Most organizations now use multiple cloud services as well as retaining some IT services on-premises, this multi-cloud hybrid environment creates many challenges for security and governance.
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Most organizations now use multiple cloud services as well as retaining some IT services on-premises, this multi-cloud hybrid environment creates many challenges for security and governance.
Most organizations now use multiple cloud services as well as retaining some IT services on-premises, this multi-cloud hybrid environment creates many challenges for security and governance.
Good afternoon, everyone. And welcome to this KuppingerCole webinar, security and governance in the hybrid. Multi-cloud my name's Mike Small, and I'm a senior Analyst with KuppingerCole. And my co-presenter this afternoon is ya Pash, who is chief operating officer at S so this afternoon, we are going to be talking about the multi-cloud world and security. So KuppingerCole was founded in 2004, and we focus in on security identity and access management and governance, as well as governance, risk and compliance.
We have a number of areas that we provide services in, including risk research, which we write research papers. We run a number of events, and we also provide advice to both vendors and end users of it systems. Some of the events that are coming up in the near future, you can see that we've got the consumer identity world, which is doing a world tour, starting in the USA, a cybersecurity leadership summit, and associated with that. There is a German language summit in Berlin in November. So in terms of the general webinar, you are muted. You don't have to mute or, or mute yourself.
We will record this webinar and you'll be able to download that recording tomorrow. Your dashboard should include an ability for you to ask questions. And if you ask any questions through that, then I will make sure that we try to answer them at the end of the talk. So with that, going over to the agenda, I'm going to start off by describing the challenges of security and governance in this environment. And I'll be followed by ya, who will describe Sance approach to combining security and management with access governance for cloud services.
So it's very interesting to look at the cloud from different perspectives, because it seems that different people in the organization each have their own perspective of things. The business has one and the it group have another. And from the business perspective, the cloud is the, the functionality, which is going to allow organizations to easily and quickly move into their digital transformation to do digital business, to connect with our customers and to quickly get access to new applications.
And their perspective of the cloud from the point of view of risk is from the business risk of often of not doing it at all. Whereas from the it's perspective, they are often concerned more with improved efficiency, reducing costs, migrating existing applications, and the challenges that the cloud provides were from the perspective of compliance and in particular compliance, as well as security.
Now, the, the cloud and the use of cloud has evolved over time. And anyone who thinks that they're only using one cloud, they need to think again. And if you will, this slide is sort of illustrating how things have changed, where first of all, organizations would start to move productivity tools like office email, and so forth into the cloud. And then the next thing that seemed to follow after that was DevOps because DevOps was an easy thing to move. And the development people were able to get an awful lot out of that.
And this was followed by the more commodity type of applications like customer relationship management, which were much better and much easier to deliver through the cloud. So in effect, it was about flexibility for development and the ability to get better value for money for commodity appliance type things. What was left in the non-cloud were the critical systems and the sensitive data. And I say the non-cloud because the non-cloud includes hosting. So what we've now got is a more complicated, rather than a simpler world. If everybody moved everything to the cloud, then that would be great.
But in fact, in this multi-cloud hybrid world, we actually have yet another set of environments that have been added on. So for this to work, what you need to have is some kind of way of securing your connection and interchanging data between the two different sites and that itself poses a number of problems. But this is the new reality for most organizations. And the argument that is used to justify this is that it provides flexibility with compliance. So you can put the things that you feel confident that you can secure adequately or comply adequately into the cloud.
Whereas the, the sensitive things and the more difficult compliance aspects you would keep on premises. But the problem that this brings is the added complexity that the cloud is not just one more environment. It is many more environments and each one of these environments needs to be managed. And so everything that you were doing on premises to do with administration and so forth, all have to be managed now across these different platforms. And a lot of people become confused about who is responsible for what in different perspective, from different service points of view.
