KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Hear how a leading multinational Financial institution was able to evolve from Role Based Access Control (RBAC) to the new paradigm, Policy Based Access Control (PBAC), and learn what challenges this solved, and the ROI they were able to see from using PBAC.
Hear how a leading multinational Financial institution was able to evolve from Role Based Access Control (RBAC) to the new paradigm, Policy Based Access Control (PBAC), and learn what challenges this solved, and the ROI they were able to see from using PBAC.
Hi, everybody. I'm gal. I'm the C I P of plain ID. So C I P O stands for innovation and product officer. That's what I'm responsible of. And I believe that's something which is very much needed, especially in this area. Plain ID is the authorization company. We enable you to connect identities, to data, identities, to functionality. And I'm going to share with you today, a customer story, a customer who had a lot of complexity implemented, and we assisted in order to solve that complexity. But you know, it's a bit late in the day, end of the day.
And I guess you don't want to start with the authorization staff. So let's talk about maybe what if scenarios, what if I told you I have this magic box, right? And it could do all kinds of stuff. For example, it could take complexity. It could take a lot of things which are not very clear and it could turn them to a few something which is very clear, or it could take something which is very static by nature, old fashioned, doesn't really move and turn it into something more dynamic in nature, something which is innovative, something which is, which can move and adapt to your needs.
And last it could take something which is not visible at all. You can't really understand what's going on there, right? And turn that into something which is more focused, more visible. But you know, we are not talking about this magic box. We are still talking about authorization. That's what we want to solve. So how can we take something which looks like this, or like this, I mean, this is your authorizations, right? How are you managing today? The connection of your identities to data, connection of your identities, to what those identities can access. It looks like that.
Does it make any sense? Can you understand what an identity can access? Is it visible to you, to your business owners? What if it could look like this? What if you can present a very focused graphical view of access to your data, of what functionality each identity can have access to? What if you had the ability to investigate that's plain ID, by the way, if it wasn't clear by now. So that's plain ID, plain ID enables you to create a graphical representation of the connection between your identities, to data, your identities, to functionality, what can each identity do?
And of course it enables you to manage that much more efficiently. This map representation, for example, enables you to see an end to end view form identities through the policies, all the way to applications, resources, and actions. I believe that's the only tool in the market today that enables you to see such a view. Now we went to our customers and ask them, okay, what would be the value of such a tool to you? Why would you need that?
So, first thing is it would provide the ability to audit and govern our data. It would enable us, it would enable us to understand who has access to what that's the very basic authorization question, right? Who has access to what? And we need to answer that we need an efficient way to answer that. So that's one, but in order to achieve that, we need to reduce the numbers. We have so many definitions today. We can't understand those definitions. We need to UN to make sense, to understand the sense behind the definition.
So that would be the second thing we want to achieve, reduce the numbers in order to be able to efficiently manage that. And once we got that, we can actually involve our business owners.
I mean, think about that. And authorization decision is a business decision.
Can, who can, who can request a loan who can approve a financial transaction. That is a business decision. It's not a technical decision. So you want your business owners to be involved. You want them to be in control, but in order for them to be there, you have to provide a tool that can, can enable them that type of approach. And last, last, the last thing to be more dynamic, to build smart decisions, not just based on something that happened.
I dunno, a month ago, a year ago, I want the access decisions to be accurate to the hearing. Now what time of day it is, what days from where the user is accessing, what are the overall events that should influence the access decision? All of that can be, can be a part of the decision. The decision should be accurate. It should be made at the time the user is actually accessing. And that leads me to the use case very briefly. I know I don't have so much time. So I'm going to share briefly a use case of a global bank. It's a us based us based global bank operates worldwide.
They have several 10, several tens of thousands of users, and they had so many laws. It wasn't efficient. And they wanted to address that specific challenge. That was the starting point. Okay. They had just, the, just when we started, they had 5,000 access rules. They had all kinds of compliance requirements, which couldn't be addressed at each and every application.
I mean, where do you manage your access rules today? Some of that active directory, some other in the application, another place, maybe another repository. So it's distributed all over the place. You don't have one central place of visibility, right? That was the situation there. It was distributed all over the place they had. You can see the implications. I guess some of you might have the same implications today. Very hard to audit, very hard to manage. And there aren't enough definitions to control. Whatever is needed.
If you want your compliance team to place the restrictions, information barriers, for example, it cannot always be implemented across all entry points, right? So that was the problem. And also it was handled manually, no automation. So the whole, the whole package, and that's where we came after the project, which took a few months that's that was the outcome. We reduced this amount to 200, 250 52 policies, visual policies in the graphical UI. I shared with you before.
And that enabled them to manage in a Mo to manage those decisions in a much more efficient way to enable their business owner, to actually take control and walk with that tool in order to implement if they want additional controls as well. So you can see, I'm not going to read through all of that, but that was the, eventually that was the outcome. So just to, just to share a bit from the process to, in order to achieve that, there is a process of course, and it can take time, time, but we're talking about months, not years. Okay. Just to reduce.
And it includes the ability to detect whatever identities, authorization data you have in place. In order to map that work with advanced analytic tools in order to analyze the current connections of identities to data and form that build the policies, the visual policies, those policies, and are uploaded into a studio environment where you can view them, test them, analyze, validate, and go through a workflow process and approval process in order to deploy the actual policies that can also be delegated within the organization, if needed again, based on whatever requirements you have.
So there is a tool and there are a set of, there are a set of processes associated with the tool in order to eventually achieve that result. So just to conclude that I know my time's off, so perfect. Some take some key takeaways. First of all, policy based access control, that is the way to manage authorizations today. I know you might be familiar with role based attribute based policy based is the method that enables you to utilize the best of both folds attributes and roles. So this is one second. The responsibility very clearly shifts today form the it to the business.
Authorizations are no longer the domain of just the it, the business must be involved. They must be part of that. And in order for them to participate, they need to have a tool analytic. There's a whole lot of mess with all those definitions. So analytic is an very important component of any authorization solution, which you're looking to eventually implement.
And, and last, there are short term and long-term requirements, writing authorization, maybe a lot of authorizations today are based on active directory, but what happens tomorrow, you might want to migrate to the cloud. It works differently, right? It's not the same. You might have other initiative look both at what you currently need and what you might need in the future. Okay. So those are my, Okay. Thank you very much.
