KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Cloud is here to fundamentally change the way Identity and Access Management services are delivered. It is an imperative but also an opportunity to re-visit and challenge a few tried and tested approaches to delivering core IAM capabilities. It also provides an important pause to design the IAM capability of the future. The speaker will share his experiences in deploying a native cloud-based IAM solution at scale, the challenges, pitfalls, and the watch-outs.
Cloud is here to fundamentally change the way Identity and Access Management services are delivered. It is an imperative but also an opportunity to re-visit and challenge a few tried and tested approaches to delivering core IAM capabilities. It also provides an important pause to design the IAM capability of the future. The speaker will share his experiences in deploying a native cloud-based IAM solution at scale, the challenges, pitfalls, and the watch-outs.
So in, in terms of what, what I wanted to cover in the next 15 or four minutes, and I'll, I'll try to try to go quick through most of the topics and, and, you know, enterprise cloud entry management, and, and the way we deploy this in the cloud is something that is, I would say that's new to me as well, because I'm also in, on, on the learning curve at the moment. So by no means an expert.
So I, I would be keen to hear people's feedback and, and views on what I, what we go through in the next 15 to 17 minutes. So what I'll cover is just an evolution timeline to understand, you know, what got us here from a, from a, a, you know, and, and what is that cloud enterprise entity management imperative?
What, what has changed I word on tooling, because I think in, from, from the dispatch that I've had across peers within the industry, I believe that that is one area where I think the whole, some of the thinking has to change as to how we look at, look at tooling. And then I'll also talk about a sample reference design and, you know, what, what good looks like based on, you know, based on my experience on the call phase over the past couple of years. So that's the, that's what I wanted to cover over the start over the start period.
I'll quickly go on my main topic in terms of the, the, the, you know, how enterprise energy management has really evolved, you know, back in 2010, when I, when, when I had my first, you know, exposure to this particular area, and I think that's when we, the term access governance was coin, arguably access governance survived, you know, has had, had, had, had, you know, many different lives prior to that.
But the term we started calling access governance, you know, to, to a bunch of processes that would underpin the successful certification of a certain, you know, instead of buy process, like access, certification, access, access control, and all of that. And that was, that was the birth of a new set of new way of doing entry management, focused on getting the access governance right first, and then look at all the other subsequent process that underpin bread and butter process that underpin the delivery of the program.
Then we moved on to the connector phase where, you know, we, we were, you know, there was a lot of standards to conversations about how do we actually connect to some of our legacy platforms, the RAAF, and, you know, our data center based applications, you know, and, and we had almost connectors for everything, right. And, and we were kind of revealing in the fact that finally we have very agile and, and, and, and still will entry management models. So we lived through that, that one as well. Right.
And then it, it came, you know, we came to a weird phase where, you know, with Azure Google cloud and Amazon web services being set up between in 2006 to 2000, in that 2006 to 2010 timeframe, you know, between after 2015, I mean, these solutions, we, the maturity and organizations kind of using that in anger. We came to a phase where we tried to address the cloud challenge, but there was a lot of conversations about how is going to cloud, how it's just an imperative to come, but there's very little to go for it because we, we had not really IBI the cloud culture.
There were, again, we were taking old pollutions to new problems there with, you know, using connectors for fast applications and all of that. So I think things really came to head and, you know, like I said, I was, I was probably in the front of it on the call face of it.
When in, you know, 2018, 2020, a lot of organizations start started adopting cloud based approaches to delivering IIM projects. And, and those projects were kind of really struggling because we, we had, we were trying, again, like I said, old solutions, new problems that we had, but then I think something shifted and I don't need to kind of beat that pandemic line over and over again. But I think something shifted over the past year or so, because, you know, this is almost like an imperative.
You, this is the direction that we want to go and pass and pass is the direction for the future. So our, the way we actually deliver IM programs have to fundamentally change the way we kind of rewire this have to fundamentally change in order for us to kind of meet those challenges.
So, so I wanna kind of dig in the last bit of it as to what it looks like. How do you know why cloud cloud it access management is funded fundamentally different from the others? So there are six, there are six things the way I see it, right? So one is the policy enforcement piece.
So, you know, where we had this traditional boundaries with, within, within, within, within the on-prem and, and, and, and the way of doing things in the past, there was time there was Ary governance, and there was entry, lifecycle management, all of that bunch of controls within the cloud, everything is one, right? It's basically either your policy compliant or you're not.