And it does in fact, depend upon the actual kind of cloud service you are using the, the cloud service model that is, that is being used. And the other challenge is that there is in fact, most, most organizations do not have, and most cloud service providers do not provide a single pain of glass through which you can manage all of these different things across all of the different environments. And that complexity of management is compounded by the number of different planes that you have to cover.
Now, when you buy the cloud, largely speaking, whatever cloud you think you are getting the cloud service provider tends to be responsible for the infrastructure, the data center, the power supplies, the cooling, the network connections out of the data center, the movement of, of physical stuff in and out, the access control of the people. Now, certainly if you are running your own data center, then you have to do that. Or you can get that managed for you by using a hosting service.
But nevertheless, it has to be done and somebody has to manage it from, if you move a level up, then, then you have to manage within an infrastructure as a service, the operating system and the network, the virtual, the software defined network. And that has to be managed in the, in the cloud in just the same way that it would have to be managed if you were running it on premises. And some people forget that.
And that can be a challenge because it means, for example, you have to keep your operating systems patched and up to date, and you have to make sure that your network firewalls in your cloud system are appropriately configured above that you have things like middleware. And if you are writing your own applications on an IES, then in fact you are going to have to run that yourself. And here's where it kind of gets messy because you might buy what you, what you believe is a, is an infrastructure as a service.
And you buy something like EC two S from, from Amazon or the cloud service from, from, from IBM. But then on Amazon, you buy a managed database service, or you run S3. When in fact there now responsible for managing some of that, and you are still responsible for the data and so forth. If you've written your own applications, then you are responsible for those applications. But if you are using the applications provided by a software as a service vendor, they're responsible for the security of those things.
So this is a, a complicated nest of things that need to be managed and managed across the, the different environments with you would hope the similar processes, the similar procedures, and some kind of similar technology.
What is common, wherever it is that this resides is that you remain responsible for managing identity and access and your data, whether this is in Amazon's S3, whether it is in a relational database provided by Oracle or some other relational database vendor, whether it is in office 365, or Google apps, your data, your people that access that data, the management of that is your responsibility.
And so this common point of management is something that is both useful, but also equally challenging because there isn't a single simple way of managing this access across all of these different environments. And so if we think about access government governance in this hybrid multi-cloud world, there is usually an incredible lack of integration between what is happening on premises and in the cloud.
Can you say that you can implement a common policy with a common identity for all of your services wherever they reside, and how do you make sure there is in fact, a common way of authentication. There are common policies for authorization. Another interesting area is privilege management and privilege management.
Is it, it, the cloud introduces a whole host of other complexities to do with privileged management, because you've now got the privileged users in the cloud. If you are running infrastructure as a service, you've got your, your service with privileged users on them. You've also got privileged users that are administering the cloud from your side. And you've got privileged users that are administering the cloud from the cloud service providers, point to point of view.
And how can you arrange for things like separation of duties and the normal things that you would expect to be able to implement on, on premises applications, including auditing all of this access may not simply integrate with the processes that you already have for on premises. And so one of the solutions that put forward is cloud access security brokers, and there is no doubt that CASBY is a part of the solution, but it's interesting from my perspective to see that CASBY is, are being bought by security vendors and are turning into security tools rather than identity tools.
And the idea of a cloud access security broker is that it allows you to monitor what is being used in the cloud and to protect some of the data that he's transmitted to or retrieved from the cloud, as well as to manage the risks that arise from the possibility of infection of malware on data that lies in the cloud. But all of these systems tend to have limited if not, if, if any, at all privileged access management and none of them really seem to have a proper integration with what would be called access governance.
So to just sort of look at some of the things in the privileged access world, you can see the challenges with the infrastructure are the access to your data by the cloud service provider and the tenant control over the, the VMs that are spawned up. And for example, you know, an administrator on premises can easily disrupt your whole use of the cloud simply by changing a VM or unconfigured or stopping a VM without you being aware of it at the OS level, you have root access and the configuration of the virtual network, and all of these are privileged users who can do things.
