KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Digital life is a replication of the physical world in a digital ecosystem. As a result, people and things have an equal digital representation, which we call a digital double. Your digital double is active and involved in various activities, even when you take a nap. Therefore, securing the digital double is critical.
Digital life is a replication of the physical world in a digital ecosystem. As a result, people and things have an equal digital representation, which we call a digital double. Your digital double is active and involved in various activities, even when you take a nap. Therefore, securing the digital double is critical.
Approach to this problem and explain you how you can build a complete trusted digital ecosystem during this session. So we are living in a digital world and I'm presenting to you using digital technologies. So as example, this week I have three sessions like this first one is this EIC event. And then today afternoon, I am presenting at API live Australia and on Friday music, city, Nashville, those are the three sessions. And today I am based in new city and during this session.
So that's nothing to explain about the, how digital has embraced us and then how we are depending on digital by using this example. But let's take a step back and look at what is really happening. Every organization is in a transformation. They are going through this digital transformation. And I think pandemic has accelerated this digital initiatives because in some cases, the digital is the only way these businesses can reach their end users. So organizations goes through three cases. Basically. First thing is digitalization digitalization, basically at the digitalization. What happens?
The analog systems and analog things move into digital is what the organizations are initially doing. Then they go to the second phase, basically the digitalization that's where you connect all these digital assets and then start creating system. Then digital transformation is more than that. You create new business models by using these digital technologies, create applications and then provide internal and external experience for your consumers as well as for your employees. So that is about the digital transf.
So there are many business models I explained the digital transformation is based on different business models. It can be a one-sided business model that you have a mobile app or a web, and then communicating with your consumers. And then there are two-sided business models that especially financial related capabilities and citizen related capabilities, that two sides are get connected. And most common thing is multiside business models. That news education retail, those type of domains can take as examples.
They connect to multiple vendors, multiple ecosystems, and then provide these experiences to different type of user groups. And then we are in the age of value networks that connected cars, smart city, those type of concepts are connecting many digital assets and many digital endpoints and providing these capabilities. So those are few examples of what type of digital business models that we can see in the market. And if you dig in deep into a digital enterprise, this is how I visualize it. You have systems.
So those systems can be in-house systems running in your network, private for you, or it can be SaaS application. So partner related systems that you need to deal with on day to day basis. And eventually you have to connect these systems to get the most benefit out of it. And with the new way of doing application development, that you expose these capabilities as APIs from these connected systems. Then on top of that, you build digital products.
And when, once you build digital products, you provide experience for your end users and that's where other value generated. And the value you generate from these digital products will feed into the overall value stream of the organization and start generating value for all the stakeholders internally, as well as externally. So that is typical digital enterprise looks like. So let's get into the topic. It's about the digital, and you might have heard about the digital twin as well. So basically the difference between digital twin, the overlaps, but, and this is my definition.
Basically digital twin is mainly focusing on supply chain and then supply chain related digital assets. But the digital double I was, I started talking about digital double in 2016, and the concepts came bit more related to people and things that is associated with the digital world. So that is the key difference that I would say because digital double is more than digital twin and digital twin is a subset of digital double.
If I say, or explain it in another word. So basically your representation is there in the digital world and connecting to a digital ecosystem is what the digital double is doing. This concept came to my mind by watching this movie called Tron legacy. I don't know whether you have watched it.
So I, when I was watching this movie, it came to my mind when you associated with the digital ecosystem, it looks like that if you have watched a movie, Sam, the key or the main character of the movie, he goes inside the game to find his father. So it's just like how Sam operate in that particular gaming system. We have representation inside the digital world. So basically the, if you try to understand the behavior of the digital double, that will explain us why we had to pay attention to secure the digital double as an example, when you are taking a nap, your digital double is active.
So I take a real word example. There are like many dating applications, very popular. I'm not using dating app, but many people that I know is using. So there are like two main apps, very popular apps called Bumble and team that those are the logos that I have put here. So basically what happened in that particular platform, once you create a profile, you digital is active and when you are taking a app or when you are watching the movie, you are digital, double is dating other people and try to create connections. Basically what will happen.
You will lost the first date because your digital double will do the first date by looking at the, by talking about their favorite music, their favorite movies, what is their thinking pattern? All these things that we grab in the first date will be done by the digital double and provide you some set of profiles that you should view and go through it and pick what you like to date. So that that's a good example on how the digital works. And then there are many other clear, good examples we can find there too.
So that is about the concept part is the digital double and how important it is to secure it because we have a equal representation of us in this digital world. So the, the approach should be at tool levels, architecture level approach, as well as an implementation level approach. So let's start with the architecture. Basically another mistake that lot of organizations are doing today, they created different architecture called digital architecture, and they create a separate enterprise architecture.
But my advice as an architect, you are digital architecture, your enterprise architecture don't create two architecture styles. It has to be one. And when you are building that, you have to have this business architecture, information, architecture, application architecture, and technology architecture. So security will start with the business architecture.
I will explain how, and then if you go into the information architecture and do a great amount of consideration inside the application architecture, you will look at the standards and the implementation details at the technology architecture as well. And it creates a foundation for execution that people to come in build applications. So that is how the digital architecture looks like.
And the design phase, basically having this domain-driven design approach will really help for you to secure your digital doubles as well as other security aspects, because you will divide the, the entire set of use cases into small chunks based on different domains. And once you do that, you can look at what level of security or the GRA ability of security that you need to incorporate for each and every domain.
