Dr. Laurent Liscia, Executive Director, OASIS
April 17, 2012 17:30
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Dr. Laurent Liscia, Executive Director, OASIS
April 17, 2012 17:30
Dr. Laurent Liscia, Executive Director, OASIS
April 17, 2012 17:30
Thank you very much. Well, we move on and our next presenter is Dr. Lauren Lisia. Is that how you pronounce your name? Lisia Do need my Laptop.
No, that assuming you've loaded it up. No, come and join. Have you got you? Haven't got the mic on your head.
No, we'll give you the, the hard way. The hard way.
Oh, this is good. Well, we're delighted. Your topic is an overview of what standards have done and we'll differ for cloud identity or something like that. And you have almost 20 minutes. Thank you Very much. Thank you. I'll keep it brief. Do I have the clicker somewhere? I think the, my slides are not in the, in the right orders. I'll be doing some moving and about, and as you can see, I'm a little jetlagged. I wasn't able to jump up here. Actually.
I, I thought that was a fantastic presentation and mine is a good segue because I'll be talking about exact Mo among other things. Oasis. I think you who doesn't know Oasis. Everybody knows Oasis. I don't have to.
So, so there, yeah. Right.
Thank you, John. So it sounds like everybody here does know Oasis and I don't have to go into great detail about who we are.
We have 5,000 participants in Oasis re representing roughly 600 companies and individuals, and we have 75 plus technical committees, not all having to do with identity. There's all kinds of technical committees. We even had one on forestry. Believe it or not a standard to, to manage forest products. It just closed recently, but it was a fun TC for the time that it lasted. I feel a little bit underdressed. Has everybody had a tie here? No. Good. All right. So our mission, as you can see up there, and the, one of the key things about the standards that we do is in, is in identity.
We focus on identity among two or three other buckets, but that that's definitely one of the vibrant ones, You know, us by our standards. I think we just mentioned exact mall. Here are the identity standards up here. Some might be a little less familiar than others because they're very new. And as Peter mentioned in the previous presentation, the, the life cycle of a standard can be very long until it appears until real adoption in a mass market sort of way exact mall is, is progressing towards that.
I was one of the people who said, yeah, of course the market needs exact mall when you ask the question and I do believe that, okay, so the new ones UHD in the cloud. We'll talk about that. A little later on Toska is a, is a cloud TC that focuses on portability for applications in the cloud. And I think you all know SPM L for provisioning I'll pass on the others. Okay. So do you know the, the show battle star Galactica?
Did it, did it come to Germany or Europe? It might have.
Yeah, it did. Okay.
Well, in that show, I know if you know the story, I, I'm not sure if it, it happens in the future or in parallel universe, but basically there's a war between humans and their creation, the silence, the Androids that they created to serve us originally the silences turn on us and start trying to destroy the, our civilization. And in, on the battle start ship Battlestar Galacia ship the main ship. They don't use wireless anything. And the reason is that the silos can tap into any kind of wireless technology.
So what you see these guys, these, these guys in this very modern ship, but they're all using telephones with lines, right? So what I wanted to illustrate with that is we may feel paranoid about going to cloud, but the fact is there's, I'm not really sure there's gonna be a choice in the matter we can agonize over. What's gonna happen. We can agonize over the risk truth is we're not gonna go back to, to landline telephones and do everything in silos.
So, yeah, I think there is a sense by which that the, the cloud increases our risk and maybe it does. We also have a sense that silos are controllable, but the truth is you are always going to see that in any kind of technological disruption, there's going to be people wanting to smash the machines and maybe rightly so, by the way, you know, some people lose their jobs in these, in these revolutions or evolutions jobs change. There's a lot of pain involved, but that said our economies as a whole have to interoperate.
So we, I don't think we have a choice in the matter. So let's look at what standards can do to help the situation. All right. So this is a slide that I did slightly modified for this year, but in slide I did last year and let me go back for a second. And what we were seeing is that federated identity was operating under a bunch of standards, like exact mall and SAML, but also a sort of defacto standards that arise from the market, like social login, that sort of thing. You're all familiar with them. We're also starting to see a commonality of user interfaces.
I'm noticing that all of the websites I go to and even the, the corporate intranets are starting to look the same, which I think is a good thing, because it means that for us users, the user experience is getting a little bit easier to, to handle. And I keep wanting to look up there when I don't have to cuz it's right here. So this is all starting to come together in a standardized fashion with underlying standards or defacto standards happening in the marketplace. But there's a few bumps along the way. And I can, I can share a personal anecdote along those lines.