The middleware is the database management and administration. And again, this may be shared between the cloud service provider and the cloud service user at the applicational level. You've got things like the deployment versioning of applications, with all the opportunities for the privileged user to disrupt your service by doing the wrong thing at the wrong time, or to do things without necessarily having some kind of proper control.
And all of this is compounded by the changing technology so that we perhaps understood things when there was a real, tangible physical server there that you could touch and, and walk up to.
But of course, most of the applications that we now have are running in virtual machines, and that has added another layer of complexity and increasingly the way that applications are being developed, the so called modern modernization of applications is moving into containerization, which is an interesting evolution it's to someone with, with my experience takes us back to the nineties and service oriented architectures, but there are, there are no doubt in immense benefits from doing things in that kind of way, but this also provides the challenges for management as well.
And last but not least is the, the serverless revolution, which introduces yet another set of challenges where you perhaps have absolutely no control over where anything is wrong and, and, and sell em. So what we've actually got is all of these problems that have to be dealt with and have to be managed. And so in this container based world, we are going to find that not only do we have containers in the cloud, we have containers on premises.
And some of those containers may be the microservices, which are actually involved in our application, but we've still got to manage them across these different environments. And then increasingly what will happen is now will be public or other kinds of microservices that will be created and will be useful and will be used. And they also are going to answer this complexity of management and assurance.
So in summary, as a result of this, what we can say is that this new hybrid multi-cloud world introduces a great deal of extra complexity, although it is now the norm, nearly every organization is using multiple clouds. You, you can hardly go into an organization that isn't using one or other of the, the office productivity tools from, from a cloud service that isn't using a CRM system or an E R P system from another cloud service provider, and is probably using one or more infrastructure as a service providers for development.
And indeed the running of applications that this is adding in, in, in, in is increasing the complexity to all of the areas to do with governance management and security, as well as compliance. And what is really needed is a common set of tools and a common set of processes that can work across all of these different environments. And apart from one or two places, I don't see these, these coming, and there are one or two exceptions to that rule, but we are not in general seeing a simple solution to that.
So with that, I'm now going to pass over to Y who is going to describe S approach to all of this. Thank you, Mike. I hope you're able to see my screen.
Yes, we can see your screen. Okay. Thank you for putting in the context as to what challenges organizations of today face with respect to the multicloud, the adoption, and the, the hybrid ID itself, becoming the norm. What we are looking to do in the next 20, 25 minutes is moving towards and, and basically identifying the need and, and Mike has put together the challenges very well.
So what we are going to look at is how do we move towards a more unified approach or a unified platform for managing the security and governance in the hybrid multi-cloud environment that we are, are living in a quick view. Another view from Mike's in terms of how we are viewing hybrid it, as you can see, there is on premise and a whole bunch of applications. There are some application names that you are familiar with and probably are using extensively.
A large portion of it is also the home applications that Mike was alluding to in terms of how they're leveraging the DevOps to migrate over to the cloud on the cloud itself, Mike mentioned about different types of cloud services. You have infrastructure as a service software, as a service or platform as a service. And there are, you know, a whole bunch of solutions available in the marketplace. This is not an extensive list, but something that you could relate to in terms of a CRM or a ERP or a collaboration or a productivity tools that you might be using.
So essentially what you are looking at is a, an, an ideal landscape that comprises of both an on premise set of applications and the cloud applications. There are, there is a huge momentum, but we see in the marketplace where a lot of these cloud applications, lot of these on premise applications are also being delivered in, in the cloud, whether it is critical applications that we're running on mainstream, it's now being are now being migrated over to the cloud.
Similarly, vendors suggest SAP and Oracle are offering technologies or solutions in the cloud, hoping that organizations would transition for several benefits that Mike alluded to, to the cloud. So this, this state of hybrid it is going to stay for the foreseeable future and security and security compliance, and governance are probably the top of your mind. And you'll look to see how a unified approach can be taken to solve this. Mike also mentioned about different planes, but what you need to also understand is these are different control planes.
