So good morning everyone. I'm sorry for Anthony Moic. He was here this week, so I take his place for this presentation.
I'm, I'm a head of professional services at Netflix for the user cube solution. User cube is hige of of metrics. The main discussion we have this morning is about how we can enrich data governance with identity insights. Just before, just some points about what is data access governance.
It is tools, solutions that allow you to track all your datas in all your system at the more detailed level of your IS system and track on the limit all the access to the data, very focused to, to data, structured data, unstructured data in all your IS system IGA identity governance administration to answer the farmers question, who have access to what and why will allow you to identify your identities, manage all the lifecycle of those identities. Identities are person but are things to iot, classroom application bots in, in our areas.
All those are identities and you have to discover what they have access to and secure them, manage them and hollow them to have the lower privilege they can have every providing to our identities what is necessary for them to work in a, in a in a current day.
Once we have repositioned the bus, the bus tools just, it is from a, it is a Gartner map explaining for data access governance where what are the main benefits, what are the main goals about, about data access governance.
So at the top level you have the data se, security and compliance to be able to discover your sanity, your sensitive data, eliminate, eliminate open access, be comply with GDPR for example or other compliance low and be able to track all those scan activities. Second level is entitlement mainly basis on all regular review recertification campaign done by the business themself to be sure that all the people have access to the right, to the right datas in the data access governance and the data scroll. So everywhere dispatch in your IS system ought to be able to have a better security.
Be sure to cover everything in your I system.
If we look at this map from the Gartner to which we are completely agree with, what we can see is that there is a main point here about how we are managing s for users, how we can map identities to datas in in your system and be able to do this check on management about, about permission. The main challenge when you are doing data access governance is that the D system only understand technical accounts.
When you install such a tool, you, you go really at the high account level in your system tracking which account level have, which account have access to which data. No problem. Most of the IGS solution, not yours, but most of the IGS solution don't have a, a complete real vision of the exact word of your IT system. Very positioned at a functional level, most of the IGS solution again.
And so when you have changes in your organization, people moving changement of organization and so on, it's very difficult to track through only the deck solution, the movements of your, of your people through the account that access to, to your system. So the global platform must address data sprawl, identity sprawl, group plaing on this. These are the challenge you have when you are deploying data X dag in your, in your system. And that's why it is very important to mixed DAG and IGA.
It is for us, the, the main, the the, the better combination you can imagine to manage your DAG in your i i system. Because IGA is completely linked to your identities. You have a very clear view of the lifecycle of all your identities, again, which are human or things in your system. On the link between the identities on your technical accounts, IGA manager on the follow and track the cycle of your identities.
On, on the other part of this, of this combination, the DAG have a very clear view of the real permission of each account of your, of your system at the platform level, very low level dag like our high GA is able to access to every platform on premise, cloud bred, et cetera. And DAG is completely focused on data sensitivity and is able to track everything you have in, in your system. So mixing both solution is a way to connect your identities to the account and then have a complete flow between the two solution
Benefits.
One, starting from from the idea we will make the, the, the journey in the, in the two side through this combination, you can start with a person, an identity and be able to track through this link what are his account, what are the information that the DAG is providing to the station on mixing those, having the ability during a certification campaign to validate at a functional level, at a user level, at a personal level and be able to validate or not the access to a specific data benefits. Two is that you are able to monitor all identity activity based based on this.
Most of the time when you have a crash or a dangerous access to, to your data, it's very difficult to track it at an account level but link in with linked with identities. It's very easy. It's much more easy to do a forensic analysis. So trying to understand, trying to try, try to understand what happens to the identities, what happens to this part and, and obtain a better monitor monitoring and meta analysis on this part.
Soft benefits about user tt behavior analysis analytics, you can detect all suspicious activity during a job transition as the A GA is following the life cycle of the people. If the people change of organization, if the people, if the employee leaves the company, if in the, in your IGA you identify that you have a end debt contract appearing in the life cycle of the, of the identity, you can instrument all the alerts on interface, all the alerts from the DAG about what is what is appearing in the system.
And most of that, there is several article on this part, but during vacation or sick leave issue, detect that accounts link to linked to an identities which is not supposed to work in the system. And you detect some emails, some access, several data, sensible data. You are able basics mix with IGA A on DAG to identify alert on the, on act on those kind of of things.
The latest benefits that we add is very interesting because on the IGR part, you know that IGR is a angry system about datas to help you to make, evolve your role model, defining the rules to affect a role to a person and linked link to link the DAG to the idea you to allow you with role mining processes, for example, to enhance your role model and enhance your MENT review and have a better, better vision, better way to manage your idea security based on the data you are, you are collecting through the DAG in this, in this process, we are currently doing this, this part at at matrix with a customer in North America and the results we are providing to our customer are incredible for him.
It's very interesting by what it obtain, by joining IGA pre tag on the mixing all these information in the same tools at an identity level.
So person or object in the things. And this is exactly the, the goal we have at, at matrix to mix all the product we have. This is a map of, of all the solution we we build or we bulked at at Citrix. You can see all the data. We have three layers that has identities and infrastructure and our main objective is to mix everything in a new platform called onee. It is already available, you can connect to it.
We are not at this level of integration for the moment, but we are working very hard to connect data access governance with identity governance and administration. And I was too fast.
No, no, no. We have questions.
There is no too fast usually. So first of all, before I ask a question, there were no questions online, but that does not mean a thing.
I have a question because everything that you said really sounds good and I really like that as an advisor I always like to have that something is in place that you took for granted for everything that you've explained that there is ownership of technical accounts by people that IGA manages ownership of technical accounts in, in organizations and that there's maybe a handover process if somebody leaves, there's a handover or a stand in process when somebody is away temporarily.
How mature are organizations that they actually are in a situation when you enter these organizations as a service provider, as a, as a vendor, how ma mature are they? Or do you have to educate them?
How many people in No,
No, no, no. Are they mature enough organizations to have this ownership or do you have to tell them to do this to this ownership?
In fact, we have a a Patrick thing in, in our IGA, it's our IGA is is based on position contract, everything is based on date, right? So when we are deploying IGA to to our customer, they, they can naturally map and design the way they are working in the system. And so we capture, we are, we are able, I know that there is not a lot of IG solution in the market that that is doing that, but in user cube you have a clear view, a clear vision of the current position of the people on the, every people can have several position.
You can have you, you have a clear vision of the next position it can have. And so when we work with our customer, when deploying user cube or IGA solution, we are really mapping their HR system and implement all the lifecycle of the identity.
So they have a very clear view of the lifecycle of a person. They have the vision of the you, you leave a position, you close the contract, A people is planned to leave the company next month for example. Everything is stored in the, in the idea.
We capture this, this information and by this way we are able, we detect also a delegation for example, if people is is absent or he or or anything. And with those kind of information, we are able mixing with a dag information we can capture to detect some specific strange events on which we have to react in our system.
And the, the maturity of the customer is, is, is, is very different depending on the customer, but the IGA management but with a very functional and clear view linked to the Azure system on understanding that people can have several, several position and so on. Our solution help us to allow to make the customer understand how we will manage his, his identity and we are really managing the life cycle because we have all this concept, position, contract, and everything is based on date.
Right. So it's part of the authorization that the assignment of technical accounts. Yeah. Okay. Perfect.
Thank you very much.
