KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
We have again, checks who did a keynote earlier today, his chief strategy office at clear sky and from clear sky, we also have Paul Walker who is vice president of product management. And then we have Trustman who's director of advice services is, and I then P yeah. So here we go. You might reconsider your company name when I struggle with it, but that would be a separate topic. So let's get started. And so I think we heard a lot already about the, the interplay, I would say between it service management and it, and clearly they are a little bit different perspective.
So you from clear sky, come with the solution that builds on the service now platform, but knowing you track and knowing you, Paul, you clearly also have a lot of experience with other scenarios of integration. And Jeff probably with your work are looking at more types of integration.
So to get us started, how do you see, or what are the challenges of integrating it and ITSM, and maybe we start do it that way, that, that everyone of, of you gives a very quick introduction of himself and maybe names the, from his perspective, number one challenge, to get a discussion up and writing, given that you checks already talked a lot, let's start with Jeff and then Paul. Sure. So thanks for inviting me.
My name is Jess Thaman director of advisory services at entropy, you know, from a, in a challenge perspective, I feel like this is one of the holy wars when it comes to identity access management, the first one being, where are we gonna put our non-employees, they don't go. And typically HRS wanna have that. The second is how are we gonna handle IGA? Is it gonna be in our, our ITSM system or is it not going to be? So I feel like this is one of the, the first things that an organization needs to figure out when it comes to the challenge of getting it integrated.
So I think that's where typically where it starts for me, Paul, Hey, Hey everybody, Paul Walker, product management, clear sky, I've been trying to solve this problem probably more than 10 years now and 20 years in IGA. So we talk about challenges. I'm like you talking technical or business because there are both, there are challenges on both sides. In my experience, the I TSM platform owners and the security owners don't often have good relations always. And then there's also technical relation technical challenges too. Like the number of moving parts differences in APIs.
Who's the owner of the platform. Who's the owner of I TSM who owns IGA. So there are challenges on both sides, Martin, both technical and business back to you, Jackson.
Well, I think the, you know, the key term is integrate and what, what we've seen is, you know, so many customers who have data just across so many different silos and, you know, the, the need to integrate with all these different things. To me, it just, you know, results in a more complicated architecture and, and, you know, I'm a big believer in keep it simple.
So the, the more we can simplify and pull these data silos together, the better it is. And if you do, if you do it all through integration individually, you know, you just end up with so many different relationships and so many potential areas of failure that it's, that is problematic. Yeah. And I think some interesting points, and then I'd like to pick two of these and maybe start with was the first one, which is maybe more common from my end, Jeff, is that HR and I TSM are the, the two integrations to look at really.
So the problem is IGA usually looks at one type of integration, which is target systems, but yes, I, I would fully agree getting the data in is, is one, one challenge at ITSM integration. And if it's just for ticketing is the other, which occurs in every project.
And, and I think what you said, Paul is a very important aspect, talk with each other. So maybe how, how do you, how you do you do it in your practice, getting people on the same table and, and agreeing on who is responsible for what take HR and IM or other scenarios.
So, so any, any advice from your practice who'd like to start Jeff? Yeah, I think it's, it starts with conversation, right?
I mean, IM is a program. It's not a project. It's a bunch of different projects that wrap up underneath the program scope. So you're gonna have to have conversations with HR. It help desk or service desk, you know, whatever it may be called the business to make sure that you've got a common alignment of the strategy and the approaches you wanna take. If you try to design this in a vacuum, without any of those folks in there, you're gonna have a bad time. You're not gonna get the buy-in that you need.
So I think it really starts with a conversation understanding and developing, you know, a racy chart and, and know who is going to be accountable for which portions of the services that you're putting out there. You know, racy in my mind is, is very much like Highlander. There can only be one a, so someone has to be able to call, you know, be the, be the final stop for decision points and be accountable for the different portions of the service, whether it's, you know, if it's a Porwal within the ITSM tool, it's how you're handling access requests.
Or if you decide that you wanna use something different, right. Everyone has to understand their role, their responsibility and their Ownership and talk, check them.
I mean, I can't disagree with anything that's been said. I mean, one of the biggest failures of, of identity projects in general is either not enough executive buy-in or to Jeff's point, not having everybody on the, on the same page. So whether it's, you know, clear sky on service now, or it's any identity project, all of these things are, are hugely important to success. Yeah. And then the other point you brought up TrackMan, we, we had in the interview or discussion we had after your keynote already, but you, you, you raised the point of data.
And when we look at this, this aspect of data, so I sometimes tend to say, you know, once you have data more than once you are in trouble. Yeah. And I think that there's something really important behind it and really drew behind it because once you have more than one place with the same data you end up with synchronization, tend with data, not being at a inconsistencies cetera. So maybe you can elaborate a little bit more on that and maybe Paul gives us insights into that area.
