KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Employee Identity & Access Management (IAM) and Consumer Identity & Access Management (CIAM) are typically separate in terms of governance, processes, and technology. But, by leveraging the synergy between the two, businesses can achieve better sales opportunities as well as faster digital transformation, better customer journeys, and improved security, privacy, and compliance.
Employee Identity & Access Management (IAM) and Consumer Identity & Access Management (CIAM) are typically separate in terms of governance, processes, and technology. But, by leveraging the synergy between the two, businesses can achieve better sales opportunities as well as faster digital transformation, better customer journeys, and improved security, privacy, and compliance.
Welcome to today's KuppingerCole webinar, which is supported by Deloitte. We will talk about "Accelerate your digital transformation through identity". My name is Christopher Schutze, I'm director for the practice cybersecurity and chief information security officer with KuppingerCole. And I'm here today with three very interesting speakers. We have Clarence Chase, we have Jan Jaap van Donselaar and we have Gus van Es, all from Deloitte in our webinar today.
Okay, so also a short hint about our next KClive event, which can be attended by you online and for free. Our next one is on July the seventh. So next Wednesday, and it's about cloud strategy optimization and ensuring efficient and secure collaboration on the cloud. So really very interesting and cool thing before we start also some housekeeping, our experience, maybe now our attendees will know this slide. We have audio control and you are a centrally muted, and we will control this feature and there is really no need to mute or unmute yourself.
We are recording this webinar as well, and it will be made available short-term after the session. And today there is also really enough time for your questions. You can enter your questions at any time using the go-to webinar control panel. And I will ask your questions to the speakers whenever it makes sense from the flow or at the end of the webinars, accelerate your digital transformation identity is today's topic. So therefore we have four parts in our webinar.
I will start with a really quick introduction into identity and access management as an enabler for business, then follow up by host with, with his thoughts about digital transformation. Then we have
If we are not able to answer all questions today, in respect to the time the colleagues from Deloitte will answer them afterwards. So no question we'll be unanswered today, but now let's start 2021 is a year of unification. It is triggered by a strong tendency to work remotely, which has triggered the speed of digitalization a lot. This is a challenging thing for larger and also smaller enterprises, which have grown over years with traditional software and user management, always following the approach of implementing new requirements to both identity and access management, really on demand.
KuppingerCole always advise us in the direction of thinking forward of implementing something like a centralized approach and view on identities within your organization, identities, which interact with you, identities, which work for you, your employees, your customers, and for sure all your devices, your databases, your chatbots, to all these identities interact with each other.
They communicate, they share information and data through services, all with the intention to support your business, to support security in the best case, our ideas to have a centralized approach here, something like a fabric construct, which allows all identities, potentially access to all of all your systems.
Really, no matter if they are on premise federated embedded or in the cloud, or as a service to this would help an organization to onboard and manage identities really fast, allowed to implement new business models with new services, which can use customer data, or you have something like a checkbook or any other software reporting process which supports business or delivers a new business value to your customers.
Having a centralized approach enables your business to react fast on demand with a high focus on something like an API based approach to connect everything and to simply summarize it, identity enables business. And now I'm really happy to extend this few with a strong experience of today's guests of Deloitte. And who's maybe we start with a short introduction of yourself. Yeah. Thank you very much, Christopher. And thank you for the opportunity to speak to everybody about what we think is a differentiating theme within digital transformation. So my name is Chris Juarez.
I lead the Lloyd's identity capability team in Europe and effectively. What we do is we help organizations like yourself to reap the benefits of digitalization in a responsible and secure way. That's what this is all about. Really cool. Okay. Then maybe we start, what are your thoughts about the challenges within the digital age?
Yeah, no, thanks for that. And as a reminder to the org to the organization on the call, so this conversation is very much about helping you to get tangible, practical, and actionable insights on how you can leverage digital transformation through identities. But before we dive into that, so the first topic is really around digital and digital transformation. And as I think we all recognize as in our businesses professionals, but also as consumers, as citizens, we are very much at a digital age.
