KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Remember when we used to pay for a TCP/IP stack? It’s hard to believe that companies used to pay for networking stacks, but we did. And once network stacks became free, the networking profession didn’t die out… instead it flourished. Today, the identity industry is going through a similar transformation, one which will present a series of moments upon which we must capitalize.
Remember when we used to pay for a TCP/IP stack? It’s hard to believe that companies used to pay for networking stacks, but we did. And once network stacks became free, the networking profession didn’t die out… instead it flourished. Today, the identity industry is going through a similar transformation, one which will present a series of moments upon which we must capitalize.
Last keynote of today's session is given by Ian Glazer from Salesforce. Oh, there you go. Good evening, Ian. Thank you. So There's there's good. There's gonna be, there's gonna be smoke coming out of this one. Remember when we used to pay C P I P stack.
I mean, remember when we actually used to buy network stacks in general, like that's, that's kind of weird. I mean, we paid for an implementation of a standard. We paid for TCP. I P it's mind boggling it's it's so old school it's so quaint, but that's what we did.
And now, well, no one pays for T C P I P right? I mean, you just expected. And so when network stacks became free, networking jobs did not go away.
In fact, I would argue we have more networking related engineers than ever before, but their jobs did change with the times and they changed with the technology. And that was a great thing.
You know, it's almost mid 2016 and I think the identity industry looks a lot now, like the networking industry did back then during its T C P I P moment. And the reason I say that is our standards are mature. Enough support for them is broad enough. And moreover not supporting standards is antithetical to the modern enterprise. So I would say identity is having its T C P I P moment. And this is going to spawn three other moments, the moment of standards based identity, the moment of outcomes based identity and the moment of professionalized identity.
I have said this before, and I have said this again. If you do not support Federation standards, you are on the wrong side of history. If you don't support user provisioning standards, you are on the wrong side of history. You are the Banon vines of identity. You are the leu 6.2 of identity. And if you are newer to technology and don't know what Banon vines or leu 6.2 is I rest my case.
Our standards are more than capable for the vast majority of our use cases, Federation and attribution attribute distribution, very strong user provisioning historically has not been great from an adoption perspective of standards, but is getting much better with skim 2.0 and the world of authorization we have Zal and its profiles is certainly robust, certainly capable. And I expect it's adoption curve to be bending upwards. And then we have things like we have consent receipt. This gives us coverage for underserved and emerging use cases. It's hugely important.
And it's not just that we have standards. We have conformance testing to go along with it. So we have things like the open ID connect, conformance testing, and I would expect to see more of this in the future. For example, I'd love to see a skim 2.0 conformance test. The thing about it is enterprises expect standards to be built in, right? No one expects to install TCP. I P in a virtual machine just as no one should have to install SAML or OAuth into their identity services. That's ridiculous. They just need to be built in. And that enterprises expect products to reduce risk.
Now we know that standards reduce deployment and operational risks. And so enterprises are going to naturally expect identity standards to be a part of the services they deploy and that they consume. There's an interesting implication, which is technology. Suppliers cannot charge for standards based identity because you'd be asking your customer to pay, to remove a risk. And that sounds suspiciously like extortion. It's nice. I am project would be a real shame of something bad happened to it. It's extortion.
So if your service provider does not support standards based identity services, they are not acting in your best interest. They're not acting in your customer's best interest. Now there's two reasons this might happen. Number one, they could be unaware. There are identity standards. They could be unaware. There are libraries that they can use to deploy standards based identity. To be fair. I have a bit of a hard time believing that in this day and age, but it could be true.
And if it is true, then the blame lands on us as the identity industry, cuz we have to make it easier to adopt identity standards, full stop. However, there is a second reason why your service provider may not support identity standards. They are sociopath. They hate you. They hate all of their customers and that makes them an S SaaS, the sociopathic software as a service. I hear there's a magic quadrant coming out about that. It's weird. I don't know, but regardless the industry wants no part of them.
When identity professionals become acknowledged peers and valued members of the enterprise, we will have achieved outcomes based identity when we are responsible for helping to mitigate risk and in responsible for increasing customer delight, we will have reached the moment of outcomes based identity. And when we are held accountable for doing so well, the moment of outcomes based identity.
And at that moment, we will have forged great relationships with our chief customer officer, our chief privacy officer, our chief information security officer identity professionals at this moment will have a strong voice at the decision making table. But this is not possible. If we continue to take a project-centric view of identity and not a program centric one, this is not possible. If we don't shift to this notion of outcomes based identity in the moments ahead, there are really only two things that matter. Mitigating risk customer delight. That's it. That's what we're gonna be measured on.
