Welcome to the pilot issue of the KuppingerCole Analyst Chat - our soon-to-be-regular podcast. Stay tuned for more episodes!
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Welcome to the pilot issue of the KuppingerCole Analyst Chat - our soon-to-be-regular podcast. Stay tuned for more episodes!
Welcome to the pilot issue of the KuppingerCole Analyst Chat - our soon-to-be-regular podcast. Stay tuned for more episodes!
Welcome to the pilot issue of the KuppingerCole Analyst Chat, welcome to our soon to be irregular podcast. This is the first edition edition numbers. Zero. I'm your host. My name is Matthias Reinwarth, an advisor at KuppingerCole. We will focus on a set of topics that we as analysts encounter in our daily work, that will be work that we do in the research area, around our topics, cybersecurity, identity, and access management, AI, and much more, but also work we do with our customers that we deal with as clients in each edition that will have a guest analyst or another guest.
And we will have a 15 minute or so chat around these current topics. My guest today is Martin Kuppinger, founder and principal analyst at KuppingerCole. And we will talk today about the challenges that organizations are facing today with a changed working environment with people working from home, when it comes to dealing with their ongoing projects, especially identity and access management projects. But many of the topics that we cover today will be applicable for many types of projects. Welcome Martin, good to have you for that first edition.
And we will just, without further ado, let's start out with our 15 minute chat about preventing current projects falling in trouble when shifting to working from home. So what do you think is one of the main challenges that organizations are facing now that many are, or almost anybody is working from home just as we do? Yeah. Sorry. I think we restrict this entire thing to what I do work from home specific challenges.
Obviously there are a lot of challenges such as the economic terminal oil, many organizations are in which in fact, in Westminster plans, et cetera, but let's assume you still have to funds to continue your project. You need to push the project and many projects in the space of identity and access and, and, and the related areas also in cyber security needs to continue because you are under pressure. You're under pressure from the auditors, which will not go away.
You're under pressure, for instance, in the cyber supply chain risk management, where you need to bring up maybe an ISO 27000 certification. So let's focus on, okay, we need to continue this project, how to do it right, and how to keep it working and what little work and whatnot. And when do you take that focus? The first thing from my perspective is you need the tools to collaborate in such an environment.
That would be the first thing to start to exchange documents, to communicate, to have efficient virtual meetings and an efficient virtual work-style, which is different from traditional face-to-face meetings. The other hand, it's good that we are in a situation right now where these platforms are readily available and wide available. Many organizations already use these platforms because they use them for preventing travel in, in projects. So maybe that is really a good starting point to build upon existing experiences. Yes and no. No. I partially disagree with you. Yes.
These platforms are available. So full agreement. They are used partially, I would say so no full agreement here on the current use, you know, yes. We find a lot of Microsoft teams and other platforms of that style. And in many businesses, most businesses have some sort of communication for, we do conferencing, et cetera, but not every single really easily available to every worker. So you need something which everyone can use at hoc without much planning and resolve, needing a special rule.
So you need some things such as zoom or GoToMeeting or WebEx or Microsoft teams or whatever else which everyone can use. You need the platform to exchange information, to have to chat, have a synchronous communication. You might need something for tracking where you are in your development work. So the more you good technology, more, you need something like Shira or auto tools and that space and what is rarely used. But from my perspective, super, super helpful not to say essential.
So you need some sort of a virtual wide portal, such as the whiteboard app, Microsoft provides for trends on a lot of different devices. Obviously you also need a pen to use to produce a whiteboard. So these things are things you need. And so my answer would be a yes and no. Okay.
But, but, but maybe many of our organizations are partially, as you said, used to that, but there is still some more convention, no more traditional communication also in place that needs to be replaced by now. And that might also require some changes in the communication processes as they are dealt with because there won't be that regular team meeting. And there won't be these informal communication snippets when you meet at the coffee maker or just on the, in the floor and you can easily talk to people. So everything that you had before that was informal.
Now at least partially needs to be formalized to keep the project going to keep information flowing. Yeah, Mostly I'm I'm I would say fully, fully agreed with you. Keep the people happy, keep them in the loop, talk with them, but balance it.
So, so don't spend hours and hours in virtual meetings with all your team members, but talk regularly and trolley with them, let them work. So the undisturbed Virg you can experience frequently and work, work from home is a huge advantage. So find a good balance between not isolating people, but having contact also use we deal. So it's really good to occasionally lead to see the other's face even while it's, why are we do you do that?
Keep them updated, but find a good balance, but better way maybe trust talked about this platform is that maybe a question back to you because that's, that's one of the domains where you are so deep in STRs Peck. If you go to all these new tools, which would haven't used much before, which we haven't used at all before, how do you think we best handle security and compliance that case?
Again, that's I believe an area where we need to find a good balance between understanding the risks, challenges, and not going over to top. So if you can't work it's verse then virtually everything else, but what would be your glass on data? Yeah. Usually some things don't change even in this, this situation that we have just right now, and that will continue for quite some time that that we can expect.
So what, what does not change is the policies that apply. So an organization has decided a set of criteria, a set of policies, a set of rules that apply when it comes to using software platforms, data locations, how to deal with that. And these need to be taken into account even in a situation like that are, they need to be revised but controlled.
So if there is a company policy that says that, that corporate data starting from a, from a level of criticality of say it's internal or even company confidential, that this cannot be stored in another country, outside the EU, especially in the U S just in the situation, just like now, then that cannot be changed. And these decisions need to be made when it comes to choosing a platform.