So organizations around us in our own organization are rapidly becoming more digital in facilitating both AOS as consumers and citizens, but also in facilitating businesses internally and among businesses. But as you probably recognize, as I do that, the engagements you have within organizations can differ quite a bit in how well organized they are and how well you feel facilitated as an employee, as a colleague, as a citizen or as a consumer.
So roughly if we go to the next slide, what you could say is that there are four domains where an organization can find themselves in a forest stage is if you like, we've defined them as accordingly. As you see on the screen, it's around being more in exploring phase or starting to do digital or becoming digital or actually being digital. And as you read through the slide, what you might pick out of it is that the approach to digitization differs and has a very fundamental impact on the face that you find yourself in.
So if you, as an organization feel that digital transformation is actually technology topic, then you probably find yourself in either exploring or doing digital. So you haven't really changed, fundamental surround your organization, but you do think that further digitization might help you and you're adjusting some of the technology experts around it. And to be honest, we see most of the organizations getting stuck in that second phase where they haven't made any fundamental changes, but are trying to make tweaks based upon technology.
And actually that creates a lot of problem in inefficiencies and a lot of legacy for the future. However, those organizations that embraced the fact that digitization is about the purpose of your organization and the role of digital transformation.
As of it, they take a very different approach to digitalization and it starts with the end in mind, meaning they think about their overall strategy. They think about the associated governance, the process required. And then indeed also technology comes in. So this of course poses an immediate question for everybody that's listening today, or that will listen to the recording. That's where do you feel your sits? Where do you sit as an organization, but also as a leader or a decision maker? To what extent are you driving your organization to being digital instead of exploring or doing digital?
Now, if we move on, what does good look like? So ideally you bring this altogether and the organizations that do that very effectively see the business benefits of being more digital. They see both on the customer side in how they facilitate a customer journeys, both digital and physical, because they are integrating, they see it in work. And how do I facilitate employees to leverage all the assets, all the information in your organization, making people more effective and efficient, and it's around your operations overall, how efficient are you? How predictable are you?
How's your operations run? So there are many business benefits that come together and can be leveraged if you have the appropriate digital approach, wanting to position this as context, because next we want to talk to you about is the whole concept of identity within digital transformation, because we believe that how you go about your identities and your concept of a digitalization makes the difference in how effective you will be to leverage digitization and to reap the business benefits that it could Back to you. Christopher.
Yeah, there was a short delay when turning on the camera again, thank you. Of course, for this really interesting insights here, and again, to all our attendees, please feel free to ask any question you have. That's what we want to achieve today. Really discuss with you. Cool and interesting things we have here, the experts, and want to share our thoughts with you. So maybe we start with the first question here. What is the role of leadership really to move from being from doing digital, to being digital?
Yeah, It's a question we get a lot actually. And first and foremost, embracing the fact that digitization is not about technology and every senior leader has a role to play. It doesn't matter if you're the, the CFO, the chief data officer, everybody has a role to play when it comes around digitalization and it starts with the first thing, really Christopher. And this is what a lot of organizations unfortunately struggle with being extremely clear and consistent on what the purpose is of your organization and what the role of digitalization is as part of it.
That's the first thing being absolutely clear on the purpose and the role of digitalization in it. And then the second, because now people might think, well, that's a bit high level, but the thing is, and then how do you ensure and enable your organization to take the decisions accordingly in that context, we see a lot of fragmentation and if you don't have the same messaging from the top, and then you don't facilitate the organization to make the appropriate decisions, that's where things go wrong.
So tone at the top clear, consistent messaging, and then enabling your organization to make the right decisions and support them where needed. That's really the fundament.
Great, Good answer. And my other question, which is the expected effort for being digital to achieving the, the last of the levels you mentioned, what, in what sense? Probably of achieving the goals or the ease work or something like that I would expect, but please the one who ask the question, feel free to add anything. Yeah.
Well, first of all, it, of course starts with your starting point then, because if you are, have a very digital mindset from the start then of course it might be that your legacy in terms of existing governance process and technology is already quite far advanced. If not, if you have, if you are an organization that's been around for a long time and has been adapting slowly, but surely then of course, the complexity of making the change is bigger.
