KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Good afternoon, ladies and trans woman. Welcome to our equipping, a cold webinar, controlling access through centralized authorization, moving beyond authentication administration to protect your data and applications. This webinar is supported by next lab and SAP. The speakers today are me Martin clip. I'm the principal Analyst Analyst at clip a Cole. Then Ken link li who's the CEO at next labs and Christopher SK director of solution management as SAP. So before we start with our webinar, I want to quickly go through some housekeeping and some additional information.
And then we directly will move into our presentation, our topics. So coming a call, we are an Analyst company providing enterprise it research advisory, decision support, and networking for it professionals through our research services, our advisory services and our events amongst our events. There's the European identity cloud conference, which will be held next time, May 10th to thirteens in Munich. It's the number 10. So it's a sort of a trie for us. Hope to see you there. It's definitely a very interesting conference.
And the number one conference on these topics in Europe, some guidelines for the webinar, you are muted centrally, so you don't have to mute or unmute yourself. We are controlling these features. We will record the webinar and the podcast recording will be available by tomorrow. And then there will be a Q and a session at the end. So you can answer questions at any time using the questions features and the go to webinar control panel.
Ideally once you, you have a question, just enter it so that we have a good list of questions available when we start the Q and a session that directly leads me to the agenda for today. As usually it's split to three parts.
In fact, it's more four parts today because part two is with two different speakers. So in the first part, I will talk roughly 15 minutes about different ways of handling the access of users from a business point of view and how they are optimally converting into an adaptive policy based access management, including the authorization services. The second part, then I'll start with Christopher RedSky of SAP. We'll talk about reasons why securing business apps is so important.
Give some insight into use cases and talk a little bit about why SAP partners with next labs, dynamic conversation management, or AP, and the following part and Lin of next labs. We'll talk about how companies are approaching data protection, how to avoid potential shortcomings and pitfalls. And as I've said, so this, the second part will take approximately 20, 25 minutes. So after 40 plus minutes, we will then move to the Q and a session and happy to see a lot of questions from your end, so that we have a very interesting discussion done. Okay. So let's directly start.
And as the topic indicates the challenge, we, we are talking about handling access from users from a business point of view. And I think this is a very fundamental thing. It sounds very easier standard sentence, but basically, you know, what is the challenge in it in it? We very frequently hand access from users from an it point of view, not necessarily because it likes to do it that way, but because it doesn't have the business view of it. So this is one of the challenges we clearly facing.
And so when we talk about handling access from a users from users, for, or of users from a business point of view, we are talking about various requirements we have to support. So one is flexibility.
This, the access given needs to be flexible enough to support changing business requirements. There's still the area of security and compliance. So how can we support the access of these users in, in a way that we fulfill the security requirements that we remain compliant or become compliant? Another area is business context.
So when, when we talk about handling access from users or users from a business point of view, it's very much about how can we also support the business context. There might be situations for instance, where some users are so more or less have the same drop tile, but are allowed to do different things. One is allowed to sell in that region of another is allowed to sell in another region, or some are only allowed to see the data of certain banking customers while others might allow to see the data of quotas their customers.
And there's the user context context, which is another increasingly important element. So when we talk about access, it's also not only about saying, okay, who's allowed to receive which information on handle, which information, which way it's also about the other side of the equation, which is in which cases do we won't allow a user to do what and with an increasing level of mobility, an increasing level of premium device, other factors, we need to understand what's the context. Someone is working with a tool and we might not allow everything the same way in every situation.
And then when we look at this business context, which is one part of the entire thing, then we have a number of elements in this business context. And one of these elements is the organizational unit very clearly. So the business context, one part always is to which organization does, does someone belong? What is this drop sort, the drop description, or sort of the, the elements within that, that might also go into a business process user, which tasks and business processs does someone have to do? We have a very important element, which are competence is I already scratched as trust before.