When you look at the platform that you're using, take Microsoft teams, then you need to make sure that the information is handled adequately in this, just as a simple example of many of these policies that we have to look at when using such a platform, if you make an assessment that identifies which platform is adequate, which platform is also usable, but it's also compliant according to your policies, or maybe to the policies that you have to comply to coming from the outside saying a regulator or even the law when it comes to GDPR, which is a regulation, but still a law.
So they have to take care of it. Yeah, I think it's good to branch out on that because it's, I think an important thing to keep in mind when making it April, which is our topic, how to run your IGA project in these days to make it work. So find the balance between security and compliance and the ability to work. And it's an interesting challenge by the way, for the CSOs, not to be the notorious naysayer these days, where you really don't need the story as naysayers.
But I think another important aspect, the side of the tools that's out of the way you work with your team, from my perspective is look at what can be done well within an IGA protect and whatnot. When I look at what can be done, well, obviously all the things where you need to, to think, and to work on concepts and architecture, et cetera. So all the conceptual stuff, yes. That can be done.
Well, obviously you also can develop stuff so that developers are already working on implementation. As long as you have a good control on that.
Yes, quite well, even pilots might work. And what we already discussed with customers and where we are convinced we can make it work well. Does every single Ron tries of tours sort of selecting the right product, the right service key, did the most challenging part there in this is the one where you really need to meet people. So I think we can, it's really feasible to select requirements. A lot of interviews with individuals, easy to do, sending out questionnaires to vendors. Yes. They might even have more time and more willingness to fill than ever before.
The challenge is what I tend to call the beauty contest. So where you have to win the presentations onsite, because this is also meeting these vendors, talking with the people, understanding what is the right people, et cetera. This is a lot about social. So to speak about a human interaction, this is really not easy to replace, but it can be done with video with well-planned sessionals, et cetera. It doesn't never be the same level as meeting them face to face. But before you have to lays, you can't afford. It's also feasible. What would you say on that? But yes.
Yeah, I would actually fully agree because, because we, as a company, of course, it's not a secret that we both are working at the same company, which is KuppingerCole. We are used to working in a more remote, more digital manner for quite some time and years, even. So all tasks that can be, can be timeboxed into say one hour or two hours in which do not involve too many participants generally tend to be tasks. That can be very well be executed also in a work from home, remote scenario, everything that goes, yeah. What you shouldn't do is saying, you said can be sandboxed. Yes.
Don't go for full day workshops. Nine to five was a short break around lunch in a virtual work style. This is too much. It's too big solstice. It is really it's too challenging. Go into smaller chunks of work, have long breaks. Yeah.
Split it, split it across. They started Tom more exhausting when you're doing it remotely. So a one day workshop on-site with the customer. Okay. We are used to a one day virtual workshop is really horrible. Split it into smaller trunks, two hour set days that are even be also far more efficient because you didn't have a clear focus, clear set agenda for only these two hours. I'm a strong believer in that. And obviously what never will work well is for you.
If you've heard the title of company where you need to bring together 20 stakeholders to the same table, to the same room, this is really hard to do, actually, because you can't control that all of them are attentive, et cetera. This is really, really challenging. And These organizations still exist where many people have to be involved. Long-term workshops are in real life hard, but they are much harder and much less controllable when it comes to discipline. And the effectiveness of such on the efficiency of such a, a such a workshop.
It really makes sense to, to, to, to slice it up into smaller parts, with clear cuts definition of what is the expected results on how to get there. And that is something that many organizations will very quickly learn right now. Otherwise people will end up in long-term meetings online while most of the participants are doing something else. Yes. It's huddled to control when they're trust, virtually connected, not in the same room, but even for the larger organizations, Dow waist to make it work. What you could do is you can split it into small groups. You've worked with these groups.
Then you have regular sharing sessions where you say, okay, this is what we have collected so far. We shared, we have a structured Q and a, you have a follow up with smaller groups, again, collecting their feedback. It will take more time. It will take a couple of cycles to sort of reduce it from large groups to smaller groups, dissemination the results, collecting feedback, et cetera. But even that can be done. This is still a time period that we're looking at that we'll end, hopefully soon say months, at least.
And if you have a long running project, my maybe a reprioritization might help too, to start with the tasks that worked well, that we just identified as working well, to start with them also to gain experiences as if there is not experience already available, just to start doing it just like we are doing this podcast for the first time right now, just do it, try it, try to do it as positively and as collaboratively as, as possible. And to choose the things that you in the first place think really can work out quickly in a remote and work from home manner.
Maybe that is something that you can take away from here. So if I sum it up, so it's really having the right platform available that is of course, fitting to your compliance and governance. But first of all, that makes people work together. And that might be teams soon, whatever, any file sharing platform, our recommendation of your recommendation, working with virtual whiteboards. So really drawing as if you were drawing on the wall beneath your desk. And that would be the first starting point, communicate regularly as a summary.
So keeping people up-to-date keep them happy, but do it in a lean manner very quickly and start with the things that work well or that you expect to work. Well, do you have anything to add as the famous last words after an 15 minutes or so that we have Nothing to add?
Maybe, maybe one thing we have a lot of other stuff, a lot of research out there, which looks at how to run successfully, all these types of projects, how to avoid the pitfalls. So there's plenty of material, but you know, right now the most important thing is focus, set your priorities, right?
Focus on, keep it lean. And don't forget to talk with everyone occasionally best with video so that you, that they have seen you and you'll see them again.
Thank you, Mathias. Thank you. And as you said, this is exactly not a marketing podcast, but in, at the end, once it has to be mentioned. If you have further questions, please get in touch with us. We will be happy to talk to you remotely via teams, via phone, via anything you have. Let's get in touch. If there are any open questions, goodbye,