Hello, and welcome to Cupping a Coal webinar. My name is Paul Fisher. I'm a lead analyst. Today's webinar is brought to you by Archon, and we'll be talking about cloud access management with particular relevance to privilege access in the cloud and some strategies to enhance security and control.
As I said, my name is Paul Fisher. I'm a lead analyst. I'm delighted to be joined by Harsh Pradhan Lalla, who is the VP of business development with Archon. Welcome to you, Harsh Pradhan. Thank you. Yeah. Just for you listening in, just a few housekeeping. You don't need to do anything on the audio. You're muted. We're controlling all that, so don't worry about muting or unmuting. We're going to do a couple of polls. We'll read out the questions in the polls and then look at the results at the end of the webinar.
At the same time, there'll be a Q&A session where we'll take your questions, and myself and Harsh Pradhan will discuss the questions. Finally, we're recording the whole thing, so if you or any of your colleagues wish to view it again, it will be available on our website. So that's all the housekeeping. There's the very simple agenda.
First, it's me, then it's Harsh Pradhan, and then we'll have the Q&A, et cetera. So here is the first poll, then, which is quite simple. And if you can answer it whenever you like, do you currently have any means to control over your privileged identity? So do you use PAM? Do you use some form of CIEM?
No, you're still looking to learn more about the market or do you know what an overprivileged identity even is? So there's your four options. We'll leave them on screen for you. I will now get into my main course, as it were. What are we looking at? We're looking at three things which are affecting how we control identity in business. The three forces which are having an impact, and those are the velocity of identities, dispersion, and the number and density of identities.
Now, velocity simply means that identities are now coming faster and faster towards resources and entities and software applications. They're coming from far and wide. They're coming, you know, they're dispersed. It used to be the case, obviously, you know, five or six years ago, most identities were working or were based within the company or based within the perimeter. The COVID epidemic changed all that. It was already a trend that was happening that more people were working remotely, but now it's completely the same. We now have hybrid working.
People are working in all sorts of different places. So it's much harder to keep a handle on the identities and where they're coming from, what endpoints they're using to log into, say, a cloud that is also part of your infrastructure. And the sheer number and density of identities is probably the biggest of these three forces. The density of identities and the number are increasing exponentially, particularly in non-human identities or non-person identities, which increase all the time.
That's a trend that's not going to go away, but it does mean trying to give people a privileged identity or a machine privileged identity within this huge number and keep track of it, it's harder. So we're moving to different types of privilege management where we perhaps move to a more just-in-time approach to identity management in the cloud, et cetera. So those are the forces that won't stop. They'll just continue. They're probably the need to access resources quicker and more efficiently will only increase.
The dispersion of identities will increase to things that we probably haven't thought about yet. And the number and density will also increase. So we can't get away from that. And there's the sort of proof of that in a piece of research that was done by the World Economic Forum published in the HBR. And it kind of shows where things are going in terms of computing in general. So digital platforms and apps are number one, but then big data analytics and tech things and so on. Encryption and cybersecurity are well up there and so on.
So all of that plays into the fact that the number of identities are increasing, as I just said, and non-humans will outnumber the human. But we also have to think about third-party supply change identities coming in, even, of course, customers. Customer identity and access management is now a thing. The endpoints are moving. The endpoints are duplicating. The endpoints, we're starting to see the first emergence of AI assistants, portable devices, which are kind of an AI that you can carry with you.
These could possibly be the next iPhone moment, where suddenly everybody is connected to the internet and connected back to other systems through a small device they carry with them that they literally just talk into, ask questions, and it's based on large language models. So that becomes yet another endpoint, which you need to manage. And of course, once you've got AI mixed in there, it's something else of a challenge. How do you manage this device, which is a thing that we haven't really seen before? And user experience demands are changing.
Whilst all of this is going on, the human users, not so much the machine users, but the human users, want a better experience when they're connecting. And they want a faster experience. And they want it to be easy to use. But you have to make that secure and to make sure that they get access only when they need it and for how long they need it and so on. And behind all of that is the endless integration of clouds, applications, resources, multiple clouds. Even private, sorry, even on-premise infrastructure is still quite relevant. Many people are still using on-premises for various reasons.