Well, I, I think we'd all agree that, you know, ever since the first dawning of identity, it's been about synchronization and started with email addresses and, you know, you've made a great point. And one of the things that, you know, has bothered me over the years is just so many of these different silos.
And again, why, you know, in my, my keynote, I was talking about if there's a way for us to eliminate that identity silo, you know, and it's almost like not really eliminating it, you're putting it in with the rest of this, this data that's being governed and managed by service. Now there's a, there's an advantage to it.
And like, you know, like I said, a few seconds ago, having all of these different data silos, whether it's an identity silo or, or any other kind kind of silo just leads to these integration problems. And ultimately these, these failures, you know, between the systems, which, you know, always happen at the wrong time, it's kinda like the video thing. And the audio thing we were talking about always happens when you already need it. Right. Okay. Paul It's like, when you're back at college Martin, I'm sure you can remember Todd's rules of relational design. Right.
And one of those rules, my memory serves me right. Was don't duplicate data, don't store data in more than one place. If you can, you know, if you can get it using a view user view, don't copy into another table. It's the same thing with any architecture. We don't need to copy, you know, synchronize from the old days of meta directory or ad sync.
You know, it's just simpler, the more moving parts, the more operational pain you're going to get, the, the, the more challenging any customizations are going to be, you know, APIs change over time. One of the advantages. And one of the things that, you know, I see here at clear sky compared to my prior experience is that you're on that data plane. You're like a brother and sister around the table with the other apps that are on that basically is one big database with, with a, the common ACLS and security auditing around it.
So trying, you know, integration is possible. Absolutely. But you've gotta be careful how far you go. So back to north. Yeah. Yeah. And it's interesting when you say, okay, you learned it in the university, but it seems that it's not a widespread sort of accepted paradigm for a good architecture to say, we have data isolated from, from logic and isolated, from identity, which I believe make, makes a lot of sense.
And yes, it would probably solve us a lot of challenges. So when we go back to this general theme of, of integrating ITSM and IGA, one of the, be the potential benefits, but maybe also the current concerns might be, what does it mean to, to security? So is it something which helps us in security?
So, so you could argue if you do it, for instance, in ServiceNow, you also then might integrate with the RC capabilities and other stuff. On the other end, you might rely on one consistent security framework, which you on the other hand might manage. So security in IGA manage why your service now, why you IHA solution. On the other hand, you might argue that it is, if you have a request in ServiceNow or whatever tool you run, its IHA do a lot of sod stuff and other things there. And then you have manual fulfillment with tickets, run again through, for instance, your service.
Now then you have a lot of things to drag in different systems, which make it more complicated. So what's your perspective on that? Let's get started with chef. Yeah. So I think the integration's important because from a security perspective, you're reducing the number of tools that are in environment. So you have fewer tools, fewer things to manage patch, maintain, keep up to date, all those sorts of things.
You've got fewer developers and engineers that potentially have privileged access that could control people's permissions and entitlements, which again, reduces attack service you, and then you get the consistent interface with other it services. So it becomes easier to follow the path that's been laid out. And you mentioned the point around, you know, really the audit concerns.
You know, I come across a lot of organizations that still use a combination of tickets, which are great, easy to audit email, not as easy to track drive-bys people coming by the cube, or, you know, you know, probably not at this point with a current situation, but people driving by or instant messages, things are a lot harder to track as well. So you're able to demonstrate compliance a lot easier if you can get onto a standardized process. And it makes it easier for everyone to follow Paul or Ahead.
Paul, thank you, Jackson. I, I, I totally agree with everything Jeff said.
I mean, it's just simplicity. Complexity is the nemesis of security for start, right? The teams working together like your I T SM team and your I G team, if they're different or, you know, working together, talking about process and security agreeing, cuz I've seen so many projects where, you know, the identity team, as far as their concerned, their interaction with I TSM was creating a ticket and that's it there's no closed lube. There was no process design.
So like Todd, Todd Weedman from Landis and gear, you know, the, the great benefits he spoke about earlier is, is, is leveraging that common inventory on, on the platform, the CMDB, you don't need to remaster data. If you're working a security or a vulnerability ticket, then you you've got all that information from IGA, you know, within the ticket at, at your fingertips. So it's just reusing the data in a more intelligent, more simpler way and, and reducing the complexity. Thank you Martin. Back To you, Jackson, go ahead.
I can't, you know, add anything to what these guys have said cause that's that's okay. Exactly.
The, the awesome answer I would've given. Yeah.
