Good morning. Good afternoon. And good evening. This is annul from KAA Cole, and I'm joined by Stewart chop global director of solution engineering from one login to present this webinar today on the topic of access management, leading the cloud transformation drive. And in this session today, we are going to discuss how the evolving landscape of access management is driving the cloud transformation in organizations. So before we dive into the webinar, he's a quick information about what Cola is.
We are a company founded into four and been here for nearly 15 years, offering independent advice, thought leadership expertise and practical relevance in the areas of information, security, identity, and access management, governance, risk management compliance, and also other areas concerning the digital transformation coming a call focuses on primarily three areas of business, which are research even an advisory within the research domain, we provide research on all major and current topics.
Tell it to the need of clients.
We take pride in being vendor neutral and also follow the current trends very closely. So the advice and the research that we offer is always very relevant and very, very current in terms of, in terms of market, as well as we also offer independent advice in terms of the research domain, then there is the events business where we organize conference webinars and special events. There is also meet experts and other networking opportunities, which are offered at the events as well as advisory, which is again, big business area at KA coal.
We offer best in class and trusted advisory, trying to be your trusted partner and advisory to be the most current, most current advice in the AOF digital transformation.
Here are some of the upcoming coming call events. There is the EIC event in less than two weeks time in Munich, Germany. Then we have got a consumer identity world, which is going to happen around the world, starting in September in USA, during October in Europe and in November in Singapore, as well as there is the cyber sector leadership summit happening in November in Berlin.
Again, to those who are interested, there is a copy, a call GDPR readiness assessment that we have available. So you might want to use the readiness assessment to understand where you stand today in terms of your, your status quo and how well you can prepare yourself for the, for the compliance.
Right? So coming to the rules of this webinar, everyone is muted here centrally. So you don't have to use your mute on mute buttons. This webinar is going to be recorded and the recording podcast will be available tomorrow. There will be a short Q and a round towards end of the session.
And please feel free to enter your questions anytime during the session, there's going to be a, a questions feature in the good webinar control panel as well. The agenda today, the first part around 20 minutes, I will be discussing that are traditional access management challenges and how an evolving identity and access management as service landscape is driving the cloud transformation. I will also talk about the recommendations and the plans for IM leaders to embark on IDAs journey.
After which I will hand it over to Stewart and Stewart will talk about the RS platforms in detail and how their functionality can be leveraged to sort of accelerate the cloud adoption. He will also talk about establishing a unified securing governance approach across enterprises it systems and how to be cost effective while your is deployment. And finally, we will have a query round to take your questions.
All right. So coming to the session here, I like to take you through how we have been doing access management all this while.
So if you look at the access management across organizations across verticals today, how organizations have been giving access to their employees, their consumers, their partners is, is very siloed. And in a very traditional fashion, we have employees who are sitting behind the desktops. We try to put fives around their network. They have got the traditional I systems, which provide them access to internal applications, internal systems, et cetera. When we have customers, we try to provide access to them through a proxy server or gateway.
When we find business partners needing to have access to our services and applications, we try to integrate them using Federation. And also if we have employees who need remote access to our systems and applications, we try to use VPN. And also sometimes the tunneling software to offer them access to our systems. The I systems, they generally don't extend very well to the newer types of information or technology applications that we are adopting in the world today, including se applications and other types of cloud delivered systems, for example is, and pass.
The challenge that we see today in access management obviously are the various types of endpoint devices, which the users are using. So today are employees come with different types of devices, sort of endpoints, which could be tablets, species they're on the stops. There's explosion of applications, where most customers, as employees expect to interact with services and applications using those applications, be it native, or be it the own develop applications in the cloud.
We have got the various test applications, which create challenges across, across authentication authorization, which are basically part of access management, as well as the basic identity governance and administration functions around administration of identity, lifecycle management, as well as reporting and analytics.
So when you have all these different types of endpoints, trying to access these applications in the cloud, there is basically no consistent approach or access management strategy that can be applied to all these types of applications and these endpoints to have a centralized control over your access management, coming to what organizations have been trying to do in order to extend their existing IM capabilities to the cloud.