So someone might be allowed to approve bills up to $100,000, might allowed to approve bills beyond 100,000. This is a competency. So which sort of is orthogonal to the, to the standard role or, or, or chop description. We have road tracks, and we have a lot of other things as I've mentioned. So the entire who's allowed or who's working on which task and which business processes, this is another aspect. This business context obviously is a relatively complex thing to understand. And when we want to manage the access of users correctly, we need to understand this business context.
There are various ways to do it in a very traditional way is what is commonly called our back. So for road based access control, I don't want to go into every detail of this graphic here, but basically our back is about saying I have roles. So I try to, to describe my environment by using roles. So someone has a role, a business role. There are functional roles, there are constraints or competencies, and all this together then leads to certain actions on information objects based on entitlement. Someone can perform. So roles are abstractions.
And the challenge is that it's not that easy to, to on one hand, not easy to build a working role model. It requires a lot of work, a lot of thinking and a lot of organizational maturity at the end of the day. And the other thing is these models are relatively static, basically. So dynamic changes of business policies of business processes, all that stuff is not that easy to implement. If you have a role-based model on the other hand, many it systems are more or less construct for dealing such role such role-based model.
So they have on their end, they have sort of static constructs such as roles at their system level or groups or whatever, which can work well with these role based models. On the other hand, we have something which I, which is commonly called AAC for attribute based access control. I personally tend to use term, which I call the, for adaptive, poly based access management. Why I tend to use that term. That's something I will explain later on during that presentation.
So this relies on a flexible set of attributes and authorization decisions are based on policies made at run time, try to quickly explain the basic concept. So we have an area where we minus policies. So where we define the policies where manage the policies, they are stored somewhere in a policy repository point, a lot of P whatever piece here, but that's how it was named by someone. Then we have the policy decision point.
This is where effectively the decisions about what is allowed or not are made, which requests information, for instance, from databases, directories or services, for instance, context, to be used within, in these decisions. And then we have policy enforcement points and these policy enforcement points are sort of the, the, the link to the applications and services. So policy enforcement points, then in fact, enforce policy within an application or a service, and in fact enforce the authorization decision here.
So these might be central to the policy decision point and application services remotely. They might be the PPPs policy enforcement points might be remotely directly attached to the application services. There might be an application server in between, which has a central P P. There might be a gateway there, various ways to, to implement this, to construct us. And there are different use cases which led to this sort of increased flexibility around this model. So this is basically the model and what we have than our policies, which are based on attributes.
We receive these attributes of the identity from various systems potentially, and we might receive additional attributes, which are provided by the application at run time, so that we then can make a decision based on attributes and the policy, which for instance, as when marketing equipping member of the group finance or finance department to take the OU, then he's allowed to use the printer during the finance department. That would be a policy with some attributes and the attributes, for instance, the OU clearly this can be far more complex, but basically this is the underlying concept.
So we have seen a lot of discussion around Arabic versus a Abe. I don't think that it's a discussion of the one or the other. It's more a continuum because you rarely have Arabic only concepts and you rarely have the perfect aback concept. So when we look at RBK commonly, so the role based concepts not only have roles, but they have some sort of constraints to build more roles. They might map in the organizational structure.
Then when we move to business activities, we still can be more in a role concept, which is based on that, the context really is something which is far more dynamic, which goes more to the attributes, which are used at runtime. The risk equation than is something which can factor be factored in, in these policies and other attributes.
So it's, it's more a continuum we are observing here. And so between poorly our, and the perfect attribute based access control solutions, you might be more to the left or more to the right or have something which trust us more on the, our side for applications, which don't support policy based access management.
While we, you have other things which are more on the other end of the, this arrow. But so it's, it's not, not that the one is good in the other path or the one is it's, it's not a conflict between it's more when to apply. What as a question. And I just wanna quickly look at what really from our perspective makes the difference and what really makes differences. AAC is policy based. Our B might use policies and then abstract them into roles.
So it's, it's more, more a translation of what you have while, and our AAC is trust status as the policy. This isn't first, which has the advantage Abe that policy changes are first, immediately while they in Arabic needs to be reflected in roles and pushed again to target systems.