So it's very, I think organization and situational dependent on how you do it, but also there, it starts with that same mindset and making responsible to X because in the end of the day, this is also about taking risks, but in a responsible way, depending on what your starting point is. Yeah. I think this answers the question I have no, no further feedback. And last question, before we go on, oh, that's a good one. What is after being digital or how has this mean? Is AI and automation already part of being digital? Or is this the next step?
No, I think that many organizations it's a bit like clouded. So first people felt well, we're not juicing clouds. And then they find that actually every organization was already using several kinds of clouds. Also with AI, I think more organizations than they think already use certain elements of AI up to an extent. And that will, of course continue. I think really the next step Christopher and the person who asked the question is that once you master this internally, then it's important to start thinking about your role in your ecosystem because digital transformation doesn't stop with you.
It doesn't have natural boundaries. It's very much an integration challenge. So ideally you start with the concept of your ecosystem on day one, but if you're not there yet, then probably that's going to be your next phase. Definitely. Okay. Who's then I would say thank you very much. And we will see you at the end of this webinar again. Okay. Thank you. So the next speaker or the next part?
No baby, not young. Yup. Please introduce yourself to the audience.
Yes, sir. Thank you, Christopher. So my name is
Okay, Great. So in the previous part, we heard a lot about being really digital and the digital age, especially about various business opportunities within what is the challenge here was enterprise identities and customer identities when talking about digital is digitalization and identity and access management. Yup. Yes. Fifth grade. Thanks for that question. So what I want to talk about is how digitalization blurs the traditional demarcation between enterprise and customer identity and how the synergy or integration between these two domains creates a basis for business benefits.
So in a traditional world, the more analog world. So if we say we have typically seen strong demarcation between enterprise identity and personal identity, but for many organizations. So on one side of the spectrum, we have enterprise identity and access management or enterprise identity in short, but just related to your organization's workforce and has the goal to make sure that your internal and external workers after I've access and privileges to provide systems and data for the right reasons.
So typical capabilities related to enterprise identity are for example, identity governance and administration implement, join and move and legal processes into assign access to your workers, but also privileged access management where additional controls like a password rotation session reporting are put in place to improve control to our most critical assets.
And then on the other side, there are system identity, which is related to your customers and has to go to make sure that your customers can acquire and consume your products and services customers in this case can be your business partners that procure your goods or services. So B2B basically, but it includes private consumers as well. B2C in short, typical capabilities for customer identity.
It include, for example, onboarding and registration of customers, which will provide your customers with an account and access to your services, but also a customer profiling where you keep track of the interactions that our customers have for, for services to improve and personalize the customer experience, and also to potentially increase your engagement and conversion rates. As I mentioned in the traditional world, what we see is that in many organizations, enterprise and customer identity are typically separate separately positioned.
So enterprise identity is often part of the IP or security team where a customer identity is more positions toward the business. For example, if in the marketing or product team, although you might expect that there are central teams in place that's control each of these enterprise and customer domains end to end. That's also not always the case. We actually quite often come across organizations where I am capabilities are spread across multiple teams throughout the business.
And so as an example, we might have a large international operating manufacturer of electronics and we're just delivering chips to, to business partners. So B2B, but also sales and products directly to consumers, B to C. And this manufacturer has a business efficient for chips, which Chelsea's chips to our business partners. And it hasn't got a business efficient for end products that sales and products like televisions, computer screens directly to consumers.
And what we used to see and actually frankly, a steel sheet is that in these kinds of cases, both deficients create their own solutions to deal with the topic of identity in their own way. Of course, specific to the individual use cases that these people's identity is not being approached holistically as part of the organization strategy, but as the next slide depicts, we now see that the one so clear demarcation between enterprise and customer domains is blurring.
That's driven by the digitalization, that many organizations go for distance, which then is impacting people, process and technology. We see that both employees and customers have evolving expectations and I will point out a few, but the first one is about the ease of use convenience and the frictionless experience that is expected. So for employees, this means for example, that they can login to any corporate system.