So what most organizations have been trying to do is they have got the RT administration capabilities within their IEG tools, which are generally on-prem and they have issues while they try to extend these applications or these capabilities to the cloud using individual and very proprietary SaaS connectors, same time when it's, when it's time to provision the users to those applications in the cloud, it requires manual or bulk user imports.
And obviously trying to do administration using our existing idea tools may require multiple electric synchronization across the depositories for all those test applications, which only creates more and more complexity. And it gives you gives you limited, or I would say no visibility into, into the overall administration of oriented lifecycle management, the access management capabilities, while most automations have been trying to also extend their existing access management functions to the cloud. Using some of those on-prem systems.
There are, there are issues around inconsistent authentication approaches. Most of these sales providers, they don't have a common authentication, or I would say assurance mechanism when it comes to authenticating the users.
So in fact, the users integrations will have a very inconsistent and varied authentication experience across all these various applications, which not only brings down the user productivity, but also creates user experience challenges. Multiple passwords is also another issue. All of these applications they don't provide. They don't provide single sign-on.
So users have to maintain separate passwords for each of these SaaS applications, which again, creates security problems. And most of the time, a lot of users are trying to reset their passwords, which obviously increase the cost of passwords three, et cetera.
Obviously, there is no single sign on because there is no coordination happening amongst these applications. And finally, some of these providers do not support standard Federation comp you know, a protocol. So there's very limited or absolutely no Federation. Most of the time for these applications in the cloud, there are also some access governance challenges.
When you try to extend your existing IM capabilities to cloud, we look at offering basic governance reporting and logging.
There needs to be data transfer and export of that information from the, from the various applications onto your premise, which may require various types of various types of data fetching, there might be, there might be encryption and data asking happening with some of those logging information in the cloud for those applications, which also create challenges for you to, for you to sort of provide, provide absolute access governance across the information provided by these vendors.
And obviously each of these vendors have their own data storage and retention policies, which also doesn't match or doesn't align with your security policies. So that's also a big challenge when it comes to overall access governance, I would say consistent access governance for organization across all the various sales applications that you have operated in the organization.
So moving on to the next slide here, what's really, what's really in the offer from ID a.
So what, how ides can help you solve somewhere? Most of these challenges, we talked about identity administration, which is a part of also IGA governance and administration solutions. Most it vendors today, they provide a basic ID administration capabilities. When I say basic, they may not provide very deep and support for the complex IG requirements, but yes, because they are very much focused on access management capabilities and increasingly organizations are demanding for supporting IG functions.
They provide the basic IG functions, which can help most organizations or at these organizations who are trying to start their IM journey should be able to adopt and sort of kickstart their, their access management program.
There are capabilities within it, administration available from these it vendors. For example, they provide you or they offer you ready cloud native provisioning connectors. So you don't have to build your own connectors. You don't have to configure multiple connectors to each of those SaaS applications. They take the burden of doing that work for you.
There is automated user provisioning available. So whenever the users creating the system in a directory, they can be automatically provisioned based on, again, their roles in the organization to all the required applications as applications where the user needs to have access.
Also, the challenge of multiple electric sync is, is eliminated with ID identity administration function here. So ions can simply interact, have the director sync with the IDs provider and they take care of data of integrating and provision the users across all the various applications in the cloud, as well as the capabilities for self-service profile and password management are taken care by IDAs vendors in the cloud. If you look at existing, I solutions mostly I mostly on-prem solutions.
They do provide self-service profile and password management, but that's very much limited to internal applications or on-prem systems when it comes to integrating them with applications in the cloud. The features are very limited in terms of how the users can manage the profile and also password resets across all those various applications.
So yes, Ida vendors, Ida providers can actually help you with managing those administration capabilities across the portfolio of applications that you may have.
So basically I'm trying to say that it vendors today, they are quite mature when it comes to offering identity, lifecycle management and administration across the SA applications that you have adopted, or you have planned to adopt coming to the access management and the way they initial focus has been.
So they definitely help you to provide a consistent authentication across all the various applications, as well as authentication across any infrastructure, service and platform service kind of delivery models as well, obviously, which helps you to have common password. So you just have to log onto the common landing Porwal, which the I vendors are offering, and they take care of take care of offering you single sign on, or establishing a session for the user across all the various applications.
