customers while working on it as a service is why we want to provide a unified platform, which can give you all the different cupcake capabilities when it comes to identity governance and access, access management.
And what I mean by that is trying and providing you the capabilities within identity governance, for compliance requirements, for identity management requirements, the provisioning deprovisioning capabilities that you would need at a station recertification capabilities you need, or whether you're looking at access control from a Federation or single sign, or a strong authentication around authorization standpoint, we are going to try and provide you a platform which can provide you all of these capabilities while you could make it modular, modular, and componentize it as well.
And what we mean is if in case you're working with us, you don't have to try and provide all our, get all the capabilities from us. You could probably piecemeal it. You could say that we only want to start off with the governance aspects as a service, leave the access control aspects on prem or the other way around, based on your requirements and your priorities. You could also say that, say that there are certain sets of tools and capabilities that you would want to use for governance as against some other set of tools and capabilities for access control.
I think as a service, whenever you're looking at IBM, you would probably want this capability where you could mix and match, you know, tools. You can also try and use it in a, in a staggered approach so that you can probably go towards a pure place as model or a period of time.
You also want a lot of out of box component, component controls, which by the way, are enabled by risk. Right?
You know, when you're looking at out of box SAS services, you might see that, you know, they provide you a platform, but there might've been many controls which need to be set up on top of it. And you as a team or your team might not have the skills or might not have the bandwidth to create those controls. We come into play over there. We create those controls.
We create the framework for you to onboard applications in an automated fashion, whether it has the governance set of capabilities, or whether it's the access control set of capabilities and trying to do this in a, in a risk driven pharma, right, where the risk information could be coming in, not just from the IBM platform itself, but this could be coming in from the SIM tools or any other, you know, data analytics tools that you might have as well.
And ultimately trying to do all of this in a business friendly manner, and also getting into, taking into consideration some of the user behavioral aspects and the user driven analytics, that would probably be important for you. Our role is to try and provide you a service, which is not just compliant at one point in time when you probably, you know, need to be going through your compliance or regulatory reviews. But we want to provide you a service that is, that has always brought providing you continuous compliance, right?
And we want to be able to be in a state where at any given point of time, if in case you want to go to an audit report or audit, you know, I would say review as such, you don't have to do any special preparations. You're already there. The services is ready for, you know, any type of compliance, whether it is a regulatory compliance or whether it is some type of, I would probably stay internal audit or development, DevOps type of requirements that you have any type of.
I would probably say cloud access reviews that you would have to go, we will have the service enabled for it while you are doing all of this, right. There's a few business goals that you would want to try and, you know, meet as well. And one of the goals typically, you know, for organizations is that how can we provide a service, which is not only reliant, which is available 24 by seven, which is secure, but it's also going to cost you less, right?
And that costs you less is, is, is that cost factor is something that could be, you know, taken care of through multiple different factors over here. When you are looking at IBM as a service, the cost would go down because you probably moving towards cloud, or you're probably moving towards SAS based service, or the cost would go down because you're probably leveraging a shared team of resources or providing you 24 by seven dedicated support.
But because it's a shared team, why you get dedicated support, the total cost kind of goes down for you.
The cost also goes down for you because you could automate, you know, processes. My colleague called out the fact that why do you want to try and reinvent the BD? If you can work with a team which has been doing this, or which is doing this day in and day out, you know, we, as a team would be much better positioned to try and provide you that support for automation to provide you that support towards efficiency, to provide you that support towards expediting some of the activities associated to the maintenance and management of the platform, right?
And then on top of that, you know, with a managed service, you can also have the ability to scale up or scale down as needed based on how your business cycles for form as well. Right?
So, so collectively, you know, while you get a much more responsive service, you get a much more secure service. When you are looking at, as, as a managed service, your overall costs typically will also go down. If you plan it the right way.
Talk about some of the framework aspects of, you know, what we provide as a service, what are the different considerations and what are the different areas that we focused on when we are working with our customers to provide them. And I am as a service. So typically then we are talking to our customers at a very high level.
You know, we want to make sure that we can provide them that administrative support in a, in a 24, by seven manner administrative support in terms of maintenance of the service, the overall support from an standpoint as well for the platform. And then also the DevOps aspects of the, the, the overall maintenance of the platform, right? It's not just the maintenance of the platform, the service, but the integration aspects are very important as well.
You could probably have a team that's working with you, which understands, you know, two aspects of maintaining a platform, but might not have the expertise to take that platform and integrate it with applications or integrate it with other, other, other platforms. And then also maintain it in a sustained fashion. But we do that because we know this domain quite well. And that's a critical aspect of making sure that, you know, you have a team that's working with you that can provide you end to end support for the complete framework.
