Hello, I'm Richard Hill, a senior analyst at KuppingerCole. And today we're having a webinar about the three steps to secure IAM modernization. This webinar is supported by Persistent Systems. And joining me today is Swapnil Mehta, a general manager of identity and access and privacy. Before we start, here's some quick information and some housekeeping notes, and then we'll jump into the topic for today's class. And as you may have already noted, we have a series of upcoming virtual events, all in a very modern format with panels, presentation, key notes, and much more.
The three fundamentals of enterprise identity success, which is on September 3rd. Then on September 15th is the identity governance and administration, and next generation access virtual event, where you can learn more about IGA and the IGA solutions for service.
Now, infrastructures is on October 1st that focuses on it, service management integrations with IGA, more specifically, those integrations, if IGA solutions with service now platforms.
So there are a lot of virtual events as well as other types of events throughout the year. So please take a look at our website research blog post, and, and now some housekeeping. Everyone is automatically muted. So no need to worry about muting yourself. We'll be recording the webinar, which should be available sometime tomorrow on the Cooper Nicole website.
Also we'll save some time at the end for questions and answers that go to meeting control. Panel has an area to typing your questions at any time in which we'll answer during the question and answer session at the end.
And with that, let's look at the agenda for today. I'll start out by talking about, I am modernization as an important foundation for digital transformation in general, and then how the Cooper Nicole's paradigm of the identity fabric helps and well-planned, but phased, I am migrations.
Once I'm done, I'll turn the webinar over to Swapnil who will show how automation can significantly improve visibility into current. I am implementations as well as reduce the burden off operation teams and accelerate. I am deployments as well as reduce it risk. And then finally, we'll save time at the end for questions and answer session. So I thought we'd start off by understanding how we got to where we are today. So traditionally I am the it environment has run within the walls as run within the walls of their parameters.
So I am solutions were more monolithic, centralized identities were managed and stored on premises. Local access systems were used to ensure employees just have access to resources. They needed through authentication authorization with the ability to utter audit user access. And then we started seeing Federation hubs or bridges that extended the reach where identity and access controls, reside, where Federation allowed for more secure exchange of user information that could be used between divisions within an organization or even between organizations in the same sectors.
So single sign-on then gave us the ability to authenticate once not only across multiple it systems, but organizations too.
And then cloud services gave organizations new options for it, motivated by the business need to increase it flexibility and scalability while reducing costs. So under that umbrella of IDASS, there are a number of capabilities, not only I am, but capabilities running through SSO to full identity provisioning. And then as organizations begin reaching out to customers and gathering information, it's about the consumers who are using their products and services.
They found that they needed to provide a better user experience for the, this group of people through the use of consumer mobile devices or social networks, or providing an easier onboarding experience for consumers. But they also needed to be concerned about privacy compliance, such as GDPR.
And now we're beginning to see identity APIs becoming available, driven by that need to meet emerging. It requirements such as hybrid environments is spread across on-prem the cloud and even multi-cloud environments. This is supporting the different functionality.
If I am CIM IDASS with a key focus of identity, API is being more developed for centric. So in a nutshell, I am as continuing to evolve to meet the growing list of it requirements.
So more and more I am market is moving towards an API based architecture, as I mentioned, and to give you a very high-level overview of how these APIs fit into the overall structure or architecture, you begin with a set of services, and then you make them available via API interfaces, such as a restful API, an API APIs could be private that could be used to facilitate integration of related products and services such as components within a product suite, or they could be partnering APIs that manage specific business relationships by integrating software, between partner organizations and the more commonly the open APIs that expose the service functionality to its customers.
And then developers use these API APIs in application staff, interact with the services and access the API APIs. They're available in a variety of ways, such as you may have a widget such as an application login form available as a bit of Java script, that's inserted into a webpage that could then be configured to access a service. You may have SDKs where developers can use a software library that they drop into their application to make functions or method calls in their code. That in turn makes calls to the service API, and then you could always access the APIs directly.
I'm not using any type of intermediary type of code, but directly invoking the API end points such as making a restful API call. And then finally users are using a number of different software clients to access these applications using not, you know, not only interactions via a web interface, but also consumer mobile or IOT devices, or even assistance like Amazon Alexa.
So if you look at the KuppingerCole identity and access management, reference architecture, it consists of a variety of different areas.
We're building blocks, which can be considered core parts of identity and access management under those categories of administration authentication, authorization and auditing. And on top of those core identity access management functionality, or what we consider extensions to, I am such as user behavior analytics under the auditing category.
IGA covers both the administration and auditing categories here on the left, addressing that joiner leaver mover process with identity provisioning life cycles and having strong access governance giving that you know, who has access to what entitlements functionality. And then I am as further extended by adding features that are adjacent to different areas of it. So like it service desk capabilities or SIEM or security intelligence, or even API management and security since more and more, the security services are exposing their APIs.
