Patrick Parker, Founder and CEO, The Dot Net Factory
April 17, 2012 19:10
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Patrick Parker, Founder and CEO, The Dot Net Factory
April 17, 2012 19:10
Patrick Parker, Founder and CEO, The Dot Net Factory
April 17, 2012 19:10
Two last, but by no means least in our series of presentations this afternoon, we have Patrick Parker, founder, and CEO of the.net factory, who, if he is here, he is here. I see a hand waved over in the darkness over there, who will be speaking about identity management and cloud security. And after he has finished his presentation, we will adjourn for drinks and refresh other refreshments. So I suspect I have not got to warn him to stick to his 20 minutes. Thank you very much. Thank you very much better.
Well, take everyone joining us. I'm Patrick Parker with the.net factory. The factory You need the mic actually go. I do speak loudly. So maybe I don't even need this, but thank you all for joining my name's Patrick Parker.
I'm the, the CEO at the do net factory and at the net factory, we have an empower, which is our identity management suite for cloud security and identity management. So today's talk is to take a little bit of a different perspective on identity management from a workflow perspective or how workflow might play into automating organization security, automating your processes, trying to pull together all the different technologies, protocols that are out there today into something that's more visible, more auditable and more manageable. So the title is there's a workflow for that.
So one thing we all know from being at these conferences, especially this conference, which provides a wealth of information is how rapidly things are changing. The it industry with the, and the adoption of the cloud recently has accelerated to a, a fever pitch paste organizations are trying to reassess their strategies and how they can make leverage this technology and how they can stave off their competition, which are often small organizations that are leveraging this technology to compete against the large organizations on ways that they could not in the past.
So identity management, traditionally synchronization very well understood for a long period of time, except for recent changes, which have really shaken everything up traditional identity management, synchronizing identity systems within your four walls, something that's, that's gotten very consistent, very well mapped out how to get data or employee records from one system provision, the appropriate access and user accounts in other systems, and then to keep everything in sync until eventually you need to decommission those identities.
An interesting study that plays into identity management very well was in Harvard business review. Last month, the authors com Diego Coleman and barred Hoon looked at the major technological innovations over the last couple hundred years. They how these affected societies and specifically how they affected the net income or the income per capita of each of the countries, based on how rapidly they adopted the technologies.
Very fitting today, when we're all looking at the cloud and how, how we can adopt it, how can we safely adopt it, whether to stick a toe in or whether to dive in head first, Telegraph telephone, electric car, all of these different technologies changed the world. They brought, made the world smaller, brought organizations together, allowed global competition.
So the telephone, the ability to have instant communication, electricity, the passenger aviation, all making the world smaller, allowing organizations that were only before competing regionally a now competing on a global landscape with organizations from all around the world. And of course the PC democratizing the access to information, the analysis of data, putting it on everyone's fingertips on a personal competing device. And next of course, the cloud.
So what they found is that they looked at the initiation or the invention of a technology such as the steamship, the passenger train of Telegraph. And they looked at different economies, major world economies, like the United States, Germany, Brazil, India, Pakistan, China, and the, the, the time from the initial invention of the technology. And then how quickly each of those countries adopted that technology.
And you'll see, there's a very consistent pattern where this starting with the steamship was a very gradual slope to where countries, you know, it was invented, it was quite a lag and then countries would adopt it. And you'll see, going from the Telegraph, the curve is getting steeper telephone. It's getting steeper. If we look on the right here, we'll see the slope with the PC in the telephone cellphone getting much, much steeper. And what they found was that the income of each of these countries was directly correlated with their adoption of these major groundbreaking technologies.
So they, they concluded that societies that utilize new tools quickly are likely to be much more productive than societies that lag behind and are slow to adopt. In fact, the, the adoption rate accounted for 25% of the difference in per capita income. So the lifestyle, the wellbeing, the average living conditions were influenced directly by how quickly they could make use of and incorporate these new technological advances.
So what, and as you look at the chart, as we're approaching today, everything seems to be moving at breakneck speed. And that's what the results show that around the world organizations are adopting technologies almost instantly. So early adoption no longer is where you can evaluate it. You can spend a lot of time.
You can, you know, wait and see, it's almost immediate adoption now to become an early adopter. So how does this infl infl impact the cloud?