And finally, they also take care of integrating with most of these applications using common standard Federation protocols.
And yes, if you have a need for social integration, most it providers are today offering social integration using various standards.
So, which was absolutely missing, or I would only very few vendors was supporting social integration when it comes to on-prem access management solutions, access governance. Again, most challenges here are, are taken care by Ida vendors. They offer a centralized rule management.
So if you have a role repository or access entitlements repository, it becomes very difficult to extend your existing rules to all the various applications, but IDAs vendors, Ida wonders, acting as a bridge, they can help you to have a consistent role management across all these waste applications, same time, a common access reporting, which is, which is a very big advantage for most organizations, because you don't have to deal with importing or exporting logging information from all the sales applications individually and run reporting and analytics around that the reporting can be done centrally.
Again, there is some limits as to how much of that and to what details that information can be used for reporting, given the radius data transfer and data sovereignty issues across regions. But yes, to an extent, if well, plant a common access reporting could be a big advantage for most organizations trying to adopt right, as, as well as a common access certification capabilities. Still a lot of I vendors are working around it.
Access certification has not been, not been, not been an very prominent feature offered by these it vendors, but yes, because that has been lacking and it is very easier for Ida vendors to offer a common, a common capability, a common functionality to, to execute access certification across all the waste Seth applications, which, which the organizations require. So we have even access governance has been us a lot simplified with Ida adoption, right?
Moving on to some of the recommendations that you might want to, you might want to take away from the session, which include identifying and evaluating your primary business drivers to move to IDAs platforms. Obviously, most organizations would look for certain drivers, which they, which they need to, which they need to implement, and which are their primary interest to move to IDAs platforms. Staffing is, is one of them. So most ions would think that if they are, if they are looking to adopt Ida platforms, then they don't have, they need to have experts IM expertise in house.
They can sort of outsource most of their, I exp management capabilities to D vendors, which to an extent is true, but, but that doesn't, doesn't really, that doesn't really transform into entirely eliminating IM expertise in house. You still need to have I'm competencies where people will be responsible to integrate with Ida providers help with having a proper I vision roadmap, as well as other IM requirements.
So, yeah, stuffing might be, might be an advantage here. When you look at moving, moving to Ida providers, obviously a better time to value proposition is something you might also want to consider. IDAs definitely provides a better time to value proposition here in terms of deployment, in terms of the speed of configuration, et cetera.
Most I, Ida providers will offer you about integrations or out of box integrations with most commonplace as applications. So you don't have to really, you know, worry about going and integrating with these applications that you might have adopted. Obviously assess option is, is a great driver, one of the primary drivers for most organizations.
So if you are, if you have adopted a lot of SA applications in certain industry verticals, there is a large adoption of SA applications, as well as if you have the plan to adopt many sets applications in future, you might consider moving to an Ida platform for the ease of administration, access management and governance.
Similarly cloud security, a lot of organizations are looking at adopting IDAs because they don't have a centralized control over or visible into what the latest sales providers are doing, how they can authenticate users to those applications, how they can have a consistent authentication and assurance across all these various applications, as well as how can they manage RD life cycle across all those various stats applications in the organization. So, yes, cloud security is again, a major driver for many organizations to move to Ida.
There have been very ENT tools also in the market like CASBS and some of the tools which offer very similar objectives when it comes to cloud security, but there are a lot of functional overlap between IDAs and GB providers, but that's, that's a part of a separate discussion. So yes, evenly cloud security is also major driver for organizations who are looking to adopt Ida, prioritizing Ida functions to be delivered based on the value to stakeholders and, and users.
You should be looking at what ides functions you immediately require to deliver the business value.
So what a stakeholders are looking at to achieve from your online program and guides that you're looking to adopt, whether it can deliver those capabilities or not. For example, if you think that access management capabilities are an immediate requirement and would deliver the right, right value for stakeholders, why not I vendors are, are, is said primarily focused on access management capabilities.