They access to one set of credentials and no matter which device they used to look with, but for customers, this would for example, mean that they can easily create an account of your organization, whether they use a laptop or a phone to procure or access your products and services. And towards the future, customers will expect that the digital and physical interactions with our organization are connected as well.
So that's, for example, the sales associates in your physical stores can provide data shopping experience to your customers based on the preferences and shopping a suite with your online store. Secondly, the expectations around security are changing both for employees and customers as they become both more security aware. So for employees, this means for example, that they expect you to improve your security posture with advance authentication and conditional access. So that additional security controls like a step of authentication created this good.
For example, we, based on the device, your employee is using to access your corporate applications or on the locations, your employees trying to access your applications from, for customers, it's all about how secure they feel your surfaces are, which your, for example, defined by how you treat personal data, but also by more visible security measures like multifactor authentication, which serves as an extra measure to protect access to your personal accounts and data. And that brings us to the first point control over data, privacy expectations are increasing.
And then in general, responsible organization wants to be known for protecting personal data and privacy. Because if a breach occurs, this will demonstrate integrity and you might lose the trust of your customer health, I guess. And it's not only customers that become more and more aware and make better informed decisions on how the data issues and protected by organizations. But the same goes for employees as well.
Stay one, I need to know who is using that data within the organization and also want to be able to control the usage of that data. And at the same time, there are a common challenges that both the enterprise and customer domain are facing. We still see organizations, for example, struggle with an inconsistent user experience, which for employees means that they need to follow different processes to get access to different systems, but also of course, inefficiency in their work. And it leads to hidden costs.
And for customers, it would be that you have multiple ways to access your services like through a webpage or through a mobile app. And the app might offer different features. Then your webpage is inconsistent. User experience put frustrated customers who nowadays have a little patience and this might drive them away from use. Another challenge is the lack of single sign on.
So for employees, this results in needing to remember multiple events and passwords, to be able to access the different business applications they use for the day-to-day activities and for the customers, this might mean that they need different logins to access, for example, your web shop or your support for a typical challenge instead of having multiple repositories for a different user populations.
So within the employee domain, of course, would for example, be milled for HR sources for different organizational entities and then the customer domain, but this reflected by storing different kinds of customers in different CRM systems or just storing customers decentralized per portal. So for example, storing them separately for your web shop and sewing them again for a support portal.
In all cases, you will miss out on having a sense of 360 view of your customers and for both the employee and customer domain ghosts, that these challenges are often the result of not having a central platform and as such no sense of overview who manage our identities and their exes. Now, what we see is that the way employees and customers interact with your application landscape is changing, which is a result of facial transformations, as well as the evolving expectations of NPS and customers, which then again, leads to the blur of the demarcation between the enterprise person.
So this finally, the systems or applications used by employees and customers were different ones, which in many cases were designed and developed in total separation from each other. So for example, the ID division will be working on the development of the back office system for your employees to manage and maintain the contracts with your business partners, where at the same time, the product efficient would be working on the partner portal in virtual business partners to buy a product. And also as part of the registration journey, provide the data required to set up a contract.
If you see, systems are not connected and manual intervention by employees is necessary to enter the provide contact details in the backup system for processing. But since a digitalization is increasing, the depth of interaction and organization has with customers. There is an increased need for customer facing applications and portals to interact with the same backend systems and employee would interact with.
So for example, that would mean that your business partner and the pull data into the partner portal, which only had stern directly interfaces this data to the back of the system for processing of the contract and
So applications from both employees and customers interact with which we see more and more as a result of the ongoing digitalization. And as a result, we see the one so clear separation between enterprise and customer domains. And that of course has impact on how you deal with digital identity in a way that is efficient and improves customer and employee experience, oh, my training, the right level of control, and this asks for a holistic approach to digital identity.
So moving on to the next slide and to recap vertical drivers for a holistic approach to a true digital identity, our customers and employees will increasingly need access to the same systems and applications. They have similar expectations in terms of ease of use security and control, and therefore needs to be supported by similar capabilities and to illustrate the letter for both domains that are identities that need to be managed. And these identities you'll need access to multiple applications and portals. And we want to facilitate that with one set of credentials per identity.
