Welcome to our co a Cole webinar on workforce continuity. In the time of crisis, this webinar is supported by SalePoint. The speakers are Ben BBER IIR identity platform director at SalePoint and me or Ashford senior Analyst at co a Cole. Before we start some information about keeping a call events and some housekeeping notes, and then we'll jump into the topic of today's webinar. We are currently running a series of virtual events, all of them in a modern format with keynotes presentations and panels.
You can expect high level content from world class speakers and plenty of opportunity to interact with our speakers and other attendees. These events are online only and free of charge. Thanks to our sponsors. The next one will be on privileged access management for your enterprise, followed by customer identity and marketing automation and the future of digital identity. Focusing on self-sovereign identity and verifiable credentials.
In addition, there's also a lot of stuff coming from us, such as blog posts, videos, and podcasts. So have a look at our website and see what's available.
Now, a brief note on the housekeeping, you are muted centrally. We are controlling these features, so there's no need to mute or unmute yourself. We are recording this webinar. So the webcast and the slide decks will be made available shortly afterwards. There will be a Q and a session at the end of the webinar. You can enter your questions at any time using the go to webinar control panel.
And now looking at the agenda for this webinar, I will talk about their current challenges in IM deployments and how modern technologies specifically AI and ML could help in overcoming these then Ben Wilk IIR identity platform director at SalePoint. We'll look at how this can be done in practice and provide some insight into the sale point predictive identity tool. And finally, we'll have a Q and a session, which is your opportunity to ask any questions you may have.
Remember, you can enter questions at any time using the go to webinar or control panel.
Now let's get down to business. The 19 pandemic has put the spotlight on workforce continuity in a time of crisis.
It has also highlighted the importance of remote access in a crisis and the related challenges, but it's not only in times of crisis that companies need to adapt and respond quickly to changing circumstances, to provide employees with remote access and deal with onboarding and deprovisioning contingent workers, constantly changing and increasing customer demands as well as workforce expectations to work remotely flexibly.
And on the move mean that working from home will become the norm, not only during the current pandemic, but beyond all these factors, underline the need for organizations to be able to grant appropriate, secure, and compliant, access rights to employees as a normal part of business, and not just as part of crisis operations identity, therefore is key. Now let's look at why identity is becoming a key enabler for remote working in the absence of proper business resilience planning. Much of the rush to remote working in recent months has been tactical and uncoordinated. It's becoming clear.
However, that identity is at the core of digital transformation, security and privacy, and therefore identity and access management. IAM is key to workforce continuity working from home or any remote working requires a zero trust approach to security, which requires strict identity verification. At every point of access. Zero trust is very much about identity and then the context of zero trust and digital transformation. It's therefore vital for organizations to be able to manage identities and access permissions.
The role of IAM is changing to become central, to enabling the right people, to access the right systems and data to do their jobs at the core of IAM is giving everyone access to every service seamlessly, but in a controlled way, that is secure. IAM is at the core of enterprise it infrastructures. When it comes to protecting digital corporate assets identity, therefore is becoming a key enabler to working remotely in a secure way because identity moves with the user in a way that firewalls don't.
For example, IAM done correctly ensures that identities, their user accounts and passwords and their access entitlements are well managed, but there are a growing number of challenges. These include the fact that manual processes do not work well.
Remotely, remote or mobile users are accessing internal systems potentially with personal devices. There's also a growing need to integrate business partners, contractors, and customers into business processes.
There is also the general shift to cloud-based applications. So defining and access entitlements is becoming increasingly complex as is the need to identify the right access entitlements, the need to ensure segregation of duties, the need to identify high risk combinations of entitlements and the need to conduct accurate and effective access reviews. In the light of these challenges.
We think it's time to rethink identity because it's becoming too complex to manage manually. Some of these challenges can be overcome with technology, but not all of them. Perhaps the most common challenges are around user complaints. Common reason for complaints are around access requests. Users don't know what to what access they need to do their jobs. They just don't know what to request and they don't have the access they need. And as we know, access requests are often taking too long to approve. The other area is access reviews, rubber stem certification doesn't make sense.
Organizations really need an approach that helps them to understand the risk and focus on the real risks. In many organizations, there are the areas that need improve. These are the areas that need improvement and because they are inefficient and the user experience is extremely poor time consuming tasks due to a lack of connected systems or a lack of automation in audit and review results in complex manual. Re-certification no one likes it and the results are seldom good or positive. They don't deliver on what's required. So we need to get better there too.
Processes might be too lengthy, but it's not something that technology can help very much with in the end. Technology helps us in implementing these processes. But the real problem here is that too few companies spend time writing down or defining their processes and looking at standard process frameworks to ensure that they are following best practices for identity management. Escalations is the other side of the user complaints. Too many escalations are due to the fact that people don't work on their review until it's escalated. It'll make life simpler for users.