So, so yes, I, I believe the, the essential points you are sort of first design your processes, define what is done, where and ensure that it's done at one place or not in multiple places. I think, I think you hit the point that Jeff was all these scenarios where, where you not run everything through your identity management and where not more consistently with tickets, but where you have a bunch of different ways to do things.
And, and by the way, that's, that's an, a really old problem in identity management. So when I go back to, to early provisioning and then reconciliation coming into play, so looking at what did the administrators of the active directory do by, in bypassing the, the, the, the IHS or the IM solution back in these days.
And, and so it's really not a new problem. And I think we have, we should have enough experience also to really better deal with this. So let's also look a little bit at the, the, the places I has in the I TSM strategy. So I think we talked over the course of today, a lot about utilizing I TSM as a Porwal, but what can, and, and then running the requests through single UI, etcetera, into the IGA G solution. But what can I G do for I T SM? So is that the authentication is that the entitlement management, what are the benefits you can get out of, of IGA if you do it right.
And that is also some sort of integration the other way around check some, Well, I mean, interestingly enough, ServiceNow itself can be a target of the IGA system that's, you know, built within ServiceNow Can or must. Well, I think, I think can, and I think the must depends on every, every customer. It's kind of like when you look at something like Salesforce, where you're paying a license for everybody, who's using Salesforce, you're making a business decision about whether you give everyone access or not.
So it's more can in my mind than must, but I think my experience in most customers or in my own employee situations is it is, it is a must, but, you know, I, I, I, I just think that, you know, like in my keynote where I said, why not start with the last mile, right. Instead of having this whole system and then using ITSM as the last mile, why not start basically on the I TSM system to, to do everything from one place. I think that's just the key thing with, with marrying these two things together. Okay. Paul. Yeah.
Thank you, Martin. I I'd just like to, you know, acknowledge what Jackson said there, you know, for my prior IGA experience, I looked at, I TSM as just a, like a, you know, a poor ticketing solution, but, you know, ServiceNow platforms like the now platform are much more.
So how, how can IGA play a role in that strategy? Well, I think first of all, you, you manage the, I TSM, you know, provisioning, entitlement request. You're looking at the I GSM security model from your IGA solution for a kickoff, but then putting yourself in the shoes of the actor within the, I TSM processing a ticket, whether that's a request ticket or a vulnerability ticket, security, instant ticket, you know, IGA can enrich that ticket by providing, you know, additional information about that person, you know, Paul's requested access, but, you know, have I been certified, is this approved?
What's my risk score. IGA can actually provide a lot of identity centric information to that ticket and, and, and bring the two worlds to together. Okay. Yeah. And I agree totally with, with Paul and Jackson, it comes down to data, right? So the data quality, making sure that that's correct, IJ plays a role in making sure that, you know, titles get updated.
They're, you're marrying things from different sources, email addresses, and making sure that, you know, everything kind of stays on the same plane. You know, you don't wanna reuse data. So why not use the tools you've got to, to put that in place from a, from an integration standpoint, you know, I, IGA is going to track who has access to what, and that's foundational for any security strategy. If you don't know what people have access to you can't protect it and you can't protect your underlying data behind it.
I believe the, the more central use in I TSM the more we need to have it as target though, we manage as much as we can through our consistent it process. So in the interest of time, and I think we are already close again to the end of this panel. I I'd like to get a sort of a, a closing statement of from each of you, which is one, is from your perspective.
So, and this might be a little redundant to what we already said, but what is really the ones advice, the ones most important benefit you would give to others. And maybe this time we start with checks them, Paul and Jeff. Yeah.
Martin, I would just say, you know, just to sum up what we've all been talking about is I think thinking about IGA from a simplification of architecture perspective and this integrated data plane is really what's driving clear sky on ServiceNow. I think that just gives a lot of benefit from an architectural perspective. And I think, I think people should just think a lot about that when they're going out and choosing a solution.
Paul, Thank you, Martin. Well, in particular around service, now we're talking about simplification talking about reusing. We talk about recycling a lot in, in this day and age naturally, well recycle what you already have. You don't need a siloed platform. You don't need another database. You don't need another API integration.
You know, ServiceNow infrastructures has all those business applications already. You want time to value. You wanna save money, you know, putting IGA and ITSM together on now just makes sense back to you, Martin. Thank you. Yeah.
Tr Yeah, I'll what these guys said too. I mean, it's all about getting more of the tools you already own. You already have an item platform with it, ServiceNow or something else. These tools have come a long way over the last, you know, couple of decades. It used to be, yeah, just dump a ticket in it. And you're kind of done with it, but they've gotten a lot smarter, a lot better at the way they handle workflow.
That is more business friendly, which is an important part of this