KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
|
Companies across the globe are undergoing digital transformation. The main challenge with this approach is the ability to securely manage access for on-premise, cloud and SaaS applications. Entitlement Management across this hybrid landscape requires management of cloud assets, IAM profiles, groups, roles and entitlements in support of Identity Lifecycle Management, Access Management, and Access Governance. |
|
1. Provide visibility over hybrid-cloud assets |
|
Companies across the globe are undergoing digital transformation. The main challenge with this approach is the ability to securely manage access for on-premise, cloud and SaaS applications. Entitlement Management across this hybrid landscape requires management of cloud assets, IAM profiles, groups, roles and entitlements in support of Identity Lifecycle Management, Access Management, and Access Governance. |
|
1. Provide visibility over hybrid-cloud assets |
There it is really loud. There we go. Yeah. I'm Austin. I lead a good portion of the sales efforts at secur ends and that is our tagline. So I like to operate with transparency and to be transparent, I am actually not supposed to be here right now. So our CEO taboo GRU was unfortunately not able to present today. So we had to pivot and I will be given the presentation. So this is actually my first time standing on the stage and presenting at a conference, which was interesting because I thought up until about 30 minutes ago, it was downstairs on the really big stage.
So this is a little, little less intimidating, I guess. So, but with that being said, I want to say that I've seen a central theme throughout the conference as we've been here. So a lot of the keynotes, a lot of the conversations I've had downstairs in the booth and at the, the party last night.
And I, when I took over to do this presentation as a salesperson, I made it a little bit salesy. And then I realized that, Hey, that's not really the, you know, the theme here. So after the cocktail party last night, I went back and I reconfigured it just a little bit and wanted to talk about that same central thing. So I'm not a big PowerPoint guy. You'll see a couple of slides here. That'll support it.
But I wanna start by talking about a moment that I think happens in every company, every one's life, probably 5, 10, 15, sometimes for startups every day that doesn't really have a phrase or a, I guess, a word attributed to it. And I like to call that the, the moment of realization. And so the moment of realization is when you pivot. So something happens that dramatically changes how you think about something, how you operate as a whole moving forward.
So for example, when I first got into software sales, I thought it'd be really easy because I'm a people person I'm extroverted, but I actually struggled a little bit because it's not, I quickly realized it's not like the eighties where you sail door to door and I don't remember what triggered it, but there was a, an instance where it hit me. I remember where I was standing actually, but it hit me where I realized that, Hey, this is not about pitching a product.
It's about guiding a prospective customer to understand everything that they need to understand, to make the best decision for their company, even if it's not what you're offering. So when I realized that I pivoted and I said, Hey, this is gonna be, I can be good at this. So I changed how I operated moving forward. Another way is another short example. If cuz most of you're probably not in sales that a lot of people can relate to is like a marriage. That moment that you realize that you're gonna commit your life to someone you change, how you operate. So you think differently.
So with that being said, you have a pivotal perspective. So I want to relate it to our journey of securing and how we got into identity governance and how we pivoted. And now we're talking about why you guys showed up today, you know, managing a hybrid cloud environment, cloud infrastructure, entitlement management, because we started off as something really totally different. So I first met one of the co-founders when I was working for another company and I was selling another product.
I was trying to sell the product to one of the co-founders and I unfortunately did not close that deal, but he offered me the opportunity to help kickstart, kickstart this company. And I wanted to know more about it. So it turns out the world's largest airport logistics organization headquartered just south of here was having a hard time with an audit. They're trying to get their user access reviews.
And they, the two co-founders basically made a mixture of product to get 'em to the process. So the external auditor, all of, you know, the name of them approached the two co-founders and said, Hey, there's a niche in the market for user access reviews, appointed solution for user access reviews doesn't really exist. So you guys should pursue it well at the time in my life, it wasn't a good time to take a risk. We were pregnant with our, our daughter. We had moved like twice in a year. We had people sick in the family.
It was just a, not a good time to take a risk and join a startup that no one knew about, but the day. So I decided not to take the job. I didn't take the job, but the day I decided not to do that, it hit me. And I had that moment of realization that this was an opportunity. This is a in the market. This is something that is not really being solved by anyone.
So, and life is short. I'd rather, you know, take the plunge so fast forward. So I ended up coming on board and fast forward in the past two years of selling, we have grown, we've got a little over a hundred customers. We have a customer on every continent except for Antarctica. So if you know anyone in Antarctica, let us know. So we can say that we also just recently took series a funding 21 million, which is very exciting to be a part of and we are growing exponentially. It's it's incredible.
