Keynote at the European Identity & Cloud Conference 2014
May 13-16, 2014 at Munich, Germany
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the European Identity & Cloud Conference 2014
May 13-16, 2014 at Munich, Germany
Keynote at the European Identity & Cloud Conference 2014
May 13-16, 2014 at Munich, Germany
So the next presentation is given by Christian petrescu from Oracle, and this is called reducing identity Federation fragmentation in the new digital economy. So please welcome Christian petrescu. Thank you, Mike. So until the slides are built up a quick introduction for myself. So my name is Christian Petroski. I do work more than a decade for Oracle, 2001. I started and I moved in the development organization where I am now. I'm the local representative of identity access management development here in Europe, middle east and Africa. For 20 minutes. There we go. For 20 minutes.
Of course the agenda is pretty short, but what I would like to discuss with you all today is first of all, trends that we're seeing in the area of identity access management. I was sipping myself on two panels or some trends I've been heavily discussing them in the panels too, but then we are gonna go to what the title of this presentation is fragmentation in the new digital economy and these two points. We're gonna not treat them as silos. We're gonna share our observation help. Perhaps these new trends have an impact on the fragmentation of the new digital economy.
Let's start with the trends. And I'm pretty aware that in these three days we talked about them a lot, but I kind of shifted this around that it's not cloud first. I I've personally feel we have not spoke enough about mobility. We see mobility as a big trend and security has a big impact into that trend.
Actually, there are two facets about that, which I would like to share with you. First of all, of course, it's about extending security artifacts that you have on premise also to the mobile world. Single sign on is a good example, right? We've done that for 15 years on premise. We also need to deliver that on the mobile world and for the user it's even more important. So you have these mobile devices, sometimes username passwords, you need to type it with one finger.
So there is a requirement for these artifacts also to be seen on mobile device and not about only single sign on it's about strong authentication and all the nice other security artifacts that we see on premise. So the keyword, by the way, and I'm gonna talk about this later is extension. So not creating something new, just for the mobile word, extending what we already have successfully in the enterprise. And of course, there's a second facet to that. And you all know B Y O D right? Bring your own device.
So people are very eager to bring their tablets, their, their iPads, et cetera, to the enterprise. And it's a cor, it's a it's it's my own device. Right? And what happens is that it lost a little control and they tried on gaining control back. I call this mobility 1.0 and MDM was a good approach, right? We try to restrict the device. So when somebody was leaving the company, I did wipe the entire device.
Well, it works if it's a company owned device, but with private device, I have security issues, but it's also not nice if somebody's deleting my private data. Also nice anecdote to share, especially in the financial industry. When we had meetings 2011, 2012, sometimes we had people sitting there with two identical iPhones, right?
One, a company iPhone, where they could do only emails, which was restricted. They couldn't use their camera. They could not go to I store, et cetera. But then they had of course, a second iPhone for a PRI for a private use. So this was also trend that happened and MDM restricted, just the phone, the second notion of solution, I call it mobile. 2.0 that we're seeing is let's not restrict the device. Let's just clearly separate in between what is private and work related. Let's put a container, let's put a workspace on the device.
And in this container, we just have the business data, the company own data. And you know, what, if the person leaves the company, I can just delete this container. So this is a big trend that we're seeing and security has a big impact to that social networking. I was on the panel yesterday and I already shared yesterday, I think at 2011. Also we as a vendor did a mistake in positioning this feature. I remember the first time that we showed this to customer, we just showed this login via Facebook, via Google. And everybody went like, okay, I don't trust Google. I don't trust Facebook.
We don't need that. So we positioned incorrectly the value that is behind this feature. It's about a loosely coupled integration. It's about if my customers are on the social networks, I at least want to get some attributes from that safe social network. To my Porwal an electricity company, a customer of ours has also nice example how this leverages a business initiatives. There is the legal law, electricity companies.
Well, 10 years ago, if I used a lot of electricity, I was a gold member at them. I was a highly valued customer nowadays. They need to give us recommendation how to save electricity. And how is this company doing that?
Well, the user get a personalized saving recommendation logging in via Facebook. I was asking the CSO why he's doing that via Facebook. And he said, well, the damage is pretty low. So what happens if somebody gets this recommendation? First of all, I need to legally do it. I need to get this personalized out and I need to track it. And for this use case, it's a good example where exactly this social networking integration adds a lot of value. So it's not about trust. It's more about how does this feature enable my business initiative, internet identities. It's not a new topic.
We as Oracle one, the co or coal innovation award with British telecom in 2011, about that, it's a big topic, especially as we see in the market for telecommunications identity validation, but it's more than that. So I'm not only validating identity, I'm adding more services to that.
So yes, somebody might be able to steal a record. The street, the email address might be correct validating that might get it true, but still there is a lot of fraud happening. So if I create the same account from the same IP address, the risk gets higher. So it's not only just, I validating the identity. It's also creating additional identity access management services. On top of that cloud computing, we covered that in the interest of time. I'll keep this rather short that two facets to that.