If this is done more effectively, ordered findings are a consequence of gaps in implementing access governance the right way. However, it's not just about being compliant, but delivering to the business. And this means being able to identify and fix issues either as they arise or better still before they arise.
Project failures are not only related to technology.
A lot of projects fail because they tend to be too complex, not well planned or just the wrong approach, but understanding the requirements and selecting the right technologies is important to ensure that the needs of users and the business are met. If we look at how technology can help in access governance, specifically, there are a few things we need, we need access to the systems and this should cover as many systems as possible across all deployment models. So we need to connect to these systems. We also need depth in the analytics. We need deep insight into how these things correlate.
Again, technology can help us do things better and all of these need to be both effective and efficient at the end of the day, we still need to deliver. So it's important to focus on what is really required and where we need to engage with the people.
Automation can be a real boost to efficiency, look for any opportunities to automate processes. This is certainly a growing trend in all business processes and is enabled by technology. IAM should be no exception, particularly for things like access review.
And re-certification so given all these challenges and the sheer complexity involved, it is struggling to keep pace. It's therefore time to rethink identity at keeping a coal. We believe an important part of rethinking identity is adopting a services based approach to identity as outlined in our identity fabric concept, which you can look up on the keeping a coal website briefly the identity fabric concept is about connecting every user to every service and is centered around managing all types of identities in a consistent manage manner.
It involves using modern technologies and these potentially include AI, but will AI solve all these challenges? Well, despite the marketing hype, AI will not solve all problems, but if done correctly, it can help in various areas of IM such as analytics recommendations for entitlements and identifying where the real risk is that you need to look at in your re-certification processes.
In general, what we believe is commonly called AI is likely to raise organization's ability to manage an expanding range of identities, to make access decisions based on accurate behavior analysis and derive value from identity related information and security intelligence without breaching privacy regulations. But what do we mean when we say AI general AI is the ability of a machine to intuitively react to situations that it's not been trained to handle in an intelligent way in a human way, but this does not exist. Not yet.
Anyway, however, there are some things we could call AI, even if it's not general AI, the most common use of so-called AI is recommendations like Amazon's Alexa or Spotify recommendations, translations, picture recognition and intelligent automation. AI is perceived as a strategic technology capable of improving existing operations and of opening new lines of business.
Therefore, lots of things are sold as AI, but in reality, these are mostly just conventional algorithm based technologies that augment human actions and enable people to do their jobs better.
If we look beyond the hype of general AI and focus on narrow AI or machine learning ML, that's when we start talking about real AI, when it really works, machine learning works. When technology is trained to do a job, it's focused on a certain task. It does some things very well because it's trained to do these things.
It provides a business value organizations need to look at the challenges in IM and look for opportunities to make improvements by applying machine learning. What are the characteristics of successful AI use cases here, we need the data. We need to train it and we need to improve it in the end. It's about a critical mass of data. It also needs to be something repetitive. So it's about helping users to find the right access. It's about helping to identify the risks. And it's about doing the analytics in an automated manner.
So it's focused repetitive, and it is a contained system where all these things happen. We need a robust AI and we get it by testing it and checking scenarios. It's important for everyone to play around, to check that it does the right thing. Even if there is erroneous input. For example, there might be things that are not perfect. So don't blindly trust it.
Remember, it's something that helps you. It augments you. It does not replace you. So vendors need to build robustness into systems. So when you do it, look at the worst case scenario, what could go wrong, check them, check your data, look at retraining if required and monitor it. That's very important.
Well, AI should be explicable. We need to understand what the outcome will be. If the outcome is unexpected, then that's a problem. Avoid any so-called black box AI, where there is no insight into it works. Another area to pay attention to is reducing data bias. So there are various things at the end of the day to consider when you're shifting towards AI, some of the things the vendor needs to consider and some need to be considered by the organization itself.
So yes, AI has potential narrow. AI is ready to use. This is what really augments people, augments users. This is ready to use. So how does AI help IAM one area where AI can be very helpful in IAM? As I said before, is recommendations, recommendations in access requests and in access reviews, second adaptations. So understanding there is a new external threat or risk data from other systems.
How can, how does this change risk? What do we need to, to adapt? Because things have changed maybe automation towards adaptation of entitlements, third risk identification, where are the real risks. And that is where we use a lot of AI in many use cases. And finally modeling when we have learned that there is the usual use case that makes sense, then we can go towards modeling. So in a nutshell, we have a couple of areas where we can get better in identity management. We should be careful with AI and not too unrealistic about our expectations.
Narrow AI can be used, but there are various considerations, or we always need to be careful and continually check and retrain if necessary and our for more on the potential of AI in a broader sense to augment identity management and how this could go into predictive identity management. I will hand over to Ben BBER identity platform director at SalePoint.