And, and, and again, what I'm, what I'm trying to illustrate here is that there's progress, but there's also bad stuff that happens along the way and that we need to deal with. My, my wife is a, is a shoe of fish, Gena. She has a lot of shoes. She loves shoes and she keeps buying more. Even though I don't think she really needs them, but shoes are not about needing them. Or so I'm told there's a store called Zappos, which was just bought by Amazon for something like a billion dollars. And that store, she sells high end shoes. She's a good customer of that store.
And we received an email from them telling us well, we're, we're very sorry to tell you that our database was hacked and that you're probably among the people whose information was lost or stolen. And sure enough, on that same credit card statement, there was suddenly a charge for some Australian site that, that sold dude ads of some kind, which we had never been to. And so it turns out that somebody swiped our, our card information and used it on this other site. So it was interesting to be on the user side of these presentations that I always make about risk. How did we feel about it?
It, it was an interesting moment. We were terrified. We went to the credit card company.
We said, you gotta cancel everything right now. And they said, you know, we'll, we'll take that card out of a out of commission, but we'll give you another one. You don't have to worry about it so much. So there was this floating moment where we were unsure. We went through the list of all the vendors we used our stuff with, but then we had a good interaction with the credit card company. And we felt that the rightly or wrongly that the situation was under control. So that's a, that's sort of an interesting perspective from the user side.
I'm usually the standards guy who tells you, yeah, just use standards. You'll be safe on the web.
Well, truth is you're not necessarily gonna be safer on the web by using standards in your implementations. I think it's gonna help. If people could stick with those standards, it's one thing to have them. It's another to actually implement them. So that sort of split identity, no pun intended around whether to go with progress or pull back. All right. So here's some feedback we've been getting over the past year or so over what's going on in the standard space. One of the things that that vendors and users are like keep telling us is that the standard space in identity is too fragmented.
I think that's absolutely true, but I also think that standards, I are a consensus business. Not everybody, I'm sorry, are not a consensus business. Not everyone is going to agree and the market will ultimately decide what will rise. So from Peter's presentation just before, you know, there's not a lot of adoption for exact malt yet, but I think it's gonna keep growing. And the market will ultimately decide that that is a solution that needs to grow. Another criticism is that standards, stifle innovation. Lot of new companies wanna run with the ball.
They don't have time to waste on a con a, a process where people come together and have to decide over periods of time. They just wanna do their thing acquire market share. Okay. We all understand that. That's fine. But the thing is how many of these new fangled applications really give thought to security in depth? Okay. So it might take a little longer to get to a standard, but that's also because you're working out the kinks as you go.
So I understand that tension, another criticism is that standards are vendor driven, but we're starting to see more and more end users involved in the process. I was just talking to Ian from BMW, who might have spoken earlier here.
I, I don't know, but they're contributing their user requirements along with other ma auto manufacturers and, and banks to standards group. And I'm pretty sure that standards will emerge from that. So that's changing also the criticism that the standards process is too slow. And Peter said, you know, Zal has been around for 10 years. The new standards that we're working on are actually actually happening much, much faster. And when you compare the pace of standards in organizations like Oasis versus the Deju organizations like ISO, trust me, this, this is pretty fast.
And then the final criticism is that standards are, are too complex to put together. I think that's also changing. And other colleagues from other standards, organizations will tell you that the processes are getting streamlined by the way, feel free to interrupt at any time.
I, I don't want this to be a lecture. If you have questions, go ahead. Okay. So sorry. Is cloud an evolution or a revolution? Let's get some sense of that from you guys. Actually. How many of you feel that it's just an evolution? Raise your hand. Wow. Really? Okay. How many of you feel that it's a revolution? There's Three people. Okay.
Can, can, can I actually ask somebody to come up here and, and speak for a second Up Here? Okay. I wanna pick out one of the people who thought it was a revolution. Can you raise your hands again? One other Right Now, don't be scared. I just wanna hear your, your viewpoint. And I'm happy to give you some presentation time on this. Where was that gentleman?
I, I saw one in here somewhere. There you go. Come on up. So why a revolution? And Your name is thank you.
My, my name is Neils poorest from bar Simmonds home appliances. Okay. Yeah. Why revolution? I think it's a revolution because it's going to change the complete organization in the complete task of it within the next two years. That's my opinion because cloud cloud service providers are very much faster than our it organization is currently. And so we really need to get along with it. And if we are not going with it revolution, I think as an internal it provider, we will be lost and we will be outsourced as well.
