KuppingerCole Webinar recording
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
KuppingerCole Webinar recording
KuppingerCole Webinar recording
Good afternoon, ladies Tren, welcome to our KuppingerCole webinar, conducting an orchestra. The new role of IM this webinar is supported by artist. The presenters today are me marking of a anding and of artists before we start. And before I talk a little bit about what trend some general information, so is an Analyst company for ones who don't know us that good until now we are providing enterprise it research advisory, decision support, and networking for it.
Professionals from both vendors and user organizations, raw subscription services, advisory services, and our, our main one is European identity and cloud conference, which will be held again April 17th to twenties in Munich. I think it's a must be to attend this conference. So it's that conference in Europe around identity and cloud security around cloud security and several other topics have a look at the agenda. You'll find all the information on our website, okay.
Regarding the webinar, some housekeeping, some guidelines, you are muted centrally, so you don't have to mute or unmute yourself. We are controlling. These features we've really record the webinar and the recording will be available tomorrow and Q and a will be at the end. But you can ask questions at any time using the tool questions and the go to webinar control panel, which you will find the right side of your screen. So there's an area questions in there. You can answer questions. We will usually pick them at the end. In some cases, we also might pick them during the webinar.
I recommend always that you enter questions once they come to your mind, or we have a long list of questions available at the end of the webinar when we start our Q and a session, however you can for sure. Also enter your questions. When we are finishing the presentations, looking at the agenda, like always this, the agenda split into three parts.
The first part is the presentation of me, which will, I will talk about new challenges enterprises are facing and the strategic options they have, especially for identity and access management and all this aligned to the Cola team model, which will also play a very important role that our upcoming conference, the second part then done bio. And it's about how enterprises ensured to keep governance over the identities in the transformation process of it, presenting the elements and service options for a future proof I am.
And the third power then I've said before, will be the Q a session is let's start directly. And then I will start this more. Let's say a high level view on what really affects what we have to do in it, and then move forward step by step to how this affects information security and listen, information security, how it affects access management. So that's a sort of a step by step approach going from these bigger drivers down to the things we have to do in specific areas, especially at anti access management.
So if I look at the three major trends, which are sort of the long term trends currently in it, then there are three, one of the cloud computing trend, which is something which is just evolution. It's a computing model, which plays a wider role. I think we are understanding this model better and better. And so things are moving forward in that area. The second evolution is mobile computing as well, a very major trend. And the third, one of social computing, probably social computing is the most immature of these strengths. Given that social networks become hype.
And three years later, they're more or less disappeared. So if you look at things like studio or something, which has been very prominent and Germany tour or three years ago, right now, it's not that big anymore, at least. And so things are really changing very quickly. And I think that's a very important point.
Overall, these three, three trends have influencing in common, which is they lead to sort of consumerization in the sense of there are other buyers, there are other players in it, then let's say a central it department, the org in the enterprise and a deep parameterization of it. And I think the second part maybe is the more important one, even while you might hear more about consumerization.
I think the, the deep periodization part is one of the things when they look at it from information security perspective, which is really a, let's say a very, very big challenge we are facing because we don't have this perimeter around our internal it anymore. In that way, we had it some time before it's much more complex to ensure information security and to deal with all the things around us.
And when we look in this context at some aspects, which are from my perspective, very relevant to, to understand how, how does the new, let's say it ecosystem look like and how to deal with this ecosystem. Then there are first things I'd like to pick. One is bring your own device, the second cyber text.
So new a, especially in the deep ized world and trust today, I've read red an article about us department of defense spending three or $4 billion this year for their cybersecurity. Trust us one example.
So it's, it's really a big issue cloud services. The point that decent realized like tier requires a strong management. So what does it mean for us? How do we deal with this? And especially how do we deal? And that's more the consumerization part again, how do we deal also with this situation where we have other buyers of it services. So the business departments buying services, which we then have to manage again, and finally, first areas, users, I think we have to deal.