What, how does the cloud fit in this post PC era? What would it be on that slide chart? So we're gonna look at this in the light of two megatrends we see in that are driving the cloud one, that there are a lot of topics on this week, mobility, or bring your own device, which is that organizations are being faced, that the users coming outta school and even the older users are getting used to being able to work on any device. I want do my corporate work on my iPad.
I wanna be in the airport or at a sporting event and get the, the numbers and work on the, the, the sales numbers on my, my cell phone. So they're being faced with managing non corporate assets and controlling the security and providing a trust framework to extended, to these non maintained non-controlled devices. And also another big mega trend, the API economy, basically every organization baking what they do, what they, what they do best.
What's their business model into an application programming interface that they can expose internally to program into automate applications and also exposed to their business partners or their consumers in a secure manner. And that's one thing we're seeing, even with a product like any identity management space, as we're seeing larger, more sophisticated organizations, they really, you can demo the product. You can show them user interfaces, but they're really saying we want what your product does.
Give us access to the services you provide, the security, the authentication, the authorization, and the provision services. Give us the data that, that you're aggregating for multiple, all these multiple stores that you're synchronizing, but we really don't care about your user interface. We want our own user interfaces, our own mashup of this data just provide the services. So on diving into B, we went B Y O D. This is actually what I feel like going through the airport, lugging around multiple devices, juggling a phone juggling devices.
Really, sometimes it looks kind of funny seeing people running through the airport, talking on one device, fiddling with another device. Now the impact of this on corporate organizations is that Gardner predicts that by 2014, 90% of organizations, corporations will be forced to support corporate applications on personal devices. So driving down corporate apps on the devices, that aren't completely under the control of it. So you have device authentication, you have security, you have network access control issues.
And then the API economy, the, the showing a hockey puck like growth, as far as the, the proliferation of publicly available application programming interfaces companies, exposing what they do for other organizations to securely access, leverage, and mash up that information in those services to provide services to consumers, to rapidly integrate that. And they actually predict a programmable web that by, I think as a few years out, almost every large major organization will have a public exposed API. So it brings about security issues, privacy issues, trust issues.
Netflix has a good example. They have their user interface where you can go to Netflix. You can view their, their movies and their content, but where they send the explosive growth is from usage of their API.
They, their data center capacity remained flat, and yet their API usage ex expanded 37 times growth between 2010 and January, 2011. So how could they possibly handle this? It would be everyone's, you know, everyone's best dream is to have to grow and have to scale to have this type of problem.
Well, what they did was they couldn't possibly scale. They couldn't invent mechanisms and internal core competencies to provide that type of capacity. It's not what they did well, it's not that what they could possibly bite off in that short amount of time. So they went a hundred percent cloud all Amazon. They went with an organization that just could provide that capability. That was their core competency. We're seeing adoption in other areas, ex everything's speeding up P interest popped on the radar and almost was an instant overnight success.
One of the basically it's like where you, you see things on the internet you like, and if you were going to pin it to attack board, to share it with friends, so friends could see on your little internet, social T board, things that you like, music, you like this outfit, you like this singer. So what, what they typically measure is how long it takes for one of those social sites to get to 17 million monthly visitors and, you know, Twitter, Facebook, other sites that just have phenomenal adoption. Twitter is an example. It took 22 months to get that type of adoption.
Pinterest, we're seeing a, a clear pattern there with Pinterest we're down now down to nine months to almost complete adoption of a platform like that. So how do you scale, how do you secure? How do you have an organizational model that can accommodate such rapid change and maintain that flexibility to, to, to stay in the game? Especially since it's, it's a lot of confusing terms, latitude, new technology. That's why we're all here. Learning from the experts, discussing with our colleagues, where things are going, the protocols, the standards that are constantly evolving.
So, you know, a lot of terminology that customers are still getting immersed in public cloud, private cloud, PAs SA lots of protocols, SAML. How do you take your legacy applications that have your business logic that have all those years of accumulated that you've been honing as to what you do and make them available, make them exposed via API, make them secure, maintain that control, and then be able to rapidly adopt new technologies to take advantage of those. So how do you keep up? Or how do you get ahead? So what is the answer?