Now, one thing to note is when we got started for user access reviews, we weren't really unfamiliar with the IGA space. And so we found out very quickly, there's a lot of aspects that we weren't doing specifically around provisioning, deprovisioning, life cycle management, access request, sod, all the analytics that go with that.
And it, we found out quickly that was something that we needed. So we did develop the stuff that was missing functionality. But what we learned along the way is that, you know, typically in the IGA space, there's a problem. And the problem is that, you know, provisioning deprovisioning is not really a product, it's a program. So everyone that I've talked to, every partner that we've worked with, of course we're headquarter outta the United States. There's a lot of, you know, technology partners, potential service provider partners that are here, that I've met with that.
When I mention that I'm an IGA product, they immediately start asking questions and talking about provisioning and deprovisioning access certification being a, a different piece of the conversation. So what we did was we took a look at, I guess I could point it that way, took a look at the traditional IGA space. So a typical implementation, right? It takes few years to get to the spot where we're doing access governance. So you're starting with the authoritative source, doing the role engineering, you know, specifically looking at deprovisioning, joiners, movers levers.
And then eventually, hopefully maybe as a byproduct of that down the line, we will get to access certification what we were just having access certification tool. So we thought, Hey, maybe we, we put the cart before the horse, you know, what, what do we do? And so we knew we were gonna develop the missing functionality, but before we went to market with it, we saw that there was an opportunity to present it a little bit differently or position it a little bit differently. And not just with our marketing efforts.
Cause it seems like all the IGA companies they're just marketed differently, but they were the same. So what we did is we just stayed the same.
We kept, we kept shoot ourselves and we start with user access review. We said, okay, let's do this. Instead of getting really good at putting people into places, let's figure out where they need to be first. So I use that analogy all the time. The dart analogy, I could probably come up with a better one, but it's been working and it resonates with people. But if I'm really good at throwing darts and you pick something out of that speaker or some of the chairs behind you or a dot or a fly, whatever, whoever manages the, the hot water in the hotel here, I can hit it with a dart.
I can't personally, but you know, so if I'm really good at hitting things with a dart and I, no matter what I can hit it, I could put it in the right place, but I don't know how to count. I don't know numbers. And I don't know the rules of a dart game. Then I can't win. There's nothing I can do. And so that's why we stuck to this methodology and said, all right, let's pull in all the autonomous, the credentials from all the applications let's use IL to help and physi logic and all these other, you know, functionality, things to match all the users together.
So we can see who is who, what credentials belong to who all of the access. They have the downstream applications look at the identity attributes and say, Hey, these people have, John has this job title, department, location, call center, you name it. And all these other 10 people that have the same attributes, they all have the same access. But John has this one entitlement way over here that no one else has. Why is that? So we can see the outliers and either, you know, leave a justification for it, review it, revoke it, get rid of it, whatever we need to do. But now we have a clean slate.
We have a foundation to say, Hey, now I know today I have at a station, not only for myself, but for an auditor that everyone within our organization has appropriate access. So now what that helped us do is create some differentiators, right? We were still exploring in the market. We talked to a lot of service providers and it wasn't as appetizing to them. When we could say, Hey, we can implement and show, you know, get at station in, you know, three weeks versus a year. Of course the answer to that is why would I partner with you?
I, I can station here for another year and you know, charge hour hourly for my services. So it was great for the prospect though. They loved that.
Hey, short time implementation, low cost of ownership. I heard a, a talk yesterday about how there needs to be something in the market that's configurable. So everyone's looking for less customization, more configurability do it myself. So that course that affects the total cost of ownership. And some people are gonna buy things off of compliance and think that security is a byproduct of compliance.
And some people say that secure or that compliance is a byproduct of security, but at the same time, what matters is we know who is who, who has access to what, and that it's appropriate before we get good at the operational piece of getting them there. So what do we do now? We are going down this road. We were selling, we were bringing on some of the largest financial institutions in the world. Lots of really cool logos.
It, things are rock and rolling. One of the big things is that we're, you know, we're implementing faster and faster and faster and getting people the ability to do access certification immediately because they're having not a hard time building custom connections to pull data, but we start seeing this trend where starts coming up over and over and over about our cloud environments, our hybrid cloud. And so what's, what's funny is, and we talk about positioning.
The people were worried about, I've got all these different accounts or I've got multiple cloud environments and I've got all these different credentials. I've gotta find, you know, I'm looking at shadow.
It, I've gotta find the unused credentials. I've gotta know, you know, where my policies are, who, who, who goes where? And it was something that we realized we were already doing, but it wasn't being marketed that way. And what I mean by that is we were already dealing with people that have multiple domains for ad. Maybe it's through some MNA activity that have multiple instances of the same product or whatever it's. And we were just treating it just like a separate application. So we were treating those just like a separate application.
