Jonathan Sander, Director of IAM Business Development, Quest Software
April 17, 2012 17:50
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Jonathan Sander, Director of IAM Business Development, Quest Software
April 17, 2012 17:50
Jonathan Sander, Director of IAM Business Development, Quest Software
April 17, 2012 17:50
Moving along. We now have Jonathan Sandra director of IAM business development with quest and your youth and the handout mag.
Yes, you have a little less than 20 minutes and I will warn you a few minutes before then. Thank you. Thank you very much. I've seen how you've been working, so I will take the warning seriously. I have apologies to Dr. Morini. We didn't meet up ahead of time. So we actually used the exact same slide format, but I don't have any movies. So I'm not gonna be nearly as entertaining as Dr. Morini was. Our title is something that only 20 marketing professionals working together could have come up with. And those marketing professionals all work for quest software.
So today I'm brought to you by quest software. We have what we consider the most complete platform for access governance, privilege, account management, identity administration, and user activity monitoring in the market. Not gonna really back that claim up at all. I invite you to come to the booth and learn more about it today. What I'm gonna try to talk to you about is having conversations, using trends that you're seeing to start those conversations and getting some direction out of that. And hopefully making that a better path to an identity and access management program.
That'll get you along the way. So I'm at a identity conference and I'm stating that identity is obvious. That's probably a controversial statement, but if you think about it, if you're trying to explain identity to someone outside of the technology world, it's pretty easy, right? You can tell them what an identity is. It's something that they put into an application to get in, right? That's an identity, it's their record that their company keeps for them. That's their identity. It's easy to grasp onto that access also obvious, right? They get access to something by using credential.
They log in, they get that, but is identity and access management obvious. Right? And is it easy to make that obvious to someone who doesn't work in the field, right? The wheel is often pictured as this stone thing. That's sitting there with cavemen, but do you know that the wheel was not invented at least properly until we are already smelting metals and farming? It actually came after those things, right? It seems like it should be an obvious thing, but it's not right. How can you take what isn't obvious and make it obvious to people, right? There's been a lot of talk about mobility, right?
Having bring your own device, enter into your organization. Well, that's something you can use as a mechanism to ask questions, to help people who don't get what identity and access management is about into the right frame of mind. Right?
Well, these apps, right? They're something that everybody uses. They have a small amount of functions, but I mean, just show of hands. How many of you are using apps that you had to put in a username and password to get benefit out of nobody here uses username and password apps? Or is it the light that I can't see hands going up? I'm gonna assume it's the light. There we go. There's the hands. But the thing is behind all of the identities that you're putting in there, there needs to be identity and access management in order to get things going, right?
So these are the kind of questions you can pose to the people in your organizations to get them thinking about the right things, right? What happens when all of their data ends up on these mobile devices? Because people put in their username and password and access their email. And all of a sudden they've got attachments now on their personal devices. What happens to that? Right? How are you gonna manage that? Right? Is there actually liability that they might have because that data is sitting out on all those end points, use the word liability.
And I assure you that the business will pay attention. And all of a sudden you're having a conversation about identity and access management. Even though you got into the room, because you're talking about mobility, which is the thing that they really want to think about right now, right? But this sets the context for a conversation where you can make identity and access management.
The focus, the same thing applies to cloud. Now this is quest software. These are all the systems we have that today, touch the cloud in some way, right? So we actually sat down and we had a big meeting a couple years ago. We wanted to push ourselves into the cloud as much as possible. And as you could see, some of them are mixed, right? Some of them are still OnPrem. If they're squared off, if they're just in the cloud, they just pictured in the cloud there. Right now, the little green check marks.
Those are systems that are compliant sensitive, and you could see how many of those are all, or at least partially in the cloud. This was a big wake up call for our own management, right? Luckily we have a little bit of technology that was able to help us with this. But the idea is that I'm sure if you did a diagram like this, maybe you wouldn't see as many clouds, but I bet you'd see more clouds than you were expecting. And you'd probably see a lot of those mixed models where you weren't expecting them either. This is another opportunity to have that conversation, right?
To turn a trend cloud into a conversation about identity and access management, that allows you to set the right context, to get yourselves on a path where you're going towards a program to solve these problems. Right? One of these things, right at the top rules, usually setting rules for how people are allowed to access. Thing has defaulted.
