Okay. Yeah, our vision. So we started some time ago with this picture to, by the way, also to explain to our management and to, to the rest of the community, what were already doing about zero trust. And we took this analogy with this old fashioned static village, an isolated village. You might remember it. If you look closely to the, to the images here on the left hand side. So there's, there's a village, there's a fence around it. You have small houses within the village. And as you'll know, I mean, you're, you're used to the serial trust principles. So this is the old traditional way.
Whenever you have passed fence or pass the door, you are in that environment. And in case of the wrong persons go into that village, obviously they can hop from or go from one house to the, to the next and can also take things out of that. And that's what we would like to change with the trust. And having said this, I'd like to hand over to my friend and colleague, Peter, who is going to talk about our new dynamic trust city, which we achieve.
Thanks, Thomas. And I think what you can see there. And I think that's also our approach. So we have some products there, trains, airplanes, windmills. We have factories in it, which is really our production for that, what we sell. And we have some buildings in it representing application services, however you name it. And some cars and the cars is to drive us. I think you could compare with the humans and their devices. So what's the difference. I think everything is in a bubble and I think that's the main topic.
So the bubble isolated that airplane isolates, the factories isolates the building from the internet. There is no internet. Yes. We will maintain network where we need it to ensure bandwidth, to ensure communication connectivity, especially to locations where there is no good official and, and broad com communication. That's still there, but that what we want to go.
And I think that's, that's really, the topic is civil trust in everything in Siemens.
So Siemens should become a zero trust city, everything, every product we sell, every product we use, every application those we use is zero trust capable and is protected and is protects itself. So the building is protected from the building. We have AOR, nobody from principal after verification. You either could go in that building or not. It's the decision of the PDP and the policy enforcement point.
I think, you know, that we have special secured rooms in an application, in a building with additional access control, with additional requirements for strictly confidential information. And that's the principle.
And even, even the driver is the car. If you go to, to a garage or tooled garage, we, you show your ID card and we scan the, the car. And after that you are allowed or not allowed to pass. And even also a service, a application that wants to provide the service has to be trustworthy. And I think that's the absolute new thing. Isolated communication in between is allowed or not allowed by the policy decision point. And that's what I want to mention. Also again, we want to go for all, not only for it. So Thomas what's in what is in detail.
Yeah.
So coming from this, from those pictures, going more into the details and the technologies, what we, what we are achieving for in our, as part of our zero trust implementation activities in the end, it's about no internet anymore. I mean, as you have followed the zero trust principles, that is one of the key components we want to get rid of the, the, the, the so-called traditional old intranet to be crystal clear here in the huge and complex Siemens environment.
There might still be areas where you could consider the networks there, there as something as a, as an containerized intranet, but it will definitely change from that huge one big intranet, into many, many different, very, very small bubbles containers, you name it. And that's what we want to achieve for our clients down to also special networks, even into factories. Let's see how far we gonna get there.
But in the end, it's about getting rid of the traditional alt intranet.
I mean, MFA, multifactor authentication each and everywhere. That is also one of the activities which we are driving for currently. And we already achieved a lot in those areas on the identity space, but also here, we tried to continuously enlarge debt to also the non-traditional use cases like a human being is, is accessing some modern depth application. We try to go beyond and also gonna see what, what we can do there, privileged access management pump for administrative access to systems, which we try to also protect with the technologies of Palm even further.
And here we, you can see two abbreviations, which are Siemens specific. Those are our IDPs, our identity provider systems. We have my ID that is a ping based solution, which we run inside Siemens for many of our web applications. We have Azure ID, the Microsoft ecosystem for, again, our office 365, but also lots of other applications. And then we have something, what we call Siemens ID that's Aero based solution, which is primarily used for our B2C activities. So customers external. Yeah.
I would not say partners, but external customers also here, here's the goal to enable all, all of those IDPs with the zero trust policies and connect all of the applications wherever it's possible to those nine main IDPs.
And I think that's more right, Thomas, the more and the more is I think Thomas always tend to say that the IDP always, I always tend to say it's a PDP policy decision point because that what we implement now in Azure ID and in my ID is really to check not only the user anymore, we check identities.
And I think having that big picture in mind that, that we mentioned with this new smart city, you have to have identities for all, for user, for devices, for application, for services at the end, for each single data element. And you can choose, is he allowed or not allowed to access the data? I think yes, from, from the current status, we are in the way to say the application is the stuff, but again, both sides application has to be ready to serve and the user and the device has to be ready to access.
And even also on that topic, the PDP at the moment decides you are allowed or not allowed based on a minimal security level that we require for that application in the long run. There are still the minimum security level that we want to measure and allow or not allow. But then we, he that application that their attributes user trust device trust, current attack, situation of Siemens, current attack situation of that area he's working on. And then the application should decide a more detailed approach PDP looking forward.
I think Thomas mentioned it a lot with the containerization isolation, encapsulation, however you name it. I mean, you mean by always talking about bubbles, not only servers and applications are, should be in bubbles. Also our bots, our robots, our factory devices, everything should be in and again, start from the approach that we have location based. Then we separate in the location coming back to each device, each application, that's the approach, which directly leads to that neurological net network anymore, which is micro segmentation.
And, and that's also quite new. Every single desktop laptop, mobile still is in the internet, wherever is. So we really get rid of the internet and of the zones in the location that represents the internet coming from that point to the vision again, and I, I mentioned that in a couple of the topics. So our vision is big, the Siemens target vision to have to be fully civil trust, to have all factory devices, all application, all services, all, all products, especially from a train was Matic area, zero trust Brady, and in the zero trust architecture and concept is big.