So there needs to be controls that needs to be applied across all these different planes, whether it is a data plane, where you need to bring in the elements of the data security, the encryption, the access governance standpoint, ation of access, access standpoint point, you have, you know, the idea of infrastructure solutions, whether it is in the cloud or on you need to manage the whole infrastructure security as well. Wrapping all these things together is the, the aspect of DevOps and C C D, which is the continuous integration and continuous deployment.
So all these things put together need to look at a solution that not only ties to these different control claims, but also bring the contextual information from all these different planes into a single of glass view. What we have seen in the marketplace is that there are solutions available for individual control things. For example, there is, there are solutions available for securing infrastructure. So you have a whole bunch of, you know, vendors just focusing on securing, let's say AWS or Azure. And in some cases very specifically focused on a, a, an infrastructure provider.
So what would by, by focusing on a specific solution area or a control plane, you are resulting or creating a silo, and let's look at some of the challenges that you are going to run into, if you take the traditional approach, right? The traditional approach is that you have, there are two ways to looking at it.
One, you are trying to use your existing tool to manage this versioning landscape with cloud services, but the tool is not, you know, capable enough to manage or integrate with these newer, newer solutions, or you are looking at a cloud solution, but this only focused in the cloud, but doesn't necessarily integrate with your on premise solutions. So you always have this challenge of, you know, looking at a more holistic approach that, you know, breaks down these individual challenges or breaks down these barriers. So digging a little deeper into the challenges with the traditional approach.
You see that we, by looking at individual solutions, you're creating silos by creating silos. You are unable to get a single view across different cloud. You would then have different for different systems, and you don't get that, that view and understand who has access to what, and also, what are the users doing, especially when it comes to the privileged access. You need to understand what users are doing with the privileged access that they have. Similarly, it reduces the ability to take risk based decisions.
It's difficult to set up a consistent risk based framework, risk based decisions are far from reality. And you're unable to enforce the least privileged model that we all want to, you know, enforce and incorporate. And finally, from, from a compliance standpoint, you know, the compliance applies is respective of whether you are in the cloud or in, in, on premise world, it is required for you to demonstrate compliance needs, right, and, and meet the compliance requirements. But what happens if you have, you know, disparate tools and enable to demonstrate the compliance?
So it is difficult to correlate, and it is more so difficult from when it comes to data, understanding how do we securely protect that and, and also show to the auditors, the compliance aspect. So there are quite a few challenges that you'll run into with a traditional approach, which is where we, you need to take a look at a solution, which brings a single thing for both security and compliance management.
Our part process from a security point of view is that you are from a, from a cloud security standpoint, we are looking at a whole idea called identity based cloud security or identity based. Mike alluded to theb solution being, being the ability or providing you the ability to manage these cloud applications and being that regulator for looking at what is happening in that cloud, being able to monitor. So our point of view is that you need to look at from an identity lens or the access lens.
So when you do that and, and the, and the, and the key differentiator here is that we have built the solution in such a way that we could assimilate not just the traditional identity management constructs, identities, or accounts, but we are also building the warehouse in such a way that we can consume data from many other cloud platforms, right? For example, the infrastructure platform or platforms, or the applications, our solution provides that unique way of bringing in the data.
And you are able to show who has access to what in the cloud, being able to also see what does that access really secure? And especially from a standpoint, what are the users doing with that privileged access? So the key element for doing this, as I mentioned, is creating a single pain with identity as a new parameter, right? So we are basically creating visibility. One of the key elements of the solution is to provide visibility across the board, right?
So being able to establish the warehouse, which not only brings data from the traditional HR systems to seed the identities, but basically bringing in data across different solutions, whether it is infrastructure as a service and including the DevOps ecosystem, as well as the SA applications and data collaboration or productivity platforms. The idea is to bring in that single gain by integrating data from different solutions, what would that help you is gaining the visibility.
