Hello everybody. You may have heard her say a little bit ago that that was the last session. That was a joke. That was not the last session. This is the last session. So the good news and bad news for you guys. First of all, I did wanna say I am Larry Chinky. I'm Senior Vice President of Corporate Strategy at One Identity. I do live in the United States and I only know one language and that is English. Whereas anytime I come over to Europe and I make about eight or nine trips a year here, it amazes me how many languages everybody from here speaks.
So thank you for allowing me to speak the only language that I know in this session that very, very, very helpful. I always make sure to thank everybody when I'm in Europe because everybody speaks 3, 4, 5 languages. I only speak one.
So thank you for that. So I got good news and bad news. The good news is this is only a 20 minute session. The bad news is, is I have probably 30 slides. So I'm gonna, it's very hard for me to get through this deck in 45 minutes, but we're gonna try and do it in 20 today. So bear with me.
If I start to talk fast, you can throw something at me if you want me to slow down, but I, you know, typically talk fast anyway, and I'm, I'm assuming you all can hear me in the back. They usually have to tune down the microphone a little bit 'cause I talk fairly loud. So I'm from Chicago, so I talk loud anyway.
Now, so here's what we're gonna talk about today. This is a, a very interesting topic.
It's, and I chose this topic because of some specific trends that we're following in the market Now, one of the roles I have at One identity and having been doing this for so long, is we like to look at, you know, as a software company, what types of trends we see in the market because we wanna strategically do what we can to actually help our, our customers.
And by the way, lemme ask you a question, I'm gonna ask for a show of hands, but don't worry, I'm not going to call on you.
But, you know, typically when we see events or I go to events like this, there are three categories of attendees. We have the vendors such as myself, there are the resellers or the channel partners who, you know, resell goods and services from vendors like us. Then there are the actual customers. Those are my favorite ones to talk to or the organizations that consume them.
So, can I see a show of hands again, I'm not gonna call on you. Who, where are the actual customers that are in the room today?
Oh, most of you. Okay.
Okay, sir, I'd like to ask you. No, I'm just kidding. I'm not gonna ask you. I said I would not do that.
So, but, but anyway, thank you.
Because really what we're talking about here is I love gathering into Intel from, you know, the analyst community such as Martin Coppinger, who I, I I always make sure I try to see him for lunch when I'm in Stuttgart. Talk to him today. So it's great looking at and talk to analysts. Love getting it from the resells. I really like spending time with you customers because that's where I get the most valuable information on specific challenges you're seeing what's happening in the market.
And then a lot of the research that I do around the different trends is what led me to this topic today, which is why these traditional IM tools are obsolete. I won't say completely obsolete. That's just really a tricky title that gets you in the session. So we can talk about that. But there's a few things I'd like to show you today and what I'd like to actually talk about.
There's this thing out there that we're seeing, and it's really around the conver convergence or consolidation of all four of these market segments.
So the four market segments are, you know, access management, identity governance, administration, privilege, account management, and active directory of defense. So this is just kind of a screenshot here that we've used at one identity for the last four years. And this represents sort of our approach to what we call a unified identity platform. And for a few years there at one identity, we thought we were the, the the greatest because we were really the only ones who were talking about this idea of what we call a platform approach to identity and access management.
However, have you guys noticed this lately, right? So I, I had to actually shift at one identity our corporate strategy because a lot of our sales teams are going around positioning that we were the only one providing a platform service.
But when you look at all the vendors that are in the market today, you know, your Okta, savian, CyberArk, et cetera, and all the different segments that have been singularly focused on one market segment, they're now investing in cross platform or cross segment, you know, investments and bringing those in and positioning that as a platform.
There's a reason that everybody is doing that. So I wanted to talk about that. Who recognizes these companies up here? Anybody recognize those pretty famous, pretty large organizations? Anybody know what they have in common? es? Yes. Who said it? Somebody over here. I wish I had something to give you guys, I would give it to you. I usually have things I throw. I tell you what, the last conference that I was at, this is no joke, I had purchased 20, have you guys seen these little Nerf footballs?
Now I'm talking about an actual American football, proper football, not the, the round ball that you guys can't over here call football an actual football. So these little Nerf footballs are about this big round. They got a big fin on 'em and they call 'em the whistlers. Now a guy like me can take and throw one about 80 yards because they're made for guys who can't throw. They're made for guys like that.