So you and those policies are led right from, if you look at Amazon web services, your perfect controlled policies, you know, the way you tag your resources, the way you define your Aw splice, all of that is written written in as code, right? So those have to be managed natively as code in the best way possible. There have to be a policy design for it.
And it's, we are not just talking about how Pam controls will work and how ITT governance controls will work. So that's kind of first, first, first layer. The second point is that just the explosion of entities, right? Even when I am, you know, you know, even in, in a matter of a few hours, there will be, you know, developers within our, within, within the environment, writing out Teon script, building environments, building new processes, defining new user entities, secret certificate, and all of that.
So the model has to be defined in a way that is scalable, and you're able to build observability, which I'll talk about separately into that. The, the, the third imperative is, again, you know, within the cloud enterprise management, the, the, the, the, the entitlements are, are more fine grained.
If you, again, if I give you an example, you know, if you look at how an S3 bucket on an database infrastructure is accessed, it is defined by principle, right? In the sense that, you know, the policy, the principle is a, then you can do, you know, XYZ things on a, on a, on XP bucket, where if it's principle changes, then obviously you can't do the same functions depending upon, you know, who is doing what within that. So it is very fine in terms of, at the level of infrastructure, the level of data, and even at the, within the data, even within the sections, in, in the views, into the data.
So, so, you know, where fine grid entitlements were outlier, this has almost become the norm within the cloud enterprise entity management space from a service operations standpoint, observability is a key key principle. And I think this is increasingly used within the CS CD world. But I think this, we have to invite that with it access management world as well. Because when we look at service operations, we just don't need to monitor what has gone wrong.
We should also be able to understand the impact, the root cause of why it has gone wrong, because, you know, this has to be addressed in flight because even, you know, this is a dynamic live environment. You, there is no, there is nothing that is static about this environment. So you will have to interfere in real time to basically to make sure that you, you, your process are working the way should be.
So I, access management just becomes the heart of everything that we do in, in some, in, in, in, in, in, in, by some means within past environment. The, the next point is just in time. So whenever we have, you know, access that to be provisioned almost on the fly at the same time, it has to be secure. It has to be, you know, user friendly from, from an experience perspective, right?
And the, the last point, obviously about even based integrations, I, I, you know, I think this is, this is a pretty, you know, pretty relevant because, you know, you have, I've seen different design and architectures through how we actually integrate pass based resources, you know, reports that are in Azure cloud or Google cloud, or AWS onto, onto either on-prem resources or on-prem applications. There are, you know, you can use solutions, API layer, like, you know, you can use solutions like MuleSoft, you know, Aw skate space, or, you know, there are multiple solutions in the mix.
But the important thing about it is that these are all even based integrations, if, and even certain, and they are defined by, you know, whether a certain event is happening or not. There is a certain Fe command. There is certain a certain, a certain action that is underlying on, on specific set of events. Also underlying is explicit policies that define it, you know, does, does that particular process have an explicit, you know, allow or an explicit deny access to that particular resource or something like that?
So, so this basically, you know, this environment that I've just described, you know, really leads us to, to the point where we cannot, we cannot bring in. And I think I cannot repeat myself enough. We cannot bring in our old ways of looking at these environments, because this is this what we are seeing here is going to be the norm in the future. So we have to retool, we have to make sure re-skill, and we have to also make sure that we are able to understand this particular world to be able to adapt our it management thinking, how do we execute control? How do we design processes?
How do we make sure that we are able to evidence the execution of control, some of the traditional things that our come and ask us, we should be able to kind of figure that out in this particular world, at the same time, we have to imbibe the CSE D principles, which is of agility, which is of just in time, which is of being able to do what they want to do in a, in a, in a, in a secure and in a user friendly manner.
So, which brings me to the question of tooling, which I wanted to cover primarily, because, you know, this is, this is the typical way in which, you know, things have been evolving so far. So you started off with, you know, we have a existing solution within, within, within data center, which basically takes care of everything that is unpromised. You have a data center based applications. You are hosting that within ITF, smart platforms, everything is working well.
And suddenly, you know, you started consuming staff services, you know, you two direct connections with staff services and you kind of make that work as well. You know, it doesn't work as seamlessly as possible. You started seeing some problems in terms of how do you environ, entitlements, how do you update, you know, entitlements back to staff services, you build some custom interfaces to do that. You build some APIs to do that, but you still manage somehow, but rubber hits the road when you start consuming past services. Right?