It's always lower, sometimes pretty complex intrusiveness to the target system in Arabic or not too little because you trust, translate roles into system level types of entitlements, such as SAP business roles, which would then would be this, the system level entitlement or global groups and active directory or whatever, and AAC, unless the application supports one of the standards. You need to find some way of integration there, various types of doing that.
I won't go into detail here because we have somewhat limited time, but Chris and king later on will talk about how such a system can interface to SAP by and how this is constructed. So this is an example where you have done a combination of sort of ABAC ready environment. The ability to cover constraints clear is higher in ABIC, because it's just another attribute. While in the other case in Arabic, you have more and more roles. Authorization decision decisions are far more dynamic in the ABIC environment where you really do a central decision even while the PP might be distributed.
And it's always based on the current state of the policy and the current state of the attributes. So ABIC in fact is more dynamic. So's why we talked a lot about dynamic authorization management changes and policies are enforced dynamically instead of transferring them into static entitlements. So when we really want to become better in and what we are doing, then, then we should look at the very traditional for ACE of our identity management, which are adminis authentication, authorization and auditing.
And the authorization part is one of the most challenging here, there are other parts of application security infrastructures. So infrastructures where applications rely on a standard set of security services. So applications are built and they don't know anything about security. They trust call other services. They don't implement their own security service. They clearly need to call out. So they know something. This is the application security infrastructure with services for administration where standards like Alta bar authentication. Some allow us authorization services for ordering.
We have a little bit of lack of standard other security services. I've left aside a little here. The authorization area, for instance, SAC and open AC AC said are standards. So we can construct an authorization service, which provide us and the advantages that we have a standard service for a lot of applications. This is sort of the ideal world where we don't code security into applications, but we, where we trust rely on a standard set of service, still for many organizations, a long way to go, but something we should look at.
And when we talk about this, this authorization, then we automatically automatically tickly talk about context and policies. So the context far is decisions will differ depending on the context to the wise, the network, the risk, the health state, whatever, and policies must enable context based decisions today. So that we can say, depending on the context, the decision might look different. On the other hand, we have the policies, which is the main element, which is the standardized approach for transforming business requirements.
So I, and here we are back to this core topic of, of this webinar. How can we manage access from a business point of view by using policies which are defined in a business notation or in a business understandable notation, and then transformed ideally automatically in what the systems do. Business policies are well understood by business. So it's not the transformation into it, language, which is required. At least as long as the user interface is good enough. And it's a uni, we have a uniform way to define policies then at various levels.
So we can have high level business policies which have the same structure and language and quote as the technical it policy. So whether we decide about what is the limit for an approval, or whether we decide on who's allowed to access which printer it's the same policy construct. So the content of the cons policy changes, but the way they look like don't change. So to do, to make this, this a reality.
So we, we tend to talk about AP today due to this adaptiveness and the policy based approach to access management, get rid of silos. So one of the biggest challenges currently is that application developers and the information security people don't talk enough with each other here. We we're talking about how can applications or specific application environments, for instance, ICP work together with such a control system. That means we have to talk beyond the boundaries between these areas.
We need clear guidelines for future application, architecture, development, procurement at the higher level. It's easier if you focus on a solution for a particular environment, such as next labs and SAP, we make it simple to use. So for developers and for the business to divide it in a simple language, we need to build the infrastructure and we need to support transition. If you look at it at large scales. So this makes it, it hard to say we do everything based on this, these concepts, because a lot of applications won, supported. It's a definitely a way to good attorney.
It's not a simple thing to do, but on the other hand, that's what Ang will talk about right now, there are areas where you can greatly improve your access management for a business point of view by using solutions which are ready for certain areas for certain use cases. So this is where I want to hand over it right now to Chris first, who will talk about the reasons again, why it's so important and give some insight from the SAP perspective. And after Chris, I will hand over to Kang for the next part of the presentation.