So there's no doubt that the types of technology, which are mostly going to be adopted in the next four or three years, are all based around digital transformation and increasingly around artificial intelligence. I'm sure if that survey was done right now, artificial intelligence would have been a bit higher up that list there. So getting more focused now, we can see how identity access for data in business sort of breaks down.
And we, at Kubing & Co, we identified sort of seven majority or seven main identity types, all working within a core business infrastructure or even increasingly the supply chain infrastructure. As I mentioned, your supply chain is increasingly has to be considered as part of your organization. And even you can go further than that. Supply chains have supply chains. So that's what I was talking about when I said about the dispersion, the dispersion getting wider all the time.
It's not just your employees, not even just your machines, but it's your suppliers and then people even further down the chain. But within that, we have seven identity types. So we have your traditional administrators still there, although hopefully are doing a little bit less than they used to when AI starts to take on some of those more menial tasks. Developers, end users, classic end users, that's you and me, everyday employees. The machine identities, third parties, endpoints themselves, which can act as agents or act as machines, and again, customers.
And traditionally, these identities being managed by a combination of privileged access management and identity management, recently joined also by CIEM, which we're going to talk about a little bit more. And where they're all trying to find this stuff is on the repositories. So we have platform as a service, software as a service, infrastructure as a service, and so on. And of course, a lot of this is now stored in the cloud.
And they're looking for, generally speaking, all the stuff on the right, which you can file under data or DAAS, which stands for data and various other things, which I'm sorry I can't remember, that's the Department of Defense definition. But within that is all the stuff that we put there. Beneath this sort of architecture or this map are architectural elements, which we'll also talk about, some of them zero trust design, zero standing privilege, lifecycle management for identities, data governance, and some form of data of intrusion detection and remediation increasing.
Those tools have become quite fashionable recently, and there's even now identity threat detection and response. But all of that kind of underpins what is happening in business through the software.
And sorry, the ITDR has recently joined the club or has joined the zoo. The jury's kind of out on whether ITDR is a long-term proposition or whether it's just an acronym that has been created for acronyms sake. But certainly, it's worth looking at. Identities are now targeted, much more than useful. So anything that can attack that further upstream is probably a good thing. So let's just call that identity access for data or IAD. So let's talk a little bit more now about one aspect of this, which has also gained traction a lot in recent years.
It's not a new theory by any chance, but Zero Trust has certainly piqued a lot of interest in the last two to five years. So what do you see? What do you understand by Zero Trust network architecture? So the options here, it's complicated to implement. It can stop all identity-based attacks. There is only one type of architecture. It's easy to scale. Very little, to be honest, but I know I want it, which is the kind of fun option there. But if you actually do know very little, please tell us because that's interesting as well. So we'll leave that on and I'll press on.
When we asked some of our customers, end users and buyers, et cetera, what their identity access management priorities were, either because it's become a sort of interim or there is a genuine need for Zero Trust. But they said 41% of them said that they want to make it a reality. That should say not a reality. Sorry about the typo there.
But yeah, making it a reality is the key phrase there because it's not easy, Zero Trust. It's a very simple theory. And underneath that, MFA, which is closely related to Zero Trust, was 35%.
And then, obviously, securing cloud, multi-cloud, and having a grip on all endpoints. So all four of those directly relate to what we're talking about, what Hashfadan will be talking about in a while as well, and how to improve identity and access management and privilege access in this world that we're living in. So here are the challenges. I put these together here as a list of what I see are the key challenges for identity right now. And these aren't in any order, but I would say that overprivileged entitlements is probably number one.
I think that the challenge to measure, discover, and stop overprivilege is a huge challenge. And again and again, when people are surveyed, they find that something ludicrous, like 70% of entitlements aren't used by end users and so on. There are statistics for that. So that's where I think we should focus our attention immediately. But there's also people feel that there's limited access controls, there's limited feedback on who's doing what.
And also, in lots of software in PAM and identity and access management, actually managing credentials is still quite cumbersome. It's quite not clumsy, but it's not designed well in the application. And we don't have strong identity threat detection, which is why perhaps ITDR has emerged. There's still a reliance on vaults and passwords, which is OK, but they're not the most up-to-date way of managing credentials or giving credentials or giving people privilege access. So we need to find ways that have the sort of solidity of vaults and passwords, but do it quicker.