Okay, Interesting. So this, this is the argument about speed that we had on the previous slide.
You know, things are changing too F very fast, and we have to keep pace with that. I think that's interesting. So this slide is about evolution rather than revolution, and you can see why cloud is built on stuff that we all know. So this slide would be in agreement with the evolutionary side of the room, the vast majority of the people here, but the next one, not so much now back to my, my, my credit card fraud thing. There's another thing that I I've been thinking. And it's really weird, cuz I've been thinking about it for a long time and I haven't done it.
Amazon lets you do one click purchasing, right? Where the second you click your order goes through instead of filling out your information.
Again, I have not done that to this day because I wanna review the price. I want to make absolutely sure that what they said I'm gonna pay for is what I'm gonna end up paying for. So I don't trust this one click stuff, but you would be surprised there's a, a vast amount of people out there who will take that convenience over, checking on the tax thing or making sure that it was the price that was announced on the page. So I think what you're seeing is that at the same time that the marketplace is saying, we're scared of this evolution of everything going into the cloud.
People are also buying into the convenience of web services today and cloud in particular, it's amazing the amount of boneheaded stuff that people do on Facebook, right? And not just young people, by the way, you know, we tend to say, oh, it's just school kids that, that put their whole lives on face. Not true. I've seen things on there that really should not be there, right? So it's almost like we have a split personality in our heads about how to use these social media, how to use the cloud revolution. We're really into it. I think our society is actually a techno file society.
We want to be part of this and I think that's, what's revolutionary, but in being enthusiastic, we also create disasters. So how are we gonna deal with all that? I think you all remember, or those of you who are movie lovers, remember the movie more better blues? I think what's gonna happen is that we're gonna have to go actually beyond just standards for the reasons that that the previous speaker mentioned, because standards adoption is slow, but what can speed it up is a combination.
And I'm just gonna put that out there without going into a lot of detail as a, a petition of principle, I think it's gonna be a, a combination of standards, policy making and best practices. Those three are gonna come together from the government side. You're gonna have policies from the advocacy side, the consumer side, you're gonna have best practices and education. And from our side of the room, you're gonna have the standards and these three are gonna come together in special projects.
I don't know how many of you have heard of ends stick, which is a, a us initiative national strategy for Tru for the trusted identity and cyberspace. That's an initiative that is going to launch into a two year effort to define trust frameworks and a bunch of stuff. There's historic and episodes in Europe. There's the Japan card. There's a bunch of these initiatives that are spearheaded by government, but not shove down our throats as consumers they're done as public partner, public private partnerships, where companies, governments, and other stakeholders come together.
That's, what's going to move this work along. It's a combination of all the actors together, not just us as technologists, that's just not gonna work. All right. So where we are in the cloud very quickly, where, where we have a technical committee called ID in the cloud that focuses on identity use cases. There's 29 of them. You should go check them out.
We have a, a new TC called Toska, which I talked about, which is portability in the cloud. And very, very soon we're literally finishing this up, finishing up the charter. There's going to be something about cloud audit and coming soon to a theater near you, we're going to have a TC for cloud service infrastructure, and also some work around the, the ego cloud and a standardization of, of monitors. The idea being that the monitoring agents all kind of do the same thing and that the real intelligence is, is in how you analyze the data, not the actual monitoring.
And this is the reality of what's going on in the cloud and why I actually think it's a revolution for my part. So I'm one of the five people here who believe that. Sure. I'm almost done what's happening here is, is that the, the, the explosion of data is so mind boggling. I think we're looking at petabytes per day at this point, you know, just, just think about that order of magnitude. There's so much that's being produced the quantity. Think about the printing press, right. Four centuries ago, right? Four and a half. And now petabytes of data being produced in the cloud put compare these.
I mean, how can that not be revolutionary? How are we going to deal with this? I think the, the fundamental change that is, and, you know, we can meet again in two years and I might be wrong, but my bet is that users are going to understand that there are a key part of the value proposition of social media, and they're not gonna let it go the way they are right now. We are all going to realize that our identity and the information that comes with it is a, is an asset, almost a financial asset. And that if you want a piece of it, you're gonna have to give me something in return right now.
That's not really happening. What, what I'm getting in return is, you know, some functionality, the ability to communicate with, with, with my friends, but I'm not really getting value out of this. That's gonna change when people get that's, when the real big data revolution is going to happen. And right now there's no standards for it. So the next frontier and standards. Thank you. Thank you very much.