This model takes into consideration the different data sources and target systems that could be used for a variety of business use cases, comply with those various laws, regulations, and internal policies that all organizations need to deal with. So these are some of the areas of specific relevance to our topic today.
Let's look at some shifts we are seeing in the market. So a trend that is going well beyond identity and access management is that everything is becoming a service now.
So we see new solutions running as software as a service or SAS and existing solutions being rearchitected into SAS type of solutions. So this digital information is changing enterprise. It really driving that as a service model where everything in it could be befriended or consumed from the cloud. So this is a clear shift being observed today in, I am space from traditional employment models towards a service model, which is a very important trend.
Another trend that is closely aligned to this shift in the service model is the shift towards a more modern software architecture using microservices, which is a software architectural style that is starting to really gain momentum in the it organizations. Each microservice is characteristically small and autonomous making microservices more fine grain using lightweight protocols and utilizing APIs extensively and most micro-service application architectures use containers like Docker to implement their solution. So implementing a modern it architecture will help to transform.
I am into a set of microservices that are available to everyone and everything in a way that is secure, scalable, and in a more manageable way.
And among these other architectural changes is also the need to have separation between identity applications and data. Data must not reside in the application. Rather applications should utilize identities and associate the data that belongs to them. And you'd need to start thinking in terms of using authorization and governance for that data.
So other overarching trends affecting I am today, we now have this broader notion of identity and access management and in a connected world. I am as expanding well beyond people in a single organization to include a broad range of identity types, such as employees and partners and contractors, as well as consumers and even intelligent things. Identities and I am is covering and it's converging enabling everyone accessing every service via any device from any location in that controlled manner.
Is there a trust has become required of, I am solutions also where this is where trust is never really granted implicitly, but is continually being evaluated and defense in depth type of tactics are used. So this zero trust principles are really designed to prevent those data breaches and limit that internal lateral movement. So using things like strong and adaptive authentication and authorization are key as well as support for a wide range of identities.
As I mentioned for the services involved, and as I talked about earlier, microservices, containerization, container orchestration and management using Kubernetes, for example, are becoming the architecture of choice for standard cloud computing.
And when it comes to things like identifying risks or identifying outliers in access rights, artificial intelligence will help us in that regard. Current and future AI capabilities have the potential to help organizations consume and drive value from those big data stores and drive decisions making through those, excuse me, powerful analytics.
And all of what I've talked about here will converge into identity fabrics at a high level identity fabrics are how we see access management environments should be constructed in the future. And this really comes down to understanding what identity and access management is about. So you have those employees and partners and consumers that need seamless and secure access to all these different services. I've been talking about, whether it's in the cloud or federated or on-prem legacy applications. This is the job of I am.
The challenge is that all of these identities are not all managed by organizations anymore.
In the past.
We, you know, corporations had directories for example, but this has fundamentally changed today. Identities may come from federated partners, social networks, or even decentralized identity sources in the future in all of these identity sources need integration into various applications or services, which is on the right hand side here to do this and to drive that type of access.
We need services which are access management services that provide access from the individual to the applications they need, as well as administration and governance services to manage the entitlements and control of that, you know, who has access to what functionality. And there are other services around user consent, privacy and much more. So this is really just a high level diagram. And at the metal is the identity fabric, which is a set of digital security services. Okay.
So giving it a little more detail about identity fabric, you have all these different types of identities that include more and more than just the employee or even the human identities that it extend into devices and other things. They come from different sources, they are managed in different ways and they access different types of services in different kinds of environments, you know, from the cloud to those legacy, the legacy it systems on prem.
So the next step in defining your identity fabric is to look at the capabilities you need and what you need is derived from your use cases and business requirements such as having that strong and or adaptive authentication or access governance as a few examples in KuppingerCole. I am reference architecture that I showed earlier might be a good starting point to get an idea of what might be relevant to your organization.
These capabilities are drive by services from a logical perspective, which are the services that provide the capabilities required based on technology.
And these services also need to be drived in a modern architecture, and this may mean building a migration path from what you currently have to where you want to be in the future. And then based on microservices, drived in containers, and providing a consistent set of API APIs that can manage all these different technologies in a relatively flexible manner and support those hybrid environments as well. You also have to be able to support what you already have with the intent to gradually migrate from these legacy systems to what you want in the future.
And more and more organizations are using cloud services. So integration with cloud services can be different than on-prem services. So it's important to understand those service based type of protocols, such as OAuth and skim, for example, and we need to support those digital services built by the organizations by not reinventing in an identity service as each digital service, you build like an application or web portal, but to give them an API layer to expose that identity service layer to these digital services.