So Chris, it's your term. Thanks. So very much for the introduction. As a matter of fact, as you were going through your slides, it triggered her a couple thoughts that, that I'd like to share with everyone. So one of the things that we've seen at SAP in the last year is a significant change in the, in the threat landscape. There have been, well, several, several articles published.
This applications have become the, the subject of at a couple major security conferences and the, the very, the very intention of these business applications in terms of connectivity and, and, and flexibility also introduces a number of security or potential security vulnerabilities and issues. So we've seen that we've seen that change significantly increase over the last year.
And the, in many organizations, you know, these business applications are, are essentially running the, a significant portion of the business to the extent that, you know, if they go down for whatever reason, you know, you're unable to, to continue manufacturing or producing the, the automations that these systems provide is enormous. And, you know, it, it seems shocking, but for large organization to have to resort to, you know, handwriting checks for payroll is, you know, is, is, is pretty shocking for a lot of people.
So, you know, if SAP systems go down, the impact can be, can be enormous, not only inability to conduct business and loss of data, but of course there are, you know, potentials for brand and reputation loss. So, so I think the, you know, the security biosecurity security by complexity is, is really no longer applicable, you know, even for complex business applications. And these are increasingly becoming the target of attacks.
So one of the challenges that we're also seeing is that the, the fundamental model that enabled SAP and other applications to sort of live behind the protected firewall are changing. These systems are becoming more interconnected and are exposing more data in a variety of different ways that were really never envisioned as the applications were originally designed.
So more datas are being exposed through customer and partner channels, large organizations who are managing their supply chains, expose interfaces to SAP so that partners can check inventory so that they can automatically go out and build more, you know, more raw materials. There's, there's mobility and new applications that call into interfaces and SAP, you know, and this essentially makes the business application more, more exposed. One interesting thing that we're seeing amongst our customers is that security in general, you know, is, is a challenge.
And however, you know, for business reasons, you wanna make security as transparent as possible. The more hurdles you put in the way the, the fewer users will, will come and use your application. And this is becoming more and more rev relevant as we go to the cloud. So for any consumer application, if you, you know, any, any kind of, you know, action that you require of your users, whether it reset it's resetting their password, or even even fundamental to authentication entering their user and password, you know, all these different things represent a revenue opportunity or loss.
If you are a consumer, you know, application, you're trying to convert, you know, free members to paying members, if you ask them to register, or you, you, you force upon them complex password policies, these, these kinds of things have been studied and there are direct revenue impacts with that. So, you know, as we move towards a model that's based on sort of user centricity, which is essentially making the security transparent, we wanna make it as easy as possible for, for users to access the applications, however, still have the same security in place.
So a lot of the things that Martin is talking about it has to do with making the security, flexible and transparent to the end user policy based security is essentially one framework, which adds an additional layer that can make that happen. And so today, most applications all rely on authentication. And within an SAP system, you can create an account, but if they don't have any roles assigned the user, won't be able to perform any actions.
So, so, so the authorization is, is, is very important. And what they're granted is extremely important. And the policy based model provides another set of security and flexibility that enables enables the access and, and data that users can get to more seamless and a lot easier. So a lot of what we're talking about today has to do with the, the fact that most security is based on a combination of authentic authentication or verifying who's, who a user is. Applications have typically performed the logic and the authorization aspect of a user.
And the framework that that we're talking about today allows applications to consider external information or data prior to granting access. And there are a number of different things that are important, and these are things like the end user device, the user is, is on, or there are location or, or some sort of situational context. This could be the location of a computer. This could be, you know, have to do with frequency of access or time of day volume of data, or, or what have you.
And these kinds of scenarios enable you to, if you want to have a policy on that may govern certain kinds of super users or, or system admins. If, you know, if the beha, if their behavior changes, all of a sudden, all of a sudden they're downloading volumes a lot more data than they used to, or they're accessing the, the system at a frequency or time or location that's different, then you can enact a policy which may prevent that data from, from, from being downloaded. That's one of the key capabilities that this solution provides.