Thank you, Warwick, and very much appreciate your insights.
Hopefully everyone can hear me and see the screen in September, 1991, the sword fishing boat, the Andrea Gale returned to port in Gloucester, Massachusetts with a poor catch desperate for money. Billy tune, the captain convinces the crew to join in for one more late season fishing expedition. They head out past their usual fishing grounds, leaving a developing thunderstorm behind them. Initially unsuccessful. They head for the Flemish cap where their luck improves at the height of their fishing, that boat ice machine breaks.
And the only way to preserve their catch is to hurry back to shore after debating whether to sail through the building storm or to wait to out the crew, decide to risk the storm between the Andrea Gale and Gloster is a confluence, two powerful weather fronts and a hurricane, which the crew of the boat underestimate the Andrea Gale endures various problems with 12 meter wave crashing onto the deck, a broken stabilizer ramming the side of the ship.
And two men are thrown overboard. The crew decide to turn around, to avoid further damage by the storm after doing so.
The vessel encounters, an enormous rogue wave after attempting and failing to ride over the wave, the stricken vessel, capsizes and sinks with no survivors. As many of you will know, this was made into a film, the perfect storm directed by Wolf GA Peterson. So how is this relevant to identity?
Well, as organizations are about to embark on a return to normal, their journey is going to throw at them two powerful weather storms and a possible hurricane on the horizon. And they need to decide what cause they want to navigate. The first storm is the gaps in security and compliance in the current crisis. Productivity has taken over priority. Over security security teams have responded to the pandemic with a great glass approach to get employees up and functioning time was not their friend.
So the bar to cross was functional and not optional.
However, it is imperative that organizations now we gain control to their approach to employees, authentication and access. As the working from home mass migration has made us aware that our approaches to remote access were considered in a very different reality. The second storm is managing the dynamic change in the workforce in January, 2020. The unemployment rate in the us was 3.6% by April several months into the pandemic, the unemployment rate had reached 14.7% in the European region. The unemployment outlook for Spain, France and the UK is 1911 0.3 and 11.2% respectively.
But if we see a second outbreak of the virus, this could increase to 25.5%, 13.7% and 14.8% respectively businesses that have been affected most like travel entertainment and retail to name a few will likely keep their workforces lean. Even if that requires laying off, ed employees will changing the way people are employed, layoffs and changes in how people are employed, require coordination across the business, HR it business unit heads, finance, all intersect.
When these happen collaboration is typically done by spreadsheet and email, and it doesn't work out especially well when the workforce is now remote, how do you safely securely deprovision people or change their employment status to be a more contingent based worker, but still have that governance. So how do you ensure access is managed effectively, but how effective are the systems to cope with this dynamic change in the workforce? While the results from a recent sale point survey are very insightful. Only 8% of an organ of organizations have fully automated provisioning systems.
Less than 50% of companies have more than 50% of their estate provisioned using automation. And only 12% are governing access to data stored in their file shares. The hurricane that is about to hit is this protecting this new security perimeter with the numbers of people now working remotely and many companies, having a limited return to the office policy.
We've moved from bring your own device to bring your own network connectivity or whatever to get the job done. So the firewall and the network security perimeter have vanished practically overnight.
This means that the importance of managing your company's identities, whether they be employees, contingent workers, or even non-human identities has never been more important before the crisis. Only 16% of people worked from home today. It's estimated that over 78% of people are working at home. And as I mentioned, this is probably not going to change in the short or medium term. We've seen a massive cultural shift in the way we work in countries, such as France, Spain, and Italy, where remote working was frowned upon.
But this shift in working practices has created opportunities for those who, who see this as an opportunity to exploit organizations vulnerabilities with 61% of organizations expressing greater concern about attacks, targeting work from home employees and 26% saying they have seen an increase in the volume severity and scope of cyber attacks since March, 2020, the new security perimeter is your organization's identities and governing them has never been more important.
All of this data is publicly available for companies want to look at the O E C D outlook regarding unemployment or the IDC report on remote working the CSO pandemic study from IDG and our very own identity report. And whether all these storms hit at once or over a period of time, what we know is that companies are in for a tough ride, some of which will sail through, but others will capsize.
However, managing this workforce continuity and being able to manage, adapt and respond will be critical. Whilst I would like, like to say, cell point had the foresight to see the crisis coming and the changing dynamic nature of the workforce. This would be an exaggeration. What we did, however, recognize is the need for our identity platform to adapt and be prepared for a new way of working.
Most enterprises live in this world of what we call assisted identity, where they've been helped with some form of provisioning, a good user interface that allows 'em to perform some access requests and reviews.
But at sale point, we have set a target towards autonomous identity where AI and machine learning play a significant role in making decisions on our behalf. It will allow you to navigate through all the storms and focus on actual risks in order to get there. We're currently in this phase of what we call augmented identity, which sale point has labeled predictive identity.