So one keys are the same, well, of course, providing the right level of security by taking into account the context of the interactions and transactions taking place. And by applying relevant controls like multifactor authentication, when that is appropriate by addressing digital identity holistically, this will bring you advantages and support for digital transformation. It will lead to efficiency for integrations from business units and channels.
We have established that you need similar capabilities for both the employee and customer demands, and by addressing them holistically and bringing these worlds to better, you can define the capabilities in a way that is aligned to your overall strategy or being more efficient about it. So we are in a traditional siloed approach.
We will see different stakeholders making strategic identity related choices and decisions each for different populations like your employees, customers, partners, this will lead to divergent and potentially even conflicting choices in terms of design architecture, technology, and the search that would increase the complexity of your identity capabilities for ultra landscape, which will make it harder and harder to move along. That divide base with the actual changes that will be subtle. Transformation requires on top of that.
It could be that a certain existing capabilities within our customer domain are already more mature and more advanced than in the employee domain. Like for example, the way you deal with authentication. So we're actively seeking synergy and collaboration. You can potentially reduce existing capabilities from London to Boosie on it and save costs, which brings us to a knowledge share identity. Knowledge is scars. And we see many organizations struggling with finding people with the right knowledge, by breaking the silos between the enterprise and personal identity teams.
You bring all relevant knowledge within your organization together, which will forcible aberration and making optimal use of the experience. That's what I do in house. This facilitates the building of knowledge through cross training and will also allow you to work more effectively and efficiently by involving device skillset, but the right job and a such deliver on your transformation roadmap.
And then there is improved security and control addressing identity recipe, which stands for governance processes and tooling will provide you with sense for oversight central steering opportunities and the search improve control over your pistol identities. This would, for example, allow you to monitor in real time how your customers are interacting with surfaces sport, malicious behavior within your hybrid application landscape and active bullets to improve your security, but also means that you can create better insights in where your customer's data is at.
So you can take appropriate measures to protect your customer's data and the privacy to, for example, prevent data breaches and the search protection brand integrity or fostering a data preference strategy. That is part of the digital transformation. And last but not least, there is the advantage of improved experience and satisfaction because within the ad sets you apart is your experience you provide for your employees and customers. And that's what creates loyalty to watch it. You want to deliver as much as uniform and soon as experience as possible for both your employees and customers.
This all increase the efficiency of your employees and boost the conversion ratio for customers and as such drive revenue. This means that you will have to work better across the different domains and address identity holistically to make this happen and to end. And once you have for lunch or people, governance and processes, and simplifying to our technology landscape, you can accelerate and control digital transformation across the organization back to you, Christopher. Perfect. Thank you very much young. Yeah. So we have a couple of questions to you. So maybe we start first one.
How do you see the role of non-customer or enterprise identities for digitalization here? How do I see the role of, sorry, could you please repeat Non-customer and non enterprise identity? So probably the things I mentioned at the beginning, a car process or service.
Yeah, that's a good question. I would say that that's definitely part of an holistic approach to identity as well. So indeed we only touched upon the, the enterprise and typical enterprise and customer domains, but I would normally indeed include application and machine like identities as well. So the non personal identities, that's what you have to take into account as well.
Of course, Definitely. Okay. And other one is maybe a little bit clarification.
It is, you say it would be a good idea to manage customers and employees in the same system yet most identity and access management solution providers, cm and enterprise CRM, specific solutions are only focused on one technology. Is this an other idea here or is it a combination, like for instance, this thing I mentioned at the beginning with the identity fabric, so combining various services to deliver some central things to your business here.
Yeah, exactly. That, yes. So I do not literally mean one system to manage all populations, but for example, people talk about customer specifically. It would make sense to have done centrally stored somewhere instead of having to go around the organization and find the right data for the right or for the different populations that you have large or organization basically.
Okay, great. And last question, where do we start? Or when do you start to achieve really a holistic approach for it and what is the first thing to do? That's a great question. So working towards a holistic approach starts with having a clear picture of the digital transformation that your organization is in, and to have an understanding of how this translates into a crime for a digital identity. And once you have those requirements clear, you can translate this into efficient and strategy for identity.