First of all, giving feature and functions for the cloud for securing a cloud, but also very important. Putting IDM into the cloud. We're speaking about a managed identity as a service or pure cloud related identity as a service and internet of things. You heard the, the automotive example we have, of course, a similar example to share the beauty about this is you have different type of identity. You have carbon identity and you have non-carbon identities and you have a relationship in between them, right?
Again, using the automotive example myself as a carbon identity. At one point of time in the future, I might be able to authenticate myself against the non-carbon identity, which is the car, but there are other examples out there not only from the automotive industry, metering is also a good example, but also the example that, that we heard in the panel with the fridge and perhaps the fridge getting out of milk and the drone bringing the milk to my house. What is new about them? What's the observation. What's the key observation, and this might be bad news.
IBM might not be now the top five priority of every CSO or CIO, but IBM is included in every of these new initiatives. Actually I would go a step further. IBM is an enabler of exactly these initiatives. Oracle is also an apps developer. So let's take a step back and also look at the evolution of business apps, which is in the middle of the slide.
Well, first of all, we see a vertical evolution about the appearance, also the apps. So first we had client server apps, right? We moved to web apps and also sometimes I see a trend now of apps being more and more designed like Facebook and Twitter. Even at Oracle, we have an app called OSN, which is the Oracle social networks. It's funny people who join Oracle right from university. They love this app.
So they, they, they used this app a lot more like myself, who I'm used to the other business apps. They're even telling me that it's a lot more efficient to do even emailing via those apps. So in perhaps in two years, we get rid of emailing. You do the, do the emails only, only via OSN, but you still see not only a change of appearance, also change of usage, right through these new paradigms. This is the vertical change, appearance and usage, but you also have horizontal change. You have not only business apps, you have mobile apps, you have cloud apps. What do I wanna say with that?
Perhaps again, I can share an experience. I was in Saudi Arabia at a big financial industry and they were claiming we're not having mobile apps. The funny thing is in the meeting with could prove to them via I store.
Yes, they do have a mobile app from the marketing department. It was not aware of this business initiative, which I personally find pretty funny. I think through this vertical we covered, but through this horizontal change, it loses a little control. Right? We had that with cloud too. Somebody started a business initiatives and didn't let it know even the purchasing this department didn't know about it. So it's about lose of control that we have in this horizontal domain. Let's put it all together. Identity management, as it has been seen before has three areas. And they're well known.
They're mature, they're directory, governance, success. I think what is new to this initiatives, you might call in consumer, you might call them channel. You kind of have a metrics organization. So if users of this identity access management, you have the enterprise, you have cloud, you have mobile bringing new challenges. And I think we as Oracle, we're a big believer in, okay, this is a hybrid model. You cannot get rid of what you have in the enterprise and put IBM in the cloud. There will be requirements in each of these buckets. So this is IDM. This is the big challenge that we're seeing.
And this is also where fragmentation might come from is something that, that falls into these buckets. Like I said, how do you, should you deal with that? What are some recommendations?
Well, treated hybrid, right? Don't think about let's kill the enterprise and let's just move to the cloud. You also need to think about how do I, and this is a key word extend. So if you already have IBM services on premise, how do I extend this? I don't wanna build a new policy store. This is duplication of work. This also cause fragmentation, rest is beautiful to achieve this. And the third point is avoid fragmentation. And this is what this presentation is about. The funny thing is we always spoke about fragmentation in the past and fragmentation happens, right?
Have a look, how companies are organized. They're organized in departments have purchasing. You have R and B, you have marketing, you have sales and so on.
So yes, fragmentation happens. But I think the key question is why does fragmentation, why is the risk of fragmentation nowadays? Pretty high. Let's think back what we spoke about, right? All these new business initiatives happening in some departments, this hires the risk of fragmentation. So let's take an example. Marketing has a new mobile initiative and perhaps the it department doesn't know about it. So especially in the last one or two years, the risk of fragmentation by it losing a tad of control is a lot higher. I think the outcome of this breaches can happen.
Inconsistent access policies. Again, you're duplicating, you're duplicating rules, you're duplicating the rules framework. And what also can be an issue of course is compliance. And I know you're also compliant without a platform or a central IDM system, but yet when the auditor comes from all these different departments, you need to pull the data together.
So yes, you're compliant, but you're compliant at a certain cost. This is what we believe in.
So yes, a unified identity management, we call it a platform. We should avoid this whole notion of fragmentation. And it's like I said, especially the risk of having this now is a lot higher than five years ago within a study, which is analyzing point solutions versus platform. I don't want go into details, but we're more than happy to talk about the studies, a lot of cost savings and especially a fewer audit deficiency. If you look at this as a unified IBM platform, How do we build our products, how we as Oracle do design our products based on these observations that we did.
We also focus on best of breed because we also understood from customers, yes, there might be urgent needs. There might be perhaps not the time to put first in place a unified IDM platform. There might be a legislation law that you need to comply with. And this is why best of breed is also important for us unify. What we ask from you in the market.
