Hello, good afternoon, good evening. Or good morning, depending on where you're joining us from and welcome to this latest webinar from KuppingerCole today, I'm talking or we're talking about advanced privilege access management and how that affects digital environments. And I'm very pleased to tell you that this is supported by Arcon. And with me from Arcon today is Anil Bhandari, who is the chief mentor at Arcon. And he'll be talking later, before we get started, here is just a few reminders of some events that we've got coming up on KClive.
On November 9th, we have KVlive tools choice, endpoint protection detection, and response. So that's a very sort of hands-on event there. The now very well received cybersecurity leadership summit 2020 is happening also on November the ninth to November the 12th very soon. And after that, the cyber access summit, which is from seven November 17 to 18th, and of course all these events are virtual and happening directly online, as you'd expect by now, just a few housekeeping points about today's webinar, you as the attendee, a mute, essentially, we're controlling that.
So you don't need to mute or unmute yourself. We will be recording the webinar and of course it will be available for download tool registered attendees later. So if you or any of your colleagues wish to listen to it again, that's what you can do. And a little bit different this time. We will have a Q&A, but we're also going to have a bit of a discussion between myself and Anelle about what we've been talking about on the webinar. So to begin with, I'll be talking about why we need to protect privilege accounts better and reduce the reliance a little bit on passwords.
And then I know we'll be talking about why access control should be more advanced with activity recording analysis by AI based tools to detect anomalies. And again, as I said, we'll have a Q&A shortly after that.
So going straight into my presentation, let's just have a look at some of the traditional account, sorry, traditional threats to privilege accounts. This is to say that privileged accounts without a privileged account management in place. So they're not regulated or classified quite often.
It's still not unheard of for organizations to list privilege accounts and passwords and access to simply on a Excel spreadsheet or other insecure manner. And not only is that insecure, it also means it's very hard to, you have no idea why or who is using privilege accounts. And of course, leads to unmonitored access. If you don't control privilege account usage, we have what I call privilege creep, where people are enabling to give privileged access to others without going through proper protocols or proper security. So you end up with passwords being passed on to other users, et cetera.
So there's a lack of request management.
You don't know, who's looking for a privilege access and you don't know who has it.
It also, eh, privileged access increasingly gives you access to confidential data, personal identifying information, databases and servers, not to mention these days that we have applications and machines that are also getting privileged access to such entities, weak passwords too often. Even, even if privileged accounts protected by some sort of password system, they are quite often easily guessed or, or things like password 1, 2, 3, that sort of thing. People will do stuff. As we know in enterprises to make their jobs easier and get stuff done.
And often this is completely out of the scope of privilege access management. We don't see decent lifecycle management. We don't see privileged accounts being deleted when people leave the company, we, we don't see privilege accounts expiring when they should. And quite often the privilege account may not be associated with an actual identity identity is now key, pretty much to security and enterprises without identities.
We don't know who's doing what. And the thing about identities is it is not just human identities that we're talking about.
We're not talking about machine identities and application identities and the internet of things. All of these things can be controlled with an identity and that identity can be managed through privilege access management. And finally, we have a lack of accountability and that of course is more than just not knowing what's going on in the days of GDPR and the California privacy act. It kind of lead to major fines for the business, et cetera. If privileged accounts are hacked and that leads to data theft or data loss, and that would then lead to a fine.
So here's some of the trends and technologies that are affecting pump business technology. We've we see cloud obviously is everywhere. Everybody wants to use the cloud. And we're told that it is a bedrock of digital transformation, and it is indeed that however, putting privilege accounts in the cloud, or even managing privileged accounts from the cloud can be dangerous. If it is not done properly. We also have virtual machines which are spun up on the cloud, and we're also seeing a hybrid it architecture, which also things multi-cloud adoption.
So we will see organizations that will use public clouds, not just from, for example, Amazon, but they may also have Azure mixed in them because it works with particular parts of the organization. But you may also see private clouds being generated within your organization and also using another form of cloud technology that all these cloud technologies by by character are competitive.
And therefore the people that generate them have their own protocols, have their own standards and they have their own dashboards to control.
So Pam somehow has to get through all of that to protect the privilege counts in multi-cloud architecture. And that goes on to effect dev ops and other agile teams are much more likely to be using the cloud and multi-cloud, and those guys want to get stuff done as quickly as possible, as I said earlier, and they're also the ones that may cut corners if privilege access management, isn't there to not control them. I think control is, is the wrong sort of word.
What we should be saying is managed and the keyword is managed so that they can do what they need to do, but they can do it securely and also not affect the security of the organization. APIs, obviously another huge development in the way that enterprises are working data analytics, big data, AI machine learning.