I don't think it is a fact that we have to deal with more users than ever before with less control about where are these users manage and all these other things. So when looking at bring your own device, I think that's one of the top trends for enterprises. The right mobile devices, employers are using their own devices, which they have acquired in different models. So fully privately paid or partially paid by the employer or whatever. And in fact, there are all type of mobile devices out there. And many of these devices are, and they are not in the corporate network.
They're many different devices. They are not always in the corporate they're mobile. And in fact it change the game of security and system management fundamentally. So bring your own devices. One of the big things we are facing, which is very important from the access part of things. So how do we control access of these devices? How do we authenticate identity, which is using actually wise. So even when you look at it from an IM perspective, it's important, but it's one of the big things happening there.
And one of the interesting questions always is a hype that will disappear, or is it a hype cycle or is it a fading oration? So is it something which just pops up and disappears again? Or is it more the Gardner half cycle thing sort of the first time, and then the, let's say slower maturity of things or is it something which pops up from time to time? I personally believe it's a little bit oscillating, but growing overall. So I think it's started a mix of some of these, these different trends.
But one thing I'm absolutely sure about is bring your own device is something which never will go away again. So that's a fact you have to deal with it and it doesn't make sense to play it on Keho in that area, trying to, to, to forbid bring your own device. I think you have to deal with it, how to deal with it. I think there are several things to look at the most important things are for sure legal aspects. You usually can't do every single device information security.
And I think that's a very important aspect, especially when we look them to how that's I am, have to look like in the future, you will lose the B Y O D five or B Y O D war. If you try to secure wise, it's about information security. So the thing you really have to focus on is how can you make information secure and information is secured also in the context of things. So it's the context of the Y of the user and all these other things.
You have to look at it from that perspective, for sure security devices will help to do these things better, but so devices which have really security building, strong encryption capabilities or other things, but overall, it's a lot of things which really don't look have to, to, to focus on how can I better secure our information. So there are opportunities, there are challenges, bring your own devices easier to use. There are legal aspects, tactical aspects, and there are opportunities. So how can we really do these things?
And I think there is the opportunity of doing focus security and overall, I think bring your own device will be, and I don't want to spend too much time on this will be one of the challenges which affect the way we are doing information security and we have to do anti access management. And then the second thing I've, I will talk about our cyber or what does this mean?
And again, the question is this a trust wave or what is it? Is it something which is continuous growth or is it even exponential? I think currently it's exponential. It will slow down the same point of time. But trust today, I've, I've written a block or Postma block, which, which really says there will be no app tide. So it's really something which comes much faster than the tide and which remain at a very high level. We have a lot of different right now. So we have states, we have organized gray, black crime, blackhead Whitehead, and all the other groups.
And so it's really something which is growing. And also that's one of the areas in the light of all these things, which are changing in our, it, we have to look at these things. Okay. And so our cybersecurity strategy has to focus on different points. And also that's something like can touch only very quickly.
The, one of the important points is risk management. We have to understand what are our risks and how to deal with it. We need to understand which controls do we have such detect what happens. We need to have a very strong identity access management in place again, because we need to understand who are the persons who are accessing things. We need to identify the ones who are allowed to access. We need to have very well saw and well implemented access controls in place. We need definitely additional to smallware detection, all other type things. We need to educate the people.
We need to have action plans for all the situations, from how to protect up to, okay. The worst case happened, how to react now, how to recover and all things looking at dog services, the third area, and that area of cloud services, as I've said, I think the re thing is that decentralized that he, with different types of buyers with different types of providers requires a very strong management and oops. So the service users, it looks like I've, I've mixed up the slides a little in that area.
So let's look at the users first, the users more than I think the situation is we have more users than ever before. I think that's one of the, the real big issues we are facing there. And so I've trust made a with my limited graphical capabilities, I made a simple picture of that and it says, okay, what we had on now were mainly the employees. So we have a lot of employees in many organizations, sometimes less, sometimes more, sometimes I'm hundred thousand, but there are other groups.
