KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Join Vadim Lander, Symantec Identity Management Security Chief Architect and CTO, Broadcom as he discusses the new realities that are driving the evolution of Identity and Access Management (IAM) and how organizations use IAM as a key pillar in the architecture for Zero Trust. Vadim will also highlight the future of the Symantec’s IAM suite of solutions and how they will help our customers build their own Identity Fabric.
Join Vadim Lander, Symantec Identity Management Security Chief Architect and CTO, Broadcom as he discusses the new realities that are driving the evolution of Identity and Access Management (IAM) and how organizations use IAM as a key pillar in the architecture for Zero Trust. Vadim will also highlight the future of the Symantec’s IAM suite of solutions and how they will help our customers build their own Identity Fabric.
Thank you so much for giving us a chance to speak at the conference. Unfortunately not, not, not able to make it to Munich, hopefully next time, but you know, greetings from Boston, just a little bit by way of history. I've been in the business for a long time, since 97, when it happened upon a little company here in Boston called integrity, where I've architected and delivered site minor, you know, where you know, many years. And I had spent a lot of time at both integrity CA and you know, Oracle, you know, working on identity management and building different kinds of identity systems.
And just like you've been discussing this week about kind of the need for identity management, how identity management is changing. I'd like to tell you what, the way I see identity management evolving and what we're doing here at Broadcom software to, to make it.
So, so obviously digital transformation is causing significant disruption. I'm sure your previous speakers have talked about it.
We, as a business, we're looking for agility. We want to balance the centralization versus decentralization, decentralized responsibilities, right? We're looking to create omnichannel relationships, right?
You know, we want to see 360 of the identities, and we want to enable identities to see 360 of our enterprises of our business opportunities, right? And while we do that, we want to enable great user experiences.
You know, we wanna deliver a mobile first experience, you know, password list in emergence of bring your own identities becoming pretty important. And at the same time, right, we continue to evolve the way we build applications, the way we deliver these applications through, through Kubernetes, through continuous integration pipeline, C I C D right. DevOps starts to come into the picture. Obviously we're dealing continue to deal with regulations and our business models continue to expand. And as a previous speakers, I'm sure have talked about and very nice transition to this presentation.
The zero trust world is a reality. It's a reality because simply we just have to deal with security.
You know, security is important. And with the identity becoming pretty much the only perimeter that is shared across the joint security domains, right? The way we treat this is becoming quite becoming quite different, right? And at the same time, our digital transformation is driving migration of business to the cloud cloud.
Multi-cloud, you know, all kinds of different interoperabilities and integrations, but fundamentally in order for us to be able to offer innovative products and services, we have to put together these, these delivery ecosystems, right, that now be, have begun to move beyond different kinds of perimeter. They've long time ago, moved beyond the network perimeter. They moved beyond the DNS perimeter. And now we're dealing with a lot of these interoperabilities and integrations in terms of the business perimeter.
And while we're doing that, right, we have to balance that we have to balance that ability to grow. We need breaks. We need to be able to con contain the way we think about security, right?
The, the, we continue to see significant amount of compromised identities. We, we see significant amount of compromised devices. We also see a significant amount of compromised applications, the applications themselves, right.
You know, you know, being, being compromised. And so when you put all together, we really need to think differently about how identity and security architecture is being put together and being delivered. And I wanna talk a little bit about the evolution in order to get a good perspective on what, why this is happening, how the identity management itself has evolved, and this continues to evolve. So we went from a nice data center perimeter. This is when we've invented web access management, right? Everything was inside the enterprise. It was great.
We had the ability to authenticate identities. We, you know, we had the ability to authenticate applications. We were able to, you know, put together, put together, you know, great session management capabilities, but then the world started to change, right?
We've we, we went to, you know, mobile, we started to introduce social. We, you know, so the perimeter started to disappear and now we are really looking at the, at relationships, right.
You know, how we build the applications today and how we deliver those applications and how do we integrate various kinds of business services into the application delivery, no longer has a perimeter. And I call it micro perimeter, right?
