Making your service available to everyone, everywhere, without losing control. On their digital journey, businesses are constantly launching new digital services, chased by competitive and innovative pressure.
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Making your service available to everyone, everywhere, without losing control. On their digital journey, businesses are constantly launching new digital services, chased by competitive and innovative pressure.
Making your service available to everyone, everywhere, without losing control. On their digital journey, businesses are constantly launching new digital services, chased by competitive and innovative pressure.
Good afternoon, ladies and gentlemen, welcome to our equip cold webinar IDs identity as a service, your identity fabric connecting every user to every service seamlessly. This webinar is supported by IBM. The speakers today are Sean Brown, who senior product manager, cloud identity at IBM and me Martin and COER I'm co-founder and principle Analyst at co a coal. Before we start some quick information about co a coal and some housekeeping information, and then we directly will dive into the topic.
Co a coal is an independent neutral Analyst company focused on topics, especially around identity, access management, identity governance, and cybersecurity, but also other areas concerning the digital transformation. We have offices in Germany. We have people in the us. We have a team in Asia, so we are delivering our services on a global basis. We deliver three types of services, which are research events and advisory research.
We do things like our leadership documents, where we compare vendors in defined market segments and our leadership briefs, our executive views, and a lot of other types of documents. Then we have a variety of events. I'll touches in a minute minutes, a couple of upcoming conferences, but also our webinars and other types of events. And we have our advisory services where we deliver for instance, benchmarking and project guidance.
So these advisory services, in fact, consist of benchmarking optimization, developing roadmap strategies, supporting an architecture and technology decisions and project guidance. So this is what we do in a natural here. We have a series of events with our flagship, went the European conference running again, next time, mid may in Munich, the agendas live since yesterday.
So you can have a look at the current state of the agenda right now, but we also do events around blockchain and in the enterprise around the digital finance, around consumer identities and around cybersecurity regarding the webinar itself, some guidelines. So you're muted centrally. You don't have to mute around with yourself. You're controlling these features. We are recording the webinar and we'll make the podcast recording available. Usually the day after the webinar, we also will provide the PDFs of the webinar slide X down so that you can download the slide X.
So you don't have to write down everything or so, and that will be a Q and a session at the end, but you can ask questions at any time. There's some questions area in the code of webinar control panel. You just can enter your questions whenever you have them. And we will pick them by the end of the webinar. That brings us to our agenda for today. The agenda as usually split into three parts. In the first part, I will talk about the changing requirements for managing access, digital transformation and particular look at how identity fabrics can help and how they are architected.
And the second part, then Sean Brown of IBM, we'll talk about making ILAs based identity fabrics work in hybrid environment. So really supporting every type of servers from the public cloud to legacy applications. And I believe this is one of the big challenges. How do we ensure that everyone can connect to every service? As I've said, the third element that will be the Q and a session by the end of the webinar. So let's dive into the content right now. I'll service this slide I'm using for quite a while right now. And this is really about the communication of transformation actually.
So we have to move to devices. So it's not only PC anymore. We have a variety of devices, but we also have more and more things. And then we have the people and the businesses, and there are a lot of links in communication between all these devices, things, peoples and organizations. So everything, everyone become connected. And we have obviously far more interesting and challenging streams of communication. These days, from things to the devices, to the organizations, AP based access from mobile phones, via our apps to backend services, service, to service communication, and, and a lot more.
So we, we obviously have a, a change in, in the way we, we communicate in the way we need to support communication and we need to get more flexible because it's not that people only access from their PC. We are website to service. It's far more. And obviously employee access is part of that, but it goes beyond the employee to the consumer. And I'm absolutely convinced that a key to success and digital businesses really that we particularly, we, it, people start to think from our user, be the employee, be the customer, or be the consumer or partner, not from the technology.
So we should focus really on the consumer and start delivering services the way the consumer wants. And so very typical perspective. I still very frequently see, and around this identity management topics here and in particular is enterprises look at what works best for us. So when it comes to collecting PII, they look at what do I want to collect? Maybe I not even know why collected I trust to it because I can from authentications, I say, this is the way to authenticate, not what is convenient to the user, but frequently, this is really one of the, the inhibitors for using a service.
The processes are built regarding what I can do best. So, so we expect people to do what, what we want them to do that might, may, may work with the employee, but it hardly works with the customer and consumer. So we need to do it different. We really need to do it in a outside in perspective. So what works best for them? So how do they want to share, who wants to share which type of PII, what is the way of authentication? What is the way of access to services? How can we make their life easy?