It's definitely not the whole answer, but it's a new angle on providing a part of the solution, not writing more code. The traditional answer would always be just, you know, write more code when there's something new management comes up, you have a new initiative, you need to expand into a new area. You're just gonna have an offshore team writing tons and tons of code, new direction, something you have to maintain, but this is really not the answer.
It, it weights you down. You end up being a slave to managing all of that code. So what is the solution that can provide this type of agility and insulate you from this constantly evolving environment that we're working in? And we would say workflow is definitely a portion of that solution.
Now, one thing I see when I talk about workflow is instantly you get, it's like, okay, workflow well-established. Everyone knows what workflow means. The common conception would be that workflow is someone edits a document. It goes for approval. It gets through it. Someone receives an email notification and eventually someone signs off on it and you have an audit trail.
Well, how could this possibly speak to the challenges of the cloud of identities, of service of Samwell Federation workflow in this case is not simply approval workflows. It's more along the lines of a different way of developing applications, business, process automation, visually mapping out how you're gluing together and using these application programming interfaces, mapping out your business process and codifying it into something you can visually manage that way. You're managing a process.
As you see here, just a simple provisioning process and the, and each of these you're mapping out the flow of your process. But the connections to these underlying systems are abstracted. Today. We're provisioning in Salesforce, we're provisioning in the Amazon cloud. We're provisioning these other systems, but as the, the favorable contracts call us to move to a different system, different technologies, you can still manage your business process, but it's abstracted for what the underlying connections are being made to those systems.
Today, you're doing SAML single sign on maybe down the road, you're doing a different type of single sign on that, that managing the business process, abstracting out how you connect to those systems is the, the glue that really glues together on premise versus off-premise single sign on different types of systems.
So in a workflow platform, Annie workflow platform that is focused on application development, what are some of the things that you can bake into that platform that you can bake into these, this operational framework authentication, something that, that when you're designing your processes, you're mapping out your provisioning of partners, your registration of customers, your sales processes, authentication should be completely something that you don't have to worry about when you're designing your processes, external authorization today, maybe you're plugging in and doing claim based authorization tomorrow.
You might be doing Zima based authorization, approval tracking and routing of handling everything. And then the little bit that you would normally write your custom code, your logic, consuming those third party APIs, or consuming your APIs, doing the real work, creating a PO registering an identity. That's the piece that you just want to have to write every time at the rest of it should be based plumbing that you don't have to worry about. So the benefits of this BPA architecture are that you speed up development. Having this architecture can cut your project times.
You're delivered by 80% of 40 to 80% typically reduction in, in custom coding from use of BPA type technologies for automation, and then basically providing a consistent security experience and adaptable framework that can connect to everything you manage. So something use cases you might think would be naturally lend themselves to this user provisioning, identity administration, password management.
Of course, those, you can see the flow, a process user provisioning very well immersed in workflow, but one area that you might not have thought of that where workflow technologies and this automation lends itself is to single sign on Federation. When you're dealing with complex single sign on allowing Facebook identities in Twitter identities, in partner integration, you're connecting all of these different systems. There's so many different possibilities of how do you onboard a partner versus how do you onboard a customer versus how you handle a forgotten password or a, an access request.
In one example, we use SSO as a login. So actually when you're logging in to a federated system, I'm logging in with my Salesforce identity and browsing over to office 3 55. What you need is a control layer there somewhere you can insert and control access to your systems, implement authorization policy. So if I'm accessing an internal corporate system, maybe I'm using my Facebook, you have to have a step up force, multiple second factor authentication mechanism.
Maybe when you're onboarding a new customer, you'd like a, a visible process where you can insert the ability to iden do identity proofing against a third party service.
So thinking about single sign on, instead of as a hand tucked away, hard coded set of options that you configured and moving it out as one of your key business processes that you need to be able to visualize, to discuss with your business and it, and to manage over time and have something that you can change as needed as new situations arise is a key, key use case we see for workflow and business process technologies as tied into that is auto provisioning and identity proofing.
The ability that as users log into the system, the ability to automatically provision their identities to assign the appropriate access and to have that be dynamically generated based on information in your corporate systems as to what should this person have access to. And why one minute, one minute.
Well, I, I guess in summary, if anyone would like to see an example of workflow as a single sign on mechanism and see how that could be leveraged to make more flexible authentication system, be happy to drop by and drop by, and we'll show you how it works. Thank you very much. Thank you very much. Appreciate it.