We, as Oracle also did to give you an example, provisioning and governance to different solutions. One year ago, we did unify them. It absolutely makes no sense to have a provisioning engine and an attestation engine.
And yes, on data level, I need to sync and even on process level. So take re-certification as an example, I also need to sync, it needs to be unified. A lot of error that I got from customer work from this data synchronization, we did unified these two products. We unified our workflows. We have one unified workflow, internet scale. It's a big thing.
Of course, if you talk about internet of things, you have not million billion of devices. And your scale is very important. We have customers life with million of users in the excess management space. This is something we're investing pretty, pretty heavily business friendly, a good point. We expect the business department perhaps to do user onboarding or application onboarding even right? So more and more things are moving from the it department to the business department.
We need to enable this trans and of course, open standards, Key focus areas, which I would like to drill a little down into two things. So first of all, this whole notion of mobility, there are two facets to that. So first of all, mobile and social and already made the point. It's extending security artifacts to the mobile devices, everything half on premise already, we have the policies on premise. We have the function on premise. It's just extending these through rest interfaces.
So half single sign on, have strong authentication, have all the nice functions that we have on premise, also available for the mobile world. Not only reuse of functions, also reuse of security policies. I do not want to create another silo. This is why MDM was not successful. MDM created another silo. It's about users. It's about policies. It's about roles. The second thing is this mobile 2.0.
Some people call it mobile application management, containerization, workspaces, mobile security to enable the sole notion of B Y O D create on mobile devices, separate personal and business data and corporate data and apps. This is the keyword, but it's not only that. It's also the entire life cycle. Think about it this way. Why should I just provision to a user, their entitlements, their roles, and their accounts? Why not also their mobile apps? Also the mobile apps and data usage depends on the role that I have in my enterprise.
So even here I have a unification with my provisioning engine, with my governance engine. So even here, the story is bigger. It's not only about security. This is why I say security being part of a business initiative. Also at Oracle, we delivered mobile apps, but we also have a platform how you can build mobile apps, build it once deployed either for Android or iPhone for multiple operating system. And also on the backend, the mobile platform that you have. So the story, even with that point is bigger. And the last thing I think I started two minutes late.
So I'm gonna take this two minutes to speak about cloud. So there are three aspects to that were first of all, what we call private cloud that's on your left to think it around, but it's also not only private cloud it's defining or delivering features for the cloud like we did with the cloud SSO Porwal yet also we spoke about SSO on premise. We spoke about mobile. Now we speak about SSO on the cloud. So if you have a lot of cloud apps, just give your user a nice Porwal that they do can do single sign on with the bucket in the middle. It's the managed identity as a service.
So if you prefer that you own the data, but somebody else's manages it. So it's kind of cloud, but it's a single tenant cloud. Then there's something which we call managed identity service. It's a full-fledged enterprise, IBM functionality in your enterprise, but it's just operated by somebody else. And then of course it's identity as a service. So identity functions, the cloud. I think the last point is also very important. It's integrated with the enterprise IDM. So there's an integration. This is what we believe in this hybrid model, right?
It's not that you switch off your enterprise IDM system, move it in the cloud. You're done. Everything is good. Now it's also here a hybrid model, and this is why this whole notion of platform platform for enterprise platform for mobile and platform for cloud from an IBM perspective is super important. Looking ahead, internet of things. I think we, we touched base on that. I think scale is coming more important. I think also this relationship in between identities, carbon identities and non-carbon identities. And by the way, this was also something that is not new, right?
So we had M to machine, to machine M to M 2004, 2005. It was not that successful. Right? One reason also was that it was not identity related. Identity plays a major accomplishment into this, a last thought I want to share as speaking to a CSO of a telco. So you can see how identity gets important. What they're thinking is in two years, there won't be any telephone number, right? So everything will be based on identities and we're doing it now, right? If I call somebody I'm not dialing a, a, a telephone number anymore. So also their approach is even more identity related.
And the business value, what is here is providing even additional services cannot provide additional service based on a number, but yes, based on identity, key takeaway takeaways. And then I'm done two things. First of all, IDM, it's not anymore a standalone project like 10 years ago. It's an enabler. It's coupled with the business initiatives. We spoke about this business initiatives. This is fantastic. And this is something I'm in industry since a long time, particularly proud of right, 10 years ago, it was just keeping the bad guys out five years ago, or four years ago, it was compliance.
And now we are part, we are part of every big business initiatives in every company there. This is good news, but there's still some risk. I won't call it bad news, but this is the identity fragmentation, especially because of this new business initiatives. And the key here is to avoid this identity fragmentation by this is the key word I think I'm used to today, several times, extending, extending enterprise identities to these new business initiatives and Mike through that. I'm done.
Thank, Thank, thank you very much. Thank you, Christian. Thank you.
So I I'm, I'm, I'm very intrigued by what you've had to say. And I think that from the KuppingerCole point of view, there are two things that matter to, to security. One is identity and the other is the information and you have to apply stewardship to both of them. So thank you very much. Couldn't Agree more. Thank you. Thank you. So.