KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In this presentation, SailPoint will explain why Identity Analytics will change the way companies will think about CyberSecurity, by adapting ‘Predictive Governance’.
Predictive Governance will enable organizations to be more effective and efficient at governing access without increasing the risk.
In this presentation, SailPoint will explain why Identity Analytics will change the way companies will think about CyberSecurity, by adapting ‘Predictive Governance’.
Predictive Governance will enable organizations to be more effective and efficient at governing access without increasing the risk.
Coming up with the next password. Yeah. And the next password might be artificial intelligence. So thank you, Paul, for setting the stage for that.
So the, the first thing, everything we, when we are talking about predictive governance, we have to talk, well, what are you talking about? So is it machine learning? So what are you doing? Well when we talking about artificial artificial intelligence, we're talking about the narrow intelligence in that though, maybe, you know, that we have, this is a three step approach. So the narrow intelligence is a very focused intelligence. That means this intelligence maybe could beat a chess master, but it's not able to sort this data on your storage in a right way.
So just to get that right, so it will not take over your business in two years or so. So that's not what that learns. So this is what we doing in that and how we use it and, and what it should give to the business at the end of the day. This is what that speech is about. So why now this is even a point that comes up.
Well, you there's a lot of times. So when I'm running for the agenda, I found a lot of artificial intelligence. People want to talk about it. And this is really interesting that all this buzzwords rising up more or less in the same timeframe. And then everybody's talking about that.
So, and well, what we've found is that there's much to do for the users in terms of governance. If you, even if you're talking, talking from, from access process or access requests, and also from a governance perspective. So the computer cost and storage is still there. So whoever bar it or have to expand the, the, the sound storage knows that it's still expensive. Whatever you're talking about, the skill advance is what Paul talking about. Bring your own device is still there. You can use a laptop or a cell phone in each ever way. You like it. This is part of your, of your working place.
And still the companies have to be cost effective. This is a point you're there. And of course they are also Analyst like, like keeping a cold who care about this numbers. And you see around a third, you could be done better if you're using some kind of intelligence or machine learning, help you to yeah. To make things easier, easier for the users, make good to, to bring, to bring the ability or the visibility to make the right decision, better decisions. Yeah. There is an old way and a new way. We believe that predictive governance or however you will call it will be the future.
The old way I faded out, because I think it's not longer to stay here talking about the old way, you know, that still. So we have a lot of governance process in place at the moment, what we, what managers have to have to re-certification or when you have to deal with sods or something like that. So what we found, it's a really extreme time concerning process. If you have to care about governance and still what, so whatever you give to the customer in terms of, well, you can make a good description and we can upload in bulk loads or whatever it is.
They're still asking the question, well, I have no clue. Is this the right? Right or not?
Well, you can forward it well, but I wanted to decision, well, I have no, and he leave it and going away. And then you have more or less out outfitted governance, certificate campaigns in the, in the business, which doesn't end anymore. And you're coming, don't come to a point when you can say, well, I can move my manager to fulfill the governance processes in there. So the idea is whether we, we hope that with the artificial artificial intelligence, we can give more ideas how to make good decisions in there. And how did Y MCEC and how this might work is the following steps to continue.
So what we found is they might be some kind of permit in, in there starting with a context, sharing, standing on trust, and then coming to automation. I was jump in that a little bit easier. So when you're starting with IDM or with IDG governance, or however you record it, you will come to the point when you're looking to roles, when it comes to roles. So often the customer asking, well, are you able to give me some ideas, how roles would be built? And they are bunch of business, rather there would help you finding entitlement clusters and all those stuff we doing.
It's not a really different approach, but a similar approach. When we say, well, there might be some peer groups in the, in the company. So guys who have similar tasks, similar, similar jobs to do, and we see that they have similar entitlements in there. So this is a social structure we find out there. And the first thing, what we are doing is we give you the, the, the visibility to all that guys. So have the similar, or at least in the neighborhood sounds very clear.
Well, this guys might be that doing the same job as I, maybe you work the same project or on the same projects. So we deliver that in terms of, of a, of a new picture, how you can see, well, there is a graph in there, and I can see something with that. This is where it starts. The system is able to learn over time. What you accept in terms when access is done. And it gives you some idea, well, maybe it's a good idea to, to, to accept this request or to re the request.
So it is just learning then when you talk about trust, so it learns, it seals decisions, which we make with other customers or with other guys in this peer groups have, and it gives you some recommendations. It's not at the first step that it's doing the things for you that might become with automation, but it gives you an idea.