So we thought, Hey, what if we just did the same thing for cloud? It's the same product. We haven't done anything differently.
We just, the data that's already in there, we just put it into a report. So it's more granular. So you can do more reviews on things like password rotations or, you know, access keys or whatever. It may be unused credentials, entitlements, but let's not change anything. And let's just reposition it in the market. Because again, our job as a sales organization is to give you all the information that you need so that you can make the best decision for your company though. That's our product or someone else's.
But if you're positioning something in a way that's not applicable to an organization, they may miss and not have that moment of realization where they can pivot into looking at it in a different way. So we pivoted. So now that we pull all the data in, we just said, Hey, we'll just, we already have these mind Matthias where I can look at a person and see, I see John Smith, Smith Smith. I see all the applications. I see all the entitlements they have, or I can look at who are my administrators and see all the applications and then see all the people that have administrator access.
So let's just reverse it and use a resource mind map and tie it together. The data's already there. And so now we can immediate the immediate value. It takes a few minutes to connect AWS and I can see all my resources. I look into my C two and see other groups and policies, and I see the people that have access. So then we started learning from some of our prospects was some more needs, right? So I mentioned like password rotation, doing reviews on that, finding the privilege to access accounts, identifying the unused accounts. So it's all there.
We just pivoted how we market it in the industry. So now fast forward, here we are today, we're talking about hybrid cloud. Our tagline in the very beginning that I mentioned is simplicity and identity governance. So we came up with that because of the idea of start with access certification, which was convenient for us to sell it that way, because that's how our product was built. So start with access certification, reverse IGA, and then do provisioning, deprovisioning access request. And so there's a lot of complexity.
I think the, the market thinks of managing hybrid cloud environments as extremely complex. But I don't think that we have to, if we just pivot and reframe it a little bit. So what do we do? We do the exact same thing, exact same thing as we did for any other application in-house applications, legacy cloud, whatever it may be for provisioning, deprovisioning access request. Self-service, self-service going through an approval workflow pushing to the cloud environment or pushing to, you know, something like an, an Okta or whatever it may be. That's set up. We can plug it in.
Or if there's something that we're not gonna push into, maybe not a cloud environment, right? Cause those should be fairly easy. We'll generate a ticket, right? It's a workflow, it's a workflow tool. So the thing is, there's been a lot of talk throughout the conference. I've noticed about the need for a consolidated solution. So something that does everything. And unfortunately the, the market's need is probably several years or not probably is several years ahead of what is actually available in the market. So there's, there's nothing really, that's doing everything really well.
So that right now it's the best breed approach. And trust me, the, the software I was selling to the co-founder, my whole value proposition was don't do best breed, tie it all together. So I had to break away from that. But otherwise, you know, in the identity access management industry, that's where we are. We'll be there in a couple of years. I don't know. So what can we do? We can use the same data that's already coming in. We can make the reporting already, you know, more granular in the UI for them and we can kick off reviews.
So when it comes to managing the hybrid cloud environment, basically what I'm saying is there's nothing special that I'm gonna bring to you or a new method. As far as something you haven't heard of or a new product, that's gonna do it better than anything else. It's the fact that you can just reposition it so you can pivot your strategy. So what I'd like to do, I forgot that I was there. So some of the people are adopting that, you know, it doesn't really matter what industry doesn't matter, what you know, where they are.
Geography, you know, from a geographical standpoint, doesn't matter the size of the organization. Everyone needs to do user access reviews in some way, shape or fashion. Not everyone is mature enough for, you know, a provisioning and deprovisioning engine. I can't tell you how many, you know, 500 employee credit unions call us and say, Hey, I've got 140 applications and I need an automatic provision into all of them. And I have the budget to buy a 2002 Honda accord. It's it's just, it's not there yet. So what I want to do, and I'll send this out again.
As I mentioned the beginning, I thought that I thought that this was gonna be a little more salesy. So hopefully I've kind of done my best to not bleed sales Manship into this presentation, but you'll have the show notes available. What I want to do is invite you to think of identity governance in the reverse way. So why is it important to do life cycle management? Why is it important to access certification and what is the right order to do it? How can we attribute that to a hybrid cloud environment where we can just do the same thing?
We just think about it a little bit differently and then treat all the targets the same way. Just like we would an in-house application, just like we would cloud application or anything else, any kind of legacy, whatever it may be. So I appreciate you guys allowing me to be part of the, the pivot that we're all talking about and that we're all experiencing, cuz it's, I think it's evident and it's something that we all agree on that we are at a pivoting moment in the identity access management industry. And I'm thinking that this is probably one of those moments of realization for that.