And as I've already mentioned, the internet of things, all this stuff is what you might lump together as digital transformation it's happening in various forms, in different organizations and it's different happening at different rates.
But certainly within all that, we are seeing a huge increase in the number of privileged counts. And it's a challenge to manage them. And business processes have changed, not at least to which remote access, especially in the last few months. We don't need to tell you about what's been happening there, but remote access has become a very, very important way of working for many people.
Some people will be accessing privilege accounts from home laptops and those laptops may not be properly secured. Data governance, as I mentioned, has become much more important and much more serious as well.
We're seeing customers also getting access to some parts of organizations, particularly in some sectors like retail, where customers are our king and what they do and how they react is of great interest to those organizations. So they're bringing them in to sort of understand them better vendor access or vendor risk.
We, we have seen vendor risk management systems for some time now, but allowing vendors access to your organization also brings another layer of risk. And especially if those, at some point maybe accessing privilege accounts, and don't forget that an awful lot of breaches are caused by vendors, not the central organization itself. So any way that you can control their use of privilege accounts, whether they're in their own organizations or if they're accessing yours is important.
And we're seeing that Pam can help to do that more and more collaborative working again, that's part of remote access, but we are seeing more and more or tools being used now such as teams, slack, et cetera, where individuals are working collaboratively, but digitally together to get things done.
So Pam also has to work well with SIM. It needs to also work well with session management tools. Multi-factor access, sorry, I'll say that again.
Multi-factor access single sign on, and then zero trust zero trust is probably the most important, important trend insecurity and identity right now, so that we only give people access to what they need when they need it and for how long they need it. And nothing else. We'll talk a bit more about how that works in a bit and the security processes that pan must also be compatible with include incident response management, forensics, endpoint protection, secure, remote access, and risk management and secure access.
As we've already mentioned has become suddenly much more important and endpoint protection too, because a lot of people are accessing data and services from endpoints that may not be protected as well as those that were issued by the business or those that were used within the organization itself.
And I mean like in traditional offices, so passwords have been central to privileged access management for some time, it's still probably the most common way that people can access a privilege account with a password and username, et cetera.
The problem is as privileged accounts multiply and as all the things that I've been talking about start to happen to more and more organizations were putting passwords under some form of pressure. And it's getting to the point that probably we can't carry on like this, the, the sheer volume of it, the expanding it state virtual machines, clusters, et cetera. All of that means that as more and more, it exists more and more data exists and more and more access is required.
And that means the privilege number of privileged accounts goes up simply because privilege accounts are no longer just used by admins to do admin type of things.
They're used by people to access random things, but things that are important there, their access, confidential data and machines and people in dev ops, for example, need to access stuff like code. But those guys are under extreme pressure to work very quickly to get stuff done and get it out out the door. They're rebuilding stuff, maybe six or seven times a day.
They can't afford to wait around while Pam slowly gives them access to what they need. Then finally, there's still a lot of legacy it around and that stuff, it becomes legacy. It almost as soon as it's deployed, once you have something in place it's legacy and the more of it there is the more and the older it is as well. The more harder it is to work in compatibility with it. So Pam again, has to somehow work backwards as well as forwards.
So legacy, it is also an issue for using passwords as the main way to access privilege access accounts.
So how can we perhaps change that the privileged accounts in more modern organizations? So we've seen that as a privilege proliferation of what I call high value data and services, which suggests that we need more privilege. So how do we reduce the reliance on volts and passwords?
Well, a simple thing to do well, it's simple on paper, but we need to do a risk management assessment. We need to do an analysis of privilege. So you can discover which privilege accounts access the most at risk data. And that means high value, not necessarily admin accounts, but those things that are taught. We just been talking about all those people services and machines that are now accessing data within an organization.
We need to look at those and discover which ones are, those are the most valuable, which ones are the most vulnerable and which one of those would do the most damage to an organization if was lost.
So then we need to do perhaps what you might call a separation of duties for privilege access. So who needs it the most, who needs it fast? So this is what I think w w w we need to get to what I call it. An agile PM, sorry, P a P a M just as organizations have had to become more agile to keep up with digital and to keep up with their competitors.
Therefore, Pam needs to become more agile as well, and we do need to reduce passwords. We can't get rid of them altogether. They still obviously have value. And especially if they are used with a very good Pam system, which has a secure vault, et cetera, but we need perhaps to think about shifting access to high value accounts to just in time ephemeral or password free access. And there are ways to do that.
Actually, we need to talk more about what I call Pam ops. So we move access closer to the source.
So the automation and AI tools can speed access and reduce the security load and zero trust, at least privilege a key to doing this. So we bring the actual process of access to privileged accounts, literally closer or digitally, closer to those things that we need so that perhaps we get into what you might call multipath deployments so that perhaps Pam would exist on a larger scale throughout the business, but then we'd have more specialized Pam working in areas such as dev ops.