And this can be seen as our initial step into the world of artificial intelligence. And if we accept that identity is the strategic linchpin to supporting organizations through this difficult period.
And that those that will survive will be well on their way to some form of digital transformation, because identity allows organizations to manage the link between their entire user population applications and data in the midst of this crisis and beyond remember identity governance is about answering three fundamental, main questions who has access to what I E what is your current state who actually should have access to what, what is the desired state?
And lastly, how is that access being used?
And that should apply for all users across all applications, across all data, both structured and unstructured. So worry, let me show you how all this comes together.
Well, the first one we talked about was the gaps in security, looking at the gaps in security access and compliance, using the sale point access management capabilities and our artificial intelligence. We can see in our single dashboard across all my cloud estate, what access and privileges are exposed. If we zoom in, we can see over 45% of my users who have access to these environments are actually inactive. So do they actually need access? 99% of the privileges that have been set up are inactive. So we need to address this.
And over 800 sensitive privileges have not been used for over 90 days. So surely these can be removed and one screen, we can help an organization navigate all the access points across the cloud infrastructures, whether that be Google AWS or Microsoft Azure and quickly plug the security gaps that have been exposed by this need to break glass and get people productive.
We can see by location where we need to review and take remedial action. We highlight over one region. Then in this example, Europe, west, we can drill down and see what, and where has caused this alert.
In the example, we have KMS keys exposed to unknown accounts and subnets open to the public. From here. We can now start to address the gaps, but we can take that to an identity level. Now that we have a single dashboard of your cloud environments, and we know who is accessing them, we are now able to plot your identities against the graph. So the privileged access against data and application access, and what we're able to do now is see who by actual name is a high risk, but more importantly, we are now focused on the right people who pose the highest risk, or as we like to call them outliers.
If we drill into Artem, we can see he only uses 147 of his four and half thousand privileges. So we need to review this as a matter of urgency. We can also see that he's an administrator, which gives him access to the AWSs three buckets, which is normal. But what we didn't know is that he has direct access to the S3 environments as well, which we would need to avoid and address quickly. Imagine if we had to let, Artan go as part of a changing workforce and remove his admin account, but without knowing he also had a direct access to our AWS environments.
And once we've established our policies and guidelines, the sale point machine learning and AI platform can then provide these identity based guide rails to help you maintain compliance and get alerted and notified if people deviate or if there is a breach.
The next storm is we are going to have to address is this dynamic changing, working environment as organizations look to shift their workers to not only remote, but due to the constraints of their organizations, they may need to shift people to zero hour contracts or put them on temporary assignment and therefore change their employment status with the platform. We can now manage these identities, even though they may not even exist in an authoritative source, like an HR system. And as we can see, the business owner can quickly see where workers fit into which category.
If we explore the non-employee groups, we can see the source groups that would apply to these potential employees from within the platform. We can now create accounts, no need for another external data source or spreadsheet, a single place to manage all my identities.
And as you would expect, we have the standard attributes name, number, et cetera, but we can now also define a start and end date so that we now can be assured that when their contract ends, so does their access across the entire estate.
We can now see all our non-employee workers or people who have been assigned temporary access to, we can, of course edit and change their details. And this could be extremely useful if we suddenly switch someone out or make further changes or react to the market demand. And now that we have these in this governance platform, and they're now being managed and governed like any other full-time or employee identity, their status activity and access is now audited and recorded.
And we can see where they are in the workflow regarding their onboarding process, but as important as that, whatever they have, and when that contract ends, if we need to terminate all access is removed by the platform. And we could also make it easier for managers, you who use the application and those data, data owners to see what type of identity is requesting access so that they can make a better informed decision and all identities managed and governed from this single platform, whether they be an employee contingent worker or contractor.
Finally, let's have a look at this final challenge, the changing perimeter and maintaining a workforce continuity with identity. If identity is the new perimeter, and we have to look at a new way of working for our staff, how do we remodel their access and ensure it's correct?
Well, rather than get the business to build up new model, new roles and new models, let the identity management platform discover them for you. In this example, we've asked the platform to show us all contractors, but this could be anyone or any other group that you want. The system goes off away, and it looks through the entire user population and which could be both employees or even contingent workers. And it then returns some options for you to consider. In this example, we'll explore role four E 9 0 3 6, and the system shows us the entitlements and applications.
This could also include any file share as well. And it gives us a percentage of popularity associated with that role, which we are gonna focus on. So now we've informed the system, the system, sorry, we only want to have people from this group who are assigned to this role to only have access to the entitlements listed on the screen.
We can review the identity overview and see which department aligns to these identities. And we can also see the titles that may be associated with that.
And in more importantly, perhaps we can even break down the location of these roles in this case, by a specific location, but this could be regional depending on the size of your organization. What this means is that as we model our new workforce and add people to the system or promote or change people's roles, we can now start to make recommendations about the access.
