KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Globalisation has spread business and production sites all over the world. Companies are faced with distributed IT systems as well as with different and demanding regulations in various countries, spanning from USA through to Europe and Asia, especially China and Russia. For many businesses IAM is a central part when it comes to managing employees, partners, customer, things and APIs in a secure and reliable way.
Globalisation has spread business and production sites all over the world. Companies are faced with distributed IT systems as well as with different and demanding regulations in various countries, spanning from USA through to Europe and Asia, especially China and Russia. For many businesses IAM is a central part when it comes to managing employees, partners, customer, things and APIs in a secure and reliable way.
Yeah, thank you very much, Martin. And good morning, everybody. It's great to have you all in this. Talk about the challenges of global identity access management, which was directly between us and the coffee break. My name is Andre. I'm the CTO of IC and talking today together as my colleague. Hako.
Yeah, good morning, everyone. I'm HaCo. I'm responsible for marketing and sales inside the IC consult group and our services are spending from business consultancy process consulting through to implementation integration, operations and services, and last but not least managed services, but coming to globalized identity and access management, probably for a lot of youths important to have IM without borders. So your business is international spending from the United States to Europe and to some markets which have possibly more challenges like China, like Russia.
And in our daily life, we see it. A lot of our customers, they are despite being one of the biggest tax, 30 companies that they are still struggling with those markets. Cause basically there is no knowledge.
There, there is a language barrier there you can't even read normally the letters. So everything is a little bit more complicated. And when it comes to IM it's of course, a little bit more complicated. So why are those countries and different regions in the world that important? So as an international enterprise, you are of course spread all over the world. Your employees might be only in some regions headquartered in the us and some subsidiaries in Europe or vice versa, perhaps a market organizations in APAC, but at least your partners and customers, your applications, and probably things.
So if you have determined automotive industry in mind, BMW cars, Porsche cars, Audi cars are distributed all over the world. And especially markets like China are very important and growing. And so you have to take care that you offer your identities, that it be customers, partners, or employees, IMS services in the same quality as basically in your home region, in your hometown, without having any delays, without being able not to connect to certain applications, being hosted in Europe or somewhere else.
And together with this kind of distributed identity and access management challenger problem, you have to deliver your product from a global point of view, always faster and faster. So time to market becomes crucial for you. When it comes to connected services, you have to support with your IM international rollouts with based on different laws based on different compliance and regulation policies. So you have to adapt some processes in different parts of the world, where in some parts of the world and valid IDs, the mobile phone number and others, it might be probably the email address.
You do have some variants of your processes and you have to cover all, all this. And when it comes to international rollouts, a big thing is costs. So you have to set up your infrastructure many times in different regions. And if you do it manually, you have to pay three times, four times, five times for it. So it's a big, big thing.
If you can reduce it and make it a little bit more, more intelligent in order to support your HR organizations and your DevOps team, you need an IM approach fitting the new DevOps paradigm, not being, just setting up and installing a product and having a gap between your development teams and the IM infrastructure. On the one hand, it's important to have a seamless connection between them and to give you development teams you have of teams, all the possibilities they know from modern application integration, from modern software development or a lot of self-service staff and pieces.
And last part, not least for you. It's very important to have no lock in lock in the sense that you have to be able to roll out your solution all over the world. Imagine you decide for a product, let it be an on-premises product, or let it be an either service. You set it up in Europe, you set it up in, in the us, and then you are planning your role out to China. And suddenly you recognize, oh my God, they do not have a solution for China. Then you have spend money. You have spent time, you have set up your project. And at the end of the day you fail.
Cause you can't copy the same approach as being in rest of the world to some countries. And then you are pretty much locked in into a certain vendor or product. So it's very crucial for you to have the possibilities to roll out over the world. We thought about it and set up an approach for a globalized identity and access management and have the possibilities to provide identity and access management as a managed service around the world without regional borders. And basically it's very simple. So we took a best of breed product.
We took the paradigm of infrastructure as a code to get rid of all the manual definitions and setups and ordering processes of infrastructure to allow outer scaling, which is important. If you have different peaks, when it comes to logins or registrations, imagine you have a campaign or a, a, a start off of production as an automotive, then you have a little bit more load or in the morning, for example, you have configuration as code have the whole product is configured in code. It's much more easier to maintain.
It's much more easier to reproduce and supporting modern development approaches like you were expecting. So if you think back 10, 15 years ago, when you had IM products where that you can trust configure by clicking through a very complicated UI, and it was pretty complicated. You had this manuals for staging 50, 60, 70 pages, please operations team click here, click there, input, set this check mark. And basically there was a point in time where it failed and you have to debug a very complicated set up last, but not least paradigm.
A hundred percent automation enables us to reproduce everything fast and to have a production ready instance of a complete IM stack for customers, for partners, for employees within a couple of minutes for that, a patent is pending and we called it service layers. And Andre will give you a little bit more insights on how this approach can solve the global challenges of identity and access management.
Andre, Thank you, HaCo. So before going into the details, how to challenge, well, the, the points high mentioned what are in detail, the problems we are talking about when providing an identity access management solution worldwide. So I think we have different perspectives there.
Let's, let's have a look to the end user perspective if you're not having one central identity access management, but decentral identity access management spread all over the world, depending on your use case, you don't want to have your end user register again and again, having different accounts and different regions, different passwords, different set of data, which are not connected to each other. Think about digital services.