So it's a, a good way to divide this problem in a massive enterprise and look at at the design level. So we can apply the security by design principles at the domain-driven design or the business architecture that you will be looking at, then the architecture.
So I, I call it as the API first security architecture because this API architecture provide lot of flexibility for us to incorporate the different type of security. So this is a typical reverence architecture on how it looks like in a API for security architecture, you get API gateway that as the policy enforcement point or a pep, and then you will have a PDP or the policy decision point, and you will have multiple policy information points that will provide various other attributes for you to make authorization, authentication, and even entitlement related decisions.
And to manage this, you will have a P or a policy administration point that will connect to a policy store, even in the modern microservice based architectures. The microservices will act as a policy enforcement point at some point, and then make sure you have better security at your backend. And some of the system of record layers that you will call and extract this data will handle by the microservices as well. And it'll those microservices will communicate with the policy decision point and get the relevant attributes and to make it more efficient.
Some of the PDP related decisions, you can cash at each and every pep. And based on the value time periods, you can refresh the cash as well. So those are some techniques that you can do to improve the performance, because the problem with security, like when you have rate level of security or the, you increase the security level, it will affect the performance. So you have to find different techniques to improve the performance, as well as find the correct balance required for your organization. Then there will be some edge security coming in the digital channels.
Those are the mobile web, as well as IOT applications. So you can use any security techniques and secure your edge devices. So that is how the architecture will looks like. And this is a really good way to have a flexible approach for your digital assets to secure because in a proper digital enterprise, the digital double will do all this communication using APIs.
So if you can secure and have a security model on top of the APIs that you exposed to create different applications, as well as manage these digital communication within your enterprise, it'll start securing your digital assets inside your digital enterprise as well. Then another thing that we recommend to take this more decent centralized and developer focus and access management approach, because in a typical organization, most of the cases, the security architects and security strategies are working in a layer. It's a center of excellence layer or a center of enablement layer.
Whatever these two terms are trying to explain, it kind of have the same behavior. It is centralized, and then trying to govern as a central function. And that is creating lot of blockers. As example, a development team might develop application and try to put it into production. The security architects will reject it by telling it is not meeting the security standard.
So what you should do in the modern agile, or the agile approach, you should dispatch those security architects into the two pizza teams or the autonomous teams that you have, and let them to work with the development team from day one and have a more developer-centric approach into security. Now you might be questioning then what about governance and how we are going to incorporate standard? That's where a platform will come.
So if you have a proper platform to do these implementation, basically digital platform to build these applications, APIs, integrations, then you will not face that problem because you can enforce those security standards into the platform as templates, as well as you can use C I CD or continuous integration, continuous deploy continuous delivery standards by using a pipeline or pipeline and enforce those standards into that. So that way you will gain three things. One is the productivity, second, the governance, and then I'm sure you are aware about the zero trust network.
So basically platform will provide zero trust network for your digital assets as well. Then the, the concept of custom identity and access management, because most of the concept that I explained earlier is about identity and access management, but custom identity and access management playing a huge role in these digital world because the digital digital applications are built based on consumer demand. And your consumers are represented inside your digital enterprise. So you have to protect your consumer.
So that is where the customer identity and access management coming handy, and then help you to secure your customer speakers. You will hear, you must have heard about a lot of security breaches, especially in United States, various hackers or various type of data breaches happening. So you had to be really careful about your consumer data and secure your consumers properly in these digital applications, but we are not expecting you to do it overnight. So that's where a maturity model come in handy. So you will have this maturity, different maturity levels.
You can identify where you are today, and then you can decide where you want to be and go up in the maturity model is what we are recommending. So that way you will have an incremental improvement rather than trying to do a quick change. So that way you can architect it properly, you can plan it properly, and then you can make less business effect like business can business.
As usual, while you are changing this security uplifting in your architecture, as well as implementation. And we have written a detail specification about this CIA model. If you are interested, you can check it from our library as well. I'll put a link at the end of the session. So basically when it comes to summary, these are the things that we discuss. You had to have architecture, implementation level approach, you secure your digital double, and then digital architecture to enterprise architecture. You can use domain-driven design at the design level. API has architecture.
It's a great way to handle most of these security concerns, decentralized developer focus, identify and access management approach will help you to democratize the sec security standards and then platform providing productivity governance and zero trust network outside in approach enables or outside in approach mandate for you to focus on customer identity and access management. And you can use the maturity model to improve and take your organization to next level.
So that way, once you apply these kind of concepts, the entry style is you will have a proper security digital double, and you will bring these four principles of privacy, confidentiality trust, and security into your digital world as well. It is not only your digital applications, the entire ecosystem that you are connected to will get affected with that. So that is the end result and contribution to this concept. As I explained earlier, w two, we are a technology company. So we have products mainly focusing on API management, integration and customer and identity and access management.
So we have the identity server that can cover all these concepts that I explained to you. It's open source, download that you can go and download and play with that. And we are in the process of moving this platform that is called Ardio. That will be available soon. And if you go and subscribe for our newsletters, you will hear more and more news about Acardo. And we have a community call as well. All this information can find from w2.com.
And if you want to connect with me and have a productive discussion, these are my information, my email address, my LinkedIn profile and my Twitter handler. Those are good ways to connect with me as well as I blog about various topic and topics. And you can find my blog from the first link. So that's about it. I hope you had a, a good understanding about this concept.
As I explained, I took more of an architecture view, but if you want to getting into more details, please connect with me and I'm happy to work with you and share more information as well as digging deep into your specific use cases as well.