So identity fabrics provide agility and integration support for what you have allowing organizations to move ahead at their own speed. And then together, this makes up the identity fabric.
So quickly, here are five of the most essential characteristics of identity fabric to take away. It's a unified approach for all types of identities and all types of services. It's not a tool, but a paradigm and a concept, meaning that this is not something you can just go out and buy. It's a more of a way of thinking about modernizing your systems.
The identity fabric builds on API APIs and microservices. That'll move you to a more modern architecture. It delivers comprehensive capabilities while allowing you to implement changes gradually over time. And then finally it allows organizations to segregate their requirements and use cases and capabilities, services, and technologies at those various levels to better allow adding new capabilities and services later on. So I think I'll stop there and now I'll turn over the next portion of the webinar to our guests.
Thanks Richard. Hello everyone. Good morning.
And good afternoon to the, to the audience, which has joined us today. Richard, thanks a lot for that great presentation. And we'll take it over from there. We'll start off with a quick introduction of who we are at systems.
So we are a 30 year old company, a very successful digital partner for many of our customers with a rich set of capabilities, you know, which kind of go are we as different aspects of horizontals, cortisone capabilities, which map to the specific industry verticals and solutions that we've created across a spectrum of industry or verticals that we specialize in from a horizontal standpoint, you know, the, the focus tends to be for us in the cloud data and security space. And probably everyone today in the, in the current digital world is talking about cloud data and security.
We do quite a bit of work with, you know, user experience or customer experience as well, especially given that, you know, everything that you do in any business nowadays is being digitized, right?
So everything is being driven based on user experience or consumer experience. But underneath that typically, you know, all the technology capabilities that you would have, would it be a combination of cloud capabilities, you know, supported by data and data analytics, and then, you know, all of that is supported by security, right?
So, so three, three major articles for us. And then I know horizontals for us, I should say, which cover the industry verticals of BFSI banking, financial services and insurance, healthcare, and life sciences and other work, where we have deep domain expertise as well. And then industrial from a heavy manufacturing and heavy industry standpoint.
We also ended up doing quite a bit of work in the ISV space, where we are building software for various different software vendors acting as their product development and engineering arm extending some of their product development and engineering capabilities.
And interestingly, we do quite a bit of work in that space when it comes to the domain of security as well, all in all this collective capabilities of deep industry experience in all supported by our rich technology skills helps businesses, you know, become really a giant to the changes of, you know, current environment and economic environment and accelerate their motion towards digital transformation while giving them the ability to derive most out of their services, thereby unlocking value.
So to speak from a standpoint or within, within all the different capabilities that we have, I'd say the core focus tends to be identity and access management. The security business itself is, is 15 plus years old.
And, you know, we have a very hilly team of about 500 to 600 security professionals out of which at least 250 are very focused on the topic of identity and access management and interesting you what we've also done in the last year or year and a half, you know, with retaining our focus on identity and access management.
We've also entered the field of privacy specifically with the desire to help organizations leverage that I am platforms towards privacy enforcement. We see a lot of organizations talk about privacy, data management data though.
And it's from a privacy standpoint, you know, there's a lot of work happening with the arts to privacy policies as well, but not many people are trying to active, actively enforce privacy policies at run time. And that's one area where we see your IAM platforms, specifically your access controls with capabilities on the authorization side could really provide you the ability to enforce privacy policies at runtime. And we'll talk about that a little bit as we go along, the, the team that we have have about 250 people is globally spread out, giving us a real global presence though.
Our business tends to be focused in the Europe and Western hemisphere of, of the globe.
I should say, in Europe and the us, we end up doing quite a bit of work in Asia Pacific as well.
And then, you know, in the topic of identity and access management, we have a very rich partner ecosystem vulnerable to all the names, but you know, the typical usual suspects, the big boys. And so all the specialized vendors, you know, our partners, we've been working with them over the last few years. One of the things where we differentiate ourselves is that, you know, most of the work that we do in this space, whether it's implementation or managed services work or advisory is IP and tools led, right?
It's not just, you know, we don't as go in in this space as domain experts and outset product experts, but we also built our tools and, you know, our intellectual property, which, which can augment many of the things that, you know, typical vendor partners would bring into the marketplace for our customers.
Interestingly, you know, you, you heard about identity fabric in enrichers presentation. We have a similar approach. We think of identity as the building block of any security.
And we've actually created a mosaic of security with the focus on how identity and access management is enabling that mosaic. And this mosaic is some something that you can think of as a fabric that is for the enabling your overall it landscape, right? Both from a security standpoint and, you know, enablement standpoint for your business now within the identity and access management space, you know, the two key areas tend to be access management and identity governance where go, and this is supported by identity stores as well.