However, if you look at lot of IG functions, again, the basic idea functions, yes, vendors are great at offering them. But again, there are some IM functions which, which might be lacking or which might be right fit at this point in time. So understand whats functions you might want to, or you might want to deliver for the organization for stakeholders and for end users, and what vendors are you evaluating and where they have expertise in terms of those, it functions, understand the need to support legacy applications and systems.
And how long are you going to have those legacy application systems in the organization? Or I would say the longevity of the legacy infrastructure is also a consideration in evaluating or, or I would say preparing your items strategy. So whether you need to have those legacy applications in house, most technicians would think about a lot of those it systems that may not be easily integrated with IDAs vendors today and will, will, will, will, will not, will not go ahead with Ida adoption because some of those legacy applications are very important for the business.
It's really very important for you to also evaluate and understand the right balance of, of supporting those legacy applications, how those legacy applications will phase out. I will get decommissioned over a bit of time from the organization and how you can bring in IDAs it's it's again, like running those things in parallel to make sure that you have the right level of balance between ISET option.
And if there are any, any applications which are of business importance to you and cannot be easily integrated with ID a, there might be some customization required there, but yes, that would, again, depend on what's the importance of those applications and how long they are gonna survive in the organization. And finally, IDAs is not a solution to get rid of your internal IM inefficiencies. Most organizations have this mindset that if they go to ID a or adopt an Ida platform, their internal IM problems will be resolved, which is not, is not a right, right.
Thinking your interlife IM efficiencies are generally a byproduct of your inefficient processes and they, most of them are going to stay unless they are re-engineered. However is platforms can definitely help you to provide some good information, some good a around how you can reengineer or reprocess those existing processes in, in a more efficient manner.
So, yes, don't try to outsource your internal problems onto that as platform or just wonders. I think with that, I will hand it over to STR
Hi everybody. It's this is Stewart sharp from one login. As I know mentioned, I'm the global director of solution engineering at one login. And thank you. I'm all for providing a very good background on where we're coming from and what IDAs as a platform offers.
I I'd like to just take a step back and, and just think about the, the setting and the problem that we're trying to solve, but also the opportunity that is there, because although the focus is not identity in itself, identity can actually be a big driver to accelerate cloud adoption and more generally digitalization, right? When we, we think about it, this is about the growth of the software economy. We know it's gaining momentum and that's very much in the, the context of the cloud. It does mean a big change in enterprises as they open up their environments to capture new revenue streams.
But at the same time, they're exposing themselves to new threats and new challenges. So cloud adoption, I think now about 90% of businesses are using the cloud in some fashion that could be SaaS applications, but also platform or infrastructure as a service. And it's well beyond the era when it was marred by by doubts.
And, but there's no longer much hesitancy or, or it's very clear that cloud is here to stay and is going to become an increasingly important part of the business.
Now, digital transformation is that is about transforming business processes. So a will just mention that you can't simply say that cloud or Ida in specifically, it's gonna overcome inefficiencies within your embedded legacy processes themselves.
But digitalization is that transformation of these processes that are taking advantage of cloud based offering offerings and new technology, new functionality to drive new revenue streams and a more efficient business model. So it, it is, and somebody who's an identity expert or responsible for identity and access management within your corporation can actually become part of the solution, not part of the problem.
However, with the, with the increased security risks, you must move beyond a approach focused on device endpoints and traditional network boundaries, and think about how you're gonna tackle the challenges of external actors and end user behavior, and what tools can you use and what processes and new models of security can you take advantage of to help address these issues.
So I've defined the objective as make it simpler, safer, and more cost effective for your users to access the applications and data they need anytime and everywhere. And that's what it really comes down to.
Yes, you'll always have use cases where you will restrict access by time and location for certain sensitive data or administrative actors, you know, users within certain applications, but in general, there's an increasing drive that the executives need access day and night. If they're on the road in different time zones, et cetera, home workers trying to meet deadlines and people accessing from their own B Y O D devices and not just corporate laptops plugged into the corporate network.
So you need to accelerate cloud transformation.