And that what we learned is seems to PBRs pretty alone with that vision, with the complete vision, most of the companies talking and also vendors talking about zero trust, having always user and device and it in mind. So that's the main difference. That's the gap to our target vision and having that in mind. I think the problem is the technology true. Great.
That's
Up to you.
Yeah. Thanks Peter. So here on the, the blue line, that, and by the way, that's obviously a, just a systematic picture.
So don't now ask me, so whether this, this red and this blue curve and what this, this, this hop here really in detail means, but this is a, a slide we just scribbled some time ago, which where we did some expectation management also with our management. So the, those blue lines here, this, those are the technology availability of our main partners.
I mean, so far as you have recognized, we didn't talk about technology itself and about partners, but to just to name some of them, I mean, we are partnering with Microsoft. We are partnering with ping identity. We are partnering withi. We have a huge footprint on the network side with, with Cisco. And whenever you talk to those providers to those partners, you recognize if, then we let's say go beyond the typical, it use cases.
Once again, natural user with a, with some kind of a device wants to, wants to access a modern web application.
Whenever you extend to factories, to machine, to machine communication, to different protocols, to, I don't know what, then you, you reach some areas where then the partners get, ah, we need still need to work on that. And this blue line now more or less shows you have certain uncertain times you have then new features being released of one of those partners. And what we also then do that is the red line. We try to adopt those as part of service implementation, but still you, you see here, if you compare then again, our vision target vision, the, the green line here, there's still a gap.
And we expect that there still will be a gap next year. And there might still be a gap the year after at least compared to that, what we want to achieve just last but not least the, the, the gray and the, and the black lines.
Those are our implementation activities, which is about identity trust, and, and, and device trust in our IDPs, in our PDPs application protection and stuff like this, what we already talked about, okay, how do we measure that? So what we have done, and by the way, this is, this are real numbers. This is not just fake.
We, we brought in a dashboard, a power BI dashboard where we, where we now started counting and also analyzing and giving transparency to our management in three different areas. So we measure applications, we measure our activities in the locations, so more or less network activities, but not only those. And we also measure our own products and each in each of the categories, we have, we, we, we measure the things from our application repository. For example, with our network team, we differentiate we between simple sites, complex sites, factory sites.
And we also did some first POCs and first activities on the products area, as Peter just mentioned, how does the product talk to the backend system, whatever the back backend system is and how to incorporate your just policy policies there?
You know, that's a, that's a special view on our sites. I think we have a lot of, I think, 2000 something locations. And I mentioned that, that what we want to go for is to get rid of the intranet to split that in different micro segments. That's how we measured that, starting by that what we called client zone.
So bringing all desktop handy, mobiles and all that stuff in a special segment with direct access to the internet no longer in internet in that sites. I think the next one is the, the stuff that we want to mention a bit more. I think our, our clear journey is, and we, we started selling that civil trust as a journey. So it will take a couple of years, which is, which is not easy in a company like Siemens to sell that we need money over a couple of years to bring Siemens in that direction, civil trust, or even then in that civil trust city picture.
So we started to say, Hey, we have to do it either complete or not. And I think either complete is that what our board gives us the clear mandate for. And that's cool.
So, but, and that's the big part. You have to show that, that you get something implemented and that's the start small, I think step by step started by taking the standard ID piece and transform them to PDPs that they are able to measure device trust and the identity trust and identity assurance level authentication, assurance level. That's all small steps in that direction. And that what we clear mentioned in this vision slide is also sometimes you have to go step by step and very small steps and not directly in that direction, you want to implement the vision.
And that's also that prioritize wisely. I think, see what's the, what the market is offer, take that what they offer, because I think development is not always the best topic to go. And if there is a big gap, like we identified in that area of industrial zero trust means the PDP in the factory that has to decide very fast. That could not be a cloud solution. And I think that's the topic. Then we choose as a development part. So on that journey on the big journey, put it in chunks and then start implementing. So Thomas what's next.
I mean, this is by the way, our, our, our fiscal year quarters. So in, in, in this fiscal year, we still are now, as we speak, we are focusing on application enablement. So as you have seen, or maybe recognized in one of the slides before we have around 6,000 applications currently registered in one of our application repositories, we now are heavily working on the application enablement. We also working heavily with our network team on what we call internet own clients on. So we want to have all the clients independently, still the majority of the Siemens people that work like I do.
And like Peter does currently in home office. Nevertheless, whenever the idea is whenever we go back to on sites independently of where we are on the road at home, on the Siemens site, we have a client zone, which is, which is directly connected to the internet.
And there's no change and no difference whether you are in your office or whether you work from at home and last, but no least factory enablement. We are working heavily together with our factories and our factor stream in the program on getting our factories zero trust enabled.
There's lots of network stuff going, going on there, but there's also things going on there. Like Peter just mentioned PDPs, which are capable to fulfill the factory requirements like realtime and whatever. Having said this, for those who gonna join the European identity conference in Berlin in, yeah, just, just some days from now 11th of May, we might meet there. We're gonna have a presentation in more detail than this, what we now had today. And then we can get in touch would be fine and perfect for me to get in touch with you.
Yeah.
And we pick one of the, the topics to get in more detail in the conference. Okay, good. So heading back.