You know, we see, you know, a lot of learning, a lot of organizations are moving towards 80 or 80 type of initiators for either for their identity repositories, which also then ends up supporting in a password less or zero trust type of solutions and systems.
But there's a lot of work that we end up doing within the identity governance space enabled by these identity stores and ultimately, you know, on the access control side, but there is authentication or multi-factor authentication, single sign on or core green authorization, fine-grain authorization.
Those are all the topics that we ended up covering. And we've also been taking some of these capabilities and combining them in the right fashion with typical SIM solutions because, you know, some of the data gathered by the same solutions is going to provide us a user's behavior and provide the intelligence necessary towards the risk evaluation. Then leveraging that risk information towards your access control, but not just access control also towards identity governance.
And, and we'll talk a little bit about that because in the changing identity governance space, one of the things that we've noticed over the last couple of years is this desire, you know, an inclination for our customers to take in a risk score, take some of the data gathered from the analytics of, you know, information collected and leverage that towards identity governance, whether it's in terms of provisioning of identities and capabilities or blocking certain capabilities for users that are in time, you know, overall within this space.
As I mentioned, you know, we've been working for about 15, 16 years, we've done more than 300, very large identity identity engagements, and a lot of focus nowadays, or those engagements tends to be, you know, modernization of the IBM platforms and, and, you know, the IP that I've been talking about.
And then we'll also have a demo for some of the tools that you've built out substantially enhance us the, the speed at which, you know, x-ray the speed at which you can, you know, modernize your systems also by the way, reduces the total cost and enhances, you know, your confidence in making sure that some of the initiatives that you've undertaken, you know, can we compete successfully and, and why we do all of this, we, we tend to make sure that, you know, our tools and capabilities are also giving you the ability to move towards cloud or hybrid solutions because every organization is trying to do that.
Or every organization surely wants to make sure that you can support cloud-based solutions and cloud based platforms as well. Secondly, you know, consumer identities, you know, have become a critical part of every infrastructure as well.
You know, probably about five years back or six years back, we were primarily talking about enterprise. I am systems, but nowadays, you know, every, every platform or outset flavors of platforms have to support both enterprise and consumer based, you know, I am requirements. And then lastly, data analytics is a big part of everything that we've been doing. So all our capabilities are strong amalgamation of security cloud and overall data capabilities.
One of the things that I would like to bring out over here, as you know, in the past, you would probably have seen, and you would have seen the CIO or CSO organization looking at dying platform mainly as a, as a security tool kit.
Right. And trying to leverage it more as a security platform, but more and more, what we've seen is that I am actually has become a business enabler. Right.
You know, we, we want to make sure that I am platforms give you the ability, the agility and the efficiencies efficiency that you need within your technology platforms. And by the way, they are also helping you monetize some of your capabilities that we don't want to look at identity and access management purely as a security tool, but we want to make sure identity and access management can actually help your business move forward, take the right solutions and capabilities, the Pokemon solutions and capabilities, and expose them to the users in the right way in the right fashion.
A business in today's world needs to be very agile with all the things that are happening. And we want to make sure that I am platforms can actually provide that agility technology also needs to be, to be efficient, right.
You know, we, we don't want solutions where it takes really long time to onboard applications, automation and efficiency becomes a big part. And typically when we are talking about modernization, you know, this becomes a big ask for customers, right.
You know, we've seen that legacy. I am platforms typically very, very siloed, many a times they were inflexible, especially in terms of their ability to support to our base solutions and the requirements of cloud based solutions. They were also expensive and expensive in terms of maintenance and operations. Right. We know what we saw is that typically you would need a way skilled folks to grind, manage these platforms. You will also need deep skills to try and onboard applications. And it will also take quite a bit of time to onboard some of these applications.
And so in an ever-changing world, it becomes really hard to take some of your legacy platforms and, and, and provide the support that customers are looking for in terms of their growth requirements, nearly all large organizations have some kind of an IOT platform, whether it's a homegrown solution or possibly, you know, one of the vendors that you've seen in the world, but all of these customers are also looking to try and see how can they make sure that their next generation platforms can support enterprise cloud identities can support cloud based applications or fluid cloud-based and hybrid applications.
How can the applic, how can the platform scale up without having to go and scale up based on the requirements of the organization, scale up and scale down while decreasing the costs overall for the maintenance of the, the overall infrastructure. And then by the way, finally, you know, while you're doing all of this, you want to make sure that, you know, how do we make sure that this is a way smooth transition for all your applications and for the business, or you cannot disruption when you are moving from an old system to two new, new, new generation platform.
So change is necessary, but it needs to be done so that your overall, you know, infrastructure is not impacted. This is a complex journey. We know that it's not easy to move from, you know, some of these systems which are really deeply integrated in your platforms, right?