Anyway, I was throwing them into the crowd and somebody bounced off and hit a girl in the face. And so I'm not allowed to throw footballs anymore.
So, but anyway, I would give you that if I had that. But yes, they all suffered breaches. Now here's the interesting thing about that. Does anybody know what the attack point was on those breaches? What did they go after? Or how did they get in?
Lemme put it that way. I think I heard it somewhere. Somebody yell out, starts with an I ends with a y identity.
Yes, they targeted their identities. Now that would lead you to believe that these companies did not have any type of identity protection. But the interesting thing was every single one of these organizations had some sort of identity based, what I'll call a credential based cybersecurity tool in place that then they still got breached and there's a reason that that happened.
So that's, that's one of the things I'd like to talk about today. Now what we're seeing today is that they, user credentials are the most commonly breached access point. There's an acronym that I like to use called EFL. Does anybody know what EFL means? Probably not.
'cause I, I made it up. It's one of, one of the, you take a tech guy and put 'em in charge of marketing and that's what he does, right?
It stands for easy, fast, and lucrative.
Now, the bulk of when you see these type of attacks, they're after money. They want to get, they want it to be easy, they want it to be fast, and they want it to be lucrative. That's what ransomware has completely based its foundation on Get in in a hurry, try to get some money and get out and get gone. So a few stats up here, I'm not a huge statistic guy, but 42% of them go after the credentials. And there's a reason for that.
Anybody aware of the recent breach about three weeks ago from at and t by at and t, anybody remember how many identities were breached on that 73 million, 73 million identities were taken and then put up on the dark web? Now the reason they're put up on the dark web is, is for they can sell them, right?
They want them to be sold. So that's why they're put up there. That is the primary method for ransomware attacks a day they typically purchase.
Matter of fact, colonial Pipeline a breached this, what, two years ago, you guys probably remember that shut down basically all the oil and gas distribution in the eastern half of the United States because they purchased a batch of user IDs and passwords on the dark web. They fired 'em down an unsecured VPN tunnel at the colonial pipeline. One of those identities was actually mapped to a, an intern account that was had no longer been at the organization, but that was just enough credentials to get in, inject an encryption algorithm, and that's how the Colonial Pipeline breach happened.
So these, these different types of breaches are coming in pretty easily and that's why these identities are all in up on the dark web.
So it's pretty, I would say it's pretty sophisticated, but that's actually pretty easy. So EFL is the acronym that we like to use for how these breaches are occurring. Now there's basically what I've uncovered, and I shouldn't say uncovered.
What I've noticed from talking to all of you, our customers and, and our our channel partners is there's kind of four main reasons why we're seeing this easy, fast, and lucrative thing occurring where they're attacking the identities. And the first one is around cloud services. Now that may sound sound pretty easy, like well yeah, things are up in the cloud, goods or services are in the cloud.
However, what we've seen is this enterprise attack surface, which an enterprise attack surface is really easily defined as a, a method by which these threat actors can get into an organization somehow and then get, you know, access to some type of data or identities or things like that.
And again, that breach point typically is coming in the form of an identity. But the four chief reasons we've seen this is the first one I hear. And that's cloud services.
So not only are organizations investing in, you know, cloud architecture and infrastructure to try and get their goods and services there, but now what we've seen very rapidly over the last few years is the security tools to protect the organization are now also being deployed as a service. And I'll give you an example of that. At one identity we participate in four market segments. Like I said, Pam, IGA access management, active director of defense, around 92% of all of the new opportunities that we get from customers all wanted to, to deployed as a service.
They're not deploying these solutions on-prem. So that trend has shifted. And so not only are organizations moving their goods and services to the cloud, the security tools are also being moved to the cloud as well.
It's a lot cheaper, a lot easier to manage and that sort of thing. So that's the first reason why how we've seen this attack surface grown. And there's a reason why I'm telling you about this attack service, which we'll get to hopefully before my 20 minutes runs out. The next one is the remote workforce. Anybody remember this thing called COVID? Anybody?
Have we all forgotten about that already? I, I've forgotten about it sort of. But what happened during covid and, and most of you guys who are actually in it or have been in it for a long time have probably never seen a phenomenon like that happen to an IT world Like you have when covid hit, all of a sudden budgets fell out of the sky and all of a sudden everybody had money to deploy a remote workforce technology framework somehow, right?