And as we can see here, the machine and the AI capabilities of the sale point platform are learning and providing recommendations for us to be aware of the predictive platform is recommending that we do not give this user access and provide us with an explanation, which is key. It's not taking over. It's giving you a clear reason why access shouldn't be given we as the administrators can overrule the system, but it will keep an audit of the recommendation.
Something to go back to here.
The system is given a thumbs up and a clear explanation as to why it's good for this user to have access in these few short minutes. I hope that we've given the audience sufficient insight into how identity governance enabled by machine learning and AI can help organizations be prepared for the challenges in storms ahead.
Excuse me, how identity answers three fundamental questions who currently has access, how is access being used and who should have access across all my applications, data and cloud environments and the sale point predictive identity platform organizations are able to adapt and meet the needs of their workforce as well as being on their way to a more autonomous identity enabled enterprise. Let's hope that we can sell into car waters very soon and reap the benefits of a digital transformation with a platform that adapts to the continuous changes in our workforce.
If anyone would like to know more about how SalePoint can help them, please do not hesitate to contact us at the following address on the screen. We'll look at us or search us out on salepoint.com. My name's Ben. It's my pleasure to talk to you. Thank you over to you, Warwick.
Thanks very much, Ben. And we enter the Q and a part of this webinar. So for all the attendees, if you have any questions, you can still enter them now in the go-to webinar control panel, and we'll sift throw them as they come through.
The question I'd like to kick off with the Ben is we know every, a lot of vendors have jumped onto the AI bandwagon just about every product in the market. Now seems to have some mention of AI on the packaging. So with all these claims of using AI, is there really a difference in sales points approach?
Yes, very much. So if you go back to, what are some of the characteristics that you were pointing out at, in your part of the presentation where, you know, we very much focused on providing a recommendation approach first, so we're not having the machines just take over. We're using that ability for the machines to learn from what the, the user recommend from what the user's decision is.
And it, from that it then builds up its own knowledge. And obviously it can then start to apply that. So it's learning and adapting all the time. And we call that a, a vitreous circles.
You, you have humans learning from machines, machines learning from humans. So that's the first thing I think it, what you've also talked about is it, it's very narrow focused. It's around this at the moment, this whole access review, access modeling and providing recommendations.
But we are looking to expand that as we build out our data sets, obviously we've come into this as an identity governance and the leader in this space, both according to self and other Analyst. So what we've had is we've put a significant set of data.
That's allowed us to build out some of our suggestions, but obviously we're continuing, adding to that. And learning to that, what we also are trying to do as we highlighted there is build out the capabilities to model and look at those people that present you the most risk and provide that in, in a representative format that makes it easier for the business to make a decision. We see some of the AI tools it's just sort of comes back with a rather complicated and un-intuitive interface.
What we've tried to do is give that a pictorial representation to say, look, these are your users that represent the most risks, and here's why, and here's the data to support that.
And then you talked about the modeling capabilities and that, you know, we haven't shown it here, but actually the, the very short, sorry, the very short modeling bit that I did explain, but, you know, you can model out a whole set of capabilities around that platform again, using our experience and capabilities.
So we feel that actually as a, as a, as our entry in our first step into this predictive and AI world, we're actually providing some very insightful and very differentiated set of capabilities that allows people to take advantage of that, but not give up that the control to the machines, let the machines learn and build up their own intelligence. Cause obviously each organization will have a different level of risk appetite. And as the platform learns, it can start to understand what that risk appetite for, for one organization is, which will be very different to another.
Yeah, I, I particularly like the fact that it was transparent and that, that it wasn't a black box approach and you know, you, you can override it and at least you, you can write then go back and have a look at the, have a look at the logs and, and see what was done in, in various circumstances. So I guess it develops over time.
The thing, the thing with AI is that it's usually only as good as, as the data that it's based on. So again, you know, what, what is sale points sort of take on, on that?
So being in the industry as we are now for as long as we have been, and for the, the position that we've been in, we've, we've maintained a very strong focus in identity governance.
If you look at what sale points mantra, and what we set out when the company was formed by mark and Kevin, all those years ago was to become the leader in, in the, this concept of identity and access management, which is now sort of developed into identity and access governance.
So what that's allowed us to do is build up a whole set of knowledge and capabilities with our extensive customers, both who are provide, you know, through their, on premise deployments, as well as through our cloud deployments, so that we are bringing in a whole set of knowledge and data to this that allows us to sort of provide some informed decisions.
And as we were modeling out our AI capabilities that allowed us to build out some of the recommendations and some of the modeling engines, because we had so much data that we could see from what our customers had done and how that they did that. So it allowed us to build out that data, but obviously as, as we see going forward, you know, this data will be constantly added to constantly being updated and that, you know, and what I mean, I mean on a, you know, a minute by minute basis, the machine is constantly picking up learning what people's recommendations are, what people are doing.