And when you talk about identity governance platform or access control platform, they could be integrated with hundreds and thousands of applications, depending upon the scale of your deployment. And they are supporting hundreds and thousands or, you know, really large user bases as well.
So when you're trying to move away from these systems, which have been deployed over, probably I would say a few take generations. And when I say that, by the way, I think of each technology integration as a five-year life span, many systems might have been deployed over 10, 15 years, moving those systems and putting them to a new platform is not an easy task, right? It is an overwhelming task for many organizations, especially if in case many of the people who've actually built out. Those systems have lived organization.
We've kept all of those things in mind while we put together our best practices, you know, our recommendations, our guidelines, and also in our, when we built our tools to help your modernization effort, time journey, while doing all of that, we've also made sure that we can try and address some of the typical challenges and concerns that you had with your legacy platforms, you know, in terms of reducing the overall operational burden that you have reducing the total skillsets that you would need in terms of maintaining the platforms and, and increasing the footprint of your next generation platform, maximize the ability to also, you know, give power to your, your users and your users in this case could be, you know, internal application owners or the end users as well.
And by the way, do this by keeping pace with, you know, the, the overall digital transformation that's going on within your organization. So the tools that we've built out, not only try and simplify the modernization effort, but they also try and simplify the maintenance that you would have associated to your platforms, both from an access control standpoint and for the identity governance.
Now, today, we are primarily focused on identity governance. Also, the tools that we're going to be demoing are focused on identity governance, but we have similar set of tools for access control as well that we can discuss with you offline. If there is interest, you know, when we were talking about the overall I am modernization journey, you know, we've kind of split it up into three phases and each one is in some sense, it this joint phase, so to speak, and I'll tell you what I mean by that.
But overall, there's the discovery and assessment, and, and this is an important phase for most customers because, you know, as customers are planning to try and go towards the next generation system, everyone wants to go to the next generation system. But as I mentioned, you know, it's very overwhelming to go to something new when you really don't know what you have within your current systems.
So we've put together a discovery and assessment strategy that we can, you know, work with you over two weeks or four weeks, again, depending upon the scale of your deployment and make sure that you get complete understanding of what has been deployed within your infrastructure and use that as the, as the baseline for putting together your next innovation strategy. Now there could be customers who already have that information.
You know, they have a really good strong hold or what's been deployed.
We can take that information with, from, from you within a matter of, I would probably say a couple of days and use that towards putting a modernization strategy. And there is, there is, there is, you know, I would probably say quite a bit of noise within the IME ecosystem about what each product does, what each organization needs to be doing. So modernization strategy becomes very important just to try and sift out that noise from the real, real stuff that you would need to be focused on.
We can work with you or a period of time to try and put together that more modernization strategy. Again, this is something more of as a, as a best practice that you would want you to follow. It could be someone like us working with you or with your internal teams working on a modernization strategy in putting together some of that data over a period of a month or two months.
And then all of that typically helps you decide what's your going to be?
You know, what's, what's your next generation platform going to look like, right? You can probably then put together a product agnostic architecture, or view of what that work or target state world would look like, and then try and map it to some of the products and offerings that are available in the marketplace.
And then ultimately, you know, once you made your decisions as to what your product of choice was going to be work on the implementation aspects, and we can work on the implementation as well now, you know, depending upon the size of an organization and the number of applications integrated this journey could be anywhere from a few quarters to a couple of years or so. And the detail roadmap would be put in over that.
But we've also seen is that many customers are trying to go towards cloud based solutions, if not, for all of their applications, at least for a good chunk of applications, organizations are also trying to reduce the overall application onboarding burden by automating a lot of those processes or reducing the overall operations burden by not only going towards cloud based applications and products, but also, you know, probably asking someone else to manage the overall infrastructure as a part of an MSSP know agreement.
And that's another area that we do quite a bit of work on.
And if you wouldn't discuss or talk about MSSP today, while we focus on modernization and the tools associated to that, but just wanted to bring that up as well. What are the typical challenges in the modernization journey? Right? So one is the lack of skills and expertise that you know, that you might have internally and many times many of the partners that you might be working with also sometimes might lack the skills necessary to take you to the next generation, you know, systems. And secondly, the lack of automation, right?
You know, there are products which are bringing in quite a bit of automation, but still there are challenges at times, and you would want to make sure that whatever target system you go towards has the appropriate level of automation that you would want.
Because, you know, if in case that's not there, you'd probably be, you know, facing the same set of challenges, you know, that you had with your legacy platform. You might have a system that has a much better user experience.
You might have a system that's probably, you know, much easier to use and maintain, but if in case application, onboarding is not automated, if there's not much automation in terms of the DevOps aspect of, of your tool as well, you know, you might have some of the challenges versus that you had with the previous system.