You remember how how many old guys like me remember the Shiva workstations and remote dial-ins from years ago and all that kind of stuff got a lot more sophisticated.
So all of a sudden we started seeing organizations all of a sudden had a whole lot of money to somehow enable a remote workforce. So this is one of the biggest ones right here. When you have a remote workforce, we, we are shifting our protection model, we're gonna talk about that in just a second.
But when you have a such a, a large remote workforce like that, you no longer are being able to rely upon network segmentation and port blocking and content filtering and that sort of thing. You now have to rely on the identity tools to protect those identity and essentially protect them from themselves. And what's the fourth biggest thing or one of the biggest things is this lack of cyber skills.
So what we're actually seeing is as this remote workforce shifts, these organizations have a lack of cyber enough people to support what they're actually doing and how they're accessing the data and that sort of thing.
So what do they do? Invest in two big phenomenons out there right now as well. AI and hyper automation. So hyper automation would be tools like anybody deploy bots like Lou Blue Prism, UiPath, automation, anywhere, few of you out there where we're actually using bots to provide, you know, basic tasks and things like that. Those bots represent a digital identity.
Now the interesting thing about bots is the security mechanism for a bot is typically held in a credential manager inside of that software application. So it kinda gets forgotten about and we've had organizations and customers come to us saying we need to somehow protect these digital identities because it's not being done, you know, with, with traditional tools. So that's another thing. So as organizations deploy this large remote workforce, move to the cloud, they can't find enough people to help.
So they start relying on automation and AI to help them because they just can't find enough people.
So that widens that thing out even further. Now here's the biggest one you have with these remote workforce. Anybody heard of this thing around social networking? How many of you think that your employees are not or not accessing their personal social media accounts on their work devices?
Yeah, they all are right now social networking and social. We use that internally in one identity for things like, you know, posting blogs on LinkedIn, you know, ads on Facebook and all that stuff. So social social networking has a really good place for all of us IT guys out there. But it also is a breach point because this is what our end users do. Unfortunately, they use their work DI devices to get on their social media accounts and I think one of the stats up there, yeah, 73% of workers have met their social media usage is personal.
So they're doing that on their phones, they're doing that on their workstation, et cetera. So again, what happens now is this, this, this attack surface has gotten really wide. And so again, going back to what we have or what we see in this with this fragmented market, this is traditionally how we see organizations making purchases of identity tools today. One at a time. If you for example, need a privilege access management solution, you buy a PAM tool. If you need an IGA solution, you buy an IGA tool.
Well the, the way that these breaches are occurring is they're actually finding gaps in between those tools. So that's, you know, you got these four circles there, you see how there's kind of in between, those are the routes that the breach or the threat actors are finding in between. It's very simple to sort of bypass that if these things aren't connected.
So that is why when we look at how we have to build our protection models.
Now, you know every, you've heard this term out there, identity is the new perimeter. Identity is a new perimeter. We've been saying that for several years. Well the reason identity is the new perimeter now is because number one, your workforce is not actually working from behind the protection of a firewall. They're working outside. And so we have to build our security framework around the identity. So essentially what we've done, we've taken the identity, moved it into the center, and now we've got all these things kind of dancing around the edge that they're accessing.
So we say that identity is a new perimeter because of the fact that this enterprise attack service has gone so wide, the threat landscape's got a lot bigger and now you've got these, you know, organizations that are trying to figure out and scramble man, how do I build a true security platform around the identity to protect them?
So that's why we see again these different types of organizations moving to more towards a platform surface. It's really because all of you who raised your hand as a customer or an organization out there have actually demanded that sort of thing.
So, and that's kind of the challenge, right? So when we look at how, how that's occurring, those are some of the, the common, those four common reasons why that attack surface has gotten larger. And so now here we go, we got these breaches.
So when, when we actually talk about this whole unified identity platform concept, I've done a lot of sessions like this and typically what I get asked right afterwards, 'cause you know how it, you guys know how it is we were presented before you talk about these, these challenges, your session is done, you got 15 minutes before the next one and they run up and you got a crowd of people around you asking questions about it, right?
So what I typically get asked is that platform concept sounds great but, but how do I actually get to it?
What are the ways we actually actually, you know, build a platform? And typically what I do is I say you need to find three routes.