And to go right back to the start, we don't have any kind of entitlement management, particularly for the cloud. In many organizations, I would say there is a huge growth area for cloud infrastructure and entitlement management systems of a type. Or those that are being managed or added to privilege access management platforms and so on. But we really need to get a grip on entitlement management. And you can put all that together and say, if we did all this, if we controlled all this, we would be getting close to some kind of zero trust architecture.
And again, as I said, zero trust is a very simple complex. It's a very simple concept. You don't trust any identity. You always verify whether it should be allowed in. You also verify whether it can get authorization to what it's looking to get authorization to and so on. But it's not easy.
Now, there's two organizations in the world which have kind of taken zero trust to the next level. One of those is the US Department of Defense. Not surprisingly, a Department of Defense probably has the kind of secrets within it that are not just bad if they leak out, they actually affect national security. So they have actually published a number of publications. The link to a copy of one is on the screen here, which you can look up later.
But I just pulled out this first one because I think, for me, it sums up what zero trust should be for users and non-person entities, which is the way the Department of Defense talks about machines. And there it is, the acronym I couldn't remember, data applications, assets and services. In other words, everything in compute. I will read it. They say it should be securing, limiting, and enforcing person and non-person entities' access to DAS, okay? So you can't put it clearer than that. And then it encompasses the use of identity capabilities, such as MFA and PAM, for privileged functions.
And this is the key phrase here, I think. Organizations need the ability to continuously authenticate, authorize, and monitor activity patterns to govern user access and privileges while protecting and securing all interaction. I think these three paragraphs are brilliantly written, sum up of what we should be doing, particularly the phrase continuously authenticate and authorize, because too often we have standing privilege, we have standing entitlements, which means we're not doing that. We're not continuously authenticating and authorizing at all.
We're just kind of sitting back and saying, well, we sorted out the access for all these identities, and they're the ones that we know are okay to have access to that. But identities change, roles change almost on a daily basis.
Also, identities are under attack. Identities are hijacked or taken over by attackers. So you need to continuously authenticate. But of course, that's hard. And that's why vendors like Archon here today are looking at ways that we can get to that point where we are continuously doing that. So this then is a cluffing of coals sort of a roadmap towards implementing Zero Trust. And as I said, it's a long, long journey.
And again, I'm not going to read all of this, but this actually is a very valuable slide in just giving you an idea of what's involved in getting to at least the start of Zero Trust. And this one actually comes from the DOI, sorry, from NIST, which is the other organization in US which also has published excellent documentation on Zero Trust, and again, taking it up to date.
And again, taking it to a next level. But just quickly, you need to first of all, look at the actors on the enterprise before you can get anywhere near. You need to identify key processes. But if you read through that, you will see that each one of those steps is not something you're gonna do in an afternoon. But it's the only way you're gonna get anywhere near Zero Trust.
So NIST, perhaps then to make things a little bit easier for you, have broken this down into seven tenets of Zero Trust architecture, in which case, and I've been talking about resources for as long, I always think of like data access to resources is the most important thing in compute and the right access. So it begins with that. All data sources and computing services are now seen as resources. All communications must be secured. Communications means transferring. Access to individual resources granted on a per session basis.
So there we can see that we're getting towards our adjusting time model, our no standing privilege model, but on a per session basis so that a user or a machine can only get access to some privileged data as and when they need it, and then it's switched off. How do you do that?
Well, you do it by having dynamic policy and behavioral and environmental attributes applied to access to that data. Both of those two work together. And then of course, you must carry on monitoring and measure this, make sure it's working. Before and then finally, the same rules apply not just to authentication, but also to authorization. So there's two stages, one authentication, one authorization. So you have to do the same thing.
And again, vendors are starting to build this into their platforms so that it happens for you. The emergence of AI is making it easy to do this in the background and so on. And then you feed all of this activities, it's fed into analytics, et cetera, so you can improve the whole cycle.