And then overall, like you are trying to make sure you can reduce the complexity as well and enable your internal application owners by taking many of the capabilities that you get in the IAM platform and exposing them with appropriate, you know, as, as easy to use microservices or services that application owners can make use off.
So, you know, looking at what capabilities do we bring in, right?
And, and what are the things that we've done in terms of helping you ease this process and provide you the automation that you typically would need. And, and before we do that very quickly taking a look at, at a very high level, what are the building blocks of a modern line platform, right? So we all know that when we talk about, you know, identity go in and, you know, we usually spoke about provisioning or identity administration.
We also spoke about that destination recertification or application access governance aspects of identity governance, but more and more, when we talk about identity governance, data access go, and this is also becoming a part of it, right? You need to make sure you have, you know, tools and technologies that can provide data, access governance, as well as a part of your overall your infrastructure.
And then secondly, you know, as things are becoming hybrid or things are moving towards cloud cloud security and privileged access management is also converging with the overall identity governance world, right. You know, in the past you would probably have situations where, you know, cloud security was not a huge consideration.
It's, it's, it's probably a critical part of any, any initiative that you have now, secondly, you know, privileged access management is becoming very tightly integrated with your overall identity governance infrastructure as well. And lastly, by the way, we have seen that more and more of the IMO platforms need to be discovered. They need to take into consideration what a user and entity behavior is and use that information accurate real time to try and give you the guidance with regards to identity governance as well.
It's becoming a huge part of most of our am deployments or identity governance deployments, making sure that, you know, your identity governance platform has the ability to consume risk score or UVB related information towards its provisioning and administrative initiatives as a critical part.
And then, you know, all of these capabilities in this collective governance, you know, I would say ecosystem, or you go identity governance platform of yours needs to be, you know, you need to try and expose it as a service, right?
That way, as it's becoming easier for applications to make use of it, make it as modular as you can very quickly from a tool standpoint, you know, going back to the three step approach, we have tools and I'm going to demo the tool that we have associated to discovery and assessment, right? We have a tool that can actually take a look at your current identity governance platform. You run the tool, it takes about an hour or so to configure the tool at the max. And then it takes a few minutes to run the tool.
And it'll actually gather all the information that's necessary that, you know, your current team might not know all the tentacles associated to your IAM platform, all the applications that it has been integrated with all the data that it is managing, but this tool can run and give you that information and then give you the appropriate information necessary for your modernization strategy.
And or there, you know, we bring in our skills and expertise and our experience of, you know, what's happening in this industry, our experience of the different tools and what our legacy solutions and the next generation solutions as well, and give you the right guidance. And then the say modernization, by the way, it need not mean just migration away from your existing tool to something other, you know, going from product of vendor a to product vendor B need not be the strategy. Always.
There could be times where you could probably be better off just upgrading your current tool and going to the right capabilities because many of the legacy providers are also making sure that they're catching up with the requirements of the market place. And lastly, we also have tools which help you with execution, where if you want to take some of the data, take some of the connections as well and, and configurations and forward them to your next generation platform.
We could do that in an automated fashion, reducing the overall time, reducing the time necessary to also understand the mapping of data, because we've done that work for you. We know how data maps from the legacy solution to the next platform, or from version eight origin, be off of products that, and we can do that modernization of that porting of data for you as a part of your execution strategy.
So, you know, towards all of these, you know, the tools that I've been referring to, they've been branded as, as a set of tools and capabilities under the umbrella of a brand called unity. So we have a collection of modernization tools for identity governance and access management that have been branded together as a unity and customers can use bits and pieces. You don't have to use everything within the unity umbrella. You could say that, Hey, I'm really focused on access management. You could use anything for access.
Someone says that we are really focused on identity governance, and we really want to understand what our current state is and get an assessment done of our, for identity governance. You can use identity unity for identity governance, and you can use only the assessment portion of unity. Or you could say that, you know, we know exactly what's been deployed.
So we would rather use, you know, the part of unity, which can actually help us in a, transform the data and then put it to our next inpatient system. We could do that as well.
So unity in general, you know, when we are talking about access identity governance, it is split into two portions. One is the access management report or sorry, assessment report, which gives you a state of the state of your current deployment. And the second is the, the transformation or mapping data mapping and data transformation and data reporting tool, which will take your old data, map it to your next generation target state, and then, you know, put it into your next generation system as well.
We have a quick demo that we will showcase as to know what type of data and how the tool works, you know, and what type of data is important as a part of the tool, the, the rule is extendable, configurable and customizable.
And it's important because you know, out of box, there are certain set of capabilities that we provide in terms of which legacy platforms are supported and which next generation platforms are supported. And this set of legacy and generation platform is a living and breathing set, set.