How can we enable them to use the identity they want to use the way to authentic, they want to use and still make it secure. Obviously we still need to do it in a, in a good way, but we do what we, what the customer or the consumer wants to do, not the other way around. So we need really to take this perspective in, in a broader notion in this evolving area where we are not only dealing with few employees and a few partners accessing a few services, but we deal with a variety of people, devices, things accessing a variety of services in different deployment models. So it's about convenience.
It's about supporting the device of choice. It's also about accepting that there's not the single identity provider, a syndication mechanism that works for everyone. So adapt to the customer instead of expecting them to adapt to your service. This is my, my, my perspective, the changing requirements. And that also means that we need to do things differently. And when we look at the, the evolution of the past couple of years, so there was when we look at identity management very long, there was a focus really on what I would call the deploy time, identity management. So really modest.
I identity governance and administration were provisioning and governance focus. So which is still important, but which is particularly important for complex entitlements of employees, where it's really about access request the approval and the technical assignments. So assigning someone to a group or business role and target system, the access governance, following that, or access review stuff, things like that.
This is clearly important thing, but the more different types of users we have for more services, the more flexible our flow of access to services is the more we need to focus on sort of to run time identity management. So how can we give someone access? How can we control the access? How can we understand this is still the same when cybersecurity also comes into play, it's really that user who, who it claims to be. So moving more towards a perspective, really focuses on what is happening during access and access is really becoming more and more important.
We still need to be good in deploy time things when it comes particularly to employees, but for consumers, there have few roles, few different types of entitlements. That's really about access. So it's really about moving, moving forward. So the employee focus more, the entitlements with mobile employees. It's more about access already. When we look at partners, customers, consumer sync, etcetera, it's really simple entitlements, but with this world of zero trust and complex access decision, we need to look more at this access part.
And it's at the end, it's a mix of both, but sort of this, this access to runtime thing is getting more and more relevant, more and more important. It, this is where, where the identity fabric comes in. So this idea of saying, okay, the users, which are employees on site still, which are employees that are mobile business partner, suppliers, customers, consumers, which want to access a variety of services running internal. So legacy apps, non federated, web apps, federated apps, up to everything, to the public cloud.
So we have sort of, how can we enable everyone using whichever device he wants, whichever thing he wants accessing every type of applications and services in between. There's all this authentication Federation single financing. And what we also have here is the IDP thing.
So yes, we have our active directory. Yes. We might have a, an, an external IDP for, so partner, often his users, we might have one or other internal IDPs, like where we have our consumer authentications so far, but we also want usually to support some sort of social login or other types of external log. We might use some identity API outlet firms as part of our service, where we build whatever, a, a specific customer service with some identity backend services, where we create a new sort of identity provider.
So we have different identity providers, and here we need this identity fabric to provide access to this service and core services in there are inbound, outbound Federation. So inbound meaning from the IDP to the fabric, outbound from the fabric to the target systems, but also traditional web access management capabilities where you don't have support for Federation standards, yet support for adaptive, a indication for all these cases where you do the authentication or where you need to say, okay, the level of assurance provided by identity providers.
And that SU I need to, to, to add something, you obviously have baseline auditing and reporting in, in the field of the core services. You need some support for federated provisioning, which also can be part of, of a separate tooling, but which should be from a logical perspective. And here we are really looking at a logical architecture, be part of the, the identity fabric. You have content and privacy.
When it comes more to customers and consumers, given that we not only have access from, from, from the web application, you also have more of around more to do about API security and management. And we have a lot of other things, which as of now commonly are delivered buyer services, but in a logic perspective, they must be elements and they will, to some extent also become more part of a, sort of a standard development of an identity fabric.
So imagine that fabric really has a logical layer with a consistent set of APIs, which uses one or more types services, but it's the fabric which really sits between your users and the applications. So we have this things like access governance, enterprise mobility management, fraud management, increasingly important, obviously advanced security analytics. What is happening? Where are the animal is the outliers dynamic authorization. So authorization at run time. So based on that policy that person's allowed to do that or that or that.
So this is really the high level perspective on, on how we see this, this identity fabric concept. And there are various capabilities, services building blocks in there. And to just give you a very quick, so in the short time, we have that webinar very, very quick perspective on that. So we have capabilities such as, so this is what really provided to the user and the administrators.
What are the things the thing can do from a capability perspective leading to which use cases are left us out of that, which use cases are supported capabilities are the user indication, for instance, the adaptive risk conduct space thing, the Federation delivering in whichever way, a single asylum experience, the access management, the control of which of the users is allowed to access, which of the target applications based on policies, but also the reporting auditing analytics. So who's accessing what, what is happening here in all this complex scenarios.
