KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In the past, servers and applications were rather static, and entitlements too were static. But this has changed. Organizations must deal with a multi-cloud, multi-hybrid IT. Entitlements and access in today’s cloud environments are dynamic, just like workloads. Martin Kuppinger joins Martin to explore the area of Dynamic Resource Entitlement and Access Management (DREAM). Together they look at policies and automation as one key building block for managing today's volatile IT.
In the past, servers and applications were rather static, and entitlements too were static. But this has changed. Organizations must deal with a multi-cloud, multi-hybrid IT. Entitlements and access in today’s cloud environments are dynamic, just like workloads. Martin Kuppinger joins Martin to explore the area of Dynamic Resource Entitlement and Access Management (DREAM). Together they look at policies and automation as one key building block for managing today's volatile IT.
Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth. I'm the lead advisor and senior analyst with KuppingerCole Analysts. My guest today is one of the founders of KuppingerCole Analysts and the principal analyst, Martin Kuppinger. Hi Martin. Good to see you.
Hi, Matthias, pleasure to talk to you. Pleasure to have you again. And we want to talk about one aspect that is often ignored or not really deeply looked into. We want to look at proper management of enterprise infrastructure, no matter where it actually is deployed, be it in the cloud, be it on-prem hybrid, be it serverless. So the proper management across all these platforms by better understanding what actually criticality is, what the relevance and what the impact on a business is. What is your, what is your opinion on, on that topic of managing infrastructure in general?
Yeah, so I came across this cup again in a couple of conversations I have for instance, with some of the chemo slash dream vendor. So cloud infrastructure and title management, or dynamic resource entitlement and access management, a windrow switch start at a w Ms. D the position of, to say in the public cloud environments. So AWS and Google cloud platform, Asher, we have to problem that we need to manage servers, access to resources, and yes, this is a challenge, but, and it self discussion. Then there came the notion of that.
This is a new challenge, and I believe it's just something which is an emerging and which is getting more complex. And that the differentiating factor is whether it's the cloud, no, the service, it can't be anybody look at a traditional privilege access management solution or the Pam solution. That always was about saying the manage access of service accounts to certain resources at depth case, very static, the technical accounts to deadly Linux server to that window server, et cetera. But at the end, it was, how can I connect control that kind of limits this? How can I manage?
What happened is that the number of servers, the contract services, service identities is growing rapidly when we go into today's modern it environments. So we trust that more of that. We have more workloads, we have more resources. We have to the storage resources different in a different manner. So that was the one big change. It is more of these sort of service, identity, service content, you know, more resources because everything is more dynamic.
So my perspective is that the fundamental shift is really this evolution from a static it to a very dynamic, very agile it where workloads are way more dynamic. And that happens that only in the big public clouds, but also happens in your private cloud. That happens every, say, you run it a Canadice cluster and stuff like that. So it's bigger and it isn't evolution more than a revolution, Right? And you've already mentioned it.
I think there's this Cuban need is as a, as a basis for the, the orchestration of infrastructure comes with the beauty of saying, I don't care where applications or where infrastructure or where services are actually deployed. I deploy them where they are required to be deployed. And no Nope question whether I have a, an AWS subscription and that makes me deploy it there. But to say, this is, this is a workload. It has a criticality is ha it has business impact and business benefit. And I will describe it in general, what it needs.
It will need, as you said, privileged accounts, it will need resources, data. It will use need user accounts, service accounts. And once this is described, and this is a template, a policy in the end, then it can be orchestrated to run where it is required to be. So you need this level of abstraction that Cuba needed, obviously gives you. And then you can say let's deploy it where it needs to run, and let's scale it up if required. Does that meet your, your view of, of things as well?
I think w what would be my view is that yes, we have obstruction between the sort of the traditional static physical server. So going to say, this is still the opera, this is the model. We have an operating system on it. Okay. Then overtime, I can, we have very rich or auto virtualization technologies, which edit a little bit to that. But right now it has really changed and it gets Mo more wallet, tile, more dynamic, and that changes the way we need to manage it.
So when something is static, you can easily say, okay, I configured this for that server, serve a run for the next couple of years, and I don't care much anymore about changes in that new roads you just described is very different, because it is hard to get a crib on what do you need to be also more abstracted the way you're working, because you're seeing more in, in, in, in more different types of resources at relatively abstract resources was knowing what is the metal, so to speak behind them. Right?
And you you've mentioned that in an earlier episode, that, that the complexity, that results from this, from this dynamic character, characterization of the infrastructure can only be handled when it is well done, when it is automated as, as much as possible. So we need to get to proper approaches also to, to deal with this dynamic infrastructure, no matter where it runs, how could this be achieved? There need to be technologies around that support you in, in getting to grip with this complexity, right? Yeah. I already mentioned ones that have technology vicious theory or a ChemE area.
I think basically the, the point we, we w when we go a little bit more abstract, what we need is we need to understand what is out there. What is out there in, in resources, we, we consume, what environments do we have?
What is, what are all these assets in a, in a sort of some way, what are the things where we have to manage that is, that is the one part part of it. And then we need to, to use technology to, to apply and to create policies and to apply policies to that. So that we have something where we say we automated management based on policies.
We add a governance layer for sure as well, that might be augmented in some way by, by some level of AI ML or not it, but it, it is about, from my perspective, really down having an automation policy-based automation for, for managing these dynamic environments, because the policies are at the end, then the static element, you describe a policy which says this can be done, or this can't be done, which is generic enough to apply it to, to, to, to a changing work. And then you get back to something which you can control.
It's very easy to control things that are static and controlling things that are dynamic. And this is I think, where we sort of get under control later again. And so that is basically my answer. If you described, as, as you said, in a couple of concepts that I talked to my keynote at our European identity in cloud conference, 2021, I talked about three of these concepts of basis for terrorist speaking. How can you come to a, to an efficient creation and management and operation of applications in natural environments? So how do we deliver to the business?
So does, which was more of the approach? How do we introduce the development to that child development at URI as how do you deliver and management security infrastructure below it? So I hate to data I'm sure yes. Will link the keynote recording to this episode. So I think we need to modernize a lot of things in VR on the journey. I see a lot of windows to create stuff here around policy based automation, around managing dynamic workloads.
So we are, we are on, on the road already, we all on track, but it's still some way to go, Right? And for people interested in that topic, they might look at at standards of technologies at protocols at languages, like OPA that lay the foundation for policy based description of, of rules, of a rule set of a corporate policy. And that can then be used no matter in which aspect is it is then deployed, be it for, for network access for identity access management, or be it for the deployment of infrastructures, as you've mentioned before.
So it's really having a common set of policies that would be then, as you said, the stable factor, the static factor. And from that, you would derive the actual incarnations of the infrastructure at deploy time or at run time, but to have a strong foundation to build upon, as you've mentioned, I will link to the, to the keynote. And I think people wanting to educate their, of course, recommend to go to the website of KuppingerCole analysts and to, to search for the topics that are related to that that might be dream.
So D R E a M that might be CIEM too, to get the bigger picture, to, to see how things play together, but also start with the, with the keynote from the EIC, and maybe also some of the episodes from that podcast for the time being, thank you very much, Martin, for being my guest today for having a look at this static versus dynamic and how to deal with that aspect of modern dynamic it. Thank you very much, Martin.