The, the web is now a perimeter, just the, one of the perimeter. You know, the, the, the bots, the services, the endpoints, the Federation, the data itself, the data, the S3 bucket is now a, a single perimeter. And we need to be able to ensure that the identity and security really must be everywhere by default. And while we do that, we also need to make sure that we not only think about how it should work going forward, but we also need to make sure that we are able to bridge today's identity management and tomorrow's identity management securely, right.
It's not really possible most cases to rip and replace, and we need to be able to bridge right. Really bridge the experiences that we offer today with the experiences we, we, we are gonna be offering tomorrow and then do that security. And really what this is doing is driving is driving IM architecture 3.0 2.0 was the web architecture 3.0 is going to be a different kind of infrastructure that I'll talk about. And one way to, and one way to see this right, is to really see, think, think about how we are building applications today. We're using different kinds of tools.
We want make sure that they are AB D development teams are extremely agile and have a lot of control. These days.
We, we use different kinds of techniques to deliver these applications. You know, we use pipelines, we apply all kinds of automation. We deploy these applications in different kinds of environments.
You know, we, we like to use Kubernetes these days. Well, everything is now containerized. It can run anywhere. Really. The word is anywhere. And most importantly, right?
It's the, it's really the, the resources, the, the, the systems, the accounts, the devices, the, the APIs, the structure, the unstructured data, right? All of that can now be made available to an application. And really what, when you put it all together and say, well, anyone can get to anything, right? Because the idea is for anyone to get access to anything, it really requires that the way we think about the identity and security is that security capabilities, right.
Must be embedded within the application environments so that the identity capabilities, security capabilities need to be brought very close or be part of the application infrastructure itself. And what this really does, if that was the, if that was the case, right. It really enables us to create a zero trust framework. It enables to enables us to every step of the way, no matter where these resources are being consumed, whether it's in a cloud where it's cloud edge, where it's, on-prem where it's in the data center, where it's in our partners data center, right.
We should be able to basically positively identify and authorize with adaptive dynamic adjustment. And I say, based on risk, right. To mitigate, to mitigate attacks, to mitigate what may be anomalies and be able to protect right access to these, to this privileged information privileged accounts, while also making sure that we have way to adjust what these identities can do on the fly or what these clients or programmatic entities can do on the fly. And this in, in, in, in my view, this is really a must have.
There could be no other, there's really no other way to deal with the, with, with the fact that, you know, we need to, we need to be able to allow, you know, any identity from any device access to any application. Well, how do you do that securely? This must be part of the architecture. Obviously it'll take a bit of time to get there, but there's really no way, you know, without this kind of approach to, you know, be able to have a safe and secure environment.
Well also, you know, creating delightful user experiences is. And so the way we see really digital IM is really a cornerstone of zero trust architecture at the, at the, at the beginning, you know, it's really starts with a very rich set of identity and security APIs. And when I talk about the fabric, when I talk about the capabilities being a, you know, capabilities being woven into the fabric of any application, it's really about the standards based, whatever possible identity and security APIs underpinned by a holistic risk engine and risk aware policy management.
I don't wanna stress and underly really risk aware policy management, so that any kind of policy, whether it's access policy, identity, policy governance, policy, certification, policy, whatever the policy may be, right. Be done with some level of risk, which is really how we live our lives. Right. If you look at the way we live, you know, the or physical lives, we always apply risk.
And, and when you think about identity in the digital space, you know, why would it be made different, right? So the decision need to be made with some level of risk. And just as equally important is, and I think the previous recorded talk recording talked about this too, is, is really about trust management. How do we ensure that the trust and the notion of trust, you know, can be brought into the fabric of different kinds of environments?
Well, the only really the only way to do that is by tokenizing, tokenizing trust infrastructure, and be able to use that right, to ensure these privileges, to ensure, you know, security, various environments underpin by a common relationship based IM schema. We've talked about that we continue to have silos. Why is it that after all this time, after 20 years and 25 years of identity management, we still continue to have challenges. One of the issues is we don't have a common schema. We haven't really had the time to think it through, as an industry.
