So let's, I, I know this is Germany and this is Berlin and everybody's very, very quiet. This is gonna be a different session. I want you guys to participate cuz otherwise it's boring for me. I dunno about you. Let's start with a very, very basic question. What do you think hides behind the four, the four asterisks there? Keep it clean. I'll give you a hint. What's the, what's the other three words? Three letters. This is a clean, this is a very simple answer and it's not what you think it is. And that's exactly how cybersecurity works. A lot of times things are not exactly what you think.
This is the real answer, right? And shame of all of you who thought something else.
Now, when we say user one, this is what we've known as sometimes a shared user. How many people here use a shared user in their environments, right?
How many people do not use a shared password in their environment? So the numbers here don't make sense. How many people do not wanna lift their arm at this point in time? Okay? The issue of shared users is a very, very challenging aspect that we have.
And I, I think that's a very, very clever man said, Hackers don't break in, they log in, right? He's so clever.
I don't, I don't quite know who he is, so I dunno how to give it to him. But I said it as well. If you think of a shared user, okay, if somebody gets access to that shared users, you're actually giving him the credentials to actually log into your system. And in fact you are giving him the keys. But this is, this is not even, this is like the basic aspects of it. Because if you look at how the systems have evolved and especially after Covid, where we are today, systems and people connecting from anywhere to anything.
How many people here are IT or IT administrators or had experience in that, right? This seem familiar kind of issue that you need to deal with. It's really, really, really complex. And I think that's when you talk about what are we actually trying to achieve, I think that's the best way to to describe it is we call it the three S's.
Simple, seamless and secure. Or sh if you wanna make it that way, right? Let's talk about simple.
Simple is, I'm talking about the IT first. The people who actually have to install it and to set it up.
My ceo, the co-founder is actually a past cso. I call him a recovering ciso. He told me that one of the things that he really was upset about is that we, he would sit and he would come, you know, he'd get vendors coming to him and they would say, I have this most amazing platform, but you have to change all your infrastructure to make that work, right?
Does that sound familiar? And it's kind of like, yeah, no, that's not gonna happen. You have to adapt your platform.
To me, the IT people are the ones who are actually putting it in. They need to be bought into the system, you know, as easy as it is for the users. The second one is the seamless and seamless user experience. Users are the most creative people that I've ever seen. Even in that they have absolutely no technical experience when it comes to overcoming security aspects that they don't like, right? I'll give you a small example. I heard that this is really, really, this comes from a real example.
There was this company that was that the IT and, and the security people were very upset by people leaving their desks and leaving the laptops and computers desktop open, right? What did security and IT do?
They reduced the time in which, you know, the computer locks itself from five minutes to one minute. Really upsetting, right? What did users do? Listen to this amazing creativity. They took the mouse, they took a manual clock with a digital kind of moving tick and they put the mouse on top of it so that it thinks that the system is moving.
Don't underestimate how our users will always try to find the best way to solve problems. The system has to be exactly seamless to the, to these users. If you want to make a system that can work, it has to be seamless and secure.
I mean, let's be honest, we are here to make the system secure. We're also here to make sure that if we work with a vendor and we know, let's be honest, vendors do get hacked. If they get hacked, am I in trouble?
If I use a SaaS platform and a SAS platform owns all my data, all my keys, all my information, what happens if they get hacked? So we are talking about the three S's and when we talk about this, let's not all forget it also needs to fit the ot. We have systems which are air gaps platforms. I don't wanna start having to control all these different systems altogether.
This needs to be something that we can actually work all together. So I'll ask you one question, especially the IT people around here. Do you really know who's actually connecting to all of the digital assets? Right? And the answer is a lot of times, yeah, sort of but not fully, right? We are talking about identity and identity at the end of the day is the new key. That is how it doesn't really matter. What is your ip where you sit where you're physically located, but the person that connects the identity is the basic infrastructure that we need to do.
Then why do we keep on giving it away?
