Well, well, well, thank you. I'm gonna just spend them, you know, a quick minute just talking about Aqura as people are walking in or are walking out, and then I'll, I'll dive into it.
So, real quick, Aqura, we're a young company, about seven years old, but we have a, a large global customer base o over 800 customers. We do over 2 million transactions per day for millions of users. And we have a, a library over 800 connectors in our portfolio. So really what we're, we're big on is with I provisioning across platforms and also complimenting IGA solutions. So really this is what, you know, a typical landscape looks like, you know, with HR systems, you know, with ticketing systems and IGA systems as well.
And then you'll see how they're wanting to go and connect the apps as well as looking at disconnected apps. And then this is what it looks like with aqura.
So we partner very well and compliment very well with various providers out there as well as solutions. But we also come in and where they may have some blind spots or areas where they're not putting as much RD in, we can come in and help out with that as well. But what I'm here for today is to talk about disconnected apps.
And so again, part of our portfolio, we do data synchronization, we have a scheme gateway, data management, I-D-P-I-D-P, gateway and Workflow, but we'll talk about file automation. So this disc connected apps, our product and our module is called file operations. And really what we do is we want to compliment the IGA solutions to where everybody, when they go out and they get one of these large vendors to help provision and deprovision, they go after the active directories, the entres and everything that can be automated.
And they do great the first year or two because they're doing, going after all of those that are easily, the connectors are already there, the configurations are, are, are easy to configure for them, and also they go and maybe build some custom connectors that they may have for some critical apps in their business. But what about those disconnected apps? Those apps that don't understand APIs, they don't understand connectors and they're just there, but they're important, they're outdated and they don't support these, you know, modern, modern methods. That's where we come in.
We have a file operations module that can help with that. So one of the things we say is begin with files and with connectors, again, we do have connectors and do full and, and automation and, and, and complement those solutions. But for the ones that you have files begin with files and then that will give you the opportunity to buy some time as well as prioritize.
Maybe if you have a hundred applications that are disconnected, we can help bring that in to those solutions and then you can prioritize those, those applications while you still have some visibility versus having nothing for a year or two or longer. So really we say phase one use files and then move towards move toward towards connectors.
One of the things that, you know, it, it's interesting if any vendor that you're going to for an IGA solution tells you we're gonna get all your applications onboarded, all your applications, provisioning and de-provisioning, they're selling you something that doesn't exist. You're gonna have applications that are just terrible applications you wish didn't exist in your environment. Administrators that didn't pay for licensing for automation. And why should your team have to pay for that? And maybe eventually you can negotiate that, but that might take a year or two in budgeting as well.
And that's where we can come in and help with the file operations. You know, applications, again, you know, like active directory and entre are and are great to, to kick off a solution. But if you're spending a, a large investment in these solutions like a SailPoint, OMA, avian Forge rock, you, you wanna be able to, to do as much of your environment as possible and they, they are gonna need some help with these disconnected applications. And really it's a, it's a persistent reality.
They're, they're never gonna go away. They're, they're there, they're, if anybody says they're gonna go away a hundred percent, they're, they're not. So the reality of managing files that is also not very pleasing to to, to most, you have to get individuals that are gonna have to start chasing people down.
So you have a army of chasers to to know who to contact to get the data, start validating the data, manually looking at the data, making sure, hey, somebody didn't try to send you the same file as last time or they sent you the wrong file and you don't wanna find out right before an access review has to get launched for, for that auditing.
You know, how do you maintain all that evidence and, and store the files?
You know, that's gonna be a real pain when audit comes to you and says, Hey, where did you get the data for that application? Who provided to you?
You know, was it, was it touched, was it changed or anything like that? And the reality is, with the files, it's gonna continue to happen unless you do something about it, it's, you're gonna have to continue to throw people at it and the people that are being thrown at it are gonna get worn out.
They're, they're not gonna care as much about it as as it continues to go forward. So it's really not scalable either to throw people at it.
Again, the IGA vendors don't really address this reality. They can talk to files. I'm not gonna debate that they know how to talk to a file share or amount and ingest the file. But what they don't do is help out with how are we gonna get that file, how are we gonna know it's fresh? How do we know who provides that file? How do we know that files even have some checks and balances before we bring it into an IJ solution and, and and so forth. And also the historical aspect of it, when was it collected, when was it processed and so forth. We do that with a file operations module that we have.
So again, here's the challenge, you know, you have your app admins and if you notice, everything over here is manual, manual, manual, manual. They have to place it where, where, where it needs to be for the IGA solutions to read. They may have to collect it, they may have to work with file, file file transport pro teams to get the files from one spot to another spot. And the visibility is, is very tough. And at the end of the day, who, who gets the lovely conversation with audit to answer on how, how that is the identity teams.
And so what, what we, what we do is help bridge that so that the responsibility goes where it needs to be and so the identity team can get out of the way and do what they need to do. So we put the responsibility on the source to then provide the file to us.
So then we then make it presentable for the IGA solution to then process. And so this way if there's a question of what was, what was provided, they can go to the source with that as well.