Mike mentioned about visibility across the configuration, who is doing what the configuration is, the configuration changing, or what we call it, the configuration drift. So the solution essentially provides that visibility visibility across the board when it comes to infrastructure components, whether the configuration changes are happening and are violating the minimum security baseline that you have defined from a data perspective, it's somebody uploading sensitive content onto the cloud platforms.
And from an application standpoint, are there changes to either the configuration or to the access that would create violations that would basically create whether it is segregation of duty violations or security control violations. This provides you with that single pain off view with identity being the new parameter. And coming back to that identity, we, we, we believe that identities, that cornerstone are the most important aspect that tie all these different solutions or different services together when it comes to the another, another aspect is protecting the crowns.
Now, these systems that we discussed about, you know, is both a, is available both in the cloud as well as conference basically are your crown jewels. So how do you ensure that the, these crown jewels are protected? You could only do that by taking a governance approach approach, which is more risk based.
And this, this whole idea of managing the access and ensuring that you enforce the least model, keep taking the identity governance mindset, because our heritage is identity governance or management. We basically provide an entire lifecycle of managing the access, right from the time an employee or a contractor joins the organization till the person leave. So ensuring that access is proper access is granted and revoked at the right time is part of the governance life cycle.
And it is important because, and see, in several examples that users have access to, let's say, an productivity suite application or an infrastructure, even though they have left the organization, mainly because they're, these, the user lifecycle is not tied to the access to these applications.
So one being able to take a risk based view, identifying what risks user brings and continuously evaluating the risk in terms of the access that they have, the privilege privileges that they have in terms of applications, the segregation of duty violations, or the sensitivity at the applications itself are there are allowing aspect is intelligence.
The platform itself should be intelligent enough that you prevent the data breaches that Mike alluded to the S3 data buckets or the databases, which contains sensitive data, but because of the configuration issues or because of malicious intent, these, and we have seen it a number of cases in a number of cases that the data is exposed in the cloud. So you need to always have the ability to one continuously monitor, being able to identify what is happening in your environment.
Also being able to take inputs from other sources, and this is where collaboration with other other solutions come, comes into picture. Being able to take the threat feature, being able to look at the compliance changes or looking at the events or the audit that is coming from these different cloud solutions, assimilating all of these together and continuously monitoring against the set of controls that you define at the same time.
Being able to look at the user behavior itself to see if let's say, for example, a privileged user is creating hundreds of instances or workloads in the cloud, and he or she was supposed to only create a few. So being able to monitor any changes in the behavior, any changes in the pattern could lead you to have a more secure posture of your environment. Being able to, you know, look at the events happening in the, in, in these systems so that you can take real time action.
You can also report and more importantly, take actions that, that prevents other damage, or would further increase the heightened security risk to your organization. The data that is collected would also help in terms of investigating any, any issues, the case management, performing forensics, and so on.
Essentially the platform should help you with baselining, the baselining, the security posture, and continuously evaluating the baseline to come up with with, with ways and means and policies that would help you secure, you know, secure the, the current infrastructure, as well as the velocity in which the new applications or workloads are being created in your environment that leads to improving not only the security posture, but also creating a compliance framework that would help made multiple security and compliance needs.
When you look at compliance and you are quite familiar with several audits that happen in an year, an audit for probably a PCI compliance or compliance or GDPR compliance. So you are going through the cycles of audit all the time and you know, is most of the times it is, it is scrambled. You are looking for gathering the data. There is no single place for managing this.
So essentially what is proposing is a unified compliance framework where all the different standards and frameworks are brought together and controls are defined so that they are mapped because anyway, they are correlated, they're mapped across different compliance frameworks, and you are able to provide a, an exchange if you will, for all these different frameworks. So it is possible to demonstrate compliance for multiple audits that you're running in in a year. More importantly, what ENT is providing is controls that are specific to the application and not just a generic set of controls.
