KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Hello everybody. So I'm the co-founder of a company. We started it 14 years ago. That is pure open source and has been the whole time. So obviously I'm very biased.
So, you know, you'll have to forgive me my biases, but hopefully what I'm gonna talk to you about today is why I think open source and, and open collaboration is essential to identity, identity, access management, and, and the challenges that we face in the next hundred years. But before I do that, I just wanna talk a little bit about where I get some inspiration from, and I'm a mathematician. I studied Matthias at university. Do we have any other mathematicians in the room? Excellent.
So, so this is my favorite equation and it's the favorite equation of several mathematicians. I know.
And it's, it's amazing. It, it pulls together all of the main symbols of mathematics into one simple equation. It's if you're a Matthias person, you'll you, you boggle at how this works. This is pie and complex numbers and algorithms all in one place. And it's crazy.
And, and when I was a kid, I loved Matthias, cuz it just seems to simplify things. It seems to form, you take these abstractions and you simplify a and physics was another love, right? This is even more amazing. Isn't it? You take together energy mass and the speed of light and somehow get this equation. It's absolutely incredible.
And, and as a kid, I love this and what I hated was biology. This is a biology equation. This is an equation covering genetic mutations over time. And it's completely incomprehensible and, and biology. I hated biology and I've since realized I was completely wrong. That those simplifications of Matthias and physics do not help us in the real world.
And the reason why is that biology is the study of complexity and what we face in enterprise it and identity management in, in all the things that we're concerned about here and in, in our jobs is complexity and dealing with complexity is hard and there are no simple answers to it. So one of the things that is happening is that the number of programmable endpoints is just exploding. And the reason it's exploding is that customer demand is driving companies somehow to disaggregate their systems into smaller and smaller components.
If you look at the architectures of Google, Twitter, Uber, Airbnb, Microsoft, any of these large organizations, they have built small and smaller components. And typically we see APIs here and what we see increasingly as everybody realizing that you need to secure and identify those end points. And this is a, this is a weird, this is a, a 50 or 60 year happening.
This is, this is a trend that has just happened and happened and happened. So my first job as a student in, in the late eighties was building one of the first client service systems where we had a mainframe talking directly to a PC to split the work. And since then we've split the work into these tiny components, which give us agility. And that growth is also mirrored by the growth of users. We have crazy growth of users. There are something like four and a half billion users connecting to the internet and, and each of those has multiple identities. They don't just have a single identity.
They have multiple identities, which somehow we have to take care of. And, and when we were, when we were young, anyone, anyone had a job, their first job, I, my first job was within I IBM. And in those days I was known as Freeman P at war VM five, right? I had a single identity and a single password. And it was just assumed that anyone logging on with that identity onto that system was me, right? It was either me or not me. Now I have, I don't know, 10 different email addresses a thousand or 2000 different logins on different systems.
You know, and all of them may or may not be me. They don't really know. They just have some vague sense that this might be someone called Paul. And we have 25 billion IOT devices. Today is the best estimate growing to 75 billion by 2025. And each of those devices need some identity.
Now, hopefully they won't all have multiple identities. We don't really want schizophrenic IOT devices, but they probably will have some kind of multiple. Some of them at least will have multiple identities. So how do we deal with this? How do we deal with this problem? And the first biological metaphor I want to give you for dealing. This problem is evolution. We are building evolutionary systems.
We, you know, we talk about genetic algorithms. That's not really what I'm talking about. I'm talking about simply the fact that every time we check in code into a, into a source code repository, and we create a new version, we test that version. We run an automated test to see if it's better or worse than the old one. And if it's better, we keep it. If it's worse, we throw it away. And that is one of the reasons why we're building smaller components is that we can evolve them faster. So we need to have evolution to solve these problems. And that is helping, but it's not enough.
We have these billions of identities growing to trillions. We need Federation, we need adaptive authentication. We need AI. We've been hearing about, we need new kinds of MFA. We need passwordless technology. I attended a great session on blockchain identity. This morning, we need blockchains and decentralized models. We need zero knowledge proofs. We need all these kind of technologies. And my thesis is that no one vendor, no one organization, no one research team can provide all of these things. We need to work together in order to solve these problems.