And when
We work with customers, you know, we understand that when you're talking about identity and access management, you are talking about a service that's extremely tightly integrated and is a critical aspect of any aspect of your business. Whether we are talking about enterprise level identity and access management or consumer facing, or consumer identity and access management services, these are services that need to be running 24 by seven. You just can't afford to have any kind of downtime, especially when it comes to access control. Right?
So, you know, when we work with our customers, we are not going to force a change from the get go, because it's very hard to make a change in a while. You're also trying to transition from one model of our patient to another. So typically when we transition over the services and our team takes over control from your teams, we will transition the services as is, we will ramp up the team on our side, have them work with you, or a period of time.
They complete control of that service.
And then once we've taken control of that service, we try to incorporate operational excellence from our side, in terms of, you know, various different aspects of operations of that service, whether it's just the pure play maintenance of the platforms or the underlying, you know, components of the platform or whether it is the application integration and onboarding aspects of it. And then typically the third state stage, which typically comes up after about 12 to 18 months or so is the transformation of the platform, right?
So once you've taken control of it, once we understand what we have, you know, from, from your side, and once we also understand your technology and business goals, we'll be in a much better position to take the transformation or get the transformation plan out for the, for the overall infrastructure. And because we do this day in and day out, we probably may be better positioned as well, both in terms of experience and skills and resources necessary to get the transformation then without any disruption for your technology platforms.
This is a slide that lays out a typical, I would probably say, you know, timeline that we see that has worked well when anyone or many of our customers have been planning, you know, a possible move towards a managed services model or a managed service in a managed I am service model. It usually takes, you know, once we've gone through a couple of months of interaction and planning and discussions, it usually takes about two to three weeks for getting the contracts.
And then obviously once the contracting process is taken care of, it takes about anywhere from eight to 12 weeks for us to, you know, understand all the capabilities that you build out, take control of those capabilities and get to a state where, you know, dependence on your team has gone on to probably in years year or so.
We typically, you know, see that there's about four to eight weeks of joint effort that's necessary where both the teams are working in parallel with decreased effort from the customer side and increased effort from our side and by the eighth or 10th week or so typically, you know, the customer teams can take a complete backseat with near zero involvement, you know, from, from, from the teams as well.
And once we've taken control usually takes about two or three months of stabilization to make sure that everything's working very smoothly, no issues, no disruptions.
And that's the time period when we also try and avoid any team to the, to the, to the platform, we just make sure that everything is working really, really smoothly. We might be onboarding applications, but we might not be making any updates or upgrades to the infrastructure assets.
And then, you know, after about four to six months of having maintained the system, having worked with the system, then we probably get to a state where there might be some level of upgrades or enhancements that might be not taken up as well. But overall, you know, these are some of the things that are also very specific to customer requirements. So the plan could be tweaked based on what a customer needs, what wanted to lay out typically what we've seen work quite well with most organizations in terms of tools and capabilities.
You'll probably see that, you know, with most managed services providers and with, with any infrastructure, there's a basic level of tools and capabilities that have been built out from our side in terms of, you know, giving you the exposure to how the systems being maintained, what are the activities that are being performed?
What are the issues, if any, that were probably triaged and fixed from our side and give you the ability to open up any shoes or tickets from your site to make sure that, you know, you have the, the ability to actually expose out some of these, you know, service aspects to your internal users, whether they are business users, our technology users, typical standard stuff for any services as well.
We also make sure as a part of transition that we connected with your, you know, product platforms that way as if in case there's any triaging that needs to happen with the pro product platforms directly, our teams can do it on your behalf.
You would still own the licenses in most cases for the products because you've procured them, but we will be working on your behalf to make sure that, you know, there's no involvement involvement necessarily from your side when we are, you know, working with any of the product players or platform players, you know, the product providers, I mean, you know, for fixing any issues, if there are any issues that need to be taken care of, ultimately, you know, when we are looking at any issues, we, we try to break them down into queries, task issues and improvements.
You know, these are all areas that we would provide you support for. And, and, you know, all of these are, I would say quite intuitive, but, you know, sometimes when we are looking at the managed services, we typically end up focusing on issues, you know, the, the typical day-to-day maintenance tasks that need to be taken care of, or the queries that need to be responded to from a customer, you know, to help, you know, the customer just go through his or her day to day activities.
Those are all also taken care of as a part of the, I am service that we provide.
These would be questions related to, you know, questions coming in from business user as to how do you change your password, right. Simple query, or it could be, you know, a question coming in from an application owner on how do you onboard an application? What are the different tasks that need to be taken care of? We do provide support for that.
The typical tasks that, you know, one would probably look at when I'm, so a platform is being managed, our tasks, like, you know, the enhancements and assessors, and necessarily any maintenance activities that need to be done on a daily or a weekly or a periodic fashion. And then some of the improvements that need to be taken care of as well, right? And the improvements are not just outset technology improvements, that could be functional improvements as well.