And with this in mind, you can then define the gap with the current state of affairs and translate that into an actionable roadmap. That's what I hear. That's how I would do Sounds very easy at the end, but it's a very complex process, as we all know, w w we are working in that area. So thank you very much and see you at the end of this webinar. Thank you. Thank you. Okay. So Clarence already the last speaker in this webinar, and maybe also short introduction about yourself. Thanks Krista for Clarence chase technology, managing director.
I'm responsible for delivering identity for across our entire global. Great, cool.
So, yeah. Yup. And post talked about digitalization and the role of identity. Maybe you can give us some practical insights into the topic from your view, from your work it's periods. Thanks Christopher, first and foremost, I want to reiterate a few things that my colleagues stated first and foremost engagement is critical. The world we live in today, relationships are in real time choice. It's infinite and choice. I would say quite frankly, is required when it comes to our customers and our enterprise employees. And then change is constant.
And then yap talked about the holistic approach and the advantages of identity within digitize did, did digitize the mission, excuse me for that. And that, that tips off this slide here, where identity is positioned as a unifier for the enterprise experience and expectations, as well as our consumer expectations and experience to reiterate on the, the price side.
It's a lot about protection, as well as enablement having to the assistant account management, being able to understand who has access to what, and when visibility is another key thing, visibility, not only into the number of accounts you access, but also now activity. I heard one of the questions earlier about nonhuman accounts, right? So how do you secure and enable your box, your RPAs, your service accounts, et cetera, how do you manage the password rotation of those to ensure that they are safe? Those are all things in the enterprise side.
And then you bring cloud where understanding access to the cloud, not only by your it organization, but also your practitioners now who may be doing development. And then another key depending factor is compliance. The ability to not only see that activity, but then also validated on a recurring basis. These are critical elements that the, the prize is looking for from identity. Then you get to the consumer side and it's about experience, right? This frictionless experience does not only belong to the, to the consumer, but also to the employee.
So forgive me for not mentioning that, but people want to know that it will be easy yeah. To the data that they're authorized to be able to get to that's the key. And then they also want, you have organizations now that want Federation or business or B2B, right.
They want to manage that life cycle of their people so that they, in some ways, contribute to how their employees can access their data that may be sitting outside of their boundaries and then compliance, or a high level of assurance for protection, that identity data, a lot of the industry breaches, et cetera, was around identity data, such and such amount of identities and credit card information was exposed. And so customers want to feel a while they want a frictionless frictionless experience. They want to feel the right amount of friction for the right amount for the right transactions.
And so how do we go about achieving both first and foremost, as janya mentioned, there's this vision and this vision must be closely tied to the business imperatives. And once you have the vision, then being able to establish the proper governance and stakeholder outreach, there are a number of levels of stakeholders. There was governance from an approval for funding and agreement that it aligns with the, with the business imperatives. That's very important.
Then there is governance or steering committees with people at the secondary level who may own a particular business unit or own applications. They want to understand how you intend or how identity will help them and how it can be integrated into their cycles.
Of course, let's not leave out the cyber guys or cyber security because protection, as I mentioned is a key attribute, not only for the consumer, but also for the enterprise and understanding how we can bring those things to bear that visibility and control to bear that is crucial. So establishing the proper governance committees and steering committees, to be able to socialize and share insight both from an application development standpoint, a business imperative standpoint, as well as a identity and technology standpoint is crucial because that's where the magic happens.
Second, defining your scope. A question was asked around what do you start first?
Well, the scoping with these governing bodies help to actually address that. Am I looking at how people get access and invite model or request an approval model? Or am I looking at authentication and risk-based authentication and conditional access policy? Am I doing both? These are all things that are determined based on the business imperatives and where the organization is trying to go. Once you have your scope, then there are two things that are very important integrating with the development processes and innovation.
One thing that is that you will realize the journey is software and applications are the target systems that you must integrate identity with. So this unifying that I mentioned now, we now need to unify or, or inject identity into the software development life cycle, or some would say the secure software development lifecycle.
