In his keynote, Bryan will talk on how automating Identity and Access Management can evolve your operational maturity and strengthen your security programs.
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In his keynote, Bryan will talk on how automating Identity and Access Management can evolve your operational maturity and strengthen your security programs.
In his keynote, Bryan will talk on how automating Identity and Access Management can evolve your operational maturity and strengthen your security programs.
Hello, and welcome to our webinar today. My name is Brian Christ sales engineer. With Hitachi ID.
Today, I will be presenting why we believe an automation first approach to identity and access management is the correct one. The runtime for this presentation is just shy of 20 minutes. So with that, we will dive in back in March of 2020, we got hit with this thing called COVID many organizations scrambled to adjust, and we had a sneaking suspicion that they might not be doing so well with it. For that reason, we conducted a survey in may to a hundred CIOs asking that very question, how are you doing? Not too surprisingly, 95% of the respondents said they weren't doing well at all.
The next month we looked around and it seemed like maybe the economy was starting to get its legs back. The aftershocks were settling down and we wanted to know the answer to this question.
In 2019, you made plans for 2020. Those all went out the window and you made new plans. So what are you gonna do? Are you going to stay the course with your new plans? Or are you gonna go back to your pre COVID plans when the dust settles again, not too surprisingly overwhelmingly, the majority of respondents said we're gonna stay the new course, and we're gonna focus on cybersecurity and remote enablement. And there's a lot of really interesting observations you can take away from this data.
But one of the things that told us is that organizations are aspiring toward a greater level of operational maturity. Of course, we believe that an identity and access management approach that in that is an automation. First approach is critical to doing so we're not alone. Industry Analyst are saying that the automation of joint removal lever process is absolutely critical. This is not just an efficiency thing, but it's also security matter. It's not okay for an employee to leave an organization resulting in orphan and dormant accounts with possibly active entitlements in hand.
It's, it's a big picture. It, the industry is, is going that direction, right? So there's an, a recognition in the industry that intelligent automation is the way of the future. And over the next two years, those kinds of solutions are expected to grow by 35%. Before I talk about what an automation first approach looks like, I do wanna talk about some reasons why I think folks don't go down this route.
And, and, and part of that includes a set of misconceptions. Some organizations think that they're just so different, so unique than other organizations that they possib. They can't possibly use the same process as others.
And I, and I think what this is, is in some cases, it's a lack of introspection. In other words, if I really boil down an organization, there's some, there's some commonalities, for example, you've gotta be monitoring a system of record if you're not probably not paying your employees. And at that point, you have a dysfunctional organization you're onboarding you're off boarding. And so you've kind of got this common set of things going on, that every organization deals with. And if you can automate just that, you're immensely better off this next one.
It is really interesting because 15 or 20 years ago, I probably would've like, it might have been acceptable to say that it's just not the case today. We can't expect employees to use another software tool. My father-in-law he's, he's over 80 and you'll catch him on his smartphone all the time, downloading new apps.
You know, we don't call it software, but that's effectively what he's doing. He's learning and engaging with new software all the time. So I think this is a bit of a distraction tactic, a resistance tactic to just try not to, to absorb another piece of software, we must clean up entitlements first.
I, I like this one because it has the appearance of being legitimate, but I think when you really get into it, it, it just doesn't hold water. It's true. Application is actually our are full of dirty data, but the reality is, even if you're not automating, you're doing it today, somehow you're working around this dirty data.
And, and what I would tell you is let an automation first approach actually help you uncover that dirty data and correct it. There there's a misconception that that roles need to be defined. First. I roles are great, but they're really well better suited for large communities of users.
And, you know, a colleague of mine once went into an organization to help them with their strategy for this. And I kid you not. He said they actually wound up with more roles to find than employees. And so while that's a bit hyperbaric, but true, it, it can, it can show you how you can sort of get caught down in the, you know, paralysis by an analysis mentality that comes with this. And so I would say use rules, discreetly, let an automation first approach, and the data drive you to defining roles.
If you can do birthright access on day one eighty twenty rule and all you're, you're doing really great out the gate, worry about roles later. Here's one. We need to use our it TSM for access requests. So I would never condone replacing ITSM with an identity and access management solution. They're actually complimentary. I TSM is a great place to have secondary logging to fulfill other kinds of requests, but an ITSM system doesn't have insight into existing entitlements.
It also doesn't have the privacy controls that you really want when you're doing access requests and entitlement enablement. And so for those reasons, they're, they're not, they're not mutually exclusive.
And, and I would never advocate for getting rid of your I T SM one of the other reasons, I think that many organizations don't pursue an automation first approach to identity access management is because it's challenging. And I'm not really talking about challenging to the organization itself, but, but almost the solution itself.
It's, it's difficult to get these things, right? These there's, for example, let's talk about system of record for a minute. You know, it sounds pretty straightforward.
Oh, okay. I'm gonna monitor system of record. I'm gonna respond to business events, but you know, there's a lot of idiosyncrasies to that, for example.
Well, how many system of records you have employees contractors, you know, higher education often has three, you know, students, faculty, alumni. And then of course, as, as, as I mentioned briefly, you know, there's dirty data. How reliable, how accurate are these systems and, and how do you gracefully handle inconsistencies?