And I'm, I'm a big believer into this concept of, of an identity fabric. Because what I currently see is that a lot of organizations have many disparate elements. And as I've said, logical architecture still might consist of multiple components running on premise or in the cloud or hybrid or whatever. But logical thing should be very treated very consistently.
Because if you don't have a little bit of old web access management, a little bit of Federation here, then you have something for your business partners, you have something for your consumers, you add that and that, and that, and you have so many different things and you don't have control about who is really sort of accessing from the left side to the target applications on the right side. It's hard to track them.
Okay, so you have these capabilities and you then need these services. So which sets of services and APIs are exposed.
Actually, this is really, I think if you thinking API layers stuff, that's a very good, good idea. So having consistent API layers for an authentication service foreign Federation service for reporting services, federated provision services, risk services, integration, service, all these things. So this is really the perspective I would take here in services. And then you have building blocks for that. And that might be one Ida tool, which delivers a lot of things that might be more than one tool. So you have a Federation web access management, adaptive authentication platform.
You might have something separate for privacy and content management. You might have something separate or integrated for API security and management. The access governance federated provision piece might be more less integrated.
So from, from a, from a building perspective, obviously it's not one single thing, but it's from a logical perspective, you need to start from thinking about what is my identity, how can I deliver that? A lot of this more and more will be delivered as a service. So identity as a service plays a very, very central role in that because it's a logical deployment model, but you do that for a hybrid environment. So you always need to assure that you can support your hybrid, the requirements of your hybrid environment.
Obviously also, there's this need for supporting API based access, because there are whatever you work for, your services, your things, but also others might use consumers might use whatever their mobile app using API or services using in API. And that's another traditional web access where HTP or HTPs where you don't have your Federation web access and protocols, but it's really more, more, more API gateway, API security to our proprietary integration into the target system.
So it's essential to understand this is a lot of sort of sort, there's a sort of a little bit of different and important piece of the capabilities where, where you increasingly are using rest APIs was owe us to as the common protocol element and the access path is different. And you need to sync your fabric broad enough, at least from the conceptual perspective, from an implementation perspective, that might be more a, a gradual sort of growth of, of capabilities you have.
So again, back to this logic versus physical, when you look at, at, at this architecture, so this, this identity fabric, it's really a, a concept of, of an architecture. This is how it looks like, but the underlying service and deployment models will differ.
So this, this modular, but it should be integrated particular from the, the API perspective also from some deployment and, and UI and other aspect for, for, for, for use. And it can be distributed also when it comes to the deployment model in use. So there might be more than one component. In most cases, it will be more than one component.
And I think there's also logic in having a couple of components when you integrate it well, in a logical perspective, because it helps you getting away a little bit from a, from a very big Mo service to a set of services like lagged center of the identity fabric, where it's in fact, a set of components, a set of modules, a set of services, and also Ida services coly are constructed as set of microservices in containers. So far more modular than the traditional monolithic identity management application. So it's really about modularity delivering a set of APIs, a consistent set of APIs.
And from, from, from the way it's done, it's, it's really Ida at the core. So very commonly, this is really identity as service cloud based multi tenant, but it might also require you to run some things more in a hybrid or a private cloud or on-prem deployment model, whatever compliance, security, other requirements, and particular, that will be one of the points Sean will focus on as well, integration to on premises bag, and also might require some sort of on premises component.
So factually this might be a sort of a mix of things from a luxury perspective at the center, and also from, from the way they are architecture, it's clearly a shift towards IDAs identity as a service. This is where this, this concept builds is built upon. And I believe this is really where a lot of your, your focus in, in moving forward, your identity management should be on, was that I hand over to Sean, it's your term.
Okay, let's jump right into it. That was, that was really a, a great segue Martin into some of the slides that we're gonna be talking about. And so kind of just to give a little agenda of what my section's gonna cover and appreciate you giving us the time today. We're gonna focus on some, some common scenarios that we're seeing with our customers as they're moving in their journey to the cloud and where their identity platform is growing and expanding. And then I'm gonna focus on the, the identity fabric that you talked about and how, you know, we see IBM's technologies playing into that.
Then explain a little bit more about where IBM's technologies are going and then the solution to those problems. So jumping right into it. So some of the common scenarios that we're seeing with customers in their journey to cloud is, is really kind of broken down into different, different deployment patterns and how they're, how they're journeying. Some customers have, have decided to take the, the, the journey to cloud approach of starting with the SaaS applications. So what is the, the, the common easy thing to do?
We need to go buy a new HR solution, or we need to buy a new expense tool, or we wanna move our email to the cloud. Maybe we wanna share files with companies outside of our, our firewall.
