And great to be here. It's great to see some fresh faces this morning. I'm guessing the people that aren't here are the ones with not so fresh faces. So as it was explained, my name's Chris O and I'm director of product management, ATS, and really the topic of today's conversation is about world's colliding and how identity worlds are coming together. So one of the things that I say to myself every day when I wake up is we've really made identity complex, and this can mean different things to different people.
But to me, when I look at the identity space and what we've done with it, we've got a very fragmented kind of world at the moment. Now, if I go back to when I started my journey in identity, identity management, privileged access management were two very different silos. There were two distinct areas of the business that tackle different problems.
If we look at identity management, the problems that we were trying to solve were joiners movers, leavers. We wanted to do provisioning, de-provisioning re provisioning and certification of access. And really those challenges still exist today.
We still want to do these things today, but it's a very different world that we live in. So we used to connect to HR, finance, ERP systems, EHR systems, EMR systems, and that did a great job. And it still does a great job today. If we look at the privilege world, when I first started working in privileged access management, it was around 2001, and it was very much a date center. You had a bunch of servers in a date center and you put in place a vault because you wanted to manage the credentials. It was all pretty simple privilege management evolved.
So we took on session management session recording. We took on lease privilege. We took on threat analytics, but it was all focused on the known. And when I say the known everything we had within a data center that we knew we had, it was static. If we wanted to spin up a server, you're looking at a 12 week request to get a server provisioned. It would need to be racked. It would need to have its identities provisioned into it. And it was all quite a manual kind of process.
But then things changed and things started to change around 10 years ago.
And these two worlds started to get closer together. There's been a number of drivers for this one is the adoption of SaaS. So the adoption of SAS means ultimately we're living in a world now where our applications are in somebody else's data center, our servers don't necessarily exist as servers anymore. They could be serverless functions, they could be dynamic workloads. They could be Kubernetes that are kind of going up and down, but things have changed for the better.
If we look at what we're doing with identity now, we're not just provisioning into or out of HR, finance, EHR, EMR, et cetera. We're provisioning into applications. A lot of these applications are SA based, but our challenges still remain the same. We want to provide access into applications. We need to govern those identities. And we may want to provision deprovision access in adjust in time, way to those applications.
If we look at the world of privilege, privileged access management has again changed because of SA.
So we're not only adopting privileged access management tools as a SAS-based service, but we're now doing just in time access to applications, to consoles, to platforms. The key thing really here is if we look at the applications, the infrastructure list, it's pretty similar to what we're doing with identity. It doesn't just stop here. If we look at adjacent technologies, we look at markets such as IDAs identity as a service, a number of great vendors in that space. But what is it they're doing well, it's not just single sign on. They're doing provisioning and deprovisioning into applications.
Those applications happen to be the same apps that we are using in identity. And in privilege, if we look at the next wave of technology, you've got sassy. So technologies such as CASB all combining into one, essentially that's doing identity based provisioning into applications.
So here, we've got a bit of a problem. We have four distinct markets within identity that are actually all really doing the same thing. They do it in a different way, but we're all talking to the same apps. We're all doing just in time access. We're all doing provisioning. De-provisioning re provisioning and certification. So which technology is going to win and what's going to win. So we like to call this convergence and convergence is essentially what happens when these worlds come together. And there are a number of reasons that convergence is happening.
But ultimately the end state of convergence is a single platform. I think we'll all admit we can't have four distinct lots of technology, all doing the same thing. It's kind of crazy. It doesn't make sense. And it's gonna lead to a lot of confusion in the industry.
So having single platforms that deal with the privilege side with the identity side is something that we see happening in the market. It's something that we are going to see more of. The reality is the reason for doing this simplicity. We want simple solutions. We want a one size fits all.
If we can have it, it's not always possible, but we do know that we can't have four solutions doing the same thing. Convergence convergence is the key word. And it's not just us as a vendor saying this, this is happening right now in the industry. And there's a number of mergers and acquisitions and things like that that are happening that really tell you that this is coming. We need end to end identity life cycle management. The reality is everything has an identity.
So having an identity and access management program focused on carbon identities, carbon life forms that doesn't make sense anymore. We need to factor in non-carbon entities. So what happens about my workloads, what happens about my policies, what happens about my DevOps, C ICD pipeline, everything within there has an identity that needs some form of governance over it.
Now, if we think about the market and think about what's happening in the market to make us think that convergence is happening,
We look across our competitive landscape across privilege, across identity management, application, access governance, data, access governance. And there's been a number of key signals that really tell us this is happening right now. One of those things was cyber, you know, a fantastic traditional privileged access management vendor started out in the account.