So again, if you go to the NIST website, you can find more information on this kind of thing. So finally, to get to and to hand over to Hashim, a key part of getting towards zero trust and better privilege management is through the emergence of cloud infrastructure and entitlement management. And this is something that's emerged, again, probably in the last two to five years, it's focused on cloud, particularly how identities exist in the cloud, how identities move to get stuff from the cloud.
And it does fulfill one of those tenets of NIST, which is to continuously monitor permissions and roles, to adapt to changes in the cloud and so on, and includes also privilege elevation or just-in-time elevation. So that's an introduction to how things must change, how zero trust can impact on what you're doing. And now I'll hand over, I'm very happy to hand over to Ashwarin Lalli from Archon, who will continue on this journey. Thank you. Thanks a lot, Paul. That was a very insightful session.
I think the way you were able to lay out the context in relation to PAM, MFA, and setDNA was a fantastic concept, and I think that's what we're talking about as well in the market. So I was planning to talk about managing complexities with ease, but the topic was PAM. So for people who are not very well-versed with PAM, I thought I'll give a very quick snippet about what PAM really means and what its concept is. So PAM is basically there to mitigate human error.
Error, it could be because of identities being compromised, shared, whatever the reason. It is there to diminish the attack surface because you are trying to ensure that authentication is taken away and authorization is taken away from the end users. It increases productivity and greatly demonstrates compliance and I really love this slide for that reason. Paul spoke a lot about identities, right? He mentioned about identities from the privileged identities perspective and from identity and access management perspective, and that is exactly what you see here.
This is how traditionally different types of identities existed, right? So human identities, privileged identities. When I say human identities, I'm talking about business identities that we can think about. These business identities would have a relationship with business applications that you would have, whereas the same human identity could have multiple privileged identities as well.
Now, to add to the complexity, we now have bot identities, we have machine identities, we have applications, API identities, and so on and so forth. But the crux of the matter really is that identities are the weakest links, right? If compromised, the objective of achieving ZPNA can never be possible.
Now, the evolution of identities, the way we see it, everything is trying to converge, right? We're talking about convergence of these digital identities. This is high complexity. So all the identities that we spoke about are getting converged into a digital identity, right? So one human identity can have multiple digital identities, and these digital identities could be varied. And that adds to the complexity. It becomes fairly complex in terms of identifying the identities, managing those identities, ensuring their provisioning, the deprovisioning, reprovisioning, management of it.
All of that is becoming a huge challenge. And when it comes to cloud, that becomes an even bigger challenge. On the cloud, we really aren't using things like active directories, which are compromises. We have Azure AD, but not everybody is consuming that. So what can PAM do for us in cloud? And that's the primary question that we're trying to address here. We understood the problem statement that Paul described about ensuring that there is zero trust by meaning you need to have a PAM, which is robust, which can then be clubbed with MFAs and things like those.
Now, traditionally, PAM has always been deployed on-premise. And people like Paul mentioned some time back, there are still a bunch of customers who continue with PAM on their on-premise setups.
However, there is a big shift towards the cloud. So one, PAM is being deployed on cloud.
And two, PAM is used to manage the infrastructure, which is hosted on the cloud. So there are two different aspects of PAM that we are discussing. From a second perspective that I mentioned, you are able to onboard your cloud infrastructure and users.
Now, how do you do that? That's exactly where PAM is used. How do you make these onboarded infrastructure and users access it? That's the important thing. How do you rotate credentials? Because you are using different things.
On AWS, you are probably using their PIM solution. On Azure, you are using their Azure AD.
On GCP, you will be using GCP's IAM credential management, things like those. So how do you really ensure that you rotate the credentials, rotate the keys? That becomes the key for managing infrastructure and users on the cloud. And how do you monitor cloud access? And that is exactly where we will discuss about CIEM. So what I want to say is, the principle required to secure your cloud and meet compliances is where you can really help a user. So getting to the complexities on cloud for PAM.
One, like we said, PAM, when it is used to manage and monitor access and authorization for things that are being deployed on cloud, it brings out these following challenges. So how do you really onboard infrastructure components and users on SAS, on AWS, on Azure, GCP, et cetera? So you have all these different users who are sitting in different cloud service providers, who are sitting in different SAS solutions, and you want to really bring this out and get them into your PAM solution. How do you really do that?