Shared account is not giving that key and handing it over to somebody else. And I, I bet everybody is sitting here is saying, yeah sure I know that. Tell me something, I don't know. But we still do that. Why do we do that? Because it's hard. It really is hard to make everything work together. I mean sure, you know we got PAMs that that you know, saves my, use them passwords for some of the applications. It does it great for tele nets and, and SSH. But about my web applications that doesn't really do that. I want MFA and I want sso.
If I have that for some of the applications or not all of them I use, when I do remote access, I have vpn. That's easy, right? But once somebody gets into the network, I'm blind.
I don't know what they do. Once they get in, I don't quite know what they're touching because it's, you know, everything is once they get in, that's it. And if we talk about traceability and tracking, sure we use a seam. If we can get the, if we can get the log. So if you think about the vpn, you will know who got in. Sure. What did he get in after he went in? That becomes a real really complex issues.
And when you talk about legacy applications, which we all have at the end of the day, you know, if you wanna support mfa, if you wanna support an idp, your system doesn't support saml, your system uses local, using them in passwords or local active directory, what are you gonna do? How are you gonna solve that? So we call it how do you close the last mile and the last mile?
Is that part of the, you know, the chain is as strong as that weakest link and that is part of what we wanna do.
So bringing you onto this journey of, okay, you know, you're all sold, I can see your eyes, you're all with me, right? Absolutely. This is good. What do we do? What do we start?
Okay, let's talk about where we are the moment we are in a fragmented access situation. We've got people working at home, we've got people working in the office, we've got people working in different locations. Some of the connecting through vpn, some of the connection through SaaS application. I have limited or no audit trail. I know give or take what they're doing.
I don't, I dunno everything once they're in, can I shut them off? If, if something is wrong, do I know what's happening so that I can actually shut them off and I have this kind of incomplete last smile.
That's where we are today and majority of of companies that that are there are there. So what we see is look, start with high risk access. That's the basic and most important stuff. You all have the most, I would say urgent applications. And most critical applications which need to be accessed by users you are not fully sure that you can trust.
It can be because you're after an m and a and you got users that coming in. It can be third parties that you work with and you're not quite sure it can be even employees that live in a different geopolitical space. What do you do? How do you do that? So first of all, let's identify those small amounts of applications. Are those small amounts of users where you want to start there? Start that, create the policy for doing that. The advantages that every step here will take you one step forward.
Cuz the next step is let's start by using, by adding the remote hack that splits you to two employees to third parties. I will start by, and I'm not telling you again, switch off your vpn, it's a process. But you can augment the VPN with what is now, now zero trust network access. Get direct access to only to the applications, not to the network and start doing that gradually as you move forward, you will also be able to get users from sitting in the office.
One of the things I've heard from a lot of CSOs is, you know, Covid was bad, but on the other hand, I really knew what people, I had control people got in, I knew exactly where they're going. I had full control of what is happening as they come to the office, all hell breaks loose. I don't quite know what's happening.
But if you go through this path, the users that you have here that are connected remotely, once they're in the office, you can use the exact same capabilities.
It doesn't really matter where they are because secure access is secure access doesn't, doesn't matter if it's local or remote. And as you go through this, you need to do this kind of what we call identity modernization. The last mile, every time you move through, you will find applications which should not support MFA applications, not support SSO applications that use that kind of user one use case. And you can solve that in every case of that, of that process.
So first phase, as we talked about, find those, these oracle, these SAPs, these applications that upgrading them is a pain expensive, time consuming, really complicated foreign them. Start with them then move to how do you find them?
The way that you can find them is, I'll give you a way to calculate that risk. You look at the users, the context and the computer system. Let's take an example. Example one an m and a user connecting from China using an unmanaged device from a one to five, I'll give him a four risk.
Then I have, he's connecting to a, an ordering process that orders everything works through that process. If that system's down, that's not good. Okay? So I'm giving it five out of five and the computer computer system is one that holds all the customer's data. I have to have these these users connect to. I have no choice. I will give that a 100 score on the other end. Let's look example two, the full-time employee, he's trying to connect to the IT system, open a ticket and ask for a printer to be fixed.