And the example that we gave there, where the machine is making a transparent recommendation that says, do not give Ben access to this particular application or service or S or file share or whatever. And if the user override that and sufficient res override that the machines will learn that and say, okay, well, that's an appetite risk that this organization perhaps is at wanting to do.
So it starts to then build its own data set and knowledge to, so obviously as more and more people make a request, it will come back with a more positive recommendation.
So it's always, so it's taking what it's got that data. It's great. And it's constantly adding to that data all the time. And obviously what we're starting to see is we morph into some of the cloud technologies.
We see people start to adopt more of the, you know, the workloads that have been shared out in Amazon and Azure and Google is sort of extending that capabilities out into that cloud environment as well, not just the traditional applications, but, you know, as people are starting to run more infrastructure services out in the cloud,
But machine learning requires quite a lot of data to work well. So I can imagine this would work really well for kind of large deployments, but how, how, how does that work for the slightly smaller deployments?
Are, are you going, is there gonna be enough data from the each individual deployment that are smaller to, to kind of power the kind of things that we've just been talking about?
Yeah, absolutely. It's interesting.
Isn't it, you know, identity is becoming perhaps one of the most critical topics of conversation around security from the CCE and even board level conversation in light of what's happened. So I think organizations of any size now recognize that, you know, some form of identity governance is going to be essential.
And, you know, you just take an organization, a thousand users and, and you start to look at the levels of entitlements that across some of the applications as we showed in the dashboard. But, you know, if you have a thousand users and you maybe have 20 applications across your estate, and then all the various different entitlements, it very quickly becomes quite transparent that you need an identity governance systems to manage that number of that, that user population, their entitlements, their access controls.
So identity governance is becoming more of a mainstream it's no longer just seen as well.
Only the big large enterprises of, you know, 50,000 users need this. We have a significant number of accounts and organizations both across in the both private sector and in the public sector of this sort of size who are saying actually I identity governance when I've been researching, you know, data protection, access controls, how do I ensure remote access is?
And entitlement management across multiple platforms, identity is becoming their, their defacto go to, so we're seeing more and more organizations. What we, you know, we've, I would wouldn't wanna call them in, you know, mid-size enterprise, but an organization of around a thousand users is this is a platform and this is a capability and a service that is gonna become critical to them as much as something like a Microsoft office or an email platform is because it's gonna be needed because of the complexities and the everchanging dynamic natures of people's work workplace.
Okay.
We've got a question here is sale point has painted a pretty bleak outlook. What positives can we take from this?
I don't think so. Bleak outlook. I think I'm trying to be realistic in the concepts of what's happening here. I think the reality is is that you don't have to be sale point. You don't have to take my context of my slides. This has come from O E C D and other outlooks about the economies and the impact that this environment has had.
I think the positives that people people have is we have an opportunity to be prepared for that and to be put some of the technology capabilities and platforms in place to ensure that we're able to adapt and meet the demands of the ever-changing workforce environment, you know, three months ago, or a bit more, you know, 16% of the workforce worked remotely. We now have 78% of that people need to adapt. So I think I've tried to be realistic in what's driving.
Some of this is that people need to be cognizant that there are some significant challenges coming along, and it's how we prepare and adapt for those now. And, you know, I think there will be organizations who will adapt very, very quickly and be able to meet the challenges that the next few months and years will perhaps will offer and put in front of them. But obviously there are some people in some organizations who, who sort of put their head in the sand.
I think there was an interesting statistic in a recent conversation I've had, I was having about, you know, the switch to online presence, you know, Primark, which is one of the largest retailers in the UK in the month of April sold nothing, zero because they have no online presence. Whereas, you know, a lot of organizations have now pivoted and having to change that.
And I think what I'm trying to say is that, you know, there is even despite the, the economic and the, the outlook, there is an opportunity to pivot and take advantage and get prepared and come out of it actually in a far stronger position than actually then when people went into the current current COVID crisis,
I was listening to a seminar the, this past week. And the comment was that digital transformation has helped a lot of companies. And the one example cited was PWC, which had 250,000 remote connections in two weeks.
They, they, they were able to stand up 250,000 remote connections in two weeks, which is phenomenal. And you'd be pleased to know they mentioned that sale point helped them in the provisioning.
Yeah.
Well, thank you. Thank you, Warwick. I didn't want to say, but yes, they are a customer.
We, interestingly, we've had a number of our customers who say to have said to us, you know, we knew identity was important, but actually this is proven to be identities, absolutely critical to us. And if you think around, you know, some of the two factor authentication capabilities, you know, we work very closely with a number of the two factor vendors and people like ping and, and beyond trust and others. And we've worked very closely, you know, with those. And they've seen people single sign on, but actually integrating that into the, their identity platform and Meredith blancher.