Now while doing that, there is a big opportunity to increase efficiency and that increased efficiency does by definition mean lower costs, but you also want to do it with increased security and improving end user experience. My background is in security and specifically database security, and I moved into identity and access management precisely because there was this opportunity to both provide increased security and efficiency while improving end user experience. And because user end user adoption is, is crucial if you want to transform end user behavior.
So if we just take a, an overarching look at the evolution of access management, as Al identified, we started with a traditional on-prem approach to solve the problem of an identity existing with a separate username and password in every application on-premise. And of course, that was solving an important problem at the time of providing at least a single identity across on premise applications.
Now, what happened with the adoption of cloud services was not so much in extension of identity into the cloud from on-premise, but actually separate setting up a separate identity and access management approach system or processes for cloud applications then existed for the traditional on-prem applications occasions.
And while that identity and access management approach was very good for the adoption of cloud applications, it introduced complexity into the it organization and the business in general, and that you're now managing two major identity and access management systems together that were disconnected and not fully.
And that's where one login identified an opportunity to provide further efficiencies and increased security by providing a unified platform that covers both traditional on-prem identity and access management requirements and the ever growing cloud SAS infrastructure and, and platform as a service requirements in use cases.
Now, one login chose several years ago to partner with a T systems because obviously one of the, one of the factors that slows the adoption of IDAs were concerns about data ownership, data privacy, and the regulatory risks associated with that, where the laws and regulations are either out of date or not yet clearly defined T systems providing fully manage and, and host and operate a, a full ID, a instance of one login on their open telecom cloud.
So they fully leverage the agility of the cloud offering, but with private data center security, and it's also part of a much larger integrated, seamless and reliable solution for the digital enterprise that T system offers. And this can be a very important aspect of our cus our joint customers who are looking for an end-to-end service, be able to fully outsource and manage the solution, not just the identity aspect or not just provide an identity service, but a fully managed end to end service.
And of course, you know, who better to meet the strictest German data protection regulations than the T systems team itself. Now looking at what an IDAC platform offers, it's not only incorporating the core components of the legacy on premise system, but it's also able to very quickly adapt and add on the latest in security and risk management and functionality.
So things like adaptive authentication that takes the concept of risk profiles from a strictly predefined white versus black listing of who's allowed to access what, from where to use machine learning, to dynamically analyze the risks associated with where a user is logging in from, you know, what's their IP address, what's their geolocation where they last login from.
Is there a geolocation inconsistency because they've logged in from California and one day, you know, at nine in the morning and 90 minutes later logged in from Munich, that obviously can't be the same user looking at what operating system, what browser, what user profile on the machine and over 60 different elements of device and location fingerprinting about the user that says is this login attempt risky now, again, rather than having a black and white approach of saying, okay, I will therefore block access, which stops the business has an impact on preventing the user, the legitimate user from carrying on their business, but also has an impact on it because the support team has to take a call, follow up with the, you know, verify the, the identity of the user over the phone, for example, and deal with the issue instead it's fully automated.
So it can say, okay, this user and this authentication attempt has gone over our acceptable risk profile. Therefore we will request a second factor authentication. For example, you know, maybe it's as simple as sending SMS text message or a push notification to a phone or say, checking for a device based certificate, et cetera, to ensure that the user is who they claim to be.
And that automated process can add the extra reassurance required while keeping the process fully automated and not impacting the support desk and allowing the user to seamlessly carry on with their work similarly with automated provisioning. Now, when you look at how many SAS applications and it's possible for some, the legacy applications as well, when a user is initially created, the ideal scenario is that a user's record is created by HR because they are the authoritative source.
If you think of logically, you want to have a, a master data source within your organization, rather than a user's profile, being able to be created or edited and, and changed in multiple locations.
But if you can have it all streamlined and starting from a single point of truth and then fully automated downstream from there. So not only when a user is created, but if their role changes within the organization, the instant that that takes effect the changes on what applications do they have access to, what level of access do they have those, do they have to those applications?
What list of applications appear in their, their Porwal and automatically creating, deleting, modifying the accounts in the target applications all happening in real time, in an automated fashion, because it was triggered from an authorized change in say, a job title, as something as simple as a job title. And that's really the holy grail of what you want to move towards.