Management space, made a number of really good acquisitions, took them into kind of lease privilege into the DevOps space. And a couple of years ago, they acquired adaptive adaptive IDAs vendor takes them into the Ida space into the application space. If you look at their messaging, the messaging has moved from privileged account management into identity management, a number of other key things. We look at Karta and centralized merger together. Joining two forces together, again, with a strong identity focus. We look at Okta Okta announce the release of an IGA tool and a panel tool.
Again, providing a single consolidated platform. So lots and lots is going on here. This is happening now because customers want simplicity. Customers want a platform. And we assent would like to think we had a part in this.
You know, our vision started roughly 10 years ago when we started outlining our vision of this platform, we envisaged having a single consolidated platform that provided identity security across a number of key areas.
The converge platform, as we call it, the enterprise identity cloud built for the cloud and in the cloud. When you build for the cloud in the cloud and cloud native, you wanna make sure that there's no on-prem footprint. You want to make sure there's no jump boxes. You want to make sure that there's no complexity in our infrastructure and things like that.
You want to make sure it's easy to implement, easy to deploy and gives a real fast ROI by being cloud native. We know that we're protecting ourselves against the future. So when we built this platform, we built it on five core tenants, the five core tenants, as we see the identity space, kind of existing, we know that we've got third parties. We know that we need to govern the identities, manage the life cycle of those third parties. We know that this privilege privilege exists. Everywhere. Privilege is not going away. Privilege is not just about identities. Privilege is about applications.
It's about data. It's about sensitive access. It's about remote access privilege exists everywhere. That challenge is only getting worse. That challenge is getting worse because in cloud, everything has an identity.
When we talk about identities, identities is not just a carbon based life, life form it's non-carbon based it's machines, it's workloads, it's policies, everything has an identity. Everything needs that identity managing. When we talk about applications, how do we govern our application estate? How do we know what applications are running?
How do we know where they're being used, who they're being used by and how do we deal with fine grained, entitlements within applications or things like cross application segregation of duties. Then we talk about data. Data is the most sensitive part that we own data is what a bad person is after. So we need to be able to provide data access governance. These are the five core tenants that we built the enterprise identity cloud on. And ultimately we think we think fingers crossed.
We have a platform where we provide visibility, governance over every type of identity that you are likely to see with you in your environment. Key benefits, zero trust. I think everybody is on a zero trust journey right now, but honestly, zero trust means different things to different people. I've heard at least five different explanations of it yesterday.
And it truly does mean different things to different people. There is no right or wrong way to do zero trust. Zero trust for us happens at a number of layers. We talk about zero trust, applying to identity.
We talk about zero trust, applying to privilege and to data access. Everybody has a different zero trust journey and there's no right or wrong way about going about it. Next step is adapting to the changing landscape. Everything is changing every single day for all of us, and that's not gonna slow down. As we adopt more applications, we adopt more cloud. The complexity within our environments is going to grow, and there's no easy way to solve that. There's no technology that will solve that problem. We're here to make it easier for people. How we make that easier is automation.
Automation is the key. That's gonna enable us to have a more successful journey in our identity life cycle. Our identity governance that automation comes through leveraging technology technology, such as artificial intelligence, machine learning, all of which can be used to essentially give insight, risk, awareness, and capabilities around automating our life cycle management, our governance and our risk awareness.
When we talk about risk awareness in identity, risk awareness comes via context. And we've talked for quite a while now about identity being the perimeter.
Well,
That is true. Identity is where it stops. Our identities are everywhere. We don't have them locked in a safe, we can't control them. But for me, context is the perimeter. If you don't understand context, you don't understand risk. So one of the key, I guess, things that I'm gonna say we're working on it.
It's, it's a vision for us is the ability to trade data with third party security platforms for us context is the perimeter. And in order to get that context, we need to know what's going on on end points. What's going on within applications, what's going on within cloud platforms. What's going on with the security configuration of these systems that we're connecting to. So ultimately pulling in these data feeds, cutting out the weeds and provisioning access based on data that we're providing in these risk insights for us, these are the four key benefits that we see in a converge platform.
And we realize that convergence is a journey that many of us want to get to, but it's really hard to go on that journey.
What we see happening from a market point of view, mergers, acquisitions, vendors, all going on this convergence journey. And I think ultimately we've got an interesting two to three years ahead. As we see technology such as sassy. We see technology such as I does come together and look at it from a different angle in terms of machine identities and what those machines have access to itself. So thank you everybody for allowing us to talk today. Really appreciate it.
I'm pleased that I've done this three minutes early. I was three minutes over every time I did it in my hotel room at 4:00 AM this morning. So we've achieved something at least. So thank you everyone.