You come, come, come, you know, look at three routes. And so you can actually sort of combine these things or one or two of these market segments to build three routes. And the first one is one, that's what I call privilege access governance. And I'm gonna go through these sort of quickly 'cause I got less than a about a minute left.
But when you look at combining things like privilege access management and IGA integrated together, that gets you something called privilege access governance where you can provision administrative accounts and then take real time immediate action on any type of risky activity that you see from those privilege accounts.
The next one is what I is Jit who's, who's sort of zero trust out there. Zero trust, right?
It's, you see it all over the place. JIT is a, is an acronym for just in time privilege, which is sort of the same thing as zero trust. What I like to look at is instead of focusing on and trying to build a massive zero trust framework, that's very complicated focus that just on your privilege 'cause there's a lot less privilege accounts in your organization than there are, you know, regular user community.
So that, that's one that's pretty easy and you can get that pro by providing your active directory defense tool, your privilege account management tool or IGA and vice versa. The last one, behavior governance. When you look at your access management framework, combining that with your IGA platform to track what users are accessing over a period of time, we can actually get to a point where we can remove and, and, and push access to certain applications automatically.
And I'm gonna build this out last slide.
I usually like to build it over time, but I'm gonna give you just a conceptual model of what this looks like. This is just sort of a high level block diagram of really what a, what a combined or a unified platform looks like or at the core of the basement layer, use your identity correlation or your workflow orchestration and then your four market segments on top of that hosted by and protected by a series of connectors and identity intelligence. It's really all about how that data is going to be protected.
Looking at the different traffic that comes into the organization to build a more modern framework around a platform to protect against what we see on that large enterprise attack surface. And by the way, I think you'll be able to download all of these slides.
If not, I'm happy to send those out to anybody.
One more here. Customers typically ask me where am I at?
You know, where, what stage am I in? I look at these as kind of four stages. You get a fragmented state, which is kind of like you've got no security tools in place, you got DA identity sprawled out all over the place. The next one is you've got a few identity tools. Most organizations I talk to were in that stage two, that basic state. They've got a PAM solution, they've got IGA active director of defense, something like that. Really not much integrated.
The third one though is when we get to the integrated state where you've got some routes defined of how you're gonna build your platform, that's really, really good. We see about 25% of organizations building that. Now a lot of the predictions we see in the market is that by the end of next year more than 78% of organizations will be moving towards or or at least integrating, you know, a platform approach.
Martin Coppinger who is roaming around somewhere, I'm not sure if he's out in the crowd today.
His analyst firm did a really good thing I think two years ago they were the very first ones to create an identity fabric survey report. So basically where they polled all of the vendors and said, you know, these individual market segments are important but we really need to see what you're doing around this platform approach. And so that's a really good report you can read. That's just a little shout out to Martin on that one.
So, and it's really around about this creating this whole identity fabric, what a platform looks like and how that's going to work for everybody. And then that unified state obviously is when you get that complete identity orchestration, you've got all four market segments talking together really lays down a solid foundation to protect against any of these identity based breaches that you see today. So with that said, I think I'm only a couple of minutes over, I'd like to thank you guys.
I'll be rumming around, be here all week, come over to the identity booth, I'll be sitting there, happy to talk to you guys and tell some jokes or talk about identity. All right? Okay. Thank you very much guys.
Alright,
Well you, you are only two minutes over Larry. We'll give you that. Congratulations for getting to the end. Congratulations to all of you for getting to the end. But there's just one question for you Larry.
Oh yes, I'm sorry. The,
Despite the time, within what timeframe do you expect one identity manager to be available as a multi-tenant cloud version?
Oh, it's a multi-tenant cloud. Yes. So that's a very good question. Thank you. Thank you for asking that.
So, so one identity manager and let me explain to you a little bit of the history of that. So one identity manager is what we call in a dedicated tenant right now. And I was behind creating that platform for one identity. I didn't develop it, but I put together the model and the construct behind that. And so we elected to go with this a, a dedicated tenant.
We, 'cause we have a lot of customers, let's give a date. Our federal space and all that, that can't actually use a multi-tenant. So we're building that out right now. We expected in probably about a year, we'll have a true multi-tenant, IGA platform. But right now we're sticking with dedicated tenant because that's what our customers are mostly asking for.
Okay, great. Thanks very much. Thank you very much. Alright.