Its it, because that was all going on in the background. But if that's gonna be in the cloud, well who's the it in the cloud. It's not your, it, they're not gonna be setting those rules anymore. Who's doing that. Right. Which of course raises the next question, who has the access to do that? Right? Who controls to the keys to the kingdom, right? Who has those administrative IDs, who has the access to the back end of your system, where all the data is exposed last but not least. Right? What happens when the auditor comes calling, right? How are you going to expose?
Where are you gonna get the visibility into where your data is into how the people in your organization and in these other organizations touch your systems and your data. If you could ask these kind of questions, you could start having a conversation about identity and access management that gets you in the door, using the trends that these business sides are tending to think about. Right? All the things we've been talking about today, but it's not just as simple as asking the right questions. You can ask questions. My favorite character in all of literature is the Cheshire cat, right?
Because the Cheshire cat makes it clear that you can ask a question, but if you have no idea about what you want from that question, if you have no clue as to the kind of qualities the right answer is gonna have, then you're not gonna get very far right to ask where you're going without a destination in mind is meaningless. Right? So a couple other thoughts I want to put in here and I'm just sharing thoughts. My training is in philosophy, if anyone's wondering, so I could come up here and do marketing, but it wouldn't be something I was trained for.
So I decided not to something that you might think about in terms of a goal, these problems that we're dealing with, the big data that we were just talking about, the means to control all of these things and the relationships between them to understand and model those. These are not things we don't understand. These are things we understand pretty well. And there's been mechanisms in place to control them for a long time. The really the question is why aren't they being applied? Right?
Object, orientation, model driven design. It understands how to manage a lot of these problems. And the real question is why aren't you already treating the people in your organizations, like things with relationships, to other things and rules that control those, right? What you need is technology that will do that. Because once you've done that, you can start solving your problems on whiteboards, right? And applying that. But if what you're doing instead is trying to figure out how to apply technology that doesn't understand these concepts. You're wasting a lot of your time, right?
And this isn't just a UI thing. Isn't just about creating a pretty drag and drop interface. This is about getting this kind of management for identity and access management data at deep levels, right? Making it. So the data itself conforms to those models. And if you can do that your long way along the road to solving a lot of your problems, another one that's newer, but is definitely important. And we were just hearing about standards that described how to do a lot of this is making sure that nothing is gonna work in isolation, right? Because monolithic is dead.
Kim Cameron was talking about that this morning, too. So in order to make sure that you are not stuck in a monolithic mode, you need to demand web services from all the technology that you're gonna apply to the answers, to your questions.
And again, not just web services at a surface level, it's not just about being able to extract a report, right? It's about being able to have all the different pieces of your identity and access management infrastructure, all the pieces of all your infrastructure. Be able to communicate with each other meaningfully at every level, because everything is gonna need to interoperate with everything. No one here I assume is starting from scratch.
You all have systems in place and being able to have those systems communicate with each other, communicate with anything new you put in place, communicate with the systems in the company you buy next week that you merge with or with the data that's in the cloud provider that you might adopt. All of that can be driven. If you have the right focus on interoperability again, all the way through the stack that you're doing.
Now, when I came up here, or least when I made the slides, I was assuming I would be crunched for time. Cause I had 20 minutes and I only I'm so late in the day, I figured I'd be gone. So I don't have a lot more to say, which means I might finish early if that's okay with you, but not, not quite yet. Not quite yet. Don't kick me off. I'm just gonna say in summary, right? You can use trends to have best practice conversations with your customer, which might be the business, or might be your direct customer on the terms that they want. Have them right.
Use the trends to ask them the questions, to get them focused on the project. You need to think about on the program. You want to get them going down, right. Make sure that any technology you select is using established best practices, old and new at every layer. Because if you don't, you're setting yourself up for failure later on.
I mean, one of the things that you see over and over at conferences like this is presentations about how identity and access management projects have failed again and again. And one of those reasons is because people invest in short term, not long term thinking when it comes to building the technology itself, right? This is a rare time in identity and access management to a certain degree because there is actually a lot of change taking place right now. There's been a lot of disruption in the industry and there's a lot happening today. That's gonna echo for a number of years to come.
So any decision that you're making now about identity and access management is going to be with you for years to come. So as you're making those decisions, make sure that you're incorporating future proofing technologies into all of that. All right. And that's all I had for you.
I, I was gonna ask if there were questions, but after the look that the last guy got after he asked if there was questions, I'm, I'm, I'm afraid to do that. So I don't know if I should ask Would not be fair to everybody else since we're we're not having there, we that way. Okay. You want to yell at me? There's my information. Thank you very much. Thank you. Very You're on Twitter. You're a.