So with, without further ado, we will come to the, the final presentation of the morning session here. So we are the only ones between you and lunch.
What, what we want to do is we want to, to, to talk a bit about some, some selected results of a study we've done at Analyst recently. And I'd like to introduce my colleague, marina. Marina.
She did, I have to say most of the work and gathering all the data. And we, what we are did here is really we looked at a range of, of aspects around digital identity. We did this by running poles in, in different ways, from LinkedIn poles to webinar poles to other poles. So we didn't do this, or you get a 20 euro Amazon voucher if you answer these questions because that, to my experience, doesn't lead to the very best results. I think at the end of the day, I'm, I'm very convinced that we have quite reasonable numbers here that should help you in, in guy giving you some background.
What we did in additional is we, we added Analyst perspectives, Analyst predictions also to that. So how do we see the market moving end? We added some of the market sizing data. Marina has GAed over the past 12 or 18 months to that as well. So this is a bit of an excerpt. We will publish the study these days and make it the full study available to every one of you. May be helpful if you need a nice di cream for a presentation or so, feel free to do so. So one of the areas, you, you remind me when the slides are you, you are supposed to talk about, I think it's number four is the first one.
Yeah. If I, if I'm right.
Yes, it is, it is. Okay. So I don't, don't want to read out the full slide because we don't have super much time and I think you can read yourself and you'll have access to the study, et cetera.
What is very clear when we ask about what are the, the sort of the identity management or identity security topics that are most important, then, then we see that some of the, the topics I'd like to see, so I I, I'd like to see the number, the the two top topics.
I, I see them first because I think we need to get better in authorization. We get need to get rid of standing privileges. We need to think in fabrics, in blueprints, in broad ones. Not necessarily architectures in, in that narrow sense of creating really the super, super big thing, I think when you look at my talks about, and in fabrics, it's really more influencing, but reality is mfa, passwordless and Zero Trust where identity plays a very central, very vital role are, are really the key points and we are convinced that zero trust maybe with changing name.
So, so we, I know a couple of companies which say we, we, we follow this idea, but we give it a different name already because we, we have heard too much about zero trust. It'll further drive in investments specifically into strong and passwordless authentication. These are closer related because it starts with that, it starts with the verification.
What I expect to be on that list soon and become really more important that you had, you have heard probably already a lot about this here and will hear, hear way more than this decentralized identity.
This will, I'm convinced, become a really important topic and the driver of investments in identity because it allows to do a lot of things we can't do well today. But it also allows to do a lot of things better than we are currently doing.
I, I, I, yesterday evening, I, I posted an article on LinkedIn, which looks a bit on the non-disruptive, but enabling or, and the disruptive in the sense of redoing new things, potential of decentralized identity might be interesting to you. So, and first zero trust to, to keep this relatively short, what what is really the point we, we, we must make us, we must get, get, get away from the fusi zero trust talk and maybe the idea of creating the big, big, big zero trust architecture. First to follow up on what HU has been talking about, trust, trust now.
But we need to go out of the concept phase 65%, two-thirds into really implementing it, following it. I had a talk just an hour or 45 minutes ago about that. If you hadn't the opportunity to listen to that, feel free to to look at a recording. We do recordings of all the sessions.
I think what we will see is, is a shift from Fasti talk to concrete solutions. And so that is also, I think, and here's Marina.
Yes, because I am comes in here. Go
Ahead. Yes. So what is happening then with identity security?
Well, we can see that it has become established as a term on its own. Okay.
In the, in the past years and organizations perceive improving security as the mayor of benefit for organizations when implementing identity access management. And we can see that it is going even over optimizing user access management, which also has significant weight in the benefits according to the opinion of the audience. But improving security or improving cybersecurity is the main benefit nowadays. Yeah. Now there are other drivers that were, were have in place in the last years, but at this time what we can see is that they are not really a mayor benefit.
For example, increasing compliance or the savings, you know, the cost savings. We can see here in the graph just 2% or 5%, which means that they are rarely rated as a mayor benefit,
At least, at least not at the top of the benefits. And I think this is really what has changed. When we go back 20 years, 15 years, we talked about administration efficiency, cost savings. So I remember all always single sign on, we can save 0.35 administrator positions. It failed.
Yes. As well as well regulatory compliance.
I would say this is also something that has changed, you know, in comparison to previous years
Because it's not a, it's a benefit, but it's not a positive thing. So we need to do it. That's the point.