You know, what is that common SAS app that I can go by instead of building it myself, when you buy those SAS applications, they are, they're great. They're, they're, they're easy to use, but if you don't have a solution like an identity as a service solution to manage your Federation of your identities, to those solutions, you know, you become, you know, burdened with multiple using and passwords, and that doesn't make an employee happy or a user happy.
So SAAP is one of the first places that we see customers starting that journey to the cloud, and then the Federation that goes on top of that. So being able to use your legacy IDP, so being able to use the existing directory that you have today on premises, that's connected to all of your existing applications to now access those new SAS apps, some other patterns that we're seeing then coming after that, oops, there we go are new enterprise apps. So we see organizations building new applications on the cloud.
So maybe organizations are building on IBM's cloud platform or some of our, our, our competitors Cod platforms. And they wanna start that application journey with an API based model. So being able to understand how I authenticate a user, authorize a user, how I control access check for risk, enable that on different devices, I wanna be able to build that using a full API based stack. And so we're seeing some companies start their journey by building those applications on the cloud, using a cloud based IM solution.
Another thing that we're seeing too, is customers who are wrapping their employee use cases around governance and provisioning from the cloud. So going back to that first scenario of buying SAS apps, it's great if those applications support just in time provisioning, but some of them don't, and some of them, you need to have governance around the provisioning process and the, and the governance to those users who are in those applications with fine grain control. And so we're seeing other organizations start their journey with identity governance and provisioning from the cloud.
One of the things I think is very unique about this and kind of going back to some of the things you're pointing out is that this is very modular. So not one size fits all for any organization. We're seeing some customers start from the SAS app journey. Others start from the new enterprise app journey, and some come from the governance store. They can all start from different points, but they're all coming to one central place is that they need one solution that moly supports all their use cases.
And then where we're seeing going after that is into the last phase of this, which is the full identity from the cloud. So where you're actually moving the identity repository up to the cloud. So making your IDP cloud delivered. So putting the burden on your cloud vendor to provide that directory for your applications, from the cloud, as well as putting authentication for those applications, that may be also on premises from the cloud.
And what I mean by this is not, not that we're actually talking about putting VPNs in and things like that, but being able to have components, as you talked about that are deployed on premises today that provide authentication access control to those legacy applications while still journeying to the cloud. And so what we see with that is common scenarios where companies may have maybe older mainframe applications or Java applications that don't have common standards support. So they don't support SAML or Y D C yet they're gonna be legacy applications that we typically see in a lot of cases.
These are built years ago, maybe an organization built a, an expense reporting tool that works really well, but it was built over a decade ago and the person who built it might not even be with the company anymore. You know, it's hard to update those applications. And so what we're seeing is some companies start that journey to cloud where they're buying that Ida solution, but they're still needing something to support those legacy apps.
And that's where a nice hybrid identity journey comes in, where you can actually support all those legacy applications while still starting the new journey to the cloud. So are just some of the common patterns.
And again, it's very nonlinear. We have customers all over the board coming from different perspectives on this problem. Some starting directly from the cloud for their new consumer facing applications, others starting from the, the SSO to SAS apps and some going identity management and, and the governance first. So it really depends on which organizations, priorities align with those different use cases that we're seeing going to the cloud. One of the other things we see is that exactly, as you said, Martin, that identity fabric has to be modular.
And that's one of the nice things about when you go to a single vendor that has the complete spectrum of all the different needs that fit into that identity fabric, singular pain in the middle. And so that's where our perspective is coming from as well at IBM, we're focusing on delivering a single solution to organizations that can be modularly added on to their existing IM stack in whatever way they want, as well as grow, to be a full IM solution. This includes both our existing IM technologies.
So we have technologies that manage single sign on multifactor authentication, identity governance, and lifecycle management, as well as privileged access management. And those can be installed both on premises and in the cloud. So making it very easy for customers who are starting in that hybrid journey to be able to manage those applications wherever they may live.
Now, couple it on top of that is the fact that we have different users coming from different perspectives, as you said. So you might have users that are consumers or customers, and you might have users that are employees or devices. In that cases we add in technologies from our, from our rest of our security portfolio at IBM, such as trusty trustee specializes in identifying risks and behavior of those connections to those applications. So give some examples here.
For example, I've got an application running on my iPhone and my iPhone is turned face down and that application is trying to access an application. If my iPhone's face down, it's probably not me trying to access that application. Cause I can't, can't get to the table to get to that iPhone to make that happen. Something looks fishy there, or maybe it's that it's not an iPhone connecting. Maybe it's an Android device and I've never connected to an application from an Android device. Those are common risk patterns that can be coming in.