And, and increasingly as companies adopt some of the newer platforms and, and cloud based offerings, you'll see that as a higher and higher percentage coverage now providing a, a unified access management platform means being able to integrate and, and onboard the legacy applications, applications don't change overnight.
There is a gradual adoption of new applications within a business. They don't just everything on pre and move to everything on the cloud.
So supporting standards like LDAP and radius can be a very efficient way for even legacy applications to take advantage of a modern IDAs platform. Now, when you provide those legacy interfaces and, and connections with the on premise applications, you're with, from a unified identity and access management platform, you're doing more than simply streamlining providing single sign on for the users that same adaptive authentication risk-based multifactor authentication can be applied across the board in a consistent and automated fashion to all your users for all the applications that they access.
And that's a huge benefit and boost in security for those, you know, for your organization as a whole, because no longer do you have to worry about a user who leaves a company still having access to say the VPN or to some legacy system, because they still have the username and, and password that they could log into. If all that access is controlled centrally, the minute the user is no longer a valid user, all that access is shut off from a, a central and automated control.
And that's part of your user life cycle, manage management straight from the HR driven identity, through to the onboarding and off boarding of control to the access of these applications and the data they contained.
Now, another part of streamlining user experience is providing some automated and low maintenance control over desktops for max and PCs. So obviously if a company has active directory, they have domain joint machines, you know, you can support an IES platform, can support a desktop single sign on.
So the user, once they log into the desktop, they then not log again into the IES platform that will automatically behind the scenes validate that they have an active, active directory session and therefore give them a I'd a session as well. But one login also offers the ability to, to have automated rollout of encrypted user profiles that allow some basic managements of disabling, enabling user profiles on these device endpoints, and also providing that same single sign on experience.
You can also leverage that that device managed certificates that come along with the Des the one login desktop from and PCs as a second or third factor control in accessing applications. Some applications you may say, okay, it's not simply good enough that I know the U the user has validated their username password and provided, you know, accepted a one time password push notification. I also want to restrict access so that they're only logging in from a corporate machine, which, you know, has, you know, up to date antivirus software, et cetera.
Now, I'm not also mentioned the, some of the overlap in functionality between CASBS and IGAs. The, the integration is, is an important can, can provide a, you know, important enhancement, because if you think about it, the IDAs platform is controlling access to applications, but doesn't have visibility in what's happening within the application once the user's authenticated and, and in using the application itself, whereas CASB can gain that richer insight into what's actually happening within the application.
And for example, can notify the Ida solution to end a user session, to enforce a step up authentication or cause, you know, take other remediating action when there's a risky activity that's been identified, of course, with any application, you want to make sure that you can fully integrate it with your, your SIM integration. So it can become part of your overall risk-based analysis and understanding of what's happening within your user base and to your applications.
So just looking at it a slightly different way with the, an ID, a platform with your administration, you want rapid deployment, the traditional approach of the on-prem systems that try to provide support for cloud based offerings, you know, using SAML, for example, ADFS as, as a classic example, yes, you could provide support, but it would take days to configure was very complex and, and had high overhead, not just in maintaining the, the hardware that you had to host and the, the software that you had to patch and, and configure yourself.
But the actual configuration integration of the applications compare that to the 5,000 plus out of the box integrations that are available with the, with literally within minutes to configure and set up simply copy and pasting a few values between the say SaaS application and the ID a platform itself. And you've suddenly got full centralized control of your application of access to your application.
That makes it the rapid deployment means it's a low cost to build because you're not building much, it's a, you know, hosted fully hosted service and platform and very low cost to maintain.
Now the end user experience like I mentioned before, is if they change roles or they've submitted some change request for access to a new application, that access can be automated and appear instantly, including the creation of the user in the target application. So it really simplifies the end user. They don't have to search around looking for what applications they have access to figuring out what the UR LS are, what their username and password is. They'll have a single identity single sign on using a consistent multifactor authentication across the full range of applications.
And it will, you know, and they can do it from any device, whether it's, you know, a mobile tablet desktop.