And there are the partners, which are also usually a, a group, which is not extremely big, but depending on the size for organization, it could be a respectable number of identities. But when you look at all the prospects leads and customers, then we are looking at a, at a much bigger number of user and we have to deal with them and we have to identify them and we have, and I think that's a very, very interesting challenge in the context of identity access management.
We have to understand how to work with other types of identity providers from Facebook and Google up to whatever your partner organizations, whatever there is. So the work becomes increasingly complex there.
And the, the most important point is the user. It's an identity explosion, not only in the sense of the number, but also in the sense of the complexity we are facing here. And the other thing is that in that context also, the, the need to share is increasing. So when you look at the history of it, so we a centralized infrastructure, internal use only we had done the PCs and the networking. So we shared a little bit more within our organization. Then we had the internet emerging, where we shared some information, a very controlled way using our websites or isolated e-commerce application.
Then we arrived at the level of business partner integration. So sharing more things there. And right now it's really about tighter integration of customers.
And again, that's really what causes this identity explosion we are facing here. And that means dealing with this identities and their access is a very, very interesting challenge we are facing. And that's something which leads really our, it has to lead our thinking about how has IM to look like in a more complex scenario right now, one important paradigm there I've touched it quickly before is context. So which information is used, how is it used, is authentic indicated which device is used, where is it used and are there science of fraud and whatever.
So really going, moving towards an approach, which not as, not as focused that much on saying, okay, if Martin K authenticates, he's allowed to do data than that, but saying, okay, if Martin K authenticates and he's using a why, which provides strong security and he's in the building, then he might access more sensitive information. And when he's using his iPad somewhere at beach, in the south of France or some, something like that. So that's an another thing where I see a big trend and then we have the cloud services area. So decentralized it requiring strong management.
So, so I feel like, look at cloud services. And I think there has been a lot of talk about cloud. And also we have a lot of podcasts around cloud. I think there are some tier pros of cloud standardized services, availability, scalability. On the other side, we have to topic of data sprawl. So where is the data? Where is the service really management sprawl? So who's really the one who's managing this. How can we manage this, this distributed environment?
And we also have an integration, like we could add more things on the bro and side, but it's very clear, like always, there's no such thing as free lunch. You have to pay a price also for that. And that's, I think there's a good reason for threats, which are seen in the cloud. And I've just picked some, two different, let's say service about such threats, one of Anza, which is focusing more on the loss of governance, through the governance idea, lot security Alliance, which is more focusing on the hacker side of the technical side, but it's very clear. It's also a challenge.
And this challenge has also to do a lot with who can access which information so identities, access control all the time of, but, and also another survey also quickly just shown why cloud governance. And I think it's also pretty simple. It's required to assure our compliance and our information securities for data health and the cloud. So it's really about it. Security and compliance, which are the drivers. And within that, it's really very, very much about access. So who can access that information? How can I keep control about it, all these things.
And so there are some very logical cloud governance objectives we have to face. And if you look at these objectives, then they have to do a lot with authenticity. So who has done what it's again, the identity in there and the access traceability also, who has done what large regulations.
So that's, that's really focusing on, on providing information back, which is much about auditing. If you look at information security, confidentiality, again, identity and access, integrity that has to do something with it is also has to do with how do I ensure that nothing is, is changed inadequate way in, in inappropriate way availability, but there are a lot of things, again in there which have to do with identity and access management.
I think there's something where would definitely will touch on given that they have a broad experience in, regarding the requirements in dealing with the cloud. Okay. What are key success factors then for the cloud? One important factors is the independence of the cloud approach you're choosing. So you need a flexible service procurement out of different clouds. It shouldn't matter which cloud you're using private, public, whatever, a unified management, one UN all clouds, orchestration of business services.
Something I will talk a little bit more in, in, in some two minutes and one UN identities. Again, that's a very important thing. You shouldn't manage your identities per cloud provider. You should manage your identities once and you need a holistic information security. So unified security management, which, where you have the same requirements and enforcement in all the clouds you're using.