So, so why is SAP chosen to work with next labs? Well, next labs has a, a unique integration with, with SAP SAP at the transaction SAP systems at the transaction level. And this provides an authorization framework and policy based security that is transparent end users. So users who are interacting with the SAP system, they see all the, the, the normal functionality, the, any kinds of authorization or error messages, the system level messages, or alerts all show up in the same screen with the same kind of, you know, look and feel as if they were as if the, the, the policy system wasn't there.
The solution provides like, like Martin was saying a combination of data and application security. And what we're seeing is that it, it, this solution helps organization address relatively complex security requirements.
And, and these, you know, I think today we're seeing a lot of interests around, you know, it a requirements where depending on your location and other values, you may or not, may not be able to get access to certain kinds of data. We're seeing the same kind of interest amongst military organizations, where depending on where you are, you may, you may have access to certain kinds of information about the location of environments and so forth. So this is a very exciting time and, and we're very pleased to be working with next labs.
And with that, I I'd like to turn who's the, of next, Our presentation right now. Thank you, Chris. Thank you. Okay. Very good.
Well, in today's environment, collaboration and information sharing is fundamental to how business is conducted every day.
However, the, the challenge that companies are facing is how to balance between the need to share with the need to protect, you know, with, with most global company, having a workforce, spread out all over the world and the need to be able to share information with external business partner, as well as doing business with a global supply chain networks, global supply chain partners, ultimately the, you know, become critical on how do you secure the informations, both in the form of documents, as well as allowing, you know, using the application to be able to collaborate.
So you you're talking about now data involved the application, as far as data now in the form of unstructured data that often could be, you know, could be allowed, you know, could be opened up and allow access to by last vast base of users and information and document or data could be in potentially be everywhere. So at the same time in a safeguarding information is also becoming a lot more difficult today, due to the facts that as you see on this slide here, the environments are now a lot more complex. The user base are a lot more diverse.
The application and the data are now not just sitting within your network. Many of them are now moving to the cloud and now, you know, no longer in your network could be in the size. For example, the data set are also exploding. The number of critical, you know, data that you use to business is expanding, right? You're talking about, you know, business document, technical data, critical intellectual properties, customer data. At the same time, you know, the, the device, the number of devices are also getting a lot more complex.
You know, you're talking about no longer, just the managed computer anymore. You now looking at, you know, by OD company adopting, you know, you know, lab tablet, for example, workforces now, you know, using phone mobile phone smartphone, for example, to be able to conduct businesses. So as a result of that, you know, by the simple limited access model to share information is now no longer possible.
You now need to be able to allow, you know, your user base to be able to share access, you know, the information securely anyway, at the same time, you now, you know, you now have a, you know, another set of services available, you know, out there on the internet, the consumerization of it. And, and now the, the easy access to allow this web-based or cloud-based services to enable the workforce to be able to now collaborate and share information is also creating another challenges.
So that is leading to the industry to realize that the network-centric approach is no longer sufficient, you know, trying to make the, the network, you know, the war data and taller is no longer sufficient information in silo. Assuming everything inside network is safe, meaning that, you know, if a user is now authenticated your network, you know, your critical, you know, they are now allow access to the critical business applications and having, you know, locked up your business application behind the firewall is no longer sufficient.
The problem here is because ultimately your data is naked. So that's led to why, you know, the data centric approach is now at the center of, you know, most of the investment coming to security solutions. So fundamentally the data centric approach could be described in a very simple manner with this diagram on this, on the slide. So there are five key aspect of, you know, that you need to look at or define a data centric approach. First is you have to know your data, you know, what data is critical and where, where, where the datas are located.
Is it in the application, which application it is resided. It is in a store in the formal documents and where it is store who need access to those data and whom, you know, do they need to be shared with, and how is the data being shared right on top of that, you know, those data, you know, could be, you know, you, you got to secure them when they're arrest and the data could also be exposed, you know, in use. And most of the time, those data is on the move as well.