In addition, the self-service is a big driver from a TCO perspective. There are customers who will, you know, who, whose initial use case to onboard onto one login was simply to automate their existing password end user password management, because they were getting a very high rate for 50,000 users about a thousand calls a month to their help desk, just around password resets.
So by providing that self-service password reset functionality, there is a huge drop in support cases from a security point of view, obviously centralizing access controls and the centralized logging is as a clear benefit. And the machine learning risk based adaptive authentication, both provides increased reassurance without impacting the, the security team or the it admin team themselves from a business point of view, the unified access management is not just for employees, but extends equally to partners and customers.
And in fact, you know, within an I platform, you don't, there's not really a concept of type of user. You will identify the user by their profile, what type they are, but they're all identities. And there's nothing to prevent you from having all of your corporate identities within one platform and segregated by their particular profile attributes.
Also from a cost efficiency point of view, the it's not just about cloud adoption, it's about addressing some of the overheads and inefficiencies of your legacy applications as well.
Some, so I just wanted to, I realized we were, we were running out of time. So I'll just wrap up with this slide. This is just giving you a graphical representation of how with a single I'd a solution you can integrate with a number of different existing identity sources, right? Whether it's active directory, L D cloud based directories like, like Google and you can provide access management for SaaS applications, applications, legacy applications that may be commercial off the shelf or custom applications via HCB header authentication.
So the old site Mir or Oracle access manager type controlled applications, and or by using LDAP radius, some of the other legacy authentication protocols, can I think Arnold, maybe I should hand over to you now and we see if there are any questions.
Sure. That goes Stuart it. So I'm trying to look at some of the questions here. And the first question which I have got here is what does a typical deployment look like? And how long does it take to go into production? So based on experience, and I'll, I'll try to answer this question here, but as what feel free to jump in.
So I think it comes to Ida's deployment. There are a number of factors that need to be considered as to, as to how does, what are your primary inhibitors in terms of IDs adoption, as compared to your existing on-prem IM solution? Generally you look at things like inappropriate stuffing levels or skills.
You might have some, some project scope creep in your existing I solutions, as well as you, you might have some insufficient planning for your tool, selection and implementation in your existing on-prem IM deployments, which, which IDAs deployments can definitely help you to, to alleviate as well as you should look at.
You should look at also some of the factors around, around total cost of ownership, which again, which again is a, is a great advantage when it comes to IDAs implementation and department, because your existing on-prem solutions are generally burdened by a lot of staff costs for implement implementers. The operation costs the, the cost of help us personal the cost of maintaining software, cetera.
So, or I would say when it comes to, when it comes to having an IDAs deployment, all these factors play an important role, but yes, time to value has always been a very strong factor for IDAs deployment.
If you are avoiding most IM complexities in terms of, in terms of your IM project, things like having integration with legal systems, various approval workflows for, for, for request approvals, access certification, and some of their complex IG functions, if you are, if you are not planning to implement that Ida solutions generally take somewhere between, I would say, can take for you to implement between a month to three months for integration with all existing solutions and cloud providers, you may have.
So that's an average timeframe which most solutions can help you to deploy and extend existing authentication, basic role management and provisioning, deprovisioning, and also access governance capabil for your, for your applications. Stuart, do you have any feedback here on that?
Yeah, I just, I just build on that often. I think some of the best projects that we've seen will focus on some initial high value quick wins from, in terms of their return on investment. And in that one to three months, timeframe, they'd be able to put into place that integration with their existing systems and provide that, that control and increase security in accessing their applications and say, perhaps they're moving to G suite or office 365, for example, or, or rolling out an extended deployment of Salesforce.
And then once they have that in place, a role have a rolling project of migrating other applications in a piecemeal basis. So it's not such a big project, but they will continue to have increased benefits from their IDAC deployment with no increased overhead because everything's in place. And often it doesn't mean an increase in license fees either. It's not limited in many license plans are not limited by the number of applications.
Sure.
Thank you, Stewart. I have got couple of other questions here, but we don't have time to take them. Now. I'll make sure that our team gets back to you and we try to address your concerns here with that. Thank you all for joining me and Stewart on this webinar and hope it was helpful. We'll it? Your feedback on the session to, to further improve ourselves? Thank you.