And that's a pretty complex problem to solve for all the end users today in the market. How do you access your Kubernetes clusters, containers?
Well, it could be the CLIs, APIs, it's just an example. But how do you really access these critical components of your cloud, which are used to manage your entire workload, which is hosted on the cloud? How do you access, or the access to the cloud infra using things like Windows PowerShells, terminal access, management consoles, and so on and so forth? How do you really manage that access? Because now you're saying that I am trying to access a component which is on the cloud, and I am trying to do it using my PAM. How do I really access these infrastructure that's hosted on the cloud?
How do I really manage the CI-CD package? If you're a product company, or if you're doing continuous additions or modifications to your software that is developed by an organization, or if you're a product company which is delivering a SaaS solution, how are you really managing your CI-CD? How are you managing the identities available on the CI-CD or required for the CI-CD pipeline? How do you manage interactive and non-interactive accounts? That's a very important account.
Now, when I'm talking about interactive and non-interactive account, I'm talking about, when I say interactive, I'm talking about human identities where people are interacting. And when I'm talking about non-interactive identities, I'm talking about things like API identities, bot identities, and things like those.
Now, how do you really manage these credentials? How do you manage the secrets for these credentials? Ephemeral access, that's a growing requirement everywhere in the world today. We're talking about ensuring that users are not always created. Users are not always available. But whenever there is a requirement, just in time, with just enough access, we want to create those users on the applications, infrastructure components, make it available to the user, give the user the right exact roles and responsibilities, and ensure that the access is given and revoked once the session is disconnected.
And how do you really give access to components which are on AWS, PaaS, SaaS, and all of these? These are a few of the complexities that I've listed on cloud for PAM.
Now, Archon has built in a solution for all the problems that I just listed down here, and I would want to walk you through all of these to give you a perspective as to how PAM can really help you achieve zero trust. So onboarding made simple. Archon has really made the onboarding simple. So what we've done is we have auto-onboarding components or feature that we have enabled.
Now, because, like I said, you will have different directories available for AWS, for Azure, for GCP, OCI, AliCloud, and whichever other cloud solution that you're using. Now, really onboarding the users in today's PAM, even if it is deployed on on-premise, the PAM administrator has to ensure that he or she is able to add the infra component and the user with the associated roles and responsibilities into the PAM, and that exactly becomes a problem, because on the cloud, we are trying to spin instances in a jiffy, right?
So these instances are going to be created, they're going to be destroyed, you're going to create users to access these instances, and you're going to destroy them. Now, when you're going to do this at such a large frequency and in a very dynamic way, how do you ensure that you are able to onboard these when you need them? So we have evolved, we have developed a component that's called the auto-onboarding component. So I'm able to onboard the IAM users from AWS.
I'm able to onboard or auto-onboard your EC2 instances, your Linux environments, your RDSs, databases, IaaS, SaaS, your Elastic IPs, Dynamic IPs, all of that, right? So that is what Archon is able to achieve. In the same way on Azure, we are able to do auto-onboarding for Azure AD users.
So in AWS, we saw that it was more about the IAM users, which are configured on AWS. On Azure, we can auto-onboard them using the PAM functionality, the onboarding functionality that we have. We can onboard all the VMs, Linux, databases, everything in an auto-onboarding fashion. So there is no requirement for any PAM administrator to actually onboard these. And like I mentioned some time back, because these are dynamic, these get spun when there is a requirement, when there is a need, and then they are destroyed.
So it is very difficult on the cloud for somebody to constantly keep an eye on what infra component is being hosted, what infra component is being made available to the users, to which users, which users are onboarding, things like those. So we have evolved a strategy where we are able to auto-onboard all these users from Azure AD, from similarly on the Google Cloud environment, we are able to do auto-onboarding. So for these three clouds, we are able to do auto-onboarding for the users and for all the infra components that you need.
Now these are the methods that we use to onboard the AWS components. So it could be your SSH PAM keys, it could be your AWS session managers using STS tokens, it could be your hardened servers. We are able to onboard and auto-onboard all of these into PAM without any intervention from the PAM administrator. We are able to achieve the same on Azure and on Google using SSH or VMs with basic authentication. We are able to do achieve all of that. Now comes the critical component, which is how do you really ensure that access to the cloud service providers is monitored?