Of course, there's a lot of moving parts in the joiner mover, leaver process, the user lifecycle I'll, I'll make, you know, one illustration here through an example, say for example, Sally leaves the organization. She does. So on a good note, she gets married as is marrying a lot of culture. She changes her name a few years later down, down the road, she decides to come back to the organization. That's all well and good, but, but what if she had not left on, on decent terms? What if she had been urgently terminated for something that was inappropriate?
Well, you know, it, it's challenging to recognize that, you know, this person has a different name yet, yet they are the same person that was, was fired years ago and you don't wanna bring them in. So, so can the solution set, you know, figure out that complex situation and actually block the user from rejoining the organization when they shouldn't be allowed to access controls are super important. I talked about this slightly with regards to ITSM, but you really need to have good privacy controls and some good think about it this way.
Probably the worst thing, you know, possible thing that could happen if you're, you know, got an I TSM system in place is you log in, in the morning and low and behold, you see a ticket there where your colleague is gonna be, let go in two weeks or, or worse yet, it's you. Right? And so there's, there's just some things that relationships that aren't easily modeled in ITSM, that that can be quite embarrassing if, if if's not handled right. And so you, so it, it, TSM is often not suited for that when identity and access management with good automation is.
And lastly, you know, for all the things that you can't, you know, automate, you need to able to gracefully invite human, the human element into it. So when you can't predict what they need, well, do you provide a convenient way for the end user to get the entitlements they need?
So, and do you get those routed, you know, intelligently to who they should be. A lot of times there's a tendency to route this stuff to it. You're the help desk. And while they can probably pull the lever, I'm not so sure it makes the most sense.
I, I think in a lot of cases, the manager or the stakeholder or a project should be the right one to make those approvals. And so you need to be able to, to handle human requesters and you'll be able to do it in sort of an elegant fashion. So what does intelligent automation look like?
Well, at a high level, it's basically the ability to consume these business events, these things that happen to employees in an organization during their tenure and funnel them over to a workflow request engine with the anticipation of garnering approvals for, for those access requests. But along the way, subjecting them to the proper policies and controls. This is not a one size fits all situation.
So, you know, different users should be assigned different risk scores. And depending on, you know, what, what function they have in the organization, they should be subjected to segregation of duty controls. And lastly, to make all of this happen, the fulfillment engine should be working through a set of connectors to light up entitlements, tear down entitlements on, on the target systems that are affected. Also talking to your it TSC I T SM systems, your SSIS M systems and, and responding accordingly there.
But I wanna drill down a little deeper in that and talk about really three key things that intelligent automation should do. And as these three, three things that when done right, really propels your, or will really propel your organization to a higher level of operational maturity. So intelligent automation is predictive. And what I mean by that is while you're monitoring systems of record, you ought to be able to look at things like employee attributes. So who's their boss. What department are they going into? What's their, what's their job title.
And based on those kinds of things, give them birthright access that, you know, empowers them to do 80% of what they, what they need to do. Day one, intelligent automation is also responsive.
So I, I, I give you the illustration of getting the user into the organization, but now you need to be able to respond to somewhat lateral changes within the organization, whether that's moving from one department to another or, or perhaps an employee needs to go on leave, leave of absence. And so maybe that means that their entitlements get disabled during the leave of absence.
So, so when their boss approves that request, those things get temporarily disabled, not, not shut down, not deleted, just maybe not usable, right? And then lastly, intelligent automation is assistive.
So, you know, if you give a birthright access, if you can respond to these lateral changes, things that happen while they have, you know, tenure in the organization, there's still other things that, that can't necessarily be done with a hundred percent automation, but automation can come alongside and make manual processes better. Let me give you a few illustrations. I hear this all the time. Bob should be able to do what, what Jane does. In other words, he knows he needs to be able to access this particular network share or file, but he can't.
So a lot of times the, the, the solution to that is well, make Billy look like Jane. The problem is if Jane's been around a really long time and she's garnered some additional entitlements, that's not normal for, you know, someone to have well in that process, I've just given Billy a whole bunch of elevated entitlements that he probably shouldn't have. And so the right solution here is maybe to allow a manager to compare users, you know, entitlement by entitlement, allow them to, to have tools to identify outliers, right?
So, you know, if, if he's looking at Jane, well, why does Jane have these kinds of entitlements that are so unique across her peer group? And then of course generate actionable reports.
And, and by that, I mean, it's great that if you can generate a report that identifies, you know, orphan and dormant accounts, for example, but you should be able to feed that back into your workflow engine for automation to happen. Once again, perhaps today you've heard something that's really resonated with you and your thinking, our organization really should pursue an automation first approach to identity and access management. I will leave you with a word of caution identity access management budgets are shrinking. It might be tempting to go find an open source project and deploy it.
But these, these come with a cost, they are often not shovel ready, which means that you will have to invest in human manpower to get these things off the ground with integration and wiring 'em up. And if you do go pursue an off the shelf solution, be careful who you per be careful who you select 10 to 15% of vendors are expected to go outta business in the next two to three years, with that, I wanna remind you who we are. We are Hitachi ID. We're part of the Hitachi limited family.
And that means we are 300,000 people strong, and we are spread across just about every vertical that you can think of. This does conclude our presentation today. I want to thank you for your time. If you have additional questions about how you can use identity and access management to grow your operational maturity, I'd encourage you to reach out to us. We'd be happy to have a conversation with you share this material with your colleagues. And of course we would, we would love to share a demo with you and show you how our solution works.