We're gonna be measured on how well we mitigated risk for our enterprises. We will be measured on how well we delight our customers. And ideally we'll do both structurally may be challenging to do both of the same program, but we're gonna strive for that. What we need to do is move away from point projects that are measured on frankly, dubious ROI numbers and move to something much more valuable, the outcomes of our actual programs. And so in this moment of outcomes based identity will be judged on the outcomes that we achieve. We're not gonna be graded on the basics.
Having automated user provisioning, for example is no longer praiseworthy just having T C P I P. Connectivity is no longer praiseworthy. It's expected risk and delight. How well did we work with our security peers? How well did we work with our customer success peers? Those are the things we're gonna be measured on. Our ability to mitigate access related risk has never been more needed than it is needed today in a hyper connected world who has access to what, when did they have access? These questions have never been more pertinent to answer and identity.
We know is a critical security control for every enterprise in every industry. But to be seen this way to be valued this way, we have to do more than just report the results of access certification. We've gotta do more than just deliver high identity assurance. We have to express the totality of our programs in terms of risks, mitigated be those risks, operational brand technical. We have to present this information to both security and privacy peers, to other stakeholders and to the Csuite from a delight perspective, every interaction with a customer as an identity enabled interaction.
This is true regardless of what industry you're in. It is true regardless of what you are in, whether you are delivering service to citizens, online classes, to students or luxury goods to consumers, your transaction is an identity transaction. Delivering just a login experience. That's insufficient. That's gonna be expected.
Identity is critical to every digitalization strategy for every enterprise, but to be seen this way, we have to express how our identity programs contribute to top line revenue growth, decrease service delivery cost increase customer satisfaction, and we've gotta do this to line of business peers and to the C-suite. But all of this is not possible if we don't professionalize identity management.
So the relationship, the dramatic tension, the codependence call it what you will between privacy and security gets a lot of attention and rightly so, but neither privacy nor security can meet all of their challenges partially because they're default tool set. They're the wrong ones for the job identity provides the missing tools. And in that regard, we're the missing third leg of the stool, but identity is not widely acknowledged as the key to improving service delivery. It's not widely seen as the key to increasing customer satisfaction.
It's not widely seen as the key to growing our businesses. Now we know the vital role that identity plays, but the larger world doesn't identity's voice is missing at the table. This is in part, I believe because unlike security and privacy identity has not formally professionalized privacy and security professionals have professional organizations that are dedicated to the betterment of their industry, right? The services these offer these organizations offer include professional development, shared practices, certifications, forums for interaction.
But let's think about where an identity practitioner can go for advice. Well, we can turn to our vendors and our implementation partners and surely they can educate us about their technology and their approaches. And that's good. We can talk to analysts and they can inform us about markets and trends and some cases architecture. And that's good.
And we can even go to local user groups and that's important too, but this is a very piece mail approach to the problem consider that Isaka formed in 1976, the international association of privacy professionals formed in 2000 ISC squared formed in 1998 and the C S S P arrived in 94. And yet in that entire time, no professional identity organization appeared. You mean to tell me we weren't doing identity that whole time.
No, of course we were, of course we were. But we were focused on working on our standards. We were focused on working inside of enterprise and learning as we go, but we didn't formalize our industry in the moments ahead. I think that changes. I think we come together to professionalize identity management in order to enhance the services. We deliver increase the awareness of the vital role that identity plays and to improve ourselves. I think this requires an organization whose sole mission is to professionalize the industry, but what would that look like?
Well, it would be an organization whose mission is to be the tide that lifts all boats.
It'd be a place for practitioners to learn how to make their programs and projects more successful, a place to grow their careers, a place to learn how to work with security and privacy peers in light of business peers, it would be an independent voice that extols the value of identity management as a partner and as an equal to security and privacy, as well as a crucial partner to lines of business, to, for customer delight, a professionalized industry benefits every one of us from technology suppliers to implementation specialists from analysts to professionals, improving the visibility in the quality of our market increases our chances of success at a personal level at an organizational level.
If we wanna seat at the decision making table, if we want to be equals and partners to security and privacy, if we want to be involved in growth opportunities for our businesses, regardless of industry, then we must strive for a professionalized identity industry. Now, honest truth. I'm interested in this for purely selfish reasons. I know from whom I learned the identity arts, I know my mentors. I know the people that influenced me. I know the people that helped me for my ideas and my architectures and my presentations. Some of them are here tonight.