So that might be a useful sort of roadmap to how we might start to reduce privileged password reliance or for privileged accounts.
So I'll just quickly know that we be pushed for time at the moment. There is no single solution for all requirements. So we're seeing here and I won't go through all these functionalities, but we have what you might call a basic Pam functionality, which many vendors would offer.
And that it has the key things like shared account password management, the volt, which I've been talking about, multifactor access, a way of session monitoring and recording, very important for data governance, account, life cycles, IGA integration, and application to application integration are those things. Most Pam vendors will do varying degrees of, of accents. We'll provide that. But then we get into say Pam for dev ops, which I've been talking about, and we don't need all of that stuff. If we use Pam for dev ops in a multi Pam deployment.
So then we would still maybe have the credential vault, and we probably would need the application to application, but we might also be looking at short-lived certificates, femoral certificates, and then integration, as I said, Pam ops integration into the continuous, into implementation and delivery flow. And then for those organizations that perhaps they're looking at Pam for the first time, and they're the ones that are still perhaps using a Excel spreadsheet, et cetera, we're seeing Pam from the cloud or Pam as a service.
And that may well have a limited number of functions, or it could have all the functions that we get in basic lb functionality. But the point is that it takes away some of the responsibility from the organization to run and manage privilege access management, which for smaller organizations would be a useful requirement.
So finally, this is a glimpse of how I see digital pan deployment may look in a few years if we take the bottom layer and microservices and containers, which is the basis of a lot of organizations these days.
And then within that, we have API APIs, applications, and data looking to the microservices and containers, but we also have, excuse me, we also have our dev ops or our users at the top that also will be perhaps going through the traditional pan layer, where they may go straight to a, another version of Pam, which you get closer to microservices, containers, et cetera. But from the top, I deliberately called them digital identities because we have all sorts of things trying to access privileged accounts. So we have a car.
For example, when cars get more and more connected, they become more digital, more autonomous. At some point, there is a good chance that a car will access some kind of privilege either from an edge device or back on a central device.
And then of course we have mobile headsets. We have machines, we have the cloud, we have databases and servers. And then of course we have organizations like manufacturing, which again, will be using things like IOT and robots and digital twins of devices, which again, a bit like the car may need access to privilege data.
So six possible futures for Pam, Pam suites and more specialized solutions may sit by side. Pam obviously will still need to be regulated and monitored. I'm not for any second suggesting that we can just have access only to prime and not have any kind of record. Pam vendors may well split their own Pam suites or develop specialization or acquire technology to become able to cover some of the scenarios I've been talking about. There'll be greater use of artificial intelligence, machine learning and automation within Pam to boost efficiency, accuracy, and time to value.
So for example, Pam would be able to use AI to assess where vulnerabilities may lie without humans having to get involved. And we'll see more smaller businesses adopt Pam in some form. And those smaller businesses may well become part of larger distributed architectures. That for example, they, in the value chain as vendors that are using privilege access as part of the support that they do for an industrial partner organizations should better control the Pam overload. At the moment, we are letting perhaps too much privilege out there.
And so we may see users being restricted or limit accounts to perform better discovery of those accounts. And eventually we may actually be able to phase out passwords altogether so that we use ephemeral access or certificates tokens, or one time just in time. So that's 1, 2, 3, 4, 5, 6 possible futures for pan that I predict. I think I'll be bold enough to say that. So now I'm going to hand over to an L who is the chief mentor for arc-on and they will take the reins where his presentation.
Oh, hello.
So thank you, Paul. I think that was an interesting discussion that we've had on the advanced use cases of the Pam solution and some of the interesting discussions around cause needing authentication. So as they connect on IOT, including the IOT devices on manufacturing, so a very good day to all of yours today, or good morning or good afternoon and a good evening, I hope all of you are safe from the spend dynamic and continue to be safe. I will just try and build upon the discussion that Paul has had so far.
And I'll try and impress upon you the advanced use cases and especially how is, are gone. For example, investing in these advanced use cases to be able to meet your requirements as you go towards the maturity curve of five implementation, or as you look at implementation in phases, or maybe a whole host of implementation on day one that you would want to look at.
If I would take you to the second slide, if you were to look at the journal use cases of fam of course, the first one being the key elements that most of the organizations would end up implementing the first time that somebody would want to look at a pan solution is of course the, the passwordless access for all your end point devices or target devices, which means without having the need to have access to a bus where you just double click and you seamlessly enter into a different scenarios where you connect your RDPs and VPNs and your assets such as the note of that.