Think about apps like Uber of one of the core value proposition is that you can work with your account worldwide and do not have to register again and again in each region. Otherwise you would probably go for a competitor in a special region and not stay stay to that service. So first challenge is you really have to use the traveler issue if you are providing services for which this makes sense. The next perspective is for the applications.
So if you are an application owner, providing your application in different regions, and while we are, are moving into a microservice architecture, but it does not mean that each service is available in each region. You have a caller service in a different region, and now your tokens are not valid in that region because they have been issued by another region. This will cause a lot of issues.
And also if the identity access management provides in the different regions act in a different way so that you have your to, to adapt your applications, to run in these different regions because of technical technical requirements. And then the point, which is important for everybody of us who is in charge of providing an identity access management system. If you have to provide solutions, spent all over the world, the implementation complexity goes higher and higher. You have a lot of operational overhead, and you have to support these systems.
You have support the applications and the users in these regions. And this is challenging, especially if your team is located in one place. So how can we, how can we come as these points and what is our approach? We have taken with service layers, the patterns apply to other solutions or as well, of course. So HighCo already mentioned the approach of infrastructure is code configuration is code. These patterns allow you to have the tools, the truth of every system worldwide in one central repository.
You can, you can now build the individual instances in an automated way, by taking all the configurations, the, a base product, everything out of this repository, build it tested and deployed, deployed into one region into different stages of one region, K development environment and test integration, quality insurance environment, and product driven environment, but also takes the same or a similar configuration and deployed into other regions. Maybe not the same because you have a different set of attributes there, different log in credentials.
So Google for the Western world, WeChat for China, for example, as an authentication source. So that's, that's one, one important aspect That approach solves some of these issues, but of course not all of them, it solves the issue that your identity access management systems behave in a different way in different regions because they have the same source, the same source of information. So you can make sure that for, from the application perspective, it feels the same.
Of course, there might be a few differences. For example, if users user mobile number instead of email addresses for log in, because it's more popular in that specific region, then this is a small influ small, different which can influence this application as well. They must not rely on the email address. If there may is no email address from the identity provider perspective, the implementation complexity is much lower because we are maintaining it once and then enrolling it all over the world and not maintaining each region independently from each other.
But anyhow, a couple of challenges still remain. And I also want to share the approaches we have taken on that. So from the end user perspective from, well, we all have the tools to replicate data all over the world. That's not a technical issue, but unfortunately, a legal issue. There are regions where we are not allowed to, to migrate or to replicate data away. There are regions where we have to make sure that we initially store the data there before replicating them in, in other, in other regions.
And unfortunately there's not one way, which is the right one for each organization, because the appetite for risk is different in different organizations. It depends really on how important it is to you to have the data available in other regions. And therefore one approach which is working always is having an intelligent user roaming. So just making sure that enough data is distributed to other regions that users are able to log in, but no information, which is not allowed to be replicated away from, from regions.
So this so based, based on, on, on hash algorithms, which makes sure that the data is not cannot be restored. This is very good for the end user, but did not solve other problems like incompatible tokens or the support point. So what is approach we have, we have taken there very few technical overview on how is this thing about talking, working based on the O two protocol, which is very popular. So what do we have here? We have typically we have an application, a mobile app. We have the identity provider and we have the API.
So the application is requesting the token from the identity providers using the token. It's the gateways. And that's it. The gateway has to validate the token, that different approach on that, but one popular is talking introspective protocol. So what is a challenge in an international and in a globalized scenario?
Well, imagine one identity provider, for example, the Chinese one has issues a token, and now the application, which can be a mobile app, but can also be a backend service, has to call an API, which is not available in China in a different region. And now it has to validate the talks. What you typically do not want is that every API backend has to know all other authorization servers worldwide and, and having the logic to call the right one, or you do not want to use the same set of keys worldwide.
Therefore you have to solve to solve this one approach can be, and that what we have taken the service layers, having an intelligent mechanism on the authorization server sites or the authorization service able to detect the issuer of the token, taking care of validating the token, maybe transforming data and catching, catching the results and providing it back to the applications. So still one point open, and this is the support, the support issue.
I'm not talking about that you provide 24 by seven for major incidents, but really supporting applications for the integration into the identity access management system. And one approach. One approach there is, and I think that's the right the right way to go. Not only for remote locations, but also in your home location is to provide self services to the application owners that they are able to integrate the applications. Maybe not just based on a Porwal, but also on an API, which can be integrated seamless into their C I C D.
In addition to that, you of course have to provide features like delegated user administrations to your remote locations so that you're not, they do not depend on, on a 24 by seven help desk at your team. So that's the approaches to take on a globalized identity access management solution and what we have done with service layers. I hope this well, give you an idea how, how to, to cover this. And you're very welcome to contact hiker or me, if you further questions about that or to come to our booth. Ha. So now the last one between second here in long second, last one. Okay.
Then I've 30 minutes left. Thank you. Two more announcements. So as a keynote is limited in time, Andre will be on the panelling globalized IM today at 1240. So there might be a little bit more time in order to ask questions. So I get a little bit more details. So feel invited to join there. And one of the highlights of today, today at 7:00 PM, the IC group band is giving their gig at 7:00 PM in the, the evening event. It's not a higher band, so it's are our employees and we figure out new business possibilities. Perhaps music is far more attractive than I am. Thank you very much. You later.
Thank you very much.