We keep adding, do you know what we can support out of the box every few months we are releasing net new capabilities, but you could probably have a home grown solution. You could still probably take this tool and have this tool customize it within a very short time period, to try and work with your homegrown solution, which you can then pull to the next generation platform. So why don't we take a quick look at how the assessment tool works, right?
The assessment tool is going to connect to your existing platform and gather all the data associated to your existing platform and give you that information. So it's a quick one minute demo that I'm going to quickly run through.
So, you know, you go to this tool login, click on the assessment, you know, tab our button, provide information associated to your existing system over here. That is one type of system that we talking about. There could be other systems that we could be connecting as well.
And then, you know, it asks you for what target system you're going towards as well. Again, this is a sample. It could be some other type of target system that you could be going towards. And then it'll, it'll, you know, try and create all of that information. So once this assessment tool starts, you provide all the connectivity information for your existing platform. It will also ask you information related to, you know, the target system that you would want to try and go towards.
Again, these are sample, you know, legacy platforms and target systems that we talking about.
There are others that would be supported as well. It will collect all the data necessary and pertinent for your legacy platform, your new platform collect all of this data. And then by the way, you know, you will get a report. Now you'll see that, you know, the system also takes certain rules conditions, and there's out of box rules that you've defined, which can help you define what's the complexity of each of these.
What is the complexity associated to your policies, your workflows resources and give you, or, or what's the if for, you know, your, your infrastructure, this is based on data that we've put in as metadata, but that metadata is configurable. And by the way, once you run the report, we also provide recommendation for each of these different entities, right?
That, you know, you'd be collecting information for this report gets exported out as a PDF, and you can store it, you know, for, for, for your planning exercise.
And all of that data will then feed into your, you know, next, next, next steps of execution as well, you know, towards how do you plan out your migration effort? The complexity level that you see are based on the rules that you've defined, and these rules that we've defined are out of the box, you know, based on our experience.
But, you know, we can also work with you, talk with you, spend some time with you and your stakeholders, and that will help us better customize the rule conditions based on your environment, which will then provide the complexity, which is, you know, very much, I would probably say, tune towards your infrastructure. So this is, this is the report literally that you can, you know, run within a matter of few minutes. The overall configuration for the tool might take about 30 minutes or so, or an hour at max.
And once you run the report, you actually get the data, you know, related to your existing system data that has got to be very hard for you to try and collect without, you know, this kind of a tool it might take, you know, days or weeks or months at times for you to collect this information. And then once you have the assessment done and you're ready to get migration, then you move on to the next slide. Then the next portion, which is the actual migration of this data, right?
And as a part of the migration of this data, again, the same thing, you provide a connectivity information for your legacy platform. Then you provide information associated to your next generation platform. These are all entities that would be quoted as a part of your migration effort before you actually try and audit what you do.
As you collect all of this information, we take all of that data, store it within our embedded repository. That is where, you know, all the, the mapping exercise will be done.
You know, in this case, in the demo, we are collecting all of these entities as a part of the import. You can selectively import data as well. Let's say in case you don't want to import everything, you can only import the users, resources and, and rules. All the related information would also be important.
The tools, you know, intelligent enough to understand what are the dependencies it'll collect all of that data. And then once you've collected all of that data, all of the mapping is done. You then decide what information you want to forward to the next generation. You could either fold on migrate everything, or you could selectively migrate, you know, some of these entities into your next generation platform.
And over here, in this example, we are showing the 14 of users.
It's a very set of users, but we see that, you know, the 64 users are, are, are portrayed within a matter of about 15 to 20 seconds or 25 seconds. So quick, easy importing of data. You don't have to worry about how the mapping gets done. All of that stick and care of. And all of this is again, by the way, no maintaining the migration report, which you can go and take a look at to understand all the details of what exactly was done, what, what was supported, what was successful.
If something has failed, you would get to know that as well, that as you can go and take any corrective actions that might be necessary. So, you know, we'll be happy to do these demos or probably run workshops for you offline, you know, where we can go in and connect to your systems, get a quick assessment then for you, what Julie, and then possibly also, you know, work with you in a, in a sample environment and try and show you how migration could work for you in a, in a very small control environment.
So, overall, as I mentioned, these unity tools, you know, increase the speed of your migration, surely that reduces the total of cost involved as well. And therefore it goes down as well. And as I mentioned, early on as well, the assurance factor is a significant factor for many customers. It gives you the assurance that this can be done. You can try it out in sample environments. You don't have to worry about, you know, what are the unknowns, a significant chunk of the unknowns can be taken care of by using these tools and address, you know, using these tools.
It will be, as I mentioned in know, we'll be happy to do a workshop with you, possibly run these tools in your environment and showcase, show you how some of these tools could work and what the modernization for it could look like within your environment. There's some information, you know, and the, the slides would be available to you as well. There's information that we have on our website regarding these tools and some of the other capabilities that we bring in as well, you know, feel free to browse through in a, some of this information or reach out to us offline.