And the second good feature that most of the organization love to implement is to have some kind of command filtering to ensure that sometimes even by mistake, you are not lending of firing a command, which you should not be fighting on production.
And that has been good number of use cases around implementing some basic controls around control, command filtering. And of course you can take it to all the possible at once layer where you could actually do a just-in-time come on for as well. And of course, the third one, which is very, very important is the session monitoring.
This is important, not only from a security perspective or making sure that your chats on the control, but most of the time organizations have come forward and said that this feature is also really interesting because it helps them to recover from any mistakes that one would make during the operations. And I've had several of those examples.
So in the last span of opinions that we would have, you know, gone around and implemented the privilege access management solution across the world and, and being cases where a third vendors come in and by mistake, instead of fighting or truncate in the test environment, they land the fighting actually the production environment and Istation monitoring is something that really cookie helps you to recover from any mistakes that you make of these guides. And the port went up because of the password rotation.
And this is also one of the most important elements that somebody would like to protect and like to maybe rotate the passwords, because this is where the, the, the biggest chunk of exposure for any organization is there.
But just wondering if summarize on this slide, that password management is still coming up the curve. What I really mean is that by organizations have really taken well to do passwordless Xs, c'mon filtering.
They really using the session monitoring very well, but sometimes the organizations still struggle with making sure that they're able to achieve the full scale of password rotation. And, and, and why is that?
So, so if you were to look at this slide, I've just tried to explain that password rotation becomes a challenge, especially in mid-sized or large entities, because the number of IPS that you have is really, really larger number, especially after COVID, there's an amazing amount of investment in digital technologies because every organization today is investing in some form of digital investment or the other either to improve their growth.
So on the growth aspects of the digital investments or to improvise their processes, which means to get better processes, make sure that the investments are helping them to use their business processes run faster.
And there's a lot of digital investments there. And of course, then there is a lot of digital investment around creating better experiences for people, making sure that you have all the apps coming in, making sure that you're servicing your customers really well.
So if you look at the digital investments, it's happening in Chileans, and especially after COVID, this has really picked up a fast game. Now, while this has picked it up really, really fast, this has also led to a significant increase in the number of digital assets. It could be applications, it could be devices, it could be security devices, or it could be APIs and so on and so forth.
And every such piece of device coming up or API coming up or any such digital assets coming up all require authentication and authorization, which means all of these requires some form of credentials, user IDs, or passwords or tokens and so on and so forth as they would have it.
And because these numbers are really large and huge, and because the use cases are complex, it is becoming difficult for, for even the best of the parcel Badman solutions to be able to tackle all of this at a seamless time.
And just imagine if you were to have a cyber attack, for example, and you need to change and rotate all your passwords in Metro of seconds or minutes, or even us, it, it sometimes becomes way difficult. So there are organizations still trying to grapple up with this situation.
And especially if you look at the examples of larger banks and telecommunication companies, these devices on into thousands, and maybe sometimes under thousands, and that truly puts you into a situation when you would want to rotate passwords at scale, I'm happy to let you know that our con really understands this problem statement after having spent Constable about almost a decade in making sure that you have a strong board.
So one is, of course you need a very, very strong wall and you don't want people to attack it and make sure that nothing is lost, but you also want a very tiny ball where you're able to do hundreds and thousands of passwords, a rotation in minutes. So are gone. For example, has the technology that you can have multi vault processes being aligned. It could be made on basis or devices. You could attach them, you could attach them to groups, or you could even attach them to line of businesses, which means you could have any number of processes attached.
And every word process comes with a nice design or a feature, which lets you do a reconciliation. And also lets you do a auto heal because there are chances and times when the passwords have been changed for some reason or the other in a large environment typically, and you still need to ensure that they are seamlessly change and access is available.
And at the same time, you also have an alert mechanism around it, which gets into your sin to tell you that, Hey, you know what?
Somebody actually changed the password while accessing the servers because he or she needed to do something around it. So you need a very strong recon and auto ELP teacher. And believe me in the last one year that you know, we've been doing very, very well for these features, we've achieved almost a 99.99% rotation scale for every large organization that we work with.
And, and then sometimes we literally changed more than 400 and 500 passwords just in a minute. And you're able to change significantly large number of passwords as you keep adding your multiboard processes with multithreading now having taken time on passwords, I just wanted to summarize that a Pam platform should ideally cover what kind of technologies and these technologies that are those operating systems and databases that we're so familiar with because these become the first stop for any plan implementation.
But you do have challenges around the routing devices, security devices, telecommunication equipment. Now one of the challenges with routing devices is that most of the time midsize and large organizations again have investments in the catch as a solution where they do AAA of it means auditing authentication and authorization and they use a different solution. So when you bring in a ban, that is always a debate, whether to do a Pam implementation for all the routing devices as well and networking devices, or should you implement maybe a, that solution.