So that application teams can integrate it into the CIC pipeline and move quickly through their processes to get things like this is done now by the identity teams and the technology organization, looking to modular modularize, how identity is consumed, the creation of API APIs, snippets of codes, onboarding factories. These are all things that are very helpful in, in enabling productivity, not only in the development organization, but then rapid realization of the benefits, both for the security side of it and the enabling and productivity side of identity.
The next thing is then once you have established your foundational platforms and you have the right invite models and the right identity governance capabilities and your Pam capabilities in there, and you have API APIs that your customers can use and you have single sign on that can be easily integrated operations is, is, is, is it will run the day because the identity platform now at that point becomes critical for both business and security. You're socking. Your SIM guys needed to understand what activity is happening.
Your, your customers needed to be able to authenticate in my and move on to accessing data. Your application teams needed to invite people. So it becomes a critical factor in how you do business going forward and ensuring that it is up and it is operating effectively and efficiently is crucial. And this is ongoing improvement and operations. But what I've left for last is the non-technical. So all intertwined in this journey of governance, innovation, integrating with development and operations is change management.
Being able to capture the end user stories and understanding how people actually work with applications to drive design is crucial as technologists. We think things happen in a particular way. A tool comes out of the box. It is this, it is designed to work a particular way, but we have to tilt in and tweak those designs to how people interact with technology. Because we know if a person has a difficult time accessing an application, they're probably not going to come back and that is lost revenue for an organization.
And so undertaking the creation of user stories, understanding change, impact assessments, understanding how to prioritize and order your releases. Change management is crucial to driving that forward. It informs not only your business imperatives or your business teams, but also your technical delivery teams and your development and application owners.
It takes into account all of the personas, whether it is an employee, a contractor, whether it is a consumer that is in a business to business relationship or a B to C relationship, it takes into account the experience because at the end of the day, how people interact with the identity platform and the applications will determine the reach that you have to continue to grow your business and to protect your business. If it is not easily consumable and palatable to the end user, they will find means around.
And so change management is at the top of this chart because it must be intertwined at all phases for all personas. As you look, as you go on your digital, I take it. I take digit
Here, you can enter any questions. I will receive them and ask it to our speakers cleanser, Perth question. Are there specific features or capabilities, customers and workforce users once Yes. In today's world where we've all been remote for the last 18 months, the authentication experience is crucial. Everyone accepts MFA, but MFA overload can be daunting for both the practitioner and for the customer unifying the identity.
So the ability to provide a unique identity, even for your business to business customers is crucial because what this does now is it not only allows and support single sign on in the frictionless experience, but it also allows us to do many of the things that yacht mentioned around consent around being able to drive personalization. Okay. And also being able to provide new services to use is based on what they consume and how we can understand their use, their usage patterns. Same for the workforce. Single sign on is critical.
And now this idea as our borders have expanded to the cloud, the ability to get visibility in that, into their activity, not only on prem, but also in the cloud becomes crucial. Having them not only be able to use a standard account, but also their privileged account, but do it in ways that are meaningful and easy for them to consume. That's a game changer. And those are things that individuals and customers are asking for today. Your example about multifactor authentication is a really good one.
I think we all know how annoying it is to enter always a second factor, or what else, if you enter a website, if you drop a lock in somewhere, w what would be the right approach? Is it some intelligence mixture of detecting your device, calculating the risk, and then lock in, or what is really the right thing to do here? There's a variety of ways to address this. And it also depends on the persona for an employee. You can use the device, you can, you can use the network for, and, and then you can expand this out to your customers where you can provide additional factors.
So with the onset of Fido and being able to use different form factors, allowing individuals to register the device, and maybe only asking for a pin or giving more secure mechanisms, such as vital to capabilities and keys, where they can just touch instead of having to type those things do matter. I've heard, oftentimes I don't want to type the six digit pin anymore, right? It's six digits, but if you have to type it 12 times, it becomes arduous. So push notification Fido to providing, making your device a stronger authentication module.
These are things that we're bringing forward, not only for the enterprise, but also for customers. Definitely. Definitely. Thank you for that answer. Is there a particular approach or order to deploying digital identity? I would say no. I would say it depends on the business imperatives and where you are in your journey. As who's mentioned earlier, if you're a digital first organization, well, it gets a little easier now, right? Because you've already looked at how data is shared. You're probably well on your way to a unique identity.