So again, it's a lot about information security. It's really a lot about yeah. Managing identity managering access. So how to deal with these changes. I've been talking about four big areas of changes, which are a consequence of the bigger trends, the major trends I've started with. And I think there there's three very important points. One is we need real business service management.
So service management, which is focused to provide business services they need, and which really consistently manages all the services, regardless of the service provider, we need a cloud ready governance, and we need information security and identity and access management, which is ready for depth change, which is really able to cope with the much more complex environments we are facing.
And so it's really, when we look at what business re wants, and when we try to let's say, reduce these requirements of business to the core, to their essence, then it's, then it are two things which business really wants from it. One is they want the services, they need to do their job and exactly these services and the way they think they need to do their job, not what it thinks, what they think in a way they need it. And business wants to keep corporate information protected adequately. I think that's something which is really very high on our trend of business today.
They understood information. Security is a major concern as a value information. And we have to protect in adequate way to do this. We need really to protect information then in every situation at rest and move for motion or in, in use, we need a secure information life cycle. We really need to understand how to manage this at any point of time, especially when data is sprawled, when data is traveling through cloud and our things. Yes. And so our approach on that, and that's where, where I will then come to the end of my presentation slowly. So equipping a role it model.
And this model is something which really helps you to organize your it, to focus in, to that focus in your it, to structure your it in a way which is really able to deal with the future and the upcoming. And in fact, current requirement of a ized world of consumerized, it, of cloud and all the other major trends. And the high upper level is the business service delivery. That's where they really design and, and the services business needs in context and in the, in the corporation with the business.
And that's also about the service requests where business can, or the services that's really where it's about providing what business really needs. The next layer is what we call the it service and security management, which is really focused on service management and information security.
It's a major layer in that area because that's where you really let's say, get a structure in where you ensure that business receives what business really requires and where you, on the other hand manage all the different providers of services, which are then the it service production, this it service production that could be on premise that could be cloud, but it doesn't matter to you. So the cloud is nothing else on a deployment model, and you're managing it from a service and information security perspective in a very consistent way. And you need to have to the governance in place.
So that's something which is, let's say going, which is across all these layers. And from what we see, if you follow this approach, it really helps you to structure what you're doing in it. And for sure, it's very helpful to have your, let's say it, service production and virtualizing cloud ready. So your own on premise, it acting like center.
It, you will have the ability to learn much more about equipping a call it model at our upcoming conference and through a series of reports, we have started publishing, but that's just a quick look at it. And if you look at it from, from what I've talked about, handling the cloud, managing all the different users, providing what business requires dealing with the consumerization, these are all things where you will find a very simple answer based on that model. It really helps you to structure that way forward. And for sure, governance is bigger than that's just as a side note.
When, when I look at governance, I think a very important point in this governance areas that we need to understand, and that governance is bigger than it is done typically today. So today the traditional governance, and it mainly, especially around when it comes to information, security is focused on systems. So are system security, which security requirements do they have the next step would be say, okay, I look at it from two angles, the system and the in information angle, that's sort of advanced, it's an information governance approach.
And if I have moved from system to servers, then I I'm at a, let's say basic cloud governance approach, but overall, we should end up as an approach, which truly puts also the process in there because the process sort to link between the services and information. That's what I would say to the cloud ready, full governance approach. But that's one of the things you also have to do when you're looking at these challenges I've been talking about in the first 20 minutes of my presentation. And I think that's a that's thing where you really should look at.
So finalizing was four reasons why you need high identity and access management, that and five things to consider when investing in identity and access management. I think the reasons are four important reason access is what business cares about identity and access management are cornerstones of information security, especially in increasingly complex environment. There's no real access governance without identity management as a foundation. And we need to consistently manage access of all user groups, everyone also the identity explosion we are facing. They use the same information.
