Keynote at the European Identity & Cloud Conference 2015
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the European Identity & Cloud Conference 2015
Keynote at the European Identity & Cloud Conference 2015
So for sake of time, I'm immediately introducing Kim Cameron. Here he goes senior.
Thank you, senior Kim Cameron. So nothing much to say.
I just, just saw in, I looked up your LinkedIn profile and you seem to have joint professional back background than Jackson. Is that right? Have you been working at the same company We've been working in the same company for, you know, I don't know how long, but very long period of time. How long? 15? I think 15 years. Yeah.
Oh, Oh Yeah. The floors Yours. Those were the good days when we were young and carefree.
Anyway, I'd like to talk to you today about the identity services in 2020. And I'll, I'll explain how I got there, but before I do, I'd like to say how happy I am to be here in Munich. I just love being in Munich. And this year I found out that it's the birthplace of Bertold Breck, the great artist and poet. And who said, what I thought was one of the most interesting aphorisms that, that I've encountered, which is that because things are the way they are, things won't stay the way they are. And that to me seems the secret of so much in terms of social change and techno technological change.
In fact, it's as though he understands the motor of, of it perfectly, the motor, the same, the same set of dynamics that bring us all together here today to understand how what's, the way things are now is, is producing what things are going to become. And if you think about it, this is about one of the most interesting and transformational periods in technology that I've I've, I've seen.
And I, I believe that for computers, this is the, the fastest and most profound change that, that we've we've encountered yet. The cloud is, is, is so transformational that I would even say that it's, it defines the era we're in it's the cloud era. And in the cloud era, we have what we could then call cloud era challenges. But the cloud also gives us amazing resources to deal with these challenges. So that what we're talking about here is sort of a, a combination of the cloud error challenges and, and new ways of, of, of meeting them.
And so when I think about these issues, I like to project myself into the future. In other words, if we take this whole set of challenges, what's gonna be the situation five years from now. And once we have, have a, an idea of what it's gonna be five years from now, we can start to figure out how we get a strategy that takes us from here to there. So looking forward to 2020, the cloud is restructuring the economy and is redefining the winning players to compete.
You have to be agile and you have to collaborate with your customers and suppliers, as you never did before that, that that's by, by 2020, that's gonna be absolutely a foundational principle. Mobile devices will be the most important devices. We all know that everyone will want deep digital relationships with their customers. An attacks will be increasing and proliferating. And to the point that attack protection is probably the number one concern people will have for survival. And what does that mean for identity?
Well, to me, I, I think it will mean that it will mean that we're going to have a system in which customers, employees, and criminals are going to be interacting with the, with their environment in new ways. And the identity system of 2020 will be much more of a no see it system one, which functions just by doing and by analytics and by ambient intelligence than what we're, what we're used to. And so I'm gonna start by looking at the issue of how people will interact with this, this evolving system. And let's start with the problem of interacting with identity services at work.
Well, the starting point is obvious people at work in 2025 years from now will continue to be using all of our current identity systems to get to many of the applications that will still be in functioning then. So there's not gonna be some kind of a vast forklift upgrade where everything's gonna be thrown into the garbage and new applications are gonna be developed. And none of what we see now as fundamental is gonna continue to be used, but they will also use a bunch of new software as a service applications.
In fact, shadow it, namely the users in revolt have already installed, you know, huge numbers of these and those of us who were around and, and watched mainframes being replaced by many computers, saw the same thing where it department said, oh, that'll never happen over our dead bodies. And of course it happened over their dead bodies, same thing with lands and, and PCs, replacing many computers, it happened over another set of dead bodies. And today what we're seeing is hopefully there'll be no be dead bodies this time.
I'm, I'm such an optimist, as you all know, but we still see that people are moving to these, this shadow it software as a service applications, in spite of the admonitions of their it departments. And one of the things we did at, at Microsoft was we built a, an application that actually scans and detects how many and which kinds of software service applications are deployed in enterprises. And that was taken on during a preview that, that we've just completed by a number of our customers.
And the, the results were, were even more incredible than anyone thought they would be 10 times as many cloud apps were in, in, in, in, in average, there were 10 times as many cloud apps being used in enterprises as the it departments thought. So most we can, we can conclude that most enterprises are actually already hybrid. In other words, our mixtures of on-premise and SAS cloud-based systems, and that therefore they're whether they like it or not, their identity system is also a hybrid one. It's just that the SAS part of it isn't controlled or managed.
So one of the first things that we did was to develop this system that allows you to manage the SaaS applications, put two fact multifactor authentication in place, or define policies and so on. And, and then give people a mechanism for being able to launch their SaaS applications in a way that could be tracked and controlled and brought under compliance so that you were able to combine the imperatives of a, of agility and the, and the imperative of compliance. But the point here is that that's kind of just catch up with shadow it.
How do you go beyond shadow it and do the things that actually will let you solve the problems of, of, of cloud era. And let's look at this in terms of how to do it for B2B. Now I'm gonna use an example here, which has a completely fictional character in it.