And again, you know, and, and the current collecting the files, there's no central view. A lot of different processes, manual notifications, manual error handling, and it's isolated from the solution.
And again, back to audit, it's, it's very few audit forensics that are consistent across the applications. You know, one of the things I didn't speak about, but what we provide with our solution, I'll speak to a little bit more but I wanna make sure I call it out here, is we do the automatic notifications, we do the automatic escalations and we have a central dashboard that provides a status of when somebody has provided the data to us.
But we can also have individualized scheduling for groups of applications.
So if you want to collect applications that let's say are financial and you want to, you wanna make sure you get data from them consistently on a monthly basis, we can group them up and have customized notifications and escalations and reminders so that you can collect that on a reoccurring basis. You can also just look into dashboard just just for those applications so that you can see when was the last time they were provided, are they all ready to be processed within the collection schedule? Anybody missing, anybody overdue?
And we can break that down again, you know, you can break it down financial applications, healthcare applications, privilege access applications, and then you can say, hey, for privilege access we want to collect it weekly, we wanna collect it biweekly. So we, we have that capability to do so.
So with Aquarius file operations, this is what this looks like. Now at this point we're putting the ownership on the app admins to provide the data. We work with them in a way to provide a template that they can provide to us via CSV or Excel.
They, they go ahead and upload it into aqua. And as part of uploading into aqua, we do checks and balances and validations at the time. So if there's any errors at the, at that point they're told and they get to correct it, it's not a surprise for the identity team or the identity solution. And so if they try to provide a file that doesn't have headers and we expect headers, it's gonna give 'em a message saying you need to fix your file. If they provide only two outta the three headers, they're gonna get a message about that.
They've pro try to provide maybe a file for a different application because you can specify the specific file name or the sheet within a file and they try to, you know, cross contaminate it. We will let them know at the time of the update and we keep record of that as well. Not just the success, success uploads, but also the failures. Because we all know when they fail and they don't have time to fix it, they're gonna go, wanna blame the identity team saying, oh I, I did it successfully. It was there, it was there.
Now on that day you got a message that it wasn't done successfully and you decided not to cont to make it successful. And those notifications that they get are one on the screen, but you can also get that via email and it's also logged as well. So this is a little bit of what it looks like.
Here's our dashboard from an administrative standpoint.
So the uploaders will only get access to the applications that they have access to, but an identity team can now, instead of tracking it via email or an Excel spreadsheet can go to a central dashboard and they can see what is missing, what is ready, what's overdue, what groups are there when it's due, when it was last uploaded as well. And what this does is really helps out where now the identity team, instead of chasing people down via chat, email, virtual hallway conversations, hallway conversations, phone calls, and now it says, Hey, your files are due.
We already provided you your job aid on how to do this. It is now your your responsibility to do so. Our responsibility is to make sure, hey, you guys are doing it, making sure that the IGA systems are now gonna pull from AQUA so that it can be used for access reviews, access requests, reports, your lifecycle management processes as well.
And again, this is scalable and so we have a use case that I'm gonna speak to in, in a moment as well.
And so the great thing is automation now you can have with this and now you're making these applications now available to the IJ solutions just like active directory. So when IJ solution needs the data from these applications, it goes ahead and runs their aggregation task, whatever task to pull the data just like it would for active directory. So a case study at a large US bank. So I haven't shared this yet, but yes I do work for aqura, but prior to aqua I was actually a customer and I launched a multi-year, multimillion dollar identity program refresh. And we did great.
After a year and a half, we had all our key critical applications that could be automated in there. We had about 50 applications that were collected via files manually in there.
And audit was like, you did a great job, but guess what? Not good enough. We have another 700 applications in your app portfolio that you don't have in your IGA platform. What are you gonna do about that? And I didn't have, I didn't have an answer at the time. Well the answer was file operations with with Aqua.
And so again, they came to me after bringing in like the ad rack FS and everything else and we were having continual issues. That audit was writing up my team and the business for primarily with leavers because if we were only collecting data twice a year because of the how intensive it was to do so when we were not getting the data from them and in between those periods, we could not notify them of leavers because we did not know maybe when someone has joined or has left.
And so what happens is they were getting written up, they were looking at us, Hey, how come we you can't notify us?
I'm like, well we don't have updated data from you because you only give it to us twice a year because of how intensive it is. And so we changed that to a monthly process and help close close that gap. Definitely the things with users and access being missed 'cause of visibility, bad data in bad data out when we're doing it manually. We would collect data for six weeks and then we had one week to then clean and validate the data before we had to get it ready for an access review. That was not very, not a lot of fun for my, for my team.
And then the audit findings, you know, they, we, we had an audit write up for it. We, we had an answer for it and, and then we, we needed to go ahead and do that.
And one of the key things I wanted to do was shift the responsibility where it needed to be. So my team did not have access to these applications nor did I want them to have access to these applications. But meanwhile we needed the data from these applications. So I needed to find a way to shift that responsibility to the source.