And we'll be happy to have conversations with you Richard, back to you.
Thank you SWAT. Now. So now we've reached the question and answer section of the webinar. As I mentioned, a recording of the webinar and the slides will be available on the KuppingerCole website. If there's any questions on the audience side, don't hesitate to answer or enter them.
Now, the go to meeting control panel has an area to type in your questions at any time. So let's take a look at what we have as questions. So one question SWAT Knoll is, you know, which legacy and modern IGA platforms does the unity support
On the governance side.
As of now, we can help you move from Oracle based deployments to, to savvy. And then we are also in supporting tool to support SailPoint that's on the governance side, by the way, very quickly on the access control side, we could do some something similar where we can help you move from a site minder based deployment or an OEM business deployment to a based deployment.
Great. And here's a related question. So do you have experience with BMC control essay?
We have worked with BMC control, let's say, but if in case, you know, this, someone has a question as to how we help customers, you know, move away from BMC control. Let's say not yet, you know, we've been involved with implementation for BMC control, let's say, but we can probably, you know, work with customers to try and see if in case they have any migration efforts that I think that they're thinking about related to BMC.
Okay. How much time does your entity take to deploy in any environment?
I know you touched a little bit on that in your presentations, but in, in general, how long does it take to deploy? The overall
Setup is literally a matter of few hours. The assessment tool can be deployed within a matter of 30 minutes or so. And the migration tool probably will take another 13 minutes to deploy. So overall running of the tools, the assessment report probably is ready within a matter of few minutes, the modernization tool, typically you will do it in chunks, right?
Or the might modernization exercise with regards to taking data and migrating it to your next generation platform. We usually do it in chunks. You will do it across environments as well. So that ends up taking time. But the tool itself is rather quick, right? So let's say if you are probably, you know, porting a thousand resources and 50,000 users and associated data, it could be a matter of a few minutes or an hour or two for you to take that data and, and, and put it to the next generation platform. But let me ask my colleague Robbie buffet, by the way, who's on the call as well with me.
He is the offerings and solutions manager. If he, he wants to add to that,
That was spoken to, I think
You covered it. The deployment itself is very, very quick because the technical dependencies are all self-contained, it's a Jarvis solution and it can deploy very quickly. And once we get connected with the, to the legacy and the target, we can run a quick run and get you the analysis, as well as show you how the data will look like in the target system.
So that's the whole value proposition here that we can show quick value, and then based on whatever we find, we can then refine it and then help plan and more along. Thanks. Sorry. Yeah.
So the next question coming up is will the unity framework integrate with existing dev ops processes?
They, again, and, and especially on the access control side, we've already done work to provide some out of box integrations on the governance side, we provide a framework that integrates with your DevOps tools.
Yeah. It quickly want to add that all of the things that we do from the user interface are actually available as APIs. So anybody who wants to integrate using whatever DevOps process they have, they can just call those APIs and do the same functions.
Good. Next question. How can we try out the unity framework in our environment?
I would suggest get in touch with us.
We can quickly work with anyone who's interested in trying out the tools. We can run it, set it up, configure and run it for you. Especially the assessment tool is rather easy on the migration side as well. We could probably try and help, you know, see what therefore it could look like, you know, by running it in a, in a small control environment. So very easy to get it set up and test it out, get in touch with us and, and we'll help you with that.
Okay. So how much time can this tool save for application onboarding?
Nope.
From an application onboarding standpoint for identity governance, as of now, we are primarily focused on configurations and data, right? So for identity governance, you know, we still working on some of the, the application onboarding automation aspects for access control, the tools already configured to provide you some expedited application onboarding. And you could probably save close to about 40, 50% of application onboarding time, depending upon the type of applications you're looking at.
All right. And we have about a minute left.
So can you share some specific, I am modernization challenges you faced in your client environments?
You know, one of the big challenges typically that we see is customers want to move to a next generation platform. They want to automate things. They want to change the technology, but they're not willing to change their processes, right? So far all customers and most, I would say educated, I am customers would know that, you know, changing policies can help you quite a bit of time and effort and or all my operations for them. It can also reduce a lot of your headache, I should say.
So, so don't underestimate the value of changing. Some of the processes, people aspects are very important as well. And then finally, specifically to identity governance.
Again, you know, having clean data is very important if you're moving from old system to next system, but you have some, you know, I would say weigh all the data. Then you will probably continue facing some of the challenges that you had with your legacy system.
Okay. While we're at the end of the time for today. So thank you for attending the webinar and we hope to have you soon in one of our upcoming events.
Thank you, Swapnil and your team for the presentation and the audience. So I hope this was an interest to you, everyone. Thank you.