Our VP of customer success has sort of had a number of emails from very senior executives at our customers saying without a se an identity platform like SalePoint, that we weren't wouldn't have been able to pivot and be able to be in that position to adapt our environments, to, to, to meet the challenges of a remote working population. So, you know, it's good to hear that and great to see PWC mention us. Thank you.
We've got another question here. What would be a, a good start for an initial IGA project?
So I think this is because they're thinking in terms of you can't embrace each and every application, so what would be a good start?
So it's interesting.
I, you know, you know, when you and I were discussing, preparing for this presentation and, and some of the challenges that you, that you've outlined with some of the identities, one of the things that we've seen have been a very successful is to look at some of the active directory enabled applications and bring them quickly into an identity program so that you can start to get some governance around that the other option. And there is no right or wrong way.
In fact, a colleague of mine, Paul P was asked the same question on a, a workshop. He did, you know, what you, which is the, do I start a, B or C? And he said, well, actually you can start whichever way you want to.
You know, we've got a large retailer that we are working with, who they started their identity governance platform from an unstructured perspective.
I, how do I get control of all my file shares? Who do I know got access to? My one drives my NetApp, my EMC share file shares. And I get control of those. And how do I put an identity governance platform over those? We've seen others start with critical applications and sort of integrate their HR system so that they have an end to end provisioning platform from HR kicks off a workflow process. So there's no right or wrong way.
If the individual would like to contact us through the email address or after this, we obviously very happily put them in contact with a number of our consultants and some customers that they could talk about how they've gone about it. Well, we've got another webinar coming up with you guys in September, where we've got a number of customers who are gonna be speaking.
You know, we're very proud, you know, some, a number of the UK police forces, an example use SalePoint and, you know, they come each, each of them starts a bit from a slightly different way. So there's no right or wrong way, but we're very with that person, the question to have a conversation and introduce them to some of our consultants who could sort of have a conversation given some guidance.
Now, perhaps we've covered this a little bit, but yeah, we've a question. Isn't the effort and risk of introducing an identity project.
Now, I assume they mean in the context of the pandemic, much bigger than just sticking to what's worked. You, you know, something works like, so why, why mess with it now?
Yes. And it's a very good question, but I think that's the same that, you know, we, we encounter that and our sales teams will encounter that a lot of the time with customers who say, you know, well, it's all working. Why change? I think what we're trying to say, I is, what's got you where, where you are today, isn't necessarily gonna be able to keep you there.
I think the challenge that a lot of people have on the perception or I around identity governance is, is very big. It's very lumpy and it's very complex. And you know, we're you and I have been in this industry long after know that there are plenty of failures and projects that are litted behind us, that where people have tried to Bo the ocean and tried to sort of solve world peace and hunger with their identity programs.
What we have embarked upon in now is a far more flat with our cloud-based approach. We actually have a, a set of predefining capabilities that the platform delivers.
And actually, it's really interesting now that we've seen a lot of companies say, look, I've tried to sort of do my identity governance. It's been quite painful and I've tried to have everything buttoned down. Every workflow process identified.
Actually, what I'm really looking for is something that will just, that that is good, is, is sufficient to meet my requirements and that I can then adapt the last few applications that make slightly more challenging at that point. So actually I would say there's a, there's an opportunity now to even have an embark upon a review process for that particular question to say, well, actually what's got me where today, but if I start to change my entitlement, I start to look at some of the cloud infrastructures management managing across multiple environments.
Not only are we talking AWSs Azure and Google, obviously you've got Oracles own cloud, but all the, the plethora of applications that go with that, I think actually that's suddenly where people start to go, okay. I can see how and why I would want this platform in place that, you know, there is a, a significant growth we see in the adoption of, of, of cloud as an enablement to do that.
I think Salesforce and, and mark Benioff were sort of the catalyst to say, you know, how many of us many years ago when we were in the days of CBLE and all the old CRM applications, everything had to be customized for a particular organization. Benioff came along and said, no, no, I can give you a platform that gives you 80% of what you want. You may just have to customize the last 20%. And I think that's where identity is now with the shift in the cloud. I think people are saying, look, I can see how this is working. And this is now help helping accelerate the adoption of identity governance.
Right. We've got one more question here.
It says, yeah. From what you've said, cell points, predictive identity addresses, challenges on the identity governance and administration side. What about access management? So this is Federation MFA, et cetera.
Yeah.
So, so one of the interesting conversations that we've had is, and we have a significant relationship with P who's. One of our big customer, one of our big partners, and we've done a lot of work around that whole Federation and SAML and integration.
In fact, actually sale point is a member of the, I think what they, what was it? They called it, I've just the fast fed working group. And we see that as you know, we, we, we have fed, we have Sam into a number of our own applications that we use.