They use the same systems we have to do it consistently. And the things to consider on investing in identity access management is that there's not one tool which covers everything. It's more complex. And we need to understand the big picture, big picture first for targeted investment. It's one part of our information security. And also we have to understand how does this work together with other areas of information security. It's not internal only, and there's no cloud IM there's one IM you shouldn't end up with identity, manage for the cloud management for the cloud.
And for internally, you should end up with one solution. It's a business service. It has to work with business users. So also that has to be exposed in an adequate way to business users and it's about processes. And so based on these big brands, we have a lot of things to face and that's where, what art and will field will focus right now on, in their part of the presentation. So thank you. And I hand over to will view KBA and ING then. Thank you very much.
So let us in start with a short introduction, the title of this webinars, conducting orchestra to new role of IM I think in Martin cooking us presentation, we heard a lot about what are the drivers, which bring corporate and enterprise it to new limits. I think in our presentation, we will step in into this few and provide an insight how Porwal things that identity management access management and supporting technologies can help to get hold of this challenge.
First, let us introduces is an international information technology service company with more than 70,000 employees in more than 40 countries, they serve a global client base. And as an examples is worldwide information technology partner for Olympic and power games. This is important to mention because here is one of the biggest challenges of it. Security in the international business. Atos has managed these incidents security incidents since now more than 10 years, without a single secure, pretty break or serious incident.
This is based on process provides to the part Olympic games based on a consistent holistic approach to it. Security Art was acquired products from Siemens in July, 2011, and is now leading vendor of identity and access management products and solutions.
Our S em, suite ranges from automated user rights management through access management and identity Federation for web. And so environments to identity governance and identity auditing. These are all the aspects which we've mentioned before helping customers to close the gap between identifying people in the process, this up to making security deliver to legal and government requirements.
In addition to IM core solution and products provide consulting for security and risk management authentication solutions based on biometrics, smart cards and car management systems and public key infrastructures as a part of the service and product range for it. Security, as an example also provides managed security services, delivering cards and key infrastructures for enterprise customers. One of the goals of autos is to be the European leader in the cloud. That means that autos is engaging in all aspects of cloud services.
Autos has global factories providing good TCO and standardization to achieve a high level of ROI for cloud environments. On the other side, especially European customers demand on providing cloud services with secure located services in Europe here, autos is committed to provide clear European offer to these customers. On the other side, with their high tech tech transactional services portfolio is positioned themselves to be a world leader and critical business. It services in this part of the offering. Also a global key offering identity security and risk management is positioned.
And as the first word says, identity management is one key element of this global offering. Having A looked at what was said about social media.
Now, some numbers are saying proves the point 93% of the world's population on those age of 40 have joined social networks. That means nearly everybody and today enterprises who hire new talents face the challenge that they have to provide these kind of accesses to these new employees, because it amounted.
They, I used to work in an open environment. So enterprises need to work with smart people inside and outside the company. So only if you make the best use of internal and external ideas, you may win as a competitive and a competitive game in this area. You also have a big influence. These people may also be interested in bringing their own devices it's they are owned by themselves, all the demand modern devices to be used and provided by the company. And if you have a look at these scenarios, they definitely have new challenges for the enterprise.
It not only from the speed of change, but also from total parameter, less few on security. Now coming to our title, we see the picture of an orchestra as very good to describe the situation it responsible throughout the world are looking at the situation up to now the old enterprise. It had the stable setup.
So where, what we from the identity management side always see a silos of information, but see silos were very stable and also well managed over the years. On the other hand, we had clear ownership for data processes and resources and see resources which were allowed to play part in the corporate network were very well defined and tested. So the role of an identity and access management could be described as the conductors enterprise of the enterprise orchestra, moving rights and roles and responsibilities at the right place at the right time in the well defined processes.
Also enterprise key identity and access management has proven their values throughout the years and provided very high levels of reliability and security to all these processes like S a P E P processes up to realtime communication or physical access to company resources in the new world. We are a little bit more like picture on the left side, where people decide to join in jam session and bring their own instruments and probably are not so familiar with very strict rules of the game.