And when they're coming into the application, the identity fabric can see those risk patterns and can attack. This looks risky. We need to mitigate this. We need to make sure that it really is Sean trying to access that application. Let's do a multifactor request to him. Let's push out a push notification to his phone to verify he's really at his phone. And he's really trying to make this financial transfer. He's really trying to make this purchase or make this organization change inside of his HR tool. We wanna detect that risk and mitigate that risk.
Other common behaviors we see are around employee usage of mobile applications. So back to one of the other points in your identity fabric, Martin is there on the EMM or endpoint mobility management Mo 60 is another product inside of IBM's portfolio that specializes in managing mobile devices. And it's really great if you can manage that device and secure that device so that if I'm on a train in, in Germany, I forget my iPad sitting on the seat. You can wipe that device remotely and it's not gonna be accessible by anybody.
But taking that to the next degree is why not make it easier and more secure at the same time? Don't just wipe that device. But what about if we actually secure the usage of the applications on that device that maybe I still have control of it, but maybe there's something on my device that makes it insecure. Maybe I'm running an older version of iOS or, or Android, and maybe I'm coming from a different location. We can actually detect if that device is actually managed and secured in such a way that we can actually control access the application called conditional access.
It's a great way to add additional levels of security without the users having to necessarily see that security is being layered on top of it. One of the other nice things is when you can manage both the device and the users, you can also reduce some of the burden to accessing application. So adding things like pass this authentication into that mobile flow. So certificate based authentication to the application.
So instead of me as a new employee of the company, getting this device and having to figure out my user name and the passwords for all the different applications, why not push out a password as part of a certificate for those applications access as part of that MDM enrollment. So when I'm accessing that application, I simply just tap the icon on my, on my iPad and boom, I'm now into concur or into box or wherever I'm needing to go, making it really seamless for me to be able to access that application, but also increasing the security of my organization.
So ensuring that device has to be managed. It has to be compliant to my organization's policies across all the applications that I'm using, whether I'm on the Mo web, whether I'm on my mobile device, whether I'm inside the office or outside the office, a lot of different points that we wanna make sure we can control and secure. And that's where we see in the future. The evolution we call authentication of service going is being able to push those integrations out to wherever you're coming from.
So seamlessly connecting anyone to every application, making sure that if you're coming from a mainframe application, that we can detect the risk of that user and do multifactor authentication, for example, to that, to that mainframe, but also extending it out, not necessarily to the, to the legacy technologies, but even into the more bleeding edge technologies. So being able to support a lot token management, for example, to the applications that you wanna integrate to your consumers.
So you can use maybe for example, a social provider to authenticate a user into your application, but then maybe you wanna, you step up to something that is a more advanced authentication. For example, like an Amazon device, being able to authenticate your users to the applications you provide to them, to be able to order something or control something. That's what we wanna make sure that, that, that evolution is going across wherever our customers are, being able to build their applications. Next is in on authentication mechanisms.
Obviously first factor authentication is, is what we have today, the username and password. That's what most people know, but I believe as a world out there very soon where we're gonna have authentication for everyone. So if you look at the standards like 5 0 2 coming out and the new technologies, like the QR code logins and things like that, there's a lot of great technology. That's just on the horizon. That's gonna really greatly simplify our, our, our lives when we don't have to remember use names of passwords sites. That's one thing.
But when we actually remove that password from the IDP and we make that IDP decentralized, we can then take away some of that risk of accessing those applications and making it easier for users to access, but at the same time, safer to access those applications. And then the last thing is around risk. We wanna make sure that customers are able to assess risk in their applications as seamless as possible understanding is this a new account that's been taken over? Did somebody create an account quickly?
That actually is trying to take over an account that I was already setting up myself, for example, or being able to understand the risks of the authentication at the time of authentication, not just establishing a static control. This user has a password that's authenticated, but it looks like something has come in line in this session. That's trying to take control of this session and gain, gain credential access to this user's account. We wanna be able to detect that behaviorally anomaly and mitigate that risk as seamless as possible.
And that's where really where I see the, the users going and, and then customers going in the journey to the cloud. And so in summary, where we're seeing IBM growing in this, in this space with our customers is first that we are investing in a platform that can grow with you. We wanna make sure that customers can invest in a single platform that no matter where they are in their journey to cloud that that identity fabric is gonna be able to support them.
So I talked about earlier, maybe you're just ready to just start dipping a toe in the water and you wanna do single sign on for SAS applications. That's a great place to start. It's an easy place to start. Sam makes it very simple to connect your applications to your users. Very seamlessly, very safely and very efficiently. Maybe you wanna go a little more advanced though. Maybe you want to go full authentication of the service. You're ready to start building all of your applications from the cloud. That's where authentication can come in and access control.