Hi, his name is Jackson Shaw, but it's Jackson Shaw at north wind enterprises. So I would, I would have you imagine that I'm setting up a, a, I wanna get together with Jackson and, you know, I go to look at his calendar.
I go, gee, I wish I could see his calendar. I wish I could collaborate across this, this, this supposedly this supposed internet. And of course, when I try to do it today, all I'll get is a signal that says, Jackson, char is not in your address book, but in this new world, if now that we've put ourselves five years forward, all of that will be different. What'll happen is the, the system outlook will be able to call some kind of a, an API, which will see whether there is a policy defined for, for Jackson. To be able to, to, to, to, to, to, to share is free busy.
And I, I must say here that the reason that a lot of this stuff is missing, it's partly because it was so hard during the period, the old period of standalone things like standalone exchange servers, living behind firewalls, it was very hard to hook things up, but it was also hard because of the compliance issues. What are the policies who can share what with whom?
And so in, in things like office 365, you you've solved the problem of hooking things up. It's very easy to hook them up now, but the compliance problem doesn't go away. So in order to do this type of thing, you need to be able to have ways of establishing policies and, and enforcing them. So in this case, if there is a policy, some way that I can get access to share my free busy, then I'll be given a, some kind of an ability in this case, a notification that, that asks me, do I wanna share?
And I say, yes, I do wanna share. And at that question, the, at that point, the, the system will have to go, well, what, what exactly is involved with this? Does Kim already have some kind of a permission to share?
Well, what if I don't? And if I don't, the policy will, will be able to say things like, yes, you can go to the it compliance department and ask them to set up a, a, a policy, or you can go to Kim's your manager and ask them to set up a policy. So in this case, let's assume that I go to the policy, says I have to go to the manager and it sends some kind of a request to the manager. And this is my manager bar Shaw. Who's here with me. He actually chooses to let me see all of the customers who I interact with to exchange free, busy with those.
Although if he was smarter, he would've chosen anybody who can wishes to share his calendar with so that he would never hear from me again. But there we are. I choose that. And now there's no further hurdles to transcend in the, in the enterprise, but the request has to go over to Jackson's system in which the it compliance department can decide whether he's able to share his identity and his, and his free busy, if that passes, we've done two things. One is he's able to get the free, busy, and then we're able to share it.
But two, my company Kentoso and his company north wind have set up a series of policies and relationships that can now apply and re and replace all kinds of things going forward. So that, that doesn't have to happen again in the future. And we see the same pattern coming for all external sharing, where it's not that you go to the identity system and interact. You go to an application, say I wanna accomplish something. And the application goes to the identity system and brings a brings about whatever's necessary to cause it to. So how does the identity system do it?
Well, essentially by knowing and recognizing people in apps and devices, so they can be allowed if the policies allow it to access information both within and across organizations. And if you look at the types of organizations, it's all the usual orgs and domains, customers, applications, devices, and things, employees, policies, et cetera. It's not the old just employees and, and computers. And what happens is this, this identity service will, will, isn't just an inventory of things.
It's, it's also, it is that inventory. So you can, if you take the example of what was necessary in order to hook Jackson and I up, you know, it's about people, it's about applications like outlook and, and his calendar product and so on, but it's also about relationships. And so that's why we call it a graph. The graph is one in which there are connections between all of these different objects and applications can follow those connections. Then one of those connections is the inter corporate one, and that allows these things to be set up.
So you can think then of this graph of identity services, being this vast graph on a world scale, which is by, by at, at birth is segregated and impenetrable. One organization is separated from the next, but through policy, the permissions can be given so that it's only policy that prevents interaction and collaboration across these systems. Now I'll look at how do people interact with is at home?
Well, I'm gonna take the example of a very large soccer team. It was actually announced recently, but it was a soccer team that is not popular in Munich. So I'm not gonna mention its name.
This, this would involve people being able to set up user journeys and then bring their entire customer base into the graph. So in this case, the, the graph gives them an the, the, the, we, you know, the identity system just presents to the, to the user, the ability to choose either using an email address or one of its social identifiers, the user can log in use. And in this case, I choose Facebook. I approve in the usual way, the soccer team wants a little more information about me. I give it to them, and now I'm into the system and I can, I can go, go onto the, onto the website.
So what's happened. There is the team customizes, a user journey that sets up and validates the digital relationships with the fans. It scales easily to 450 million people.
So it, even though it might maybe takes half an hour to set up, it scales to 450 million people, which is the requirement of the soccer team. The fan identities become part of the team's identity graph. And so they can be tied in with everything else. It provides secure, private compliance, storage, and advanced threat detection, because it's the same mechanisms that are used in the enterprise systems. And the team applications can all query and extend the, the graph. So this idea of user journeys is, is there's an infinite number of them. Let me give you a second one.
It's, it's a hospital this time, and you may be surprised, but you're also able to sign in, sign up and sign in with the hospital using your social identifier. And this is another real example with a real hospital. You log in with your social identifier, you're asked to enter a bunch of personal information, and that is used to hook up with your record in the hospital. Once it hooks up the hospital knows your phone numbers. And so can verify that it's you, by phoning you at one of these numbers in the future, it will really be the phone number, which is the authenticator.