So you have controls that apply to a specific platform or a specific cloud service, and the ability for customers, Wells partners to contributed this framework as well. So, as I wrap up, essentially, what I would like to convey is that the hybrid it environment is a norm as micro alluding to the, the solution that you are looking for, need to bring different elements of security and compliance needs to more risk decision making and identity, which these different clouds and hybrid. So with that, I conclude my part of the presentation and I would like to pass it back to Mike. Okay.
Thank you very much, indeed. And thank you for that very adit and interesting presentation. So we now have 15 minutes for the participants to ask questions of all of us. And you can ask these questions by using the, the question widget as part of the, the control panel that you've you've been given. And if you ask questions that way, I'll try and make sure that they get answered. So I don't see any questions at the moment, but if there are any, please, will you ask? So in the absence of any questions, let's start off with me asking Yash some things.
So you, you've got a lot of in the screenshots and the things that you've showed of what you are doing with your technology. You're getting a lot of information out of the cloud. How are you doing this? And how are you doing this in a way that's secure, Great question, Mike, in terms of our ability to connect and bring data from different cloud services, essentially we have, you know, built these integrations.
We, from, from a development, from engineering standpoint, we have the cloud integration teams working in a factory model for building out various integrations and more importantly, deeper integrations across different solutions, different cloud solutions, from a technology perspective, the way we approach this is each cloud service provider has a, a, a security model that is unique. It is important that we understand the security model in, in, in depth in the sense that we are looking at different aspects of security, right? So we are bringing in the access component.
So in some cases, it is in order to even understand the access model, you need to par data. You need to look at cloud platforms in detail to understand how the access model itself is structured.
Some, some of them follow a very complex hierarchical model, which is, is the ability to bring all these aspects together from an access standpoint. The second aspect is the data where we are bringing in the, the data from different, the audit data, the log data, and several other data elements also into the platform. So it is not just the access data, but the security data as well needs to be brought.
So each and every cloud integration requires, you know, a deeper, deeper understanding, building specific integration to bring in the, the access to security, the audit, the logging, and multiple, basically the usage, all these data together into the platform and the platform itself should be able to ingest that data. Right.
You know, the access data is different from the usage data. So the platform has been designed in such a way that we could bring all these data elements together for each of those platforms and then in just the data so that you can then apply policies, uniforms, set policies, you are able to, you know, bring that single of glass view, have that view across multi-cloud environments that you have. Yes.
So, so you, you talked about, there are really two kinds of pictures. One is the static picture of what people are entitled to. And the other is the dynamic of what are they doing? So are you taking a copy of this and building a database, which is a copy, or is it a kind of virtual database that just sort of provides a visualization of what is there in the, the end systems? Great question again. So we are so sensitive data is something that we do not bring.
So for example, in case of productivity tools where sensitive data may be uploaded onto these platforms, we do not bring sensitive data in, into our system. We only bring the metadata, but in case of realtime audit events that are happening, we bring that data. We basically have built a big data platform that can assimilate or ingest huge amounts of data. We do bring data that are, that is not sensitive.
And then it helps us, you know, build the, build a baseline of the usage, build the baseline of any, you know, standard practices that would help identify the, you know, deviations on violations. Okay. Thank you.
Well, we've now got a question from Sanjay Kumar, Sony in the audience, and he asks the question, how will we integrate thes with on premises legacy applications since it does not support SAML? Well, I just wanted to highlight that UHS is not a, you know, authentication platform. So we are more of a governance and security provider.
We, we leave the authentication piece to our, our, our partners, such as Microsoft being over Okta from a, from a connectivity to on-premises concern. We have multiple different options that we use to connect or establish connectivity to the on-premise application.
So, you know, it, it could be an extension of their existing data center. It could be a seamless integration through an agent that CBM provides, but helps you connect to various applications, both on premise and in the club. One thing that I would also like to highlight is that the integration is not limited to just the Cora applications or, you know, Cora integration, but to more enterprise systems, it could be the SAPs of the world or the Oracle applications of the world.