And we can provide that through an API based model that allows your applications to be built anywhere for any users. So you can be building applications on premises. You can be building applications in the cloud and anywhere in between. And then also in terms of being able to connect those applications seamlessly, we wanna make sure that we add risk into that.
So that modular frameworks, I talked about risk detection, where are we seeing risk to your applications, your users, where are we seeing risks in, in the anomalies we're detecting risks on the consumer side, we also detect risks on the employee side. So for example, should this user have access to this application? Am I over entitled to different applications that I don't need? Have I not used an application in a long time? Is it a dormant application? Is there a way that we can optimize the roles of my organization? So I don't have so many different users and groups that I have to control.
All the compliance that goes into running an IM organization. That's also embedded into our technologies. Next place is around preparing for decentralized model as what we call, you know, typically blockchain is the, is the technology that we, we talk about here.
You know, blockchains, that technology is looking for a problem. And I think one of those problems is identity where I see blockchain going in the future is a decentralized trust based identity model. So a digital trust with a blockchain fabric. And what that means is that you're gonna be able to use a verifiable credential that can be created in the blockchain ledger to authenticate a user, another form of passive authentication, but the next generation of it, and what this allows you to do is be able to provide risk and privacy consent management to the users themselves.
So being able to allow, for example, if I'm going into a store and I need to provide a form of identification approved, that I am eligible to purchase something. So let's, you know, the common example of, you know, buying a beer at a bar, you gotta show your, your driver's license to be able to do that.
Well, you really don't need to show the fact that you live on, you know, 1 23 main street and that your birthday is on, you know, June 1st and that, you know, your eyes are blue and you're five 10, whatever it is on that driver's license, that's detailed about you. That's not required to be able to purchase that, that beer.
What is required is that the bartender needs to verify that you are of legal age to be able to purchase that, that alcoholic beverage that's where something like a blockchain decentralized model come in, cuz we can actually control who has access to the attributes in your account. And you'll control that on your device, inside your wallet. So you go to the bar, you wanna make that purchase. The bartender says, are you of age on your phone? You get a push notification saying, yes I am. If you click, yes.
And the bartender then validates that you are of legal age because of the ledger that exists today, that is integrated back into, for example, the tier one identity providers like the state governments and federal governments and things like that. That's one of the things that I wanna make sure customers come away from the presentation is being prepared for that decentralized world and making sure they make a big investment into a single vendor that provides the identity fabric to support wherever they're going. And then the last thing is a new way to look at delivering your applications.
Applications. Historically obviously are coming for web applications, traditional webpage. You're gonna access the application, use van password, but that's a really, not necessarily the new way of where user integrating with, with, with applications.
Today, we see users integrating in many different ways in IBM. Maybe you're inter interacting with the application from your phone. Maybe you're interacting with the application from your car, from, from a seat in an airplane, from your living room to your television. There's lots of different ways that people are needing to authenticate and interact with your applications. We wanna make sure that customers understand you should invest in a platform that can support that user interaction wherever they're coming from.
So with that, obviously we wanna make sure that you have an opportunity to try our technology. So we appreciate you staying, staying on, on this webinar, appreciate Martin's time for, for allowing us to join in. You can try us out for free. So we've got a tour available to trust out the technology available on our webpage. So that tours available at ibm.biz/ci_tour. You don't have to put your user name, password in or anything like that to get access to the tour. It's a free tour, no registrations required. You can see our technology live for yourself with that. I appreciate your time.
Thank you very much. Thank you, Sean. So let's directly continue with the Q and a. So we already have a number of questions here and if anyone has questions, I proposed it. He or she answers the questions so that we can then walk through all these questions. So there's one, one question which refers to a slide of my presentation, which was around expose consistent set of APIs. So the question is basically, is there a standard service definition or standard definition of APIs that already exists?
Unfortunately there's not, not in the sense of a standard of something, which is creed across the industry, which to some extent is a challenge because it means that you, you have, depending on the technology, but you build in, you might end of its different set of tech, different set of APIs. But when you look at rest APIs, I think it's, it's fairly straightforward to do some more sort of, of, of standardization or your own by wrapping APIs, by defining your layer, which is, is rather stable.
And so I would say this is, this is standard task and everything you do around defining sets of service, defining sets of APIs, where you can do sort of standardization. So this is maybe hope you the answers, otherwise trust, reach out to me per email and we can continue that discussion. Then I see there, there a lot of other questions, let, let me maybe just pick the first one.
So, so it's a question, which is what trends are you seeing related to consultation into one identity platform? Maybe show you wanna start answering that?
Sorry, can you repeat the question one more time? Martin, What trends are you seeing related to consolidation into one identity platform.