So everybody joins in and tries to, to, to find their way into orchestra, to provide real good sound and join the party. The point is that the old fashioned way to control security in such environment fails.
You see, that's a guy first in the front somehow tries to, to keep up order, but at least the people behind not really seem to, to play according to his science. So what we see is that identity and access management also has to change its way to really integrate the challenges of social media, bring your own device. And of course, poses the usage of external E IDs like the German new passport or E I D card projects in other countries. In addition, external cloud services must be integrated and some sometimes substitute ex existing silo services.
So I, and access management must play to conduct a role over a much broader field of, of devices, identities, and systems providing the same level of security, auditability and authentication. Also in an now changing environment, as an example, for a really secure usage of all devices of external tablets or whatever, we, there is a offering of mobile security and a lot of companies offer isolated solutions visits. But the good example is in the old times, you give out tokens to control remote access, But who controls the process of giving out these tokens though?
All this new elements of the security infrastructure must be tightly bound in an identity and access management system, which in real time gives access a science roles and deprovision success were needed. So, so first goal is to secure business, critical information, to keep privacy and compliance, working in such an environment. And as Martin Kuppinger already did it out, we have a growing exploding landscape of identities and possibilities to interact in this new enterprise and social media based environment.
I think even if we don't want to see the challenge, as an example has started an initiative to go through zero email initiative, not meaning that you don't get any email anymore, but finding ways of communicating in an effective way using social media technology in, within the enterprise with controlled interfaces to the outside. So identity and access management not longer has only to control the identity itself, but the identity in a much more complex environment.
The second goal, which we always a little bit forget when we speak about security is that identity and access management has to play enabler role, enabling collaboration and innovation in this permitless enterprise. It has to control the entitlements for the classical enterprise seek cloud services and see have to, to control the security and the gateways to the external world. This of course also means that identity access management, it's not playing this role alone in the broader offering of a risk based security management system.
First of all, the risk management has to be translated into controls, which then have to be managed within an IM system within system controlling the network incidents and providing mitigation for this risks also on a behavioral level. Okay.
I take over from Raj, thank you very much arrived for his introduction to, and for presenting the challenges that we have here in the new world, presenting the orchestra, the big pan orchestra, the transition orchestra, but what is the real offer that hunters provides for helping customers, enterprises, organizations, to deal with the challenges of information security and security in the, for business critical applications.
So we have offering, according to the plan, do check act paradigm where we start with security consulting, we offer security solutions where we do the implementation of the project, design the specification of the requirements, and until the products and the solutions go into operations, but we can also do security assessments coming in to companies, looking at their critical it services, finding out what the user populations is, what their access rights are, how many people have offered accounts, for example, are there any accounts lost from, from people or are there any accounts still available from people that have already left the company?
And we also offer several ways of production options for the customers. For example, in addition to on premise solutions, we offer managed security services, hosted security service, and also security service that we offer from the cloud. So when we consult people in setting up identity and access management, we recommend to set up a IM program because we should avoid, or the customer should avoid to step into the identity and access management activities without having a clear plan without having really the requirements upfront. And because this would end up in a chaos.
So there are six several steps that we advise the customer to look at. The first step is to define the scope of the identity and access management program. So what is in the scope? What is out of scope in that program? It could be security assessment only. It could be only access management or identity management, or it could be identity and access governance, or it could be a mixture of all of these different flavors of identity and access management programs.
The second step then would be to define the current and future use cases and processes that are needed in the identity and access management program. For example, defining the process to manage the life cycle of identities, to manage the life cycle of roads and privileges or entitlements to do authentication use cases, to define the way how single and on or Federation would be utilized in the company. How can authorization be used? Is there a use case on the process for risk management and how, for example, the policies defined and approved and implemented.
And then the third step would be for each of that use cases to determine the requirements that need to be fulfilled. For example, for the identity life cycle management process, is there a requirement that the administration should be delegated to people in the department to the business owners, for example? So what are the requirements for approvals? What are the requirements for workflow based support in the life cycle processes? Is there for example, a requirement for using context based entitlement management to make role assignments and privilege assignments easier.