So that's what led us, you know, our next lab to invest heavily and focusing on developing what we call end to end solutions toward the data-centric security suite products at a core of that, back to what Martin was saying at the core of this data-centric security is the dynamic authorization technology.
You know, so, so the dynamic authorization platform is key to be able to provide a policy-based approach, to be able to first help company identify and automate identification of, of data, both inside application, as far as outside applications often is referred to as being structured data versus unstructured data. And more importantly, how do you protect them? How do you protect them in a, in different circumstances, protect them at risk, protect them in, use, protect them, you know, on the move.
And then, you know, as they, as those informations are being shared and, and used, for example, you got to have ability to be able to perform audit and report on the, you know, the usage pattern, as well as be able to perform analytics and understand your risk and be able to, sometime you have, you know, you have regulatory requirements or government requirement that you need to be a report on those activities.
So, you know, so the, you know, so that this is leading us to this data centric securities at the core of that at the core concept of data center, security is about having a set of security tools that we're focusing on protecting the data directly, regardless where those data resided.
So you're now looking at, you know, tools such as data, you know, discovery tools, data classification, technologies, dynamic authorization technology, to be able to better secure da the data inside applications, you know, DRM technology, right management technology, to be able to protect the unstructured data that is, you know, share both inside the firewall and outside the firewall and all this, you know, now be able to support it by some sort of centralized policy management and centralized reporting and, you know, and end to end visibility too, for example, and that's the, you know, the, you know, the, the, the core set of solution that next lab bring to the tables, you know, so we provide at a, at a central of it is a centralized policy management systems that is based on the technologies as, as well as ability to be able to capture all the information activit and all the, you know, information sharing activities to allow for centralized audit and analysis, and then build on top of that is technology dynamic, authorization technology, and persistent data protection technology that would allow, you know, integration into various different applications, E R P O M C M various different document management system collaboration system, as well, as well as cloud based tools such as SA applications.
And those are just the application is so right. And not to mention you got a vast set of unstructured data sitting in different form of document format, you know, such as, you know, business document in office document PDF, you got multimedia contents, for example, as well as engine data source code, for example, how do you, you know, how do you handle all this data across this vast spectrums and, and the landscape both, you know, spending from critical business application to critical collaboration tools, your size application, as well as all this unstructured data.
You know, the idea is you now can automate all this activity. There's now no longer silos across all these different applications. You can now have a single policy based solutions that will allow you to be able to now automate different form of information control, you know, technique or procedures to help better secure the application, as well as the data in application, and more importantly, the data sitting outside applications. So now you have a complete set of end to end, you know, data-centric security solution that can now cover across the entire information life cycle.
So next I want to kind of just introduce quickly the next lab product suite.
So, you know, at the core of it is what I mentioned earlier, a, you know, a policy management system, which is the core dynamic authorization platform that is built based on the Zima technology with a attribute based policy engine, with ability to be able to automate and understand data classification and, and users, you know, attributes such as, you know, from user, for example, using attribute from data to be able to now apply the right type of authorization to applications, which is the blue box that you see there. We have done the integration into a vast number of applications.
First is the commercial of the sale applications. And that's where our partnership SAP come in. We have integrated our, you know, our entitlement management solution set across the entire SAP stack from the ERP application down to the HANA database, for example, as well as into the cloud application, such as a rebar, for example.
And then we have also done integration with the cloud application as well, such as some size applications or web-based application that you build on the, you know, a Azure infrastructure or the AWS infrastructure, as well as your home good applications, which could be your do net, you know, application Java application, or work based applications. So the idea is we, you know, we can now offer a single solution that will allow you to be able to secure all applications.
So on the right hand side of the screen, you know, on the red red box, there is our solution that we build, you know, in, you know, we have built a technology, the right management technology often referred as EDR technology to be able to secure data outside application. And this is unstructured data power equation I'm talking about. And all these, both of these in the set of solutions are based on a single centralized dynamic authorization platforms, right? Management technology is able to be used from anywhere you can.