Oh, okay. Gotcha. Yeah. So a lot of times we're seeing organizations when, when they think about consolidation, identity platform of thinking, it's just the directory and, and that's, that's not the one we see the most of, but that's the common one that people think about, you know, can I put all my consumers and my employees in the same directory?
No, that's, that's not what I wanna do. What we are seeing though, is organizations reducing the complexity of their IEM stack by using one platform for the authentication and enforcement points. So for example, I might be building applications for my employees and maybe I'm hosting them on, on, on, on IBM's cloud. So I'm building a, a new expense tool or I'm building a new Porwal for my employees to do their sales prospecting in or something like that. Buying SaaS applications like Salesforce to do those things, for example.
But then I might also want to be able to use that same platform, a different directory to be able to manage my consumers. So I'm building consumer facing applications like a, maybe I'm building a loyalty website for my, for my customers that have a loyalty card to be able to interact with my organization. And I wanna be able to use the same security standards for both. I wanna be able to enforce multifactor when there looks risky. I wanna be able to do real time assessments of the risk of the employees, as well as my consumers.
And I don't wanna have to use two different technologies for that. I just want one technology provides everything. So that's what we're seeing. One trend is that organizations are consolidating all of those authentication, enforce point policies into one platform and then using different directories depending on the types of users and use cases. Yeah. And I think that's something I, I, I also can, can agree with.
I think it's always about, about understanding what are the things you can really consolidate, which are things you, which are to disparate to, to consolidate them into one single box. And, and so when you look at different purpose of directors, when you look at the breadth of identity providers, you will have anyway, then that's one part. But integrating the flow from a logic perspective from a policy management perspective is something which is, is definitely meaningful. So to get really get a CRI an audit perspective, consistent perspective on things like that.
So let's move to the next question again. I hand over to you, Sean, are you seeing clients extend one identity platform to cover both consumer and employee scenarios? Yeah. So kind of going in line with that last question. Yes we are. So we're seeing organizations that, you know, I am, has become very complex, not just from, you know, the fact that the technology, but because of acquisitions and, and the, and the years of development that have gone into the application.
So you might have an acquisition that brought in one vendor's technology for employee use cases, another acquisition that brought in another technology for, for similar employee use cases. And then you built your own on stack on top of another vendor, you know, that that complexity can be simplified by going to one platform. They don't need three different vendors. In this case, you know, adding vendors adds complexity, but also adds risk. You might have a policy that gets missed in one of those solutions.
That's enforcing multifactor from a risky application or, or you might not be adding actual, additional complexity to the user's experience. Maybe one of those vendors doesn't support past those authentication. And so you're actually adding complexity to the users themselves. So being able to standardize on the consumers and the employees is, is very common. And we're also seeing that even in, in, in for example, in how, you know, you interact with your own company's applications.
So IBM for example, we have our IBM ID and I can access my applications that I, that I, that I sell at IBM using my IBM ID. I can also access other IBM tools. So I can get into, for example, our connections Porwal to be able to go review content that people are submitting in our social business platforms, all using that IBM ID as my authentication point.
So yeah, it really simplifies the, the IM stack reduces your overall cost, but also adds additional levels of security because you're not gonna miss something in one vendor that's not in another. So we are seeing that. Definitely. Yeah.
So, so I think it's, it's always about understanding what is really a thing, the area to consolidate and where, where are things very specific? So obviously you have things like marketing automation where reach out for a consumer, but last for, for, for an employee, for employee, you have more of the traditional I a features in some way in the platform.
So, so there, there are things which are, are, are overlapping similar cetera, but again, for, for the flow at the end, every, every system that is exposed to customers and consumers always will also have employees accessing that system. And so there's always an overlap between these areas. So there's logic again, saying, okay, where does it really make sense to integrate? And if you start with the logic perspective, like I tried to, to, to transport it in my, my presentation, then I think it's, it's, it's one step.
And then it's obviously drilling down into what are the elements, which make it up. And so reducing the complexity by not having too many of these clearly is a good thing to do. So what use cases do you see customers consuming first from the cloud? So where do they start their cloud con consumption these days? You know, honestly it depends on the priorities of the organizations we see, we, you know, at IBM we see every, every size organization, every, every type of organization across all industries. And it really just varies on what the priorities are.
Some customers ha are very compliance focused, so they, maybe they just failed an audit or they're, you know, they have audits coming in or are very focused on making sure that the compliance standards that they need to meet or align with their industry. And so they're gonna be focusing on the identity governance and life cycle management, ensuring the, the right users have access to the right applications and, and reducing the overall entitlements where, where, where there's risks.