For example, when you talk about, you know, it, my problem, AWS, or Azure cloud or Google cloud, and that's when, you know, in environments where data centers are moving applications on mass to the cloud to pass platform are retooling applications in the process. That's when the, the complexity arises, that's when your existing solutions and existing approaches of incrementally failing to the cloud sales.
Because, you know, you, you are really trying to, you are really trying to spec your existing solution to do that. And I've seen a few examples of how that has not worked, but one way to consider as to how to address this is to look at building in, you know, building in from the, the, you know, if, if, if your organization has got an explicit cloud migration strategy align with that and build services that are native IM infrastructure that is native to the cloud first. Right.
So which means that you are almost taking, you know, your, your past services as an input for the design of what that target solution could look like. And obviously from a staff perspective as well.
And, and I'll, I'll kind of in the last, towards the end, I'll just show you what that will look like. And then you're looking at how do you integrate that to your legacy platform?
You know, because, because at the end of the day, you know, if you do not make that imperative work, you're really inhibiting your organization's ability to transform as rapidly as they would want to. Because at the end of the day, you know, we, we, the, the, the agility is the name of the game in terms of how do we actually deliver services in, in, in, in, in, in a, in a, in a, in a, in a rapid fashion, migrate those applications to the cloud, deliver that in an accelerated manner to, to your customers, to, to your organization's customers for that matter.
So it's a part different way of looking at it, but, and slightly different way of challenging it. I don't think, you know, you know, I don't think what I'm saying here is really anything that is absolutely or anything like that.
I think, you know, we, we, we've all gone through this process. It is, it is just the question of, you know, when, when it comes to the question of set the assets, right, when, when there's a budget conversation of setting the assets, you can only set the assets to certain extent before things start to fall apart, right? So you have to really think what your cloud it and access management enterprise it and access management strategy is about.
And you have to build a case on the back of your cloud migration program, which is in turn aligned to your organization's objectives of serving your customers in the best way, and providing new services for your customer, right. That point made, I will quickly go on to what does that, so what does that good look? What does good look like? Right.
And this is, again, based on my experience on, on, on, on, on, on the, on the, on the call face and what we are putting together as a team, you know, we have, you know, applications are, you know, our services that basically fall in all different forms. We have classic infrastructure, data centers, staff services, we have cloud-based, you know, platforms, you know, it comes in all shapes and forms. Now we have to, and, and, and the way kind we have looked at it is that, that we isolate the legacy.
We try not to stop that as much as possible, but at the same time, we build new capabilities externally to make sure that we are able to support our key initiatives. What are the, what are the key initiatives? So in terms of the key initiatives, we are looking at a large transformation where applications are moving from the data center to, to, to past platforms. And we are looking at retooling, some of those platforms to make sure that we are able to support new, deliver new services to our customers based on agile principles.
So, so, so with, with that imperative, when we actually work backwards from there, we will need to build, you know, three different entitlement repositories, purely from perspective, three different policy repositories, three different entitlement repositories within overarching governance mechanism across the tools. So for example, we have our existing mechanism of running reviews on our data centers based applications or our, or our on-prem based applications, but that process need not work within the SaaS environment. That process need not work within, within, within ours environment.
So we have to build an observability as a, as a countering control for that. So the same objective is being met, but the approach to that is, is, is, is slightly different. The way we define policies within, across, across the, the, across this services or product within our past environment is different. The way to way we define policies and what the policy outcomes are within the staff and, and, and the on principle.
And we have to be comfortable with that particular process, the way we build reporting and, and, and, and, and service monitoring in these areas will have to be essentially different. But at the end of the day, it is all driven centrally by a solution.
That is a, that is the, that is, that is native to our past service that has got integration with our staff services, and also has a path into our on-prem and, and data center.
So it's a, we, we are not trying to be everything to everybody, but what we are trying to see is we are trying to build three different words where we can actually build service, delegations control, control, execution, all of that within each of these words, and bring that together as a single T and access management, I can, you know, I'm happy to kind of go through as much detail as possible in this particular, in, in these areas. But I believe I'm, I'm probably already short of time, and I'm happy to take any questions in, in the minute that we have remaining.