Is there requirement for separations of duties as part of the risk management use case, for example, is there requirement for access certification or risk based authentication, for example, when you allow people using their own devices. So you want to really control where this device is used. If it's used inside the company, is it if it's used outside the company?
So you may end up with having different requirements for authentication purposes, and then once the scope, the use cases and the requirements have been decided on customers needs to look at the technologies, what are the best technologies to support and to implement these use cases and requirements.
So this could be tools that are available pro products that are available for role management provisioning, versatile authentication, for example, or it could be tokens or the usage of national E I D documents for authentication could be tools for web access management, analytics, directories, smart cards. And then when the technologies are defined and then selected, the question is how can the technologies be integrated?
And this is the question of the interfaces of the communication interfaces of the problematic interfaces, but it's also the question will the company make use of any external identity providers, for example, for customers or for people that are members of any social media or a social network. So could these identities be trusted? And in the, in the last step, then customers will have to choose on the delivery option. Delivery could be on premise, could be managed. Service could be hosted within the Atos data centers, or it could be as a service in the cloud.
So these are the six essential steps to define the identity and access management program for our customers. So, and the technology that we provide here for the core processes are the Riggs product suite. So lyrics product suite is able to support the identity administration process, which is self-service to the user, which is provisioning essentially, but also supports then workflow delegation and access certification.
We have here, the identity in two flavors, the business suite supports the identity administration process and the professional suite supports the entitlement administration process and the governance process for the access process. When people are really accessing the systems and authentication takes place and singers, and on takes place, we have the product gives access and for the intelligence process to analyze what's going on and to find, yeah, key performance indicators and to define reports and to present this to the business owners, we have the product Derek's audit.
So in addition to the core processes that are supported by the products, Atos delivers identity and access management solutions in different delivery options, for example, on premise where the customer builds up identity and access management solution within its own data center, we deliver it. And from that data center, we also can provision any external cloud services, for example, for human capital management, supplier relationship management, or customer relationship management, when the customer decides to make use of such cloud services.
And the third option is that we also provide identity and access movement for these cloud services within the cloud. And also we can provide the customer with identity and access management services from a cloud infrastructure, for example, providing identity provider functionality in federated scenarios, or providing provisioning functionality from cloud based infrastructure where identity and access management products and the technologies are deployed as part of our managed security services offer.
We can provide in addition to identity and access management, several other solutions like the Atos high performance security suite, where we monitor security incidents as a ride force mentioning before, which is one of the example is the security incident management of the Olympic games. But we also provide some more malware protection firewall services, proxy services, or remote access services as part of this managed security services.
And this is based on our own product range, like the direct product suite or the biometric product suite ID center, or based on our own smart card technology. And of course this is them complimented by technology from our partners like Juniper, Microsoft, R Z, and, and whatever are listed here on the slide. I would like to give you three examples of successful implementations of identity and access management programs that we have done it for our customers in the past.
The first of it is the Siemens HG HRS services, which is a self-service tool for the request modification, reactivation, and deactivation of user accounts and entitlements for various HR related applications. These are both SAP and non-SAP applications. This could also comprise cloud based applications. And the application here establishes a comprehensive access management system for automated user and entitlement management. By the way, we'll have a presentation with our customer and the upcoming EIC conference on this topic.
The second example is how to integrate national or, or Swiss ID document here in that case for the purpose of providing access to several applications. And there's access comes here into play by sitting at the service provider side are protecting the applications and verifying the ID that is presented through a Swiss ID authentication in the first instance. And we also hear acting as a claim assertion service providing several attributes from the users.
And third example is an on-premise deployment that we have done for ag, which is our automotive supplier, where the challenge was to consolidate the difference corporate sections and companies under one identity management with the central administration of user accounts.