And I think more than often, we have gone ahead and directly and gestured all the routing devices, also the band solution, because it helps you to also rotate the credentials which any other AAA authentication solution does not help you to do that. And you create a single of grippy around it, but there are still some challenges, which I think as we move on the maturity curve organizations, take it up and then slowly in phase one phase two, start implementing it.
And then of course you have the business application that the cloud applications and Paul spoke about all these robotics and CICB pipelines and secrets and OTs and IOT is, which are coming up in, in, in, I would say in a hundred thousands or millions actually. And if we look at the IOT, this has got to be an explosion for public identity and escalated identities at our con. We make sure that we connect to any and all of these technologies. Now it's really important for a Pam solution to be able to either address your, all your problem statements.
And of course there are specialized tools available, but if you, if you invest in a Pam solution, you would want to make sure that this Pam solution is able to be able to connect with most of your use cases, if not all, today. And that they have a very strong roadmap to other use cases because you can't land up having multiple lime or band solutions most of the time.
So I've gone.
For example, as a market place, it has got more than 1,500 connectors and we used robotics process automation or wherever possible, but to be able to help you to connect to these technologies, if, if some connectors become difficult. And then of course you have dynamic workflows so that you could request for these accesses at the right point in time. And just in time with a nice self service portal to ensure that administrative tasks keep coming down because you don't want an army of people managing your Pam solution.
It should be easy to use, good to use and should be a self learning experience. And so these are the technologies that we connect and what do we do to protect it. We become the identity provider. We manage the life cycle, the ensure that you have a strong and a very scalable world, which I explained to you and very important, you have an odd back, which means command filtering based on different roles that you have, because eventually it is command purging, which is going to help you to ensure that your data, your final data is protected.
And then you should have a session monitoring, which is really a smart session monitoring to be able to do analytics on screens that you capture, or to be able to get to the right command and to the right video so that you don't keep wasting hours and hours looking at huge pieces of videos coming up to you. And, and, and, and, and it's very important that you're able to do calibration, which means the stool is also becoming more and more operational in nature. So like I said, what has generally been the experience in terms of a reasonable time implementation?
I think most of the time organizations, but the small ones or large ones do make sure that they cover their operating systems and databases, and they are more or less Colbert and implemented in the pan solution. Routing devices, security and telecom devices is something that organizations have now coming forward and making sure that, Hey, why are we having different solutions?
Why don't you give us a single window? And they have started to then ingest these technologies also within the patent solution.
And as I speak to you, most of the organizations are investing and making sure that they upscale our dentals here. Then of course you have the advanced use cases it's Paul spoke to you about. And I think he literally covered every aspect of advanced use cases.
And this is something that most of the organizations have started to think about and security professionals across the world are now realizing the importance and the implications of these advanced use cases like the business applications, like for example, SAP, Oracle cloud applications coming out, robotics processes or bots coming up, and all of them require secrets and credentials. If you look at this is something that I kind of explained to you, that all of these organizations are coming up and ingesting all of these networking devices and telecoms.
And if you look at our con, we're also investing a lot of money to ensure that we actually bring the entire experience of our AAA, which is literally built into our pan solution because people just don't want to access two or three different consoles. They want to access a single console and make that very, very easy for them.
So I spoke to you about the thinking aspects of the advanced use cases. And I think in the next two or three years, it will become very important for one to focus on all or any of these use cases and something that your organization would be probably investing in it.
You could probably start by doing many projects around business applications or app to a password change, or maybe looking at secrets in the clouds for yourself. But I think in the next six months, more or less, all organizations will be putting some form of projects around these and making sure that their time applications are able to ingest it. Now here's a challenge. If you would have bought a pan solution, which is more of a password wall, and it's not able to cover all of these areas for you, you actually get back into a thought process of trying to look out for different pans solutions.
And I think this could probably be the right time for you to ensure that you look at a pan solution. If you've already integrated or using one, you'll make sure that you look at something which gives you the ability to integrate and create a single window for all of these or most of these use cases. I will now take a couple of minutes trying to explain the and the impact that one would have in typically some of these use cases.
So if you see something on the extreme, right on the corner, the diagram actually depicts CICB pipeline, but says that you have, now, the world wants it to be very agile. Everybody's moving to a SAS platform, which means you want a piece of code and you want it. Now you want your feature and you want it right now, which means your entire team has to your development team has to be very, very agile, almost all of them end up having access on your production machines, which of course is a strict no-no.
You don't want them to have access.