Now, it could be, people would be using different kinds of access mechanisms to really access the infrastructure on cloud. So it could be Windows PowerShells, management consoles, AWS CLIs using STS, Kubernetes, control access, terminal access, and whatnot, right? Or it could be through, for Azure, it could be through management consoles, third-party SaaS offerings, Azure SQL, Kubernetes, Azure CLI, similarly for Google Cloud.
Now, Archon is able to secure these access that I was displaying. So whether you're coming from Google Cloud SQL, whether you're coming from a management console, coming from CLIs, coming from Kubernetes, KubeCTL, Linux terminal access, Windows RDP, any of that, Archon is able to ensure that there is a secure access available to all your infrastructure components, which are available on these cloud service providers. It's not only the infrastructure that we are able to manage. We are also able to manage apps, which are SaaS solutions.
So take, for example, Salesforce, GitHub, Slack, Office 365, all of these, there are administrators that you would have created who have access to sensitive information, to creating a new user, to granting access to a new user, and all of this. So how do you really manage these cloud apps? Through the Archon PAM solution, we are able to do, you know, we are able to manage all these identities, which are created on the SaaS solution. This is how, one of the things that Paul again mentioned was around password walls, and the solutions that people are using.
So for password management, we can actually do the password management on AWS for EC2 instances, for databases, IAM users, we can use access keys, secret keys, any option that you are choosing. We can even do it on a IAM console user. Similarly for Azure and similar for Google Cloud, we are able to achieve all of that. This really brings me to the next topic, where now we spoke about all the infrastructure components and onboarding of the users onto the PAM.
But now is the critical component where I have a hybrid solution, where I have some of my workloads hosted on AWS, some on Azure, some on Google Cloud, and I'm trying to get a single window view of what's happening across my estate on the cloud. Today, if you don't have a CIEM, which is Cloud Infrastructure and Entitlement Management, another option that Paul spoke about, if you don't have that, to get a single window view of all of these different workloads or different cloud service providers is a big challenge. But the bigger point with any CIEM is how are you able to manage the entitlement?
So with a CIEM solution, and when I talk about cloud governance, this is nothing but the CIEM component that we have within our PAM. Now, through this, I'm able to say that, okay, Harsh is a user on AWS, he's a user on Azure, he's a user on Google Cloud. He's a privileged user on AWS, a normal user on Microsoft Azure and a normal user on Google Cloud. On the AWS, where he's a privileged user, he has access to these 100 services. Out of these 100 services, Harsh is only using 30 of them, and the 70 are unused.
So as an organization, you are able to take a call on whether to disable those 70 services and ensure that you are reducing the attack surface because you are only allowing what is required for the end user. So the cloud governance can talk to you about a single window through which you can get information about everything that is on your cloud, you know, your workloads, your users. It can go to the next level of saying, okay, it is not just a user.
I know how many users are configured on which workloads, what roles are being assigned, what responsibilities are being assigned, what services have been configured, and whether the users are using that or not. All of this is possible using the CIEM solution. And once you have these solutions, you are then able to really manage your access and authorization and thus have a peaceful sleep in the night for at least the components that you have on your cloud infrastructure.
Quickly, I wouldn't take too much of your time. I know we're running out of time. So quickly about Archon.
We are, you know, we were founded in London. We have our R&D center based in Mumbai. We are international. We sell to customers across the globe. We have a lot of customers in the German region, in the European region, and across the, you know, across the world. We have more than 1,500 customers. We work with all the global SIs and CIEM partners. We have 500 plus employee strength. The most important thing is we have been profitable right since the inception with a strong top line.
Now, these are the products that I wanted to also mention to you about. So we spoke about privileged access management here. We spoke about it. The solution is available on-premise, on SaaS, and also available for deployment on the cloud. But what we've done, and again, to address the point that Paul mentioned, Paul mentioned about PAM, Paul mentioned about IAM, Paul mentioned about MFA and ITDR.