So then we try and set up in our relationship with the customer to provide, I am as a service, we will bake in some level of improvement capabilities that could be supported for as well on a periodic basis to enhance the value of your overall platform.
Typical SLA is that you see for service coming in from us, again, pretty standard stuff.
This is, you know, pretty industry standards. And, you know, we try and meet requirements based on customer specifications as well. These are not numbers that are, you know, I would say baked into, you know, in our starting starting position, I should say, like, you know, when we are working with a customer, we are always trying to take a look at what would be the requirements of the customer.
And many, a times, you know, the domain that you might be in might also dictate what type of support you are, you, you need. And, and, and these SLA criteria could be, you know, tweak accordingly based on in what your requirements are.
Our goal, when we are looking at any VC metrics is to try and take away most of the responsibility and accountability from your team and take, take control towards, you know, take control for all of those aspects as a part of our service, right?
We would want us and our team to become responsible and accountable while you consulting you and keeping you informed as well, because that's the ultimate goal that you can probably reduce the team size on your side, or you don't have to worry about the skills that you need to maintain on your side.
And you surely don't have to worry about, you know, maintaining the team in a 24 by seven fashion with a global footprint, necessarily gaining of some of these slides, we'll come to you.
I won't go to the details of this slide as well when the governance and the communication aspect for any services very, very important as especially so in the first to four months, as we take control of the service from, from your team, the governance becomes really important after that as well, because we want to make sure that while you've taken control away from your technology teams, you don't feel like there is a loss of control on your side.
It's just that the work is being taken away from your side.
The operational burden is being taken away from your side, but you are still being provided the control. You still have some level of governance control as well, and you have complete visibility into what's happening and how your platform is, is working. What kind of, you know, what, what, what kind of, you know, efficiency that's being done by the platform for you and what kind of support is being provided by the platform for, for you and your business? Ultimately, you know, another thing that's really important is we're not just talking about technology.
We're not just talking about technology and people process as well, but we are also talking about the people aspects of it. And the goal is that, you know, what you've seen is most organizations, they will be anywhere from the first column to the third column.
That's where their I am platforms typically tend to be for, for most organizations, except for very, very mature programs.
And our goal is that we take you from one of those first two or first three columns and get you to the optimized state in the first 12 months or so in terms of technology process and people again, you know, and you get a slide deck, you can take a look at some of the criteria and some of the things that one should be looking at, but these are the different, you know, topics that we try to try and code as a part of our managed services model.
So last thing why persistent, right?
So we'll, you know, bunch of reasons. You've probably heard some of the reasons from me as a part of the presentation as well. We have deep expertise of this domain and not only do we know identity and access management really well, we have deep technologies skills, overall giving is the ability to understand how I am works with various different parts of an organization, right? So it's not just the, I am aspects of it, but we understand the data integrations.
We understand the same integrations in platform, or we understand how different application platforms would be integrated with, you know, I am as a service. And secondly, by the way, the experience that we bring in and the tools that we bring in really helps you expand this move towards the sassy fide model or towards a maintain and managed cloud model.
And then by the way, you know, there's a bunch of, you know, tools and capabilities that have also been built out by our organization to make sure that, you know, once the system's being taken over the control has been taken over from you, you have the visibility into the platform. You have, you know, a good level of information on a day-to-day basis day-to-day basis on how the platform is performing with that said, I want to call out that, you know, all of this information is going to be available on our website as well.
You will get a deck, you can also reach out to us and we'll be happy to do one-on-one sessions with you. We can do one-on-one workshops with you as well, to go deeper into some of these capabilities and help you understand how some of these tools and capabilities and services can work with you understand your requirements, your priorities, and then, you know, carve out a model that's going to work out well for you as a business team or a technology team.
Last thing you know, would like to conduct a quick poll before we go to Q&A, but would appreciate if in case you could respond back to this quick question from our side, interesting. This sponsors over here at the fullest, one was expected.
You know, we typically come into come across IBM platforms where they struggle to keep pace with the business requirements. They struggle to keep pace with the onboarding requirements from a technology standpoint as well. I also see that ROI is an important consideration because I think many programs start off with some significant ROI expectations.
You know, some excellent work gets done in terms of, you know, setting up of the baseline platform. And many times the first set of critical set of applications get onboarded as well, but a long tail of applications typically don't get the support that's necessary.
And usually what you would see that as if you're looking at IBM as a managed service, those long tail of applications, you know, 500, 700,000 applications that might not have been onboarded, and you don't have the bandwidth to onboard them, they would probably get a much better support, you know, because if you're working with, with a team that's globally distributed, that's possibly in know, working in a 24 by seven fashion, that team would have a much, a much larger capability and a much stronger capability to onboarding application.
So actually, you know, most of the points in terms of, you know, aligning your I M platform to meet, you know, the business requirements and make it more, much more agile and also providing the ROI, you know, on, on top of your IAM platform would typically be met with, with IBM as a service.