So while you don't want them to have access, you still want it to be , which means you build up your CI CD pipelines, and you make sure that you now integrate because every step of a CIC pipeline would need to either pull a credential or let you push something into the CIPD pipeline or tools like Maven or Jenkins or any of your automation tools or any of your testing tools were require you to have credentials, to be able to log on to test environments, do a build, and then log on to a production environment. Now, why are you putting them on the right side corner?
Because we believe that in doing so, the probability of losing something, which is credentialed is very, very high, because it's just about everywhere. And because you're building codes around it, this credential is also very, very important credentials and something could traumatically go wrong and the impact could be very, very high.
So I think that is high probability of losing a credential. And there is a high impact there, which is which means that you will need to address situations like these.
If your organization has invested in something like this, if you look at and go a little below, you have the hardcoded passwords. And then if you go a little below, you have the API APIs. And then if you look at all your social media accounts, probability again is reasonably high because you have all these out, shows your marketing and given your user IDs and passwords through your marketing agencies. And the impact could also be reasonably high if you lose your credentials there.
And then on the left hand side, you'll see the plat, the SAS platforms coming up and all of these SAS consoles, like the AWS console or your Salesforce console also is very, very important.
And these console now help you to manage your businesses, which means you have to have a plan to be able to ingest all or all of these consoles or most of them into your Pam solution. Because again, the probability is reasonably high and the impact is also reasonably high.
The one that you see on the top is the remote access would be a red t-shirt gentleman trying to access your, your applications or your devices. And then during the COVID times, and after this, this is going to be one of the mainstays. And believe me, people are coming in and touching your systems from everywhere, your third parties, your windows, your own employees.
And again, the probability of losing something or something going wrong is very high and the impact and the likelihood is always going to be high. So if you look at all of these use cases, they are neatly forming into circles and coming in towards the right-hand corner of hyperbaric.
And high-impact because most of the organizations have started to have a high utilization or usage, and it would become very important for you to address this in the future. How does our gone addressing?
So if you look at the SAS platforms, or if you look at your Facebook's, we've got a plug and play connector and connected building apps, which means we're able to tackle any console that you have on the fly. And you're able to build it on the fly on the marketplace, and you'll be able to make sure that all of this is integrated. And if you went to look at your CI CD and hard-coded and API APIs, our con has ready CICB pipeline integrations available either with the push mechanism or maybe the pull in the chasm.
And we have an app to app module, which is a very, very mature module to help you to take away all the passwords, which are hard coded in your config files and I five scripts and make them generated on the fly.
And you have SDKs, which are available for you to be able to integrate with that. And so are the possibilities of the token and all that to try and use in your API.
And on the top, if you look at the remote one, incidentally, our content solution is now built on top of our remote access platform, which means you're able to access all your devices from sitting at home or inside, and you're able to do away with your VPNs and VDI.
And finally, I think the bots are likely to come up in a youth space, kind of plot them are towards high probability, but a little lower impact because as we speak, the use cases are still coming up and people are investing millions in bots, but very soon in the next one or two years, this is going to become a straight on the right side where we will have a high probability of a loss and a high impact of any of your losses.
Just to wrap this up.
I think Paul has already mentioned that zero trust is now becoming the mainstay because you're accessing your technologies from anywhere in the world or at any point in time. And you'll need to ensure that you're continuously assessed. And I think we have the highest investments in the zero trust model. We are making sure that we are without AIML. We are able to create a user behavior analytics, so awkward top of it, which will help you to quickly address your threats as they come up very, very quickly.
Finally, I think our con is investing in low friction and high security. So if you see the access passwordless experience, right from the access to aim zero Trek to just-in-time access, and we are built on the remote access platform, which has means that we're able to have your use cases and provides and then cloud as well.
And finally, this will help us to do and give you access at the appointment time that you want and the data access.
And when you want to, and with the low friction authentication and authorization, and then of course you need to protect your privacy and make it simple, which means you need high security as well. So, well, this is what I thought would like to quickly press upon you when we get into questions and answers. But I think argon is like a cutting edge of technology to ensure that we meet your advanced use cases.
Also very, very simplicity. So this is from my side, Paul, I'd like to hand it back to you. Thank you for your patience.
Thank you so much. I know. I hope you can see and hear me okay. And as you said, it is now sort of question time, and I know that we're gonna like question each other. I think so maybe I'll stop if you like, w w w one for you, which is what can Tom vendors do?
I mean, you mentioned a lot and there was a lot in your presentation, but maybe just a little bit about multicloud environments, because I think those are becoming more common.
So I think, I think there's this very interesting debate of having a pan solution to be able to meet all your multicloud environments like the Googles or the AWS or the resorts. And do you have the ability to again, create a single window where you're able to handle multi multicloud environments hybrid, including the front lines?