So, well, what should I do with that? So beside all the descriptions I found in this request, is it a good idea to say, well, I reject that, or I, I allowed that, that request to run through. So this is the next step in, give you an idea, making a good, let's say help you make a good decision. Then of course I can remember, Martin has something like that in the, in the very first presentation you have when it comes to the, to the excess outliners. So things which are very certain in the company, this could be a good thing, but maybe want to have a special look for that.
And to make it easier for you to found this outliners, this is one of the piece, what we also want to do with there. So then the steps was coming from a, from a social structure, like peer group to trust, internet, to automation. So what we are doing today, well, we have requests with more or less. I print sips in there and then we make a provisioning and we are notifying. And that's how it works today. This is also a very time consuming process. And this is also a point where machine learning could come in place. So remember the steps we do in place.
So run this product for a while, and then maybe you'll be able to, to say, well, for the, for the low risk things I found out in the systems of the machine gives you the idea. First, you control the thing, but then it could be automatically assigned and sent you just a notification. This success was done.
And I, I approve the request. What be done, everything is fine. Here's your information. And of course, maybe you have a deep link in there when you can make, make, make other decision.
Instead, if you want to, to rework, if you want to rework it or want to have a look at the decision, but it helps you to let the things run more smoother. So it's not longer necessary to have some apps on the phone where you can say, well, now I have to, to, to request or to approve this request. So it's just done automatically. And of course, for the high risk user, maybe some similar stuff might happen. So they have also the six eye principle in there.
But instead of make this provisioning, we'll say, well, we found out that normally why success is revoked for managers and we can do, we can split up the things again, this is just a proposal, how it could be. So they can say, well, one right will be revoked. The other right will be approved. And we send just over the notification to all the in involved people. And you can have a look at the decision, but the decision himself is made automatically.
So the guy who wants that access can do at least somehow somewhat, and the, the rework of this decision, this could be not only by the peer crew, he in could only come from the, from the location where you make the request could be different, different, let's say arguments on which you make this decision. If the excess is revoked or not, this is how it could looks like. So one of the idea, there's a screenshot from the product where we have some peer groups in, in, in there. So it's at the end of the day, it's a, it's another look and feel in that.
So we, we, we create clusters in, in similar entitlements, but you can drive in as a system. And I don't bring in another, another slide, but you can also deeper dive in there just down to the entitlement level that you could exactly see what happens in there. And there's another shot, which shows you not here in that presentation, but there's also another shot, which shows you. Okay. But relate to the company who has that access on which amount of people have that access. So is it necessarily that everybody wants to have it or not? Something like that.
So just to get more idea, is this a common access, or is this very certain, or have a, if this a risky thing or not? So, so if you're seeing your company that maybe machine learning would be an idea you want to go to, maybe if you're looking through the, so your trust thing, and you will have to look, if it's possible to include that, and this is what, what you should learn from all the things. And I think that I can't say often enough. So data at the end of the day, data is king from everything. Data is the one thing. And the other thing is visibility of data.
So without seeing anything, you can't make a good decision, whatever, however you name the tool, whatever it is, visibility is the king beside of data. So you can catalog that. That means the first step. So where is your identity data line, most of you guys using that, but if you don't have an identity identity system in place or only a provisioning system, whatever it takes. So no matter on which state you said in that, in that stage, you have identity data. And we can read that product should be able to read that identity data. Then the governance data is the other things.
So where come the request from. So we have the very old often at that times that companies running things like ServiceNow or running also an identity management system and some provisioning accesses are coming from the well, let's say access requests come coming from the em system. And some tickets are opened in ServiceNow. So you have different, maybe different sources where you have your governance data lying. So you have to be aware of that.
And the usage data is also a very important point because what we, it's not only the access, what you want to control and the peer groups who use that access. What you also have to contrast is how often this access is really used. So if you have old access in the company, which is not used for a year longer, doesn't it make sense to show it to you and say, well, maybe this could be a little bit risky because nobody's using it. Is it necessary to have that? So something like that, and you see, there are bunch of system where this usage data come from. And so I don't want to run for that slide.
So a few of the points, when you say, what are we looking to achieve are very common. So like the reduce the time excess is granted like that, but maybe other things add a little bit, a little bit more because are little bit newer, like reduced certification only for the risky things. We all know that we try to do that in a certification, only care about the risky things, but what the hell is risky. So that depends highly on the job you are doing and the risk you are, or the, the right you are talking about. So at the end, so identity I E is, is indeed a product we have already in place.