The social identifier is a signal into the system. The phone number is another signal. The two signals are combined to produce the digital relationship. And so you're into the, into this situation. So the hospital customizes the user journey sets up and validates the digital relationship. The social network IDs are just one input in the authentication phone. Number verification is the central element and the patient identities become part of the hospital's directory graph, which can be extended to encompass medical records. For example, it provides the system.
The identity services provides secure private compliance storage. Once again, with threat detection and cross hospital trust frameworks can facilitate sharing of patient information between organizations.
Now, finally, how do criminals interact with is, well, clearly they're gonna do the things they normally do. And one of them is just running all of their username, password attacks.
Now, if you were running your own system on premise, you could detect somebody coming into your system and trying to do these kind of attack, but the way that criminals are doing it nowadays is different. They to attack an account, they'll go into a bunch of different websites and try the password in each of those accounts. And no none of the websites have visibility across the, the others. If you have a multi-tenant system that brings in, as, for example, currently there are 4 million identities in Azure, 4 million organizations in Azure active directory.
So you potentially have visibility onto the logins of 4 million and, and Tolbert behavior across 4 million organizations. You're able to detect this kind of, of probable penetration, just as you can use the vast resources of once you have 400 million organizations, you can share the costs of having cyber control units and everything else so that you can do things like prevent anonymizer use and all of those advanced attacks through tour and things like that.
So you can, once again, think of detecting the anomalous activity, using machine learning and ambient intelligence, identifying the attackers, and then dynamically uplink upleveling, the authentication requirements. In other words, the user journey can suddenly require phone validation and those things.
So my, my, to, to conclude my, my, my, my main point is that the cloud offers unexpected advantages. It's, you know, it's not just abstract.
Hey, the cloud is cool. It's the cloud offers the ways to solve cloud era challenges in a way that the individual on-premise system simply cannot. And so that explains what Patrick was saying.
I, I don't know what Microsoft strategy really is. Well, I can put it in a, in a nutshell, our strategy to get you to 2020 is build a hybrid identity platform, no abrupt changes, no forklift upgrades use cloud services to solve Cloudera problems on premise and cloud systems are a continuum. By the time we get there, they're a continuum, not completely different systems. There's no duplication of management effort. The move from on premise to cloud or from cloud to on premise can happen without friction in either direction at any time.
So if you get fed up with the cloud, for some reason, you can go back onto premise. And if you get fed up with, on premise, you can go to the cloud and you can take segments of your population and put them where you want them, because we would never expose to the users, the differences in the internal topology of where your users are. And there would be unified APIs, control, panels, security, and auditing.
Secondly, we would use cloud signals and machine learning, learning to harden and evolve the on-premise systems. So not stop investing in on-premise, but in accelerate the investment in on-premise so that we can actually bring it up and keep it evolved to the, to the level of the attacks that that are, are, are going to be experienced intense investment in order to build a system that respects enterprise data boundaries. And I would suggest I would, I would invite you to look at some of the new things that are being announced this week at the ignite and build conferences.
One is advanced threat analytics. So this is a system that protects ad not up in the cloud, but on your premise. And that brings the machine learning and other similar things into your on premise system. All these ideas that we developed and perfected in the cloud, another is, and similar investments in a bunch of other things, Microsoft identity manager, formally FM.
The, the third thing is a new, a new initiative, which is called Azure stack, which allows you to run your own Azure in your own data center so that you don't have to go through this thing. Do I trust Microsoft to run this thing in their data center? You can get the same capabilities and products and run it in your data center, if that's what you would like to do.
So I'll, I'll end on this note that our commitment then is to one principle above all others. The cloud is your cloud. The graph is your graph. You control and define it. Thank you. How many hours over did I go? No problem. One very short question. This is about identities of people.
Now, if you reflect what you've been saying against what Jackson was describing in his research on ONT, They took me away already. Can you put it back, please coughing with, I need a Jackson. Can I borrow your watch anyway, I can't get back there, but yeah, in the, in the list of things is the devices, All of these. So the devices are not identities, the devices or devices, The devices are, are any, any of the things that Jackson is Calling? Yeah.
Oh, am I gonna bore everybody again? Wasn't once enough.
Anyway, there is a slide there. I suggest people find it themselves. Yep.
Which, which goes into what the contents of the directory are. So it would be people, devices, organizations, and in terms of people, it would be customers. It would be employees. And it wouldn't just be Microsoft. One of the most interesting things, if you read about the office graph, which also was announced this week, it shows salesforce.com integrating into the same graph. And that's an example of how the idea is to make the graph, the customer's graph, not the Microsoft graph, but yes, it, and it includes this whole concept of going for, for devices.
And for example, if you look at the way in those, in, in those, what we talked about, we were using telephones as part of the authentication for the person. Sure. And Jackson's idea of using the sensor location. Sensors would be another thing you could add. So it's that kind of concept. Okay. Thank you very much. Okay. Thank you.