Now you can use it on a mobile device as you consume the data on the mobile device, or you can use a browser to access the data, you know, that is secure and in a secure manner, from any way, way you want for any device. And we are also able to be able to protect any, any kind far type one thing that's unique about the next lab EDM solution is we are far agnostic. We have support for, you know, business document, rich media, as well as 3d 3d cat or any form of, you know, any, any format of that. The data is store in.
And finally we have offer a solution that will allow you to be able to use the technology both in the enterprise environment, as well as in the cloud. So, so what you're looking at here is a single data-centric security solutions that can now secure both data in the application, as well as data in a unstructured data store in, you know, documents using a single centralized dynamic authorization platforms.
So now let me switch gears a little into some customer use cases and on how, you know, some of the large customers or global, you know, organization, as well as our us government, for example, are adopting the data-centric security solutions. So I think many of, you know, and here, you know, too much about the news with, with how some of the critical information or classified informations, you know, across some of the, you know, us federal government agencies are being disclosed by, by unauthorize users.
So now, you know, they're, you know, the governments are now putting together directive and mandate to now better safeguard information sharing, using aback technology in aback, stand for attribute based access control technology, which is, you know, fundamentally dynamic authorization technology to be now able to save out the applications as well as adopting encryption technology, such as right management technology, to be able to secure the information at rest, as well as information in use and, and data on the move.
Another example is a large financial service organizations, investment bank, for example, a big insurance company, for example, face a need to be able to protect non-public information and customer data from unauthorized access and allow those data often is stored in the applications. And then those data would somehow, you know, transform from the data in the application into documents. And those documents subsequently will now be shared or be, you know, disputed to many people, both inside the company, outside the companies.
So that's why, you know, they allow, they, they realize is, is critical to be able to apply the same, you know, policy or same security policy to protect the data when it's in the applications and be able to automatically apply the right security policy as those data is being taken off from the, those application, or as the data are exported or transformed into unstructured data store in the documents outside of the, of the applications.
And the third example is a global chemical companies where, you know, you're now looking at, you know, them trying to secure their secret formulas recipe and processes.
And those are, you know, business processes and critical information that actually store in the SAP E R P for example, they want to be able to secure that, you know, and allow, you know, their global network of, you know, workforce as well as third party vendors that include joy ventures, as well as company that acquire or company that they're diverse to be able to continue use that, you know, that the share services or continue run the business on the ERP, for example, and still make sure that the data inside the ERP application is, is, is properly protected and not being wrongfully disclosed to wrong user, for example.
And then lastly is a global manufacturing companies where, where they're now looking at how to be able to protect product design and engine data across a network of design partners, as well as manufacturing partner, where they often have to share critical prototypes with, you know, a manufacturing partners outside the companies. So they're now looking at, you know, how do you know, how do you share those critical design data safely when those datas are now, you know, leaving their network.
And now, you know, on the hand of their, of their suppliers, the key now is, you know, how do you now, you know, secure those data when you fundamentally do not have control to those documents. So this way, rights management become very critical where you can now, you know, ensure those information could either be expired across a period of time.
And those, you know, critical design data can only be, you know, be view only and not be, not be further delegated or share beyond the people who supposed to be shared with. So let me do a time check here. I got a couple more slides go here, but I can stop here. If the time is up Martin, the two, the next two slides is really talked about some common practices that we've seen has been used and adopted successfully out there by many of our customers by some of the largest corporation in the world. Okay.
K, thank you for your, your presentation on covering broad range of topics. I will right now unmute also Chris, and we will move to the Q and a session. I will make me the presenter again. So to the attend, please enter your questions. Using the go to webinar control panel. There is an area questions where you can and do you questions, and then we can pick all these questions and try our best to answer these questions. So maybe let's start with some, some initial questions we already have here. So one of these questions is so, so is next labs, an SAP partner.
So maybe was a little bit around what is the partner status you have here? So Chris or, or, or king who wants to answer?