We've always considered access to have its own set of policy it's own set of, you know, architectures and identity with entitlements and, and the life cycle of entitlement management to have it set of schema's it set of, but really what has to happen the same way it happened with other it disciplines that there has to be a fusion of both the identity schema, entitlement schema, and the access schema, because frankly, they're, they're really just two sides of the same point, you know, who can do what, and what can I do are pretty much the same.
And once we bring these together, then we're gonna start seeing a much less opportunity for the threads, for the, you know, really silos of, of, of security, right? You'll be unified from the beginning.
And also, I think it's extremely important to also understand in these days, in this day and age, is that how does this complexity gets, gets deployed? Right? These are sort of very sophisticated capabilities and identity being omnipresent everywhere is quite sophisticated. And we need to make sure that the ability for our customers to deploy this, to manage this to, you know, on an ongoing basis, right, you know, also meets modern, modern, modern capabilities.
And that's where the, the, the microservice centric, you know, I'll talk about in a minute micro microservice centric, cloud native, you know, architectures, you know, start to become, you know, really, really important because we wanna make sure that these significant, you know, very powerful capabilities can be relatively straightforward to implement and, and, and operate.
And so what we've been thinking about for a couple of years here at Broadcom Broadcom software is really a, well, we see a security services platform, really it's a visionary security services platform for digital identity. And what it allows us to do is to enable our customers right, really to consume this IM 3.0 begin to consume IM 3.0 architecture, right? There's also one hand helps them extend solutions that they already have and start to bring those solutions.
Also start to bring new environments, new applications, new infrastructures, right into the world of modern, you know, IM capabilities where the authentication management, right.
We think of that as a business service that is basically being delivered on top of a holistic service security services platform, evolving into authorization management, evolving into identity management, evolving into, you know, other kinds of IM disciplines that need to be available to need to be made available to, to enterprises, but very important that it's really done on the, on the back of sort of common and consistent architecture, right on the bin by common policy infrastructure and the bin by common session management.
So the notion of the user session or the client programmatic client session, right, can be tracked across various interactions and can then be properly managed in terms of, you know, it's risk and knowing, you know, when we need to continue with providing access where we need to step up that and, and provide some additional authentications or authorizations on whatever we need to, you know, reject immediately, we built in risk management infrastructure, right? We built in security analytics, right. That enables us to understand what's going on.
Be able to both, you know, reactively detect as well as proactively identify. And it really is the fabric. It really is the capabilities, the, the capabilities of this platform really represents the identity fabric, right? It's really all about being API.
First, it's a hundred percent of functionality exposed via modern APIs. It's deploy anywhere cloud native microservices. So you can deploy our customers can deploy this, their choice of clouds, their choice of, you know, on-prem data centers or whatever, whatever they feel like they need to be operating this enable them to do so very agile, right?
For the first time, I think in the identity management, you know, it really takes minutes to deploy an upgrade, or rather than go through extensive enterprise deployment guide, you know, methodologies fully multitenant follow our cost of ownership for service providers or for those organizations that wish to operate identity management as a service provider for their own organizations. And really what it does. It also seamlessly extends classic identity management, right?
Where customers who are running web access management site matter, API gateways, you know, identity governance, you know, solutions, you know, privileged manage solutions. They can integrate the, the, the capabilities. Then they integrate this platform into what they already have. And then very quickly start to deliver value to their existing architectures or enable their customers with new value propositions, such seamlessly delivering for example, application or seamlessly, delivering zero trust architecture to all of their API, for example, API management and API enforcement deployments.
And if we, if we really think about it, take a step back right. And say, well, what is what what's so different, right?
What, what is really different between, you know, digital I am, and, you know, the classic I am, you know, what's, what's really digital about it. First of all, the ability to incorporate the, the level of security and the level of identity into, into every component of the business fabric is really about being able to ensure great user first and foremost, it's, it's about ensuring great user experience. We can begin to deliver truly, truly passwordless experience into every application environment.