I strongly believe that the architecture becomes very, very bottom tier Paul and I think any Pam solution that would look at has to be agile enough to be able to access assets in any cloud environment. And I think it's actually not important any longer. It's actually a necessity now. So I think one would look at ensuring that you have the right architecture when you're looking at a, when you're looking at a Pam solution.
Okay. Would you like to ask me a question?
So I, I was wondering Paul that, you know, you've got of course, tons of experience around privilege access management. And sometimes while we talking about ed bonds, I might want to bring you back to basics and say, how was hard-coded passwords really dealt with in your experience, in, in any of the Pam implementations, are people able to cover it or people are still struggling with it and trying to grapple with that situation?
I think, well, I think hard-code hit pause was actually just not a good idea, mostly because for the reason that you can't access them, you can't update them and you can't delete them very easily. And one area where this has become more prevalent recently is the one that I've been talking about a lot is, is DevOps where there has been a tendency perhaps to bury passwords or other kinds of code or secret code within containers. And that works all right, for those people within that environment. They know that they're there.
The problem is that how attackers also know that there may be passwords embedded in applications, et cetera, but embedded in other types of applications that will directly go looking for those. And they're easy once they're there, they're pretty much easy to find because they're probably not encrypted, et cetera.
So
If I have to interject, but most of the time when you try and address the situation in any large organization, companies are always grappling with the problem that they want to of course do away with this problem statement, but they don't know where to start because they have maybe hundreds of applications and that hundreds of locations, the parcel, the store.
So any sedation or, and why is that you would have for organizations, how do we really start to invent drives all of this and then get to the door with,
Well, that's, that's that I think we need an, I think that it's a data governance solution of some port, which is something that I was talking about so that you have a record of where this stuff might actually be. But as I said, it is hard to recall stuff.
If you don't know where it is, you can, you can encourage people not to hard-code passwords, et cetera, but any solution or any tools within Pam that can help or disclose them would certainly help.
True. So now thank you for that. And if I may just extend my cushion, I have this very interesting cushion, which I think is coming up in a lot of debates recently, especially after the COVID situation, people have having a knee-jerk reaction on buying a lot of VPN licenses and video licenses, and people are struggling to get remote accesses.
Do you see in the near future that there would be a completely different way to do a remote access platform rather than getting into VPNs and VDI is because they become another set of animal that, you know, people will have to manage and do access control around with.
Yeah, that's a really good point. And I know that VPNs were kind of rushed through in, into people's homes, which are not necessarily that secure.
And then they had difficulty getting to the stuff they want because people didn't know how to configure these VPNs, particularly people at home, but then at the other end of the organization, they weren't ready either. I think that secure remote access would be better built in to the tool. For example, privilege access management. If it's already built into the tool, you don't need a, a VPN on top and you don't need to go to the considerable expense and deployment time of VDI is as well.
I mean, a VDI is obviously much more secure than a VPN, but then it means a whole new way of working. You then got to install. VDI is on everybody's desktop or whatever laptop or whatever machine they're using.
And even then you don't have control completely on what people are doing. So they may have a VDI on one machine, but they may still come in on another. So therefore it is better to build in the identity access and the identity authorization within the application that takes you in there in the first place.
So something that, for example, Allcon could do I imagine is, is built in, in the first place. So I think VPNs, I can't see to answer your other question. I can't see that there's going to be a particular new technology that will make this magically safe without, you know, which would be better than VPN, easy to install. So I think it's gotta be built in to the identity.
I think you really touched up very interesting God because last six months or nine months, and of course even not emphasizing the COVID situation, but our con was investing in the part process that today or tomorrow, you would need a very seamless access wherever you're accessing it from. And that's the reason that we invested in an application streaming. So it's actually works on sockets and the, the web layer, which helps you to create an isolated session and you could be sitting anywhere then accessing your endpoint devices, including your applications.
And so it's a time that's really getting us a very good feedback from the market, because then it becomes very, very interesting and very easy to implement without having to do agents on your laptops and stuff like that. So, yeah, I think you're absolutely right. So I think it would have to be built into the, or tomorrow.
And you're lucky that, you know, we kind of picked it up a little early and try to try to do something like this. It's bringing in good and interesting stuff.
I, I know that you spoke about and, and, and sorry for this. And I, I probably take your questions as well, but, you know, I keep getting excited because, you know, you have so much experience and wanting to make sure that, you know, while, while other takes the other take the benefit. I also take the benefit of your knowledge.
So, you know, you mentioned about data governance, which I so believe in, and, and I believe that the security, the future is likely to be very data. It's going to be contextual, meaning data, and who's going to be accessing data at what time. And so and so forth. Do you take an EPM or a UBA kind of a solution which really integrates very well with a privileged access management solution is a important element for people to look at during their investment in the pan solution?