You know, I, in my role, I access a number of applications and web applications. So we see that SAML. But obviously what we do is we use that in conjunction with the identity governance platform. So for example, you know, I'll give you a real sale point example when you log to sale point, now everything's managed through our identity now platform, our cloud service.
So I log authenticate depending on where I am. So if I'm coming in through a, my home network, I then get challenged through a two factor authentication and we use geo.
So that challenges me and says, I want a one time numerical code. I log onto that.
Well, now I'm in the system. Now, if I wanna go access to my, my sales Salesforce, so I wanna access my procurement system, wherever I through a ation, I just click it. And it gives me that single sign on my credential. So we recognize the need for that. And we recognize that actually access.
You know, we see a lot of people say, well, I've got access, I've got single sign on. And we try to look at that as from the concepts of great. So imagine access is your security guard on the front of your building. So as long as I've got an access pass, I can get in, but actually what identity governance does is it says, okay, now you're in, I'm now gonna determine which floor you go to.
I'm gonna actually determine which room you get into.
I'm actually gonna determine that no, you can't access the server room and no, you can't access the executive board suite because actually that's where identity governance plays a significant proportion. Whereas actually once you're into the building with most access systems, you go, well, you're in and we're saying, yeah, okay, you're in. But actually now you're in, let's govern and manage that effectively. And that's how we work very closely with ping and those organizations, you know, we, we've done some work with Okta. We've done work with other, you know, Microsoft single sign on as well.
But you know, we work very closely with those access vendors to say, okay, great, fine. You've provided that sort of single sign on great access in, but how do you then manage that entitlement? So as I showed in the example there, you know, someone's in, and you look the number of different entitlements that they may have to a particular application or a particular cloud environment.
That's where identity governance becomes very critical in being able to picture, you know, picture that and reference that and provide Remedia remediation to, to protect organizations against that.
And we see actually, interestingly, just to sort of bring this to conclusion conscious of time, you know, we see a world ultimately of what we call dissolving entitlements. I was having a long, a long chat with a colleague of mine about this.
And, you know, in the example I showed, you know, someone had an access, their particular application for 90 days. Well, the identity governance platform now go back to all, they build up the data, they build up their knowledge. If someone doesn't access a system for a period of time, we will start to see the governance platforms, remove them. They will just take their access away if they then wanna request that they go through that process.
But because the platform knows what their last access rights were knows when they last access it, it can then challenge them and then actually then provision them back into the system. But again, start to remove those entitlements, whether that be, you know, after 90 days, you know, facetious, someone said, you know, if someone posts that they're going on holiday on Facebook, you could even have the system potentially say Bryan, well, we're just would, we would dissolve with their entitlements across the entire app, entire state. And then they have to request them when they come back.
At least that way. Then if someone was to potentially get hold of their identity and try and hack into the system, they couldn't get anywhere. And I think that's something that we will start to see more and more coming through into this identity governance, this, and that's where machine learning and AI will come up. A key part of that.
And I, I just, the last couple of minutes, I just wanted to ask, you know, I mentioned the importance of analytics, but as far as I know, predictive identity does not include any user behavior analytics for analyzing the concrete use of access entitlements beyond the static assignments. So is this something we can expect in future version?
So it's, it's a conversation that's been that we're having. It's a conversation that we also, we look at people like net scope and some of the U E B a tools as well. And we've had some good conversations with them as well. It's an area that at the moment, we will probably keep very much into our swim lane at the moment, as I said, you know, that's what we, we wanna stay good at becoming an identity governance vendor. And we see the necessity to partner with some of the other technology platforms that such as the U E B a tools.
So at the moment, it's, you know, it's a conversation that's been had, but I think what we are seeing is, you know, people, some of these UBA tool vendors and us as sort of having some very good proactive conversations about how we work as part of the, sort of the identity defined security Alliance that they joined and sort of how we start to share and, and integrated and provide sometimes, you know, the best rather than sort of, you know, one size fits all.
And one vendor has everything, you know, sometimes you've gotta look at, you know, the best tools to do the best jobs and actually, how do they all integrate and work together?
Oh, that's great. Thanks. I think that we've, we've managed to give everyone a really good walkthrough, the landscape. And so in conclusion, in every crisis, there is an opportunity and COVID 19 is no exception.
For example, a result of the COVID 19, we are seeing an acceleration of digital transformation, which is an opportunity for organizations to sync and act more strategically to make their it estates easier to secure. We are seeing huge potential in using applied or narrow AI in improving what we're doing in identity management and identity governance. But we need to be careful not to be unrealistic about our expectations. And we are now at the end of the time that we have for this webinar.
So all that remains is for me to thank Ben from sale point for his contribution and to thank all the, a attendees. We hope to welcome you to our future events soon.