So, you know, that's one common use case we see other common use cases are, are, are, are, you know, more straightforward, like the single sign on this apps. So you're buying SA applications and you wanna use your legacy IDP to be able to access those new SA apps. But at the same time, you need a hybrid model that supports the on from applications until you can start that those moving to the cloud as well. And then the last one is the, is the pure authentication of the service.
So we're, we're, we're wanting to modernize our IEM platform. We need to develop a friendly way of building applications, you know, being able to consume common scenarios from the cloud for my application development, but then in line with that, I need to add authentication and access enforcement to, to my, my application stack. So being able to build all my new apps on the cloud, using a cloud delivered Ida, those are kind of the three common use cases that we see.
And, and it just, again, it just varies on, on what the customer customers, customers motivation is compliance is the first for, for the governance story, but then you might also have like a digital transformation journey where customers are there. You know, we're moving to the cloud digitally, everything needs to shift towards the cloud, all replication stack, we wanna modernize.
And, and then we wanna start building on an authentication service platform, you know, those kind of the common ones that we see. Yeah.
So, so when I look at what we observe in the market, I would say these are the three scenarios, and we see a significant uptake of one end, more the identity API platform. So the, your third use case, and also in the IGA use cases when it comes to IDAs requirements and, and for SSO. So for this sort of, it was so, so to speak the initial use case for identity as a service, then obviously that that really shifted from employees accessing cloud services, having a single sign onto cloud server only towards everyone to every type of service scenario.
So far more complex scenario than we had in earlier days. So this, but while all of these are relevant and I, I would fully agree with that. It very much depends on the organization and specific requirements of organizations where they start, but with an uptake of, of use cases going well beyond sort of the initial cloud SSO use case, next question we have here for those organizations who have not yet made any sort of cloud migration, what are the biggest hesitations and what will create urgency to adopt cloud for the late movers.
So do you still see really the business of which say I don't go to the cloud at all, or I didn't start it. That's interesting.
I, I, I think we see pockets in organizations that are kind of in different, different spectrums of that. I think you'll see some pockets in the organization that know that they've moved to the cloud. And then there are other pockets who are saying, you know, we don't have a policy yet for how to handle this. So therefore we're not even though other groups are, but, you know, across the board, I don't know any company that I've, that I've talked to, you know, in, in the past, you know, three or five years that isn't in some way, moving their IM back to the cloud.
Certainly, you know, most of us are all using, you know, email or word processing applications from the cloud, you know, be a G suite or office 365. You know, all of us are using some form of SAS application just to do our job, but then there's a lot of things that we're interacting with that we don't necessarily realize that are already being delivered from the cloud.
And a lot of times organizations might not see those as the common scenarios from moving to the co, like the consumer apps, you know, being able to have your consumers accessing your application 24 7, and you don't have to worry about keeping the lights on. It's a big benefit when you can actually offload that burden and risk to another organization.
It, it really, I think it's, it's, it's, eye-opening when, when people realize that there's some of that, you know, they'll sleepless nights that they can get back because they can now buy that service or other common, you know, examples. We see of organizations where they, where there were hesitancy move to the cloud, but then realize the benefit is in understanding that you can focus your efforts on the value, add that you deliver to your market without having to do the heavy lifting and building that, that, that the security around that application.
So when you wanna focus on how is the best thing that you can deliver your widget to your customer, you know, there's something that only you and your industry are gonna specialize in, but a lot of times you don't really need to specialize in that IM stack. You can just buy that from the cloud. And so organization, I think we're hesitant to move there because I think they thought they had to do both. And so now we're seeing that because, you know, IDAs is becoming ubiquitous across organizations as being a simple tool, to be able to consume. It's not complex, it's easy to use.
You simply turn it on. And it just works. That is kind of reducing that burden and risk and, and, and concern that people had. Yeah. And so from what we observed, or even over here in, in Germany is really that there's a far more far bigger acceptance of, of cloud service, even for use cases that are considered some being somewhat critical or sensitive like identity management.
So, so there's, there's an clear tendency. Obviously there are still organizations are more open, more reluctant, so it differs. But I think the general trend is very clear that we see more of that and with the increasing maturity and, and the ever so the capabilities getting broader of identity as a service, I think it becomes more and more, a real option to traditional on-premises deployments, particular for the implementations, for the approaches, which are really strong and supporting the high reality most businesses still have.
So with that, I think we are through all or most of the questions. And so right now, I would say it's time for me to thank you, Sean, for your presentation, which was very insightful to thank all the attendees for listening to this group on call webinar. So thank you very much. Hope to see you soon at one of our upcoming events, or again, as a attendee of one of our webinars. Thank you.