Well, yes, I do. And I think just to build on what you said as well, that we are getting to a situation where almost everything can be considered to be privileged. So therefore even particularly if people are working remotely or, and the extended sort of sorry, infrastructure, so definitely we should be looking at those, those tools as in additions to, to what we get with fishermen.
Oh, so
Interesting. So I'm, I'm happy to take questions from you and some of your thoughts and maybe see if I could add some, some suggestions or points around it. Yep.
Well, I mean, I K w w where you, we actually talked about data governance, and I think we're, we're kind of agreement there that that is key because data is everything and effectually. What we've been talking about is people are having access to data as much as administration rights, et cetera, which is kind of the old fashioned way.
But I guess, as we were sort of coming up to the end of the, of the session, but w what would be perhaps from your experience as, as a, as a vendor and you get to talk to lots of customers, what would you be your sort of number one recommendation to an organization that perhaps is just starting out the Pam, or hadn't even considered it, but now finds itself in this situation where people at home, people in different places and different machines.
So I think, I think Paul, this is a very interesting question from our perspective, you see an amazing amount of interests, especially after the COVID situation. And, and there'll be the literally pray to God that as an organization of you finding this, well, of course we don't like the COVID situation, but people have suddenly got up and want to be very interested in trying to understand what is this and how it works now, coming to your question.
I think if there was a small organization, I think that is a burning need in the market to protect even the smallest possible organization, because everybody has a laptop and everybody has a desktop. And just about everybody in today's world has important data. I could be servicing a large, large organization. And what typically happens is that the smallest vendor or the, or the, the, the easiest way to kill a value chain is to go to the smallest possible vendor and, and maybe try and do a cyber attack there.
And you've got a huge set of data, often large organizations sitting on your laptop. So, which means that you need to, even as a smallest organization, need to look at solutions like a fan. If you were a small organization, I would strongly recommend that the basic four fundamental use cases of fan, which makes sure that you're able to integrate your devices seamlessly. You're able to do some kind of command filtering. You're able to do good session monitoring, and maybe a password vault makes it very, very important.
Most of the time people try and say, Hey, can I just have the password wallet? And I don't want to bother about something else, but no, I think it just doesn't work in isolation. You need to have that for an arc-on is recently invested in something called us Pam light, which is to ensure that, you know, the smallest possible organizations are quickly able to adopt it.
Something like a small KVM switch that you put in your server room, and you're able to access all your devices with a single, and it offers you efficiency as that if you had a small and medium enterprise, I think you need to desperately look at the Pam very, very quickly with some amount of advanced use cases.
So for example, if you're a software development shop and you're supporting a smaller large organizations, now, this is where all your problem statements go in, and you would need to ensure that you try and look at CI CD pipeline or an EPM kind of a solution to ensure that your development processes are under control. So there are use case basis. And of course, if you're a large organization, you don't have a choice. You need to ensure that you occur, you come across, or you evaluate a Metro plan solution, which is able to take you to the journey.
It's not a question of having all the possible teachers. It's a question of, Hey, is this organization have the, does it have the ability to take you to a journey to be able to address all my use cases coming up? So I think that's really the part that I would like to break it up into.
So, so you, you kind of agreed it, we're seeing a, sort of a broadening out of the market. So we will have tools that are more basic. So they will, and they'll have tools which are served from the cloud or as a service. But I would also like to make the point, and I agree with you in this, some of the stuff that I was saying, I wasn't suggesting that you can just have a volt either, although you technically can, but Pam needs to be backed up with a data governance and it needs to be backed up with some kind of records.
So, you know, who's doing what, et cetera, but I do think that we all seeing some dynamic changes in the market as, as identity and access and remote access as has become much more important.
No, you're absolutely right. Just to kind of just to summarize the wall piece, I think cloud identities are definitely looking at high velocity volts, and that is another very important use cases, which is coming up because you have all of these easy two instances and containers spinning up and they spin up in hundreds and thousands. Right.
So, and you need to connect to a board. So I think, yeah, when you look at a wall from that perspective, I think it becomes a very specialized use case. And that's something that one would need to look at as well, especially the stock of the scalable companies and stuff like that.
Yeah, absolutely. Yeah.
Well, we could, we could probably go on talking a lot longer, but it it's been a great pleasure to have you on the call today or on the webinar. And I appreciate your time and thank you also for a fascinating presentation. I'd like to thank all the attendees as well. I hope you enjoyed it and look forward to joining you again on a, on a future webinar. But for now, as an L said, please stay safe and we'll get through this at some point in the meantime, stay safe, but keep your privileged accounts safe.
Thank you, Paul. And it's always a pleasure to be at the KuppingerCole events.
Thank you so much. Bye-bye thank you. Bye.