Yes.
And well, so then the perception then of identity access management has changed. And our prediction is that by 2025, identity access management will become part of the CISO organizations and it will be a separate department and well, so we expect that it will happen in approximately 80 per 80% of of organizations. Yeah.
So I think we see it already happening. A lot of CSOs have taken control of Im, and we see really this combined perspective and identity and security. So another topic we we've been looking at is supplies, chain security risks.
And this is a, maybe we could resay this, a bit of a dark area of cybersecurity these days. So when we look at these numbers, we have 57% of the organizations that say we have known gaps and issues and we have another 12 something percent, which they, I trust don't know, which means 70% have a problematic state at least. And only 16% say we have a relatively, so one, one out of six organizations say we, we, we have at least a centralized approach. We know how to do that. So the other part is there's not really an established way to do it.
We also talk a lot of CSOs, a lot of organizations about how they do supply chain security, third party risk management and the approaches are all different.
There are some which have questionnaires with more than 200 questions. I'll just ask a few questions. Some walk to the main suppliers, some do only the first, so the tier one suppliers are go down to tier three or tier four suppliers. This will be more important as we see the regulatory pressure behind increasing.
But I personally don't see, think that we will see a really good level of standards and, and standardized approaches until 2025. So it's, it's something where we need to invest and what I really can call is like specifically I think within and across industries to the end user organization, start working together on that. Work with your peers to come up with standardized approaches on how to do your supplier risk management, cybersecurity identity. Part of that you all will benefit by working together.
Another one, IGA and IDAs, an interesting number I found is that 63% of the organization, which don't have an IDA solution IGA in place. So two outta three don't, haven't made a decision yet. Some will do it soon, some will take it a little longer. But a very, very significant part of the organizations. It's waiting. What is the reason behind it? It's very simple to explain. IGA is one of these things you, you don't really like to touch. So maybe it's a bit of a dichotomy.
A lot of organizations have to say, oh, I, I, I'd like to have a, an improved modernized iga, but I really don't want to touch the system because so many things can break when I modernize, when I migrate whatever. And I think this is a bit of problem we have here. We anyway will see move forward also because for some of the industries, severing clouds will help to move towards IRAs, et cetera.
At least the the challenge of, oh, can I go to the cloud? Will will remove, but it will be a long journey here. You or me.
No, it's, it's, it's still me. Okay. The next one is mine. The next one is yours.
Okay, I'll do this also quick because we don't have that much time anymore and maybe leave a bit, little bit time for questions. One of the other things I find super interesting is 5 0 2 web. So this set of standards, homo few has been digging a bit deeper into these standards already. A few if for the others do it. I think these are, are are some of the, the areas which have a definitely a disruptive potential for how we can deal with access management.
So, and this is probably because some of our audience is a bit more identity heavy, but 71% already said they feel that five two and web are strategic. Maybe the read questions thought I probably better answered this because when I look at it, it feels that they should be strategic. That might be a bit of a, a consequence of asking the question.
What I see really is, and I think this is, this is an important point, we see a fast-growing acceptance. We also see a lot of usage of 5 0 2 so to speak under the hood.
So if you go for a password as illusion, you very likely are very likely to have some fighter two in place if you use the whatever UCO or other type of token, you, you have some fighter two in place. But I think that the, the important point is that there's also potential, so to speak, for for, for a shift left approach where you say how do I look at access management at all believe my colleague Graham will talk about this as well sometimes at a conference then a quick
No no
Pass few on work from anywhere.
Yes,
It's you. Yes. Well we know that after the pandemic we change the way that we are working and working from anywhere is a tendency and it is something that is increasing and increasing massively I would say. And it is not expected that we will go back to the, to the traditional models. Now here it raises the question on what are the technologies that are getting most benefits from this change, right? So then in our analysis what we see is that the lowest rate, let's say was with 11.5% of the respondents who said that changing or replacing ppn.
Okay, by zero trust that one would be one of the technologies, the lower rate anyway, then it is followed by modernizing endpoint management, security and bringing your own device. It has considerable weight. K 24% is something very frequent, let's say as an answer, but the biggest impact is enforcing multifactor authentication. And this is because we actually need to drive better authentication working from anywhere.