So that access to all information and applications is possible via an enterprise Porwal for both the employees, but also for the external partners and the solution boards, a centralized and role-based identity management supported by a central directory, which does the authentication with the definition of roles and access rights and by the automatic creation of user accounts and assignments of the related access rights.
And of course the benefits are cost deduction in administration, faster administration processes, better data quality, the ability for the users to do self-service and the enhancement of the security level and the better traceability. And, well, the last example here is our customer Telephonica or two in the tech Republic, where we provided a Sox compliant, IM solution for carrier services. And the special focus here was to provide the auditors, the capability to see really what's going on.
And this had to be done in a Sox compliant way, and we minimized TD administrative effort and, and lowered the it costs. And we did the assignment and replication of access rights in one single step for more process transparency and higher information security. And this was the last example of successful IM implementations that we did for our customer. And I will hand over Tory for making the concluding remarks. Thank you really.
So let me, let me conclude with some news on and cloud, because first of all, in the beginning we made the claims Attos most to be a European cloud leader. So here are three statements which really under the statement AR was appointed by the U commission to lead the consult of enterprise and research agency to develop a cloud infrastructure. And the bonfire project in addition made a strategic Alliance with EMC and for ware for open cloud computing, these Alliance canopy will provide a wide range of cloud solutions and services to enterprise pop.
The customers and with UNOS has made a strategic Alliance to provide to the growing cloud market management software solutions based on the products of the Chinese leader in this area. Last but least I want to summarize that you will see us at the EEC 2012, not only with some panel discussions, but also, and most importantly with case studies of our customers will already mentioned two of them. One is the project of EKG. The other one is the case study on the trusted identity information by Swisscom.
This was presented in one slide versus Swiss ID, and we will have several panel discussions on the role of in identity management. And of course we will be there with an old booth and partners, so you can visit us anytime you want. And I'm happy to close this webinar now with an invitation to CEC 2012. Thank you very much. Okay. Thank you. And so directly continue with the Q and a session. So if anyone has questions he wants to ask, please end these questions using the question tool, go to webinar control time.
We have first questions here and I'd directly want to start to use the remaining few minutes we have. So, so one question just a little bit more technical. One is I am integration. What's your thought on the maturity of sample based attribute exchange?
Well, we think that the sample has really proven that it is interoperable. So it's, it's proven for more than five years right now. And Sam is the defacto industry standard and of course work is going on on Sam and, and on profiles in using em. But we think that that Sam is really the key technology to enable singles and on over different security domains. Okay. Yeah. I think it's view, I definitely shares as a very important protocol in that area, and that's definitely one of the mature protocols where vendors right now have a lot integrators have a lot of experience.
Another question, my fear is, is so, so when, when looking at your approach on how to let's identify what a customer requires, it's sort of consulting lead approach right now. So moving, let's say from a pure product focus more towards an approach was just very much driven by first of all, consulting, identifying the needs and then picking to right mix of products, correct?
Yes, that is correct. So we think that it's essential in the beginning to really define the scope and the use cases. And of course the selection of vendors and technologies is something that will have to come in the middle, but this is certainly nothing that somebody should start with. Okay. There's another question I like to pick Richard Richard close to the sum question. Probably the last one we can pick today. Do you think that skim, so M is the next protocol to account for this regards to, from and to the cloud provision initiatives or is there another approach to it?
So is there an option to skim? Well, at least we hope that skim would be the one and only interface or, or protocol that can be used to provision the cloud applications. Because so far, of course, Kim is in its early steps.
So I, I would think that, of course we will have some revisions of ski coming up in the next half year or a year or so, but at least SDL wasn't the solution because it was not really adopted by the industry. So we hope that skim will be, and we also will invest in skim that's for sure, but it also depends on the, on the large cloud service providers, if they really provide us Kim integration with their services. Okay. Thank you. And by the way, Kim will be an important topic at ESE 2012. So we are at the end of this webinar. Thank you to all the attend for participating this called webinars.
Hope to see you all at ESE 2012. And thank you to the presenters of today would global and of thank you. Have A nice, but.