Now, what Archon has really come up with is a product, which is a combination of all these products. We call it as converged identity. We spoke about how the identities are converging and thus there is a need for a product which can actually help you converge all kinds of identities, be it business identities or be it critical privilege identities. So we have the product which is called as converged identity on which in a single code base, we are providing MFA, single sign-on, IAM, IGA, and PAM, which includes CIDM. So it's a single code base. It's a product.
You can switch whichever modules that you want to, and you can consume them as per your requirements. And that's the beauty of the product. So it's one of the important leading products that we are trying to promote in the market today. And that's what we are trying to do in the managing identities and privilege section. Another part which Paul mentioned was around the endpoint.
So we have endpoint privilege management, which can help you with use cases like rotating your passwords for the local admin credentials, helping you with whitelisting and blacklisting, helping you with ensuring that there is elevation of rights. So whenever I need to install a product, I don't really have to raise a request with the IT team. If it's part of the whitelist, I can do a right-click, elevate myself, and do the implementation. So that's what we do. And specifically for ITDR, we have two components, which is one is data intellect, and second is user behavior analytics.
Through these and through all the different products that Archon has, we are able to achieve, or we are able to provide a solution to our customers, wherein they can not only look at access and authorization, but they can also look at ITDR. So they can actually do identity, threat detection and response using the component that we have. These are AIML-based components, and they help you in a big way. We also have other products for different industries, but I wouldn't take too much of time. This is more about Archon. Our customers have rated us very high over the last three, four years.
This is what the customers have to say. We have an overall NPS, which is positive and above 50%. So that's a fantastic thing. This is what the analysts have to talk about us, Gartner, CappingerPool. We are part of the leadership compass for privilege access management in 2021 and 2022, 2023 as well. And that's all that I wanted to discuss today. Thank you a lot for the opportunity. Really appreciate you listening to me. I'm happy to answer any questions that you have.
Paul, I would like to open it for question and answer session. Thank you so much, Hashroddin.
Actually, we're gonna look at the poll results first. So interesting, actually. Good news is that no one doesn't know what an overprivileged identity is. So that's something. But overwhelmingly, people are using a form of PAM to control overprivilege. So what do you make of that, Hashroddin?
No, I think that's a fantastic thing. People are, you know, the fact that people are aware about privilege access management and they're using it is an indicator that people are serious about, you know, the cybersecurity threats that they have in the organization. They understand the importance and relevance of identities. Because if you look at it today, the oil of the companies is either identity or data, and they are trying to secure the identities, thus the data there.
So I think this is a fantastic, you know, poll result, which says that people are really, you know, they understand the benefits of applications like PAM and they're really using it. Well, it's good. PAM certainly isn't dead yet. So that's good for both of us. And Kim clearly is only just starting to, you know, emerge. So let's see the second poll now.
Okay, so as I kind of expected, 77% understand it's complicated. So yeah, it is. But it doesn't mean you shouldn't try to do it, but there are ways of doing it. Answer B was a bit of a trick question, to be honest, because, you know, nothing will stop everything. Isn't that right?
No, I totally agree with you, Paul. But I think it's pretty interesting that, you know, the people are saying that it's complicated to implement. I understand that because, you know, in large organizations to really identify things like identities, whether they are secured properly or not, and really moving to the zero trust architecture is fairly complicated because the IT teams don't really have the view of what's happening with business applications. What are the business owners doing?
How do you really get those into the realm of PAM or MFA or any of the other zero trust network, you know, solutions that they plan, that they intend to do it. So I totally, you know, understand where people would have responded it's complicated to implement. But I believe that, you know, the vendors are working towards ensuring that it becomes easier. I wouldn't say it's really easy today, but we're working towards ensuring that it becomes easier for, you know, all our respondents to really implement it in the future. Yeah. And of course, like I said, the vendors can help.
We also at Kobunga Coal, you know, we have our advisory teams helping people to understand. And also I'm glad that people were honest and said that they don't know much about it, but they know it's a good thing.
So, you know, I would take that as a kind of positive result from that poll. So the question I was about to ask was, can we integrate PAM deployed on cloud with existing identity and access management tools? Yes.
You know, that's a pretty interesting question to answer the poll, because that relates to the identities and the convergence of the identities that I was talking about. We're talking about, when we talk about IAM, we're really talking about any identity, which is either a business identity or a privileged identity. And integrating these solutions, which are, you know, the two solutions is IAM and PAM, is very relevant.