You know, whether it's be mobile based, you know, web based, you know, IVR based, we can begin to deliver, bring your own identity, right. You know, how many accounts can I continue to have? Right. We have way too many accounts. And I wanna use, you know, I want to use my own identity in many cases. And so being able to have this identity fabric really enables our customers to, to do that. It's the agility, right? The ability to meet fast-changing business conditions, customers, our customers want to innovate.
They want to move really, really, really fast and in order to do so, the identity capabilities, identity service have to be easier to use easier to incorporate, easier to manage built and open standards. Security of course, is this is really the, this is the risk based architecture for zero trust, right? By being able to have the fabric, right?
Every component of the fabric or every capability of the fabric can start to apply risk based analytics can start to apply adaptive contextual policy infrastructure, policy management, to decide how much risk is, is this component or at, or is willing to take at this point in time for this particular context? Well, obviously the innovation can be, can be enabled because of the API. First architecture we, as developers are in control, we want to be able to move fast, gimme the API, give the API Porwal let me integrate. I will be able to move really, really fast.
And also the multi-channel right to know my customer, being able to enable understand 360 of the customer across various channels, be able to allow our customers to integrate right with, with our enterprise over, you know, over different channels becomes really, really key. And so with that, I kind of see really what the digital, the value proposition of the digital IM right, is to be able to connect any identity to any application.
And as we, it Broadcom software work with our customers, we've introduced the security services platform. And one of the first services that we've delivered to our customers is what's called what we call the V P authentication hub.
And that's really the authentication management service that really enables our customers to connect any one of their identities to pretty much any application, whether it's a web application, whether it's a 30 party SaaS application, you know, whether it's a social identity, you know, needing to gain access to a new service that they're building and, and in the modern way, and trying to integrate with a number of other cl other cloud vendors or other SaaS providers, what is over these legacy custom apps, right? Or the native apps. It doesn't really matter, right?
The, the basic, the basic principles of what a, what a sort of capable access management service is, is really about, you know, having your risk policy and, and scoring is having contextual, right? The key is contextual policy management. In this particular case, it's authentication, obviously heavy use of open standards, both from the inbound and outbound perspective in terms of open IDs or Sammo breast APIs, and obviously different kinds of factors, you know, to support web and Fido push or TP password. So on so forth.
And what this does, it really, really enables our customers to be extremely agile, right? Their application development teams are able to use the platform, the fabric, right, to enable their business right, to extend their business, to new user populations, to extend their existing business, to new business opportunities, all and, and create, create very secure integrations. And all of that really requires that the, a fabric, right, really an Omni present fabric of identity insecurity services exists right with which they can, that they can leverage across their enterprise.
And I would like to also give you a sneak peek into one of our customers. If you actually look for this on, I believe it's on YouTube. You you'll you'll, you'll see the customer.
You'll, you'll be able to hear an interview, but this is a large insurance company in the states. In fact, they're, they're global and the way they, the way they see our architecture, the way they see the, the fabric, the way they see the security service platform and, and the API op hub, it's really a single access management platform, right. That begins to unify, right.
Enable, enables them to connect any kind of identity system to any kind of application infrastructure, right. With zero trust, right. While enabling their, their identities, their users, right. To consume different kinds of credentials and continue to evolve them towards much more, you know, much more productive, much more relevant set of user experiences. And I think as, as we continue to look at digital IM we will begin to see that the value proposition of a, of the fabric, right. Moves beyond just an access management platform. We'll start see the lifecycle of identity management, right.
Pick up the, the fabric, right. To create much better user experiences, much better self-service experiences, much better governance and certification and station experiences, and much better governance in general, because we'll start seeing fewer silos of data, right. Between the access world and the identity world, which, Sorry to interrupt you. We are running a little out of time. Yeah. I'm actually done. Okay. Yeah. So I think this was very insightful.
When, when we look at anti fabrics C.