Oh, I can answer that. Yes. Next labs is an SAP partner. SAP is reselling next labs product as SAP dynamic authorization management by next labs. And there's more information available on sap.com if you, if you want to go there. Yeah. Another question I have here is around the technical integration. So aduring the presentation, Chris, I think you already mentioned that they integrated a transaction level.
So, so maybe the two of you can go a little bit more into detail on, on how does integration looks like, and, and maybe to which SAP components cetera. Okay.
Yeah, of course Martin. So, and, and Ken, please feel free to jump in anytime.
I, I think as you, as you pointed out earlier in the presentation, the difference between our back and AAC, one of the significant differences is, is how the policy based authorization capability is integrated. Most applications don't expose don't expose the, you know, the authorization loop, the authority check, you know, whatever it is.
However, within SAP systems, there are enormous number of interfaces and next labs has integrated with a huge number of applications using using bodies and user exits and king. I don't know if you wanna elaborate on that, but, but it's an ever growing number of, of transactions and that gives you fine grained, authorization policy based capability over all of the fields within those transactions, at least for the ones that are, that are integrated. Okay. So let me add a few more things to what Chris just said.
What we have done is we have basically built the integration into, in a SAP ABA stack, as well as HANA stack, for example, as native applications. So you basically be, you know, be looking at essentially the, the plugin code that would run inside, for example, SAP, E R P, which could now be managed it, you know, just like another SAP module, for example.
And because of that, you know, the approach that we have taken and because of the access, we have to, some of the, you know, inner working of the, of the, of the platform, for example, we can now, you know, integrate into the, all the business processes, as well as understanding the business object model, as far as all the metadata. So as a result that it give us vast access to all the attributes, right?
Both, you know, the user attribute as far as all the data attributes, because we understand the context of what transaction is being performed by the users and what business object is being manipulated as well as the male data associating to them. So that give us, you know, a wonderful, you know, mechanism to be able to lay over on top of the native SAP authorization and use, you know, and leveraging the functional role, for example.
So, so, so, so that's why a lot of our customers are able to preserve their underlying authorization, which is mostly role based, you know, in SAP systems, without making any changes to it. And then now lay over the dynamic authorization or the aback, you know, policy to augment and enhance the underlying role based authorizations without making any changes.
And that is critical because for many companies they want to, they want to have the, the aback technology or dynamic authorization technology to work seamlessly and, and on top of their existing applications, because they, the ERPs are so critical, they can't afford to shut it down and have to, you know, re-engineer and, and, you know, or, or migrate authorization models.
So having said that, you know, the, our integration has been, you know, very instrumental to many large SAP, you know, customers where they can now very quickly and seamlessly extend their authorization and elevate the security model in, in the ERP or well, different application that runs HANA for example, very quickly. Okay. Perfect. One last question I have here. What about the support for X ACML or exec mall?
Yeah, so, so next lab is actually a member of the Zima technical committee. For example, we have been involved and be part of the, the Zima standard and, and, you know, and build the, the, the dynamic authorization platform on top of the Zamo standard. Since the beginning of time, beginning of Z CMO, what we have done is we have extended and, and apply the, a CML, you know, AAC policy engine to, to solve some of the problem, which is a little bit unconventional. And that is, you know, applying that to address the unstructured data, right?
So that's why next lab is known to be, you know, the innovator. And we are the, the really the first company that extend the dynamic authorization technology that is built on the ZK standard, not just to be able to control authorization in the applications across both homeroom application, as well as commercial of the share applications, such as SAP, M SharePoint, for example, but more importantly to the DRM technology to now be able to control access to unstructured data. Okay. Perfect. Thank you. So then we are reaching the end of this webinar.
Thank you to all attendees for listening to this call webinar. Thank you, Ken.
Thank you, Chris, for your presentations. I hope to see every one of you at our upcoming European identity conference next year, and see you in upcoming Cub call webinars. Thank you for your time and hope to have you again soon in one of our webinars.