What we really need is my second biological metaphor. We need ecosystems. We need successful ecosystems that work together to solve these problems. And only then can we build out solutions to the identity problem of the 21st century? And we sort of have those, you know, you go and try and log into a website and it says you don't need to create a new identity. You can use one of your existing identities. That's the start of an ecosystem.
The I had a, the sovereign blockchain model is a, is another form of ecosystem where we can create new models where we can share data securely through zero knowledge proofs. That's another kind of ecosystem, but we need multiple of these ecosystems and they need to overlap in order to solve this problem. Now last year was an amazing year for open source. So the biggest ever software sell was red hat to IBM, $34 billion around one third of IBM's overall market cap and red hat is a completely pure open source company that emerged out of open source. It emerged out of Linux.
It developed into new areas. Of course, many of you know it for the key cloak project in identity. GitHub was not an open source company itself, but is the driver of millions of open source projects. And that is why Microsoft paid 7 billion for Microsoft. MuleSoft is not strictly speaking an open source company either. It's an open core company. I'll talk about that in a minute, but that was another massive acquisition.
Last year, the merger of Horton works and Cloudera to create a new behemoth worth 5 billion and has core got a 2 billion valuation. And, and we estimate there was another 500 half a billion invested in new open source VCs.
I, I think this is amazing because I've been doing open source for, for 20 years. Te 15 years ago, I started to think about starting company and open source was hot. And after about seven or eight years, people were like, ah, open source is dead. Open source is no longer happening.
And, and suddenly it's had this rejuvenation and why has it had this rejuvenation? I think it's because it creates these opportunities for collaboration. It creates freedom. It creates opportunities for innovation. It creates community. It creates governance models that enable better things to happen that would happen without it. And it's those things that have driven red hat and GitHub and all these open source organizations to succeed. So it's that opening up and that creation of ecosystems, that's absolutely vital to create the opportunities to solve these big problems.
And I think big data is a great example of this. If you look across the big data world that emerged out of Hadoop and map produce and, and solve massive problems today, all of those technologies came from open source and they came from multiple parties working together to solve problems and to iterate. And we saw first Hadoop and then spark and then flank.
If you, if you know, these technologies emerge to really solve iterative problems, to get us to be able to do real time, big data at massive scale. And that's a sort of challenge that we're only beginning to see in the identity and access management world. So the third thing I really think is important to talk about is co-evolution I talked about evolution, but co-evolution is very, very important. So which came first, the bee or the flower, right? There's there's no point having a flower without a bee because the flower is there to attract the bee to pollinate.
There's no, the bee can't exist without the flower, cuz it lives off the nectar inside the flower. So somehow these two things co-evolved to work together. And that's a very important aspect. I think of open source because that is really what I'm talking about is the ability for us to evolve multiple strands of things, to solve problems.
And, and it's very, very hard to do that if all those things are closed. And I think sovereign is a great example of that sovereign takes together things from the w three C, it takes together things from blockchain. It takes together multiple different open technologies to solve a really interesting problem. And that is I believe the future of how we're gonna solve these massive identity problems. I just want to talk briefly about two different open source business models, because this is not always clear. I mentioned this earlier with Milsoft.
So the open core model is a model where you make a community edition free, but all the features that you need to really run this in production as a, as a, as a commercial organization are not free and effectively, this model means that you do need a proprietary license. And there are the other model which is taken by, for example, red hat, key cloak glue, and some others.
And of, and of course my company is where the whole code is open and you monetize it through a subscription. You say, if you subscribe, we'll give you support. We'll give you patches, we'll give you extra value, but the, the code is fundamentally free in its entirety. And the reason why I think this is important is because if you take the long view, if you take the view that we need to solve these identity problems, not just now, but over the next 10, 15, 20, 30 years, you need to have that ongoing model.