Sure if it's down, no, no printers be fixed and you know, apologies for the IT people, but what is really important for the business is here and that's where you should start. So start with the things that give you the most pain, the things that will give you the most value. The second phase is remote access. Add people, your employees to the same applications and gradually start adding them. Every employee that you add into this system will also serve you in the third phase.
And the third phase is connecting from anywhere on-prem, off-prem, agentless, the exact same platform can be used for both. All these connections.
Okay, let's start, let's go back to where we started. Who the fact is user one. How do we do that? So true story, I'm actually changing my door, my front door right now. Imagine this is your legacy application, right?
This is the legacy application. People are using it, it's wonderful, everything's working. You want it to be the one that can actually be connected with a phone and automatically connect. Some vendors will come and tell you, sure, change the door, upgrade the entire infrastructure. When it's ready, I'll, I'll do that remote access for you. But that's really complex.
What we actually do here is we wrap around the legacy system. We wrap around our platform. It basically enables you to retrofit the old implementation with a new functionality that if you wanna see exactly how that's done, you can come by our booth and I'll show you an actual demo of how that's done. But it really means that you hide the legacy application from external users. What it actually means, if I look at it technically a user goes multiple users who used to use user one.
I'll tell you when to take a picture.
Wait because it builds out user one goes in, user 1, 2, 3 connects with digital assets. I don't know who is, who is user one if something happens, I have 300 connections with user one who the fact is user one. What we can actually do here, I connect them all user, an IDP specifically multi-factor sso. Now you can take the picture of identity. The system itself includes a volt where we keep the password of the user one and its specific password and we actually switch it as a user connect, we turn these users into the single user.
The application thinks it's still being accessed using that single user. But when I look at the logging and tracing, I see all these specific identities and that's a very, very important aspect because it lets you kind of close that last smile without lifting and shifting everything.
But this is what the system actually looks like. You've got different kinds, it's a Porwal and it actually enables you to connect to every one of these directions from a single location. Now think of a vpn.
Again, if you're an IT administrator, you need to connect a data center. OT SA and is altogether. The amount of routing that you need to do to make this work is really, really complex comp. If you need to move something from on-prem to the cloud, you don't have much hair left on your head. When that is done, it's a really, really complex system. This actually makes it simple for you. I don't care where the system actually reside, I don't care how to connect in that way that I have direct connection to every application and that only it means that once I'm in, there's no way you can move around.
And that means that if you have some kind of malware which affected your network, your your end point when you connect it can't do any kind of lateral movement. Very, very important in that. So if I kind of wrap this up, the three S's that we talked about, the shh you can take a picture now is, first of all we want it simple for the it simple to deploy. I want a cloud, I want a hybrid. I also wanted to be able to support on-prem, which means I needed to also work completely air gaps.
Again, if you wanna note more, I'll, I'll show you how this works. It needs to be agent and agentless. It needs to be fast for users to be able to use it. Remember they how users want a way will try to get away from any change. It needs to be frictionless for them and it has to be secure.
Okay, so if I wrap up with the last slide, if you wanna know who that is, Well now you can actually know.
Okay, thank you. Raise your hand please.
Okay, in 20
Minutes, thank you very much and good on time. I have one question here, here from the audience, and that is a bit, I think an interesting question more so, so if you go to, to such approach of serial trust, network access of saying we put something in which sort of enables us a secure access. Don't we stand in stock contrast to the serial trust idea because we say, Oh, this is the system you should trust.
That's, that's a wonderful idea. I have a slide for it, but not right here.
The, the real answer is that standard zero trust network applications. You need to trust a vendor because they keep all the data in the cloud. Our platform works differently. We don't keep the data or the user's data.
All the, the IDs, the, the keys, all that is kept in the customer's domain. That means even if I, I as a, as a vendor have absolutely no ability to connect to the platform. Okay? So we call it zero trust, not vendor trust.
Okay, thank you. Sure.