It's not, it's not, it's not viable in, in Europe, but we have it in, in north America. We have three or four light lighthouse customer, because it's really difficult to create test, test data for product, which is machine learning. So it's not so easy to do in that. So we have that at lighthouse customers. And how do we adopt these points are talking about? So we have four core capabilities when we're talking about the history of an event. Also in relation two times, we have, we explore all the things we are connected to the system.
And again, visibility is king data is king in there. We control the peer groups. So people with similar entitlements and we are looking about the behavior of those. So what are you do? Are those doing so those groups doing with their entitlements and the, the risk we might find out. So in that way, the, the data ecosystem of course, is on one piece, our own software solutions like identity IQ identity. Now these are the both identity ERG products we have and security argue, which cares about the unstructured data, data classification, so forth.
So we can take that's output coming from that part. And we have all the guys like algorithms, slung, McAfee, a site.
So we, we supported the different, the different let's say, event formats they need, and we have direct connectors. So that, so, so read and give information to that, to that application and read the information from that, to have that in one, what we call identity IE, in one application that we can work with at, and this list will growing. So this is where we start now. This is that what we have at the customer side. And so at the moment, curator is, is very, very famous on, on EBM customer. So we'll be looking for a curator connector to building that.
So this will rising up like the connector list, rising up in M systems, really like that. So from the history point, we want to understand each identity, historical behavior. This is a point, so this is not comparable with historical reporting, don't get that wrong. So it's not only what do you have in that certain amount in that time point, it's comparing the time points together. So what changed also? What are you doing with this rights at that point of time? So it's a little bit more than only have a re a history reporting. This is easy thing.
We have this already in the em product, and, and you can use this, of course, if you want to have a look right there. So often when it comes really to breach, for what reason ever, you can have a look in there from a forensic standpoint. So what really happens through all my systems to all that stuff, not only what I have in my M system, but what I have in all my systems. And it could look like that. You see that you can switch over from the, from the excess items to the accounts, with the entitlements.
Of course, we deliver all the content, what we found in that, in that focus. So it can to can drill deep down, to find out who gives the access. For what reason, what is the description behind that? What will the different access have that point? So all this totally around viewing on that point in time, you can do this in that case. The next thing is to explore. So how can we visualize the data, how to bring that up? And that might be looked like that. So at the moment we have around 25 fus, you can change in between.
So there might be coming up some more, but this is a starting point that you can, how you want to see the data. This is data we have in the system showing from, from an overall perspective like that one, but you can also be very specific on one user behavior, what this user is doing around the world.
So again, we know that this is not necessary for the common standard user, but the one or the other user. Maybe you want to have a look on it.
So, especially if this is our guys, which are traveling very heavily around the world and having the different rights in there and peer groups, of course. So peer groups might be the new group behavior or the, the new, well, it's not a buzzword, but I, I'm pretty, I'm pretty sure that we have, that we have, that we will look more and more for peer groups instead of looking for departments or for projects, something like that. So peer groups is a very interesting thing. And when you have the access, this peer groups by changing access, also this peer groups might change very heavily.
So this is a very interesting thing. It's quite more dynamic as to, as to change departments or change projects in there. So the easy view is in that point that you can, well, let's have a look.
What, what do I found? And if you click on there, so you can drill down in the peer groups.
So again, so you see that the peer groups, you see the peers who have the same entitlements or similar entitlements, and then you can drill, drill down and make your own view. If this, what do I have here? And you can use that, for example, also to build up roles for that. So whatever you need for that, but the peers groups will still there and you can use it for whatever your needs and behavior and risk the last one.
So the, so this is also where the I, where the idea come from to work with machine learning. So while, while our customers often say to us, well, it's nice what you're doing in the, in this reification space. And it it's okay. I can use it, I see something, but it's really hard for me to run for that stuff.
So, and this is when it comes, well, maybe it helps if we make some good proposals for you. So is it worth to, to make approve it? Or can I revoke it? So this can look like that. So guys who are familiar with our, with our front end could see, this is pretty the same, but behind it, you see this IE button and IE gives you some more information around that, which might be helpful than any description could be. Yeah. Just to give that idea and that's it. So predictive governance is role there. We're working on that. We'll all be here. I would say, end of 2019, that will be a product here.
And yes, we know that that machine learning will drop down for the biggest customer down to, to the mid-range customers. This is a very common thing because your more data, your more data you have, your more interesting is that the machine gives you more insights of the data you have already there. Thank you for your time.