And what typically happens with open core models is that you get the community involvement at the start of the project, but it dies. It Withers on the vine because fundamentally none of the exciting stuff ends up in there. It has to go into the proprietary model in order to create a value differentiation between the free and the pay for.
So I, I believe strongly that open core models. And, and, and I think we saw this with MuleSoft, for example, where there was huge amount of innovation around MuleSoft in the early days and, and that community involvement has died off. And I think that was because it was fundamentally moved to an open core model. I wanna debunk a couple of myths about open source.
I, I think there is some feeling amongst some people that's less secure. I think this is sometimes a misunderstanding that, that some people believe that anyone can check code into an open source project that is not true. Only the committers can check code into the open source project. Anyone can contribute a patch and those patches go through a review process. There's some belief that it's harder to maintain or that it's harder to support.
And, and certainly we've taken the view that that's not true at all. And, and we offer our customers 10 years of support, which is actually much longer than most of our proprietary rivals. Certainly there's a view that it's not enterprise grade, 95% of mainstream. It organizations use some form of open source or other in their mission, critical it. And I believe that 20% today of organizations use some kind of open source IAM components in their org in their it. And certainly we think that it actually evolves faster than proprietary systems. So our customers often complain to us.
They say, Paul, stop giving so many updates. I, I don't want to have to install them. So we built a system to help them install them and, and keep the updates with the less bother, but fundamentally the, the update process iterates very fast in open source. So we have some data that 30% of organizations will be using OSS at IM components by 2021. We're seeing huge amounts of innovation. So I was talking about those new endpoints. There's supposedly gonna be 500 million new applications in the next five years.
According to IDC published that report this year, we've been collaborating on a project called spiffy, which is aiming to give identities to those code systems in a scalable decentralized way. There is a system called SI, which provides a low level security to cloud native workloads in Kubernetes, by building it right into something called the packet, filter in the Linux kernel at much greater speed than current user level technology. And of course we're seeing hyper Hyperledger sovereign and other blockchain technologies emerging in open source, creating new decentralized identity models.
I, I, I do, you know, for drop, definitely started out from sun as an open source model around open am. I, I do identi clearly point out to you that they are an open core model.
So the, the main open source providers are, are people like glue key cloak WSO two and smart zone. Brief thing about WSO two, if you haven't heard of us were around 600 employees based in, in about five offices around the world, cashflow positive, we founded in 2005, so nearly 15 years ago and growing, still growing very rapidly. So we're growing around 50% a year. So we're an exciting company to work with. And KuppingerCole, we've been working with recently and they very kindly named us a leader in access management and Federation and an innovation leader in CIA M.
And we have a system called the SSA two identity server, which plugs into many different systems. And this is really what I'm talking about about the ecosystem play. It talks to social logins, it talks to user provisioning. It talks to open ID connect gateways. It does self-service skim, and it works with many, many open standards, including Zamal open ID connect, SAML, SAML, two sh KA and so forth. So that identity ecosystem is very, very important to us. And we consider that a really important part of our open source nature.
And we consider that, as I say, this is the only way to solve complex identity problems. In the 21st century, we have around a hundred million identities managed by our various customers. For instance, anyone, any 3d product designers here, we have a 3d printer use sketch up. So sketch up has around 20 million users. They use our identity server for the login. So if you have put your hand up, you're already a w so two user, if you, if you have Nissan a Nissan car, then you'll login into your smart car is also done through w so two.
So the real thing I wanted to talk about and mention is that we are trying to bootstrap a new consortium for open source. I am to create a new ecosystem. We're working with glue smart zone and others. And if you are interested to join, not just as a vendor, but also as a customer, as a user or as a policymaker, then please come talk to us afterwards. And really, we want to create this kind of lush ecosystem. This is the Amazonian rainforest, and it has the most biodiversity in the world.
And that kind of ecosystem we believe is what we need in the software and identity world to create new technologies, new approaches, to solve the, the massive scale of the identity access management problem. We see over the next a hundred years. Thank you very much.