We are able to connect to the on-prem applications as well and bring similar data that I was alluding to from the cloud applications. Okay. Thank you. So we've now got another question from S and he asks, do you see IGA functionality to be included in leading? I take that to be internet, sorry. In identity governance to be included in legal, leading IM provider portfolios in in-house developed or through mergers and acquisitions, or do you see IGA vendors like SA partnership partnering with IM vendors in the foreseeable future? Great question.
I think from our standpoint, it is very clear that, you know, it requires partnerships with the partnerships to, you know, provide a comprehensive IAM solution. We ourselves have strong partnerships with Microsoft. Prota ping from an access management standpoint. There are some, my, some minor overlaps in terms of provisioning, which, you know, we look at the customer scenarios, what is more relevant, what is the best architectural fit? And then it, it's a joint solution that we typically provide to our customers.
Bottom line is that it, you know, access management market is pretty mature through mergers and acquisitions. Obviously it can consolidate, and I think it will in the next two to three years, but in the meanwhile, you know, partnerships are the way to go and, you know, we, we, we do encourage the ecosystem to build out with more partnerships. Okay. Okay. Thank you. I don't see any other questions at the moment, so I'll carry on. So I think along that vein, the first, the first question is that, do you provide remediation capability?
So having discovered that there is a, a conflict or an abnormality do do, would, would the people who wanted to correct this to remediate this, do it through your product, or would they go to the, the actual systems themselves? Good question, Mike again. So in terms of the capability, the product offers there is there mediation capability that is provided it, it varies with, with the platform that we are integrating with many, a PLA many, a times the platforms provide APIs and various options to integrate with take certain corrective actions.
So for example, if there are changes in configuration that violate the policies that have defined let's structure or Azure CN provides the ability to first and foremost, identify those violations. Second alert the administrators, and based on the policy configuration can go in those products in, in those tools and actually make the changes depending on what has been configured.
For example, if there are, if there is a real workload or if there is a database or an SD bucket that is not encrypted, you can set a policy, which is which, which basically enforces those services to be brought down similarly on the data side or the data access governance and security side, if somebody is uploading sensitive content that they are not supposed to, for example, HR uploading sensitive personal file onto a collaboration platform, which is a violation based on the policy you have defined, it is possible for the system in this case, Vivian, to be able to go and take certain actions, it could be quarantining the data, tombstone the data, or informing the necessary administrative or security staff that this action was performed.
So to answer your question, yes, the remediation actions can be taken by the platform. It, it, it also depends on what is available in the, the cloud or on-prem applications provide in terms of the APIs for the integration capabilities. Okay. Thank you. So we have another question from egg ELLs, and this question says if we have multiple non-standardized HR sources and low quality HR data that needs preparation, does savvy support, automated workflows and transformations for importing this data, assigning business roles, etcetera, essentially being a middleware for identity records. Yes.
So the ETL engine is, which is basically the extract transformation and regarding, so basically the ETL is part of the platform and, you know, helps integrate with multiple HR sources. We also have several unique cases where you need to, where people have different identities, the same individual have different identities given that they're performing different roles. So being able to bring that data into CBN, transforming that data, to identify, you know, commonalities and then define business roles is definitely part of the capability.
One of the key things in the differentiators for Sian is the ID, the whole idea, and of identity analytics, analytics, to be able to perform these kind of activities. And even after it, the identities are loaded into CBN. There are other governance and management functions that require that could be made more effective or made more efficient with the help of analytical tools. So CBN does provide these, you know, capabilities from an identity management standpoint. Okay. Thank you.
Well, I don't see any more questions from, from the audience. And so since we've only got a couple of minutes left, I think that now is probably a good time to end the webinar. So I'd like to thank Ash very much for his contribution to this webinar. And I'd like to thank the audience for their participation and for their questions. So thank you very much, everyone. And please keep a, an eye out for the next, the next co webinars and make sure you look at what events we have that are coming up and try and come and meters all in the flesh, so to speak. So thank you very much, everyone. And good.
Thank you, Mike. Thank you. Thank You. Bye.