In fact, and I, I know them, I treasure them, but not everyone has been as lucky as I have been. I want everyone to have the same opportunities that I have had because not everyone in our industry has as has access to a mentor or a coach, an ally, an advisor. I think this generation of identity professionals can do more to help. The next one, professionalism identity should be our mission. So the next wave of professionals can benefit so that our organizations can benefit. And so our customers can benefit in the moments ahead. We become full-fledged peers of security and privacy.
We're a strong ally to the business who helps grow the business in the moments ahead. The next generation of identity practitioners build on our successes to deliver even greater results for their enterprises and for themselves. But this cannot happen without professionalizing our industry. I'm also thrilled to announce that the Canara initiative has offered a space for you, voice your support for your this idea. If you go to Canara initiative.org, you can weigh in on this before the TCP I P moment, you were a net gal. You're an apple talk guy. You're a token ringer.
What do you call somebody who's used token ring, I guess an IBM-er go with that. Things changed and you adapted. You became an active directory specialist, became an E directory specialist, firewall person, application delivery specialist. Identity is at its T C P I P moment. And we will grow and we will adapt, but this is the best time to be in this industry. Ever this moment brings great change for us. And the moments ahead it spawns are not ephemeral incidents.
They are milestones for our products, our programs, our industries, and ourselves standards based identity removes risk from our deployments speeds up integration produces implementation cost, not supporting standards, puts you on the wrong side of history, including standards in your service will no longer be rewarded with kudos or revenue because the modern enterprise demands it. An outcomes based identity is going to change the expectation of the modern enterprise as well.
The longer are we going to be rewarded for the basics the longer are we gonna be measured in simple ways, outcomes based identity sharpens, the focus of identity programs onto risk management and the delight of our customers. This moment requires we present the impact of our work to new peers and new stakeholders. We be held accountable by higher levels of the organization.
In short, the moment of outcomes based identity moves our work to executive levels of the organization. And if we're going to be amongst executives, then we must formally professionalize the moment to professional identity enables identity to stand on an equal foot with security and privacy. It promotes ID the identity industry as crucial to both risk management and business enablement. More importantly, it provides for us, each of us, a place to improve and a place to help others improve, to strengthen and grow the identity management industry. And I think this moment is long overdue.
T C P I P moment is gonna come with a lot of wonderful change and the moments that it spawns represent growth opportunities for us as individuals and as enterprises, these moments, these milestones are going to be FA upon us faster than you realize, cuz I know when you go home, you're going to continue the work that you're already doing towards these goals. When we achieve the moment of standards based identity, we'll be able to integrate faster, deploy with less risk and not have to worry about the dam identity plumbing. It'll allow us to focus on the outcomes of our programs.
And when we achieve the moment of outcomes based identity, we will be called upon to present the totality of our programs, direct impact to risk mitigation and customer delight. And we're going to do so to the highest levels of organization. We're going to be held accountable and we'll have earned the right to be held accountable for. We will truly be identity professionals. When we professionalize identity, all of us will have a place to grow, share what we've learned over the years. We'll have a vehicle to promote identity as a peer of security and privacy.
And as a vital contributor to all of our enterprises, digitalization strategies, we have never been needed as we are needed. Now we are the keys to growth for organizations for ourselves. We're the keepers of identity employee and partner, customer and citizen. We are the keepers to of identity.
And this, this is our moment. Thank you. Thank you very much, Ian. Great talk. Can we have the questions please? I've seen two questions. Really?
Yeah, really first one. Will you show us your socks? Okay. Sort of a gray and pink number. They're pretty tame. All things concerned. They're smart. They're totally not smart.
No, no, I, that terrifies me. Well if my socks could talk. Oh terrifying. I think the next one is the serious one. Yeah. What made the profile of an identity scientist? Someone in the audience, two people in the audience are thinking like way beyond I've even got to in my own thoughts. I imagine we'll have a notion of an architect. We already have that, but we can, I think formalize what that looks like.
We already have a notion of a business Analyst that plays a vital role in this, but I don't think there's going to be a singular identity scientist because we know the, the breadth we have to stretch between risk management and customer delight. I don't think one person or one discipline can stretch that way. I think we'll actually specialize along that spectrum. Okay. Thank you very much, Ian. Thank you everyone.