I would strongly recommend to everyone on this call to take a look at the different types of, you know, managed services, models, and capabilities that you can find in the industry we asked versus Jen would be happy to talk to you and see how we can help you with our IBM as a service capabilities with that, I'll hand it back to Martinez. Thanks a lot, everyone for joining this session. Thank
You very much for your, for your presentation.
This is the final chance for the participants to actually contribute their questions for, for the, for the, for the Q&A section, which, which will be a bit cut short, but this was interesting presentation swept. No, thank you for that. We have questions coming in right now. And one question that I had just a second, I cannot read it is can you elaborate on the continuous compliance capabilities you support that was on one slide? So continuous capability compliance is something that many organizations are striving for. Can you elaborate a bit more on that?
Absolutely.
You know, so what we've seen is that working with many of our customers, they're, they're, they're always striving to become compliant right before, you know, there is, that is not going to happen and internal audit or external audit. And what that typically means is that there are, you know, significant chunks of time when you know, their, their I am platform or the technology platforms are not exactly compliant with whether it's the regulatory requirements coming in from the regulatory bodies or internal audit requirements as well.
When we try and take control of your IAM platform, we'll work with you to make sure that, you know, on a day-to-day basis, that that technology platform is compliant. Now, there could be time periods when, you know, there might be, you know, some lack of support for, for some of the requirements. But our goal is to make sure that, you know, whether we are making any policy changes or whether we are making any changes to the integrations, or whether there's any changes happening, all the data is maintained.
There is complete support on a day-to-day basis in terms of compliance.
This compliance by the way, could be from, you know, an attestation recertification standpoint for who has access to what audit could be compliance for. You know, some of the privacy aspects of the data that needs that is being maintained as well. We would be happy, whoever that question is from, you know, if in case you get in touch with us, we'll be happy to do a detailed, you know, half an hour session with you to explain how do we do continuous compliance, or how would we provide support for that?
Okay, great. Thank you. I hope that answered the questions in the first place, but if there are more questions, please get in touch with Swapnil or us. You've mentioned that you have exp expertise with managed IAM for different word calls.
Can you, are there differences that, that you can point out? Are there organizations which are more reluctant to move such as a service approach and what are you experiences over the industries in general,
We've actually seen a move towards a service model across all different verticals. There might still be pockets in the BFSI in the healthcare space, where there might be certain reluctance to move complete IAM platform or a security platform in a managed services model.
But, you know, we've seen more and more organizations, even the fortune, a hundred organizations in the BFSI and healthcare space as well, being very open towards a managed model. Some of the reluctance might be in terms of completely giving away or the reluctance might be because they have not done it. But I would say that, you know, most of the technology barriers, most of the compliance and regulatory barriers have been taken away and people are moving towards it quickly.
And other, you know, other aspect of the question in terms of business verticals, you know, Mathias, you touched upon this in your presentation as well. I am as a service actually, interestingly is something which is very vertical agnostic. There are certain regulatory aspects which are already industry specific, but from an IBM standpoint, the core building blocks of IMR usually work to collect Gnostic, you know, whatever we end up doing for one vertical typically is, is, is, would hold grew and, and would probably provide support for other vertical as well.
Okay, great. Thank you. Maybe one short question with a quick answer and all the other questions that come in, please get in touch with, with swept Neil or us afterwards, to clarify those, but one final one, we're talking about automation, we're talking about efficiency. What are processes that you see? When are you doing the analysis together with your customers where automation really is, is a quick win. Where can you automate processes quickly?
Interesting.
And, and, you know, typically, you know, automation is as a critical and important factor when it comes to application onboarding and many, a times does the integration aspects of applications are such that you can't automate all aspects of it. So what we've done is two things. One is take the know how for some typical standard integrations documented really well, have a very well-trained team of, you know, folks who can quickly get that automation or integration, or, you know, set up in, in, in a, in a quote unquote automated fashion.
Secondly, what we've done is the, the information gathering aspects of that integration, the process aspects of that integration is where we brought in automation in terms of how do we quickly get information that's relevant so that, you know, the integration could be, you know, done in a rather expedited fashion. And rather than, you know, an application onboarding taking three weeks, we've tried to get it done in about two or three days or four days.
Okay, great. Thank you very much. So we're running out of time, so that's it for this webinar.
Thank you, Swapnil, for being with me here today. Thank you for the attendees for asking the questions for contributing to the polls and yeah. Hopefully to, to get in touch with either persistent or us. So before we close down some final words that you want to share with the attendees.
Nope. I will just thank everyone and feel free to reach out to, you know, myself or the persistent team. And we'll be happy to help you. Great. Thank you very much. So have a great day and thank you for attending and hope. We hope we have you in a upcoming webinar soon and maybe join us for a KC live event.
Thank you again. And.