Now our, what we can see or our prediction as Analyst is saying that there are these modern authentications methods that are happening and they will be a trend let's say in the coming years because we are not expecting to go back to the traditional models of working. So past or less authentication will continue to grow and will continue to benefit from this tendency.
Wasn't yours, isn't it?
No, not
I'll talk about that one. No, no, no problem. I can't talk about
Everything.
I'm, I'm going, I'm going to the market size and that this is my part.
Oh yeah, that's true. And we need to speed, speed up really. We have three minutes left. So I I'm very quick here. I think everyone has, has an idea that AI will be very impactful. What this slide simply shows. No one knows exactly where I think we, we are in this state of uncertainty and I personally believe that the biggest impact will be in the augmentation of users in their daily work, be it operators, be it end users that are augmented by conversational, by generative ai.
This is the, the biggest potential by far and under the hood, surely everything which goes into analyzing all these signals and helping us better dealing with identity related threats. So this will be the, the two areas which will come up, but currently it's really a very mixed picture. We have under, under change going forward, very fastly decentralized identity.
One of my my favorite seams most are most that have answered here, see that as reusable consumer entities or also consumer related privacy or privacy for the users.
If few say I need to learn more about the ideas, if you would use a way broader audience, probably they would be made more saying, I need to learn more in our sort of identity focused world. A lot have heard a bit about it. What I've still see relatively low. I think this, this reflects the state of the market.
So, so most don't yet see the, the huge potential of decentralized identities for workforce and partner onboarding and related use cases. I'll have a talk about this sometimes tomorrow we expect that we see a rapid adoption across a broad range of use cases including enterprise or workforce related use cases. Because here, so, so here it's about convenience for user and things like that, but it's also a lot of change involved in the way it, it it appears to your user. Here we could talk about process cost saving.
So Marina, you have one minute for the market data.
Yes, yes, I will. I will be fast. Pretty much you can see the numbers and you can see that these markets are, as you know, we are expecting this market to grow. Now the overall identity access management is growing and we have four core segments within this overall identity access management and within these four segments we see the biggest, the biggest impact.
Okay, the bigger growth in access management and privileged access management with a component annual growth rate going over 20%. Okay,
Perfect. This is reflected by budget grows. So
Very interesting numbers. Budget grows decrease significantly more than 5%. Only 2% said this, that this will happen, remain stable plus minus 5% a good share. But five to 20% grows 32% and 90% even though it will grow more than 20%. So Im budgets grow and we have ra are similar numbers for cybersecurity budgets. So these budgets are growing, which is reflected when we could both go back to the markets grows.
So Ross are well correlated here. So the good thing is we are in a market where, which is expected to grow also over the course of the next year. So just very few insights here. Thank you very much. Thank you Marina. Thank
You. Thank you.
And Philip, you're the one between us and lunch.
Yeah, I I I have a question for you before we go to lunch if you like. So the question would be, what is your take on business ca case calculation in context of cost savings that are only a minor driver?
So, so I think the problem is it has greatly failed in delivering on the promise of cost savings over the past decades. So we, we, we did a lot of calculations and, and rarely the promise we delivered on the promise of, oh we save, save money. And I think this is, this is part of the problem. I could tell you a story, which was from out of the, it when I was still studying economics and was in an internship at a large automotive manufacturer and had to do sort of the checking back some of these calculations after the project was finished.
And I think after two days no one went, took the phone anymore because they exactly knew we didn't reduce our headcount, we didn't deliver on that, we just promised it. And I think this is part of the challenge. Is there a potential?
Yes, there is a potential. And I, I think the, the point to look at is, is really bros cost. Bros cost is probably where we, we have a good potential in certain areas to, to deliver on that. When we take the cost of onboarding, for instance. Not to talk too much about what I'll, I'll touch tomorrow there there's a huge potential of saving. I remember sometimes, you know, I'm doing a bit of advisory when you are done at a large organization and you, you spend three hours in forgetting a batch and getting paid as an external consultant for that, then it's about money.
Because I'm not the only one then that happens day by day by day. And there are a lot of people involved internally. So there are areas where we can solve a lot of cost, where we can justify that. But it's a hard thing and I wouldn't, wouldn't start with the cost promise. I would always look at the business benefit promise. How can we make our digital businesses better? And there's so much in identity where we can make our digital businesses better, that we should focus on that on business value and not go over the top with a cost saving promise.
Okay, thank you Martin. Thank you Marina. I.