So the authentication capability is important as well as the governance capability. If you're somewhere on the left side of the spectrum, where you're just thinking about it, and you have a lot of legacy capability, you have to address that, that is state. You have to still meet the needs of those systems. And I think the, the one thing that will move you forward is compliance. What are your regulatory compliance? What do you have to demonstrate for your regulators and also for your customers that will determine what you push forward first, if it is you need to prove who has access to systems.
Well, of course, you're going to the governance and certification. If it is an onslaught of new customers, needing access to solutions will authentication and authorization to go into the critical. And so this is where connecting the identity experience with the digit tie station journey and the business imperative is really, really important.
Great, thank you very much, Clarence for this great insights and very good answers. And I would ask janya and post to join back our session for the final question and answer pod. Perfect. So we have a couple of minutes left and we have three more questions. So let's see if we can answer them immediately.
I think the first one is maybe one core course, and it is in some way, what cleanse already many what, maybe you have to add something where to start with the identity access management journey in an organization, and maybe it was a differences, different situation between small medium enterprise organizations. Yeah, well actually Christopher that's. Okay. Remember the slide we've got in the backup, and that might help address this question. So because we get this a lot of course.
And so what we've done is we've created an Elvis view that you see here, which is around digital identity transition. And this helps to map yourself on the seven items on the left, where you feel you are, but also where you feel perhaps your competitor or a particular market disruptors. And as you can see here, we actually start at the business model level. So do we actually feel that we need this as part of our purpose and our overall strategy? And if that's the case, then you can boil down.
But if that doesn't exist, if you're not there yet, then the risk you have is that you go look at all the tactical operational aspects that also are part of digital identity. But then as Clarence also mentioned, there's a, from a practice perspective, you are going to dig your own hole much deeper, right? So if people need guidance, this is a good place to start to, to map yourself on these items and then visualize for yourself. Okay. So what's then first for me to dig into, and actually this is available fire the Deloitte website. Great. Thank you.
And then we have a question for Yon yours young. Yup. What is the business case to move towards a holistic approach for identity? Yeah. So that's a great question. I think it also ties in a little bit to what we have shown here on the, on the slide literally, but how to make an, a quantify the business case for change. Depends of course, on where you as an organization are currently at with identity to input for the business case, you would need to understand what the current state for identity looks like.
That's where you can leverage this, this, this tool basically, which we have here on the slide, and that will help you to define the gaps that you need to bridge to, to get, to watch a holistic approach for identity. And of course, to make that happen, don't forget to include organizational change management, which parents also mentioned, as you will need to, of course, you will need expert guidance to make the change happen for our organization. And then regarding timelines, maybe I would say that a typical identity transformation will take about one and a half to two years.
And the typical box to, to work on would include, for example, an organizational foundation for identity, which would include phishing strategy, governance service definition from which you can then move on to a design and development of technical capabilities and embedding of the ocean within the organization. Perfect. Thank you. And then already the last question, this one goes to Clarence, where should identity and access management sit in an organization? Wow. Christopher, you left the toughest for the lapse. Okay.
Well this is a hot debate today and identity can sit where it needs to sit where closely aligns to the development and application lifecycle, whether that be cyber or technology, it does not matter. And that is why I pointed out first and foremost governance and stakeholder outreach. And then I also pointed out change management, right?
We run the risk sometimes that when we think about where it is located, if it is cyber, it's probably going to be a hammer looking for a nail to prevent if it's in technology or if it's in the business, it's going to be about access, access, access, without thinking about protection, irrespective of where it sits. The approach of governance, innovation integrating with applications focused on operations informed by change management is crucial.
So, so I probably didn't give a specific answer, but is the approach that matters whether it is in technology or cyber or the business, it is about being a unified and understanding its opportunity to protect the organization. But more importantly, or as importantly, I should say, enable productivity for your, for your workforce and for your, for your customers.
Thank you. That's the perfect answer to this question. So thank you very much. Yup.