And again, the challenge, how are we gonna solve for this? We had to bring 500 over 700 apps as file file apps. Of course once you start questioning about applications, oh I can do ad integration. Oh we don't really use that app, we can go ahead and retire that app. So once we got it narrowed down, it was about 500 and I had one calendar year to do so. And to be honest with you, we took the first three months, once we purchased Aqura to really just build out the process and job aids and then start socializing it.
So we started off a little slow and, and then we wound up actually completing it in nine months. So I was able to give audit a little bit of an early Christmas gift in November saying I don't need December to do this. I want my team to enjoy December. And we were able to complete this in in November by November again, we had to scale this. 'cause initially we had 80, 80 file apps, but now we had to do it up up to 500. I would've had to hire about 11 people. But those 11 people would not have known my business like the ones that were doing it.
And I could not keep stressing the ones that I was doing it and the ones that I was, that were doing it for me I could trust, but I needed them to do other things that I needed to get, you know, that, that I trusted them with like enhance my role program.
But they were, they were being, you know, for six weeks, twice a year collecting these files. That's all they were doing was was collecting files.
Again, the top identity platforms don't solve for this end to end. They downplay the automation, you know, with the disconnected files.
And again, it's not sustainable to throw IM staff at this. So again, the solution is a query file operations, single dashboard for app owners or point of contacts to up upload shifts.
The, the responsibility properly where it needs to be standard way to provide evidence for source data. IM teams can monitor and no more manual chasing. It's scalable 500 apps in one year in my use case. But we also have large organizations as, as well that are, are doing this right now as we as we speak. No increase in staff specifically for these, for this, this need.
And now they can again monitor no more manual chasing here schedule notifications and escalations. That was key because now you know you have logging of it.
So if audit says who emailed them asking for it and so forth, it's there. We also have the status whether they did it or not. And now it's part of the lifecycle management process. Now because that data comes in to an IGA solution, it looks no different than an active directory. They can now go ahead and say okay, this person has left the organization, let's go ahead and since it's not a a fully automated application, we can work with it passing that information, the IGA solution can pass it to a ticketing system, a work item and so forth.
But it gives that visibility that before was non-existent or was only happening twice a year. And again, we can be begin with files and end with full automation where connectors make sense.
So, you know, without aqua you'll see there's no central dashboard, army of Chasers manual audit and, and takes months to do. So we do immediate validation. We have a single dashboard, we have auto reminders and escalations full for audit forensics. So not just the data that they upload. We can also force that they upload screenshots or video recording as evidence of when they did it as well.
And again, although you may wanna say collect it monthly, you you, they can upload it daily if they want. They can upload it, upload it weekly if they want as well. And so it's really, you know, a, a great platform really would love to talk to y'all. We're upstairs, really right above here. We're the ones that have these great yo-yos. So if anything just come by and grab a yo-yo don't want to go back to the US with all of them, but really, you know, disconnected apps is, is a reality.
They're, they're not going away anytime soon and you, you want to be able to have some visibility so that they can enhance your identity program, enhance your identity solution. So that one of the things that I did was when those two individuals with that were my analysts doing this, I was able to free them up to now enhance my role program. So we were to build out our birth rights a lot more and do a lot more with our, with our, our role program and our access request portal.
'cause now we had all data for all our applications on a, on a, on a more reoccurring basis and that really helped out not just with the leavers but also with our role program and also with our access requests and access reviews as well. So, you know, we got a couple minutes left. That's what I want to share with you all today. Hopefully this is of interest to you.
Again, we're upstairs right when you go upstairs, our booth is right there and we'd love to to talk to you, but if we have a couple minutes for any questions or anything, that would be the time. Thank you. Thank you. I think
We have time for two questions. There's one online, but maybe anyone in the room?
No,
The one from online. How are you proposing to transfer file-based apps to automated IGA connectors and how much effort could be reused and what average percentage would need some reworking?
Some, do you mind repeating that?
Yeah, so transferring to automated IGA connectors and how much effort is there?
Oh yeah, this is, this is great. So one of the things, and again, it's so hard to fit everything in 20 minutes here, is we standardize collecting the data and then standardize it by a skim so then we can communicate downstream in the, in the future. And by doing that, if all of a sudden now you become an automated connector, you won't lose any history either on our side and or the IGA platform that you're using. So you'll be able to maintain that.
So that, I'm hoping that that did answer that question. Yeah. Was there a second part to that
Skim is no, I think that that was, it was like sort of what percentage has to be reworked. Maybe skim is as the basis of it gives you a way to predict. Correct.
So, so what we've seen with when I was a customer also with the current customers is sometimes a vendor's gonna have an API in six months, but you know, six months becomes a year or 18 months later, right? So what we do, we will bring it in as a file connection first, and then as the API is ready, you can test that fully and then go ahead and, and then convert from there as well.
So it don't, again, it helps you start off with files, eventually move to a connector, but that transition is gonna be based on what that vendor provides or how you transition to more of an automated connection with it.
No more questions. No more questions.
All right, thanks Craig. Alright
Phil, thank you.