And today, to my knowledge, majority of these tools would have a SCIM compliant API. So almost all the PAM vendors in the market today, including Archon, we have a concept which is called a SCIM compliant API. Now with these, we are fairly able to integrate or easily able to integrate IAM and PAM.
Now, whether the PAM is deployed on-premise or on the cloud or vice versa, doesn't really make a difference. As long as there is a SCIM compliant API that is available, yes, the answer to the question is that we will be able to integrate IAM with the PAM, which is deployed on cloud, or PAM, which is used for managing access or authorization for clients. Okay. Just to put up on screen there, European Identity and Cloud Conference. There's still time to get tickets for that. If you wish, starts the week after next. I know that Archon, you'll be there, I think. At least- Yes, we will be there.
Yeah, at least, maybe not yourself, but at least a representative for the- Yeah, our representatives are going to be there. Yeah, excellent.
So yeah, if you're still interested, please come along. You can come along to Berlin, or it's also available as a digital conference. The second question is, can the same PAM be used to manage workloads on multiple clouds or cloud service providers? I totally understand the question, Paul, where it is coming from, because you have different workloads which are there on different cloud service providers.
And the question that probably, the person who's asked the question is thinking is, how do I maintain the security between these different workloads that I have on different cloud service providers? The easy answer to the question is yes. You can manage the infrastructure components and the users on different cloud service providers using a single PAM, and that's very much possible.
Archon also has the option for doing the same, and that's what I presented as well, that you could manage your infrastructure on AWS, Azure, GCP, OCI, AD Cloud, whichever cloud that you want to, without any challenge. So yes, we can do that. And there are different security measures which are taken into consideration to ensure that the communication is secure and nothing really moves from one cloud service provider to the other service provider, while the different identity management solutions. So for example, on AWS, you have their IAM.
On Azure, you have the AD. These different integrations are also possible, and the access and authorization can therefore be secured.
So yes, it is absolutely possible. Okay, and how do PAM products, not necessarily Archon, but PAM products in general, manage to protect the communication between the PAM and the cloud infrastructure?
So we, I mean, it's not just Archon, but any PAM solution provider. So we rely on the basic technologies like site-to-site connectivities, or we would rely on the connectivities provided by the cloud service providers.
Now, these ensure that there is a secure communication that is available between the cloud PAM and the infrastructure components. So even if I'm looking at having a cloud deployed on AWS and managing the infrastructure on Azure, I can look at creating a site-to-site connection. There are multiple options available. All of these cloud service providers, they offer these communications.
We try and establish a connection which is secured between these two layers, and ensure that there cannot be any man-in-the-middle attack or any of those attacks that people can think about that can help them sniff the identities out. So we do manage these identities and access and authorization using different site-to-site connectivities. Okay.
Finally, the Archon, how do you, how does Archon PAM treat the attack path cross-platform in the cloud? So that's a specific question. I don't know if that's...
Yeah, so we do have, you know, like I mentioned, we do have the options where we can manage cross-platform. So even if you have workloads that are deployed across different cloud service providers, different data centers, and all of that can be managed using the same PAM, and the connectivities can be separate. There can be different architectures. So we have a concept which is called as gateways. We don't rely on the jump servers or the PSM. So we have developed our own IP, which is gateway-based IP.
Through these gateways, we can ensure that communication is tunneled only to that particular CSP or to the particular workload that we're talking about. And thus, we ensure that the connectivity from the last mile, which is the target or the end user to the target server is always secure.
And thus, we are able to isolate the problem there. So yes, we can do that.
Okay, well, we haven't got any more questions. I'll just see if any more come in. But if not, no, it doesn't look like we have. So I'll wrap up and say thanks so much to all of you for joining us today.
Thank you, especially to Archon and Harshvardhan Lalli for an excellent presentation. And thank you to my producer as well for getting those polls up. So see you again.
Hopefully, I might see some of your EIC. If not, have a great evening or afternoon or morning, wherever you are. Bye now. Thanks a lot, Paul.
Thank you, everybody, for attending this session. Really appreciate that.
Thank you, have a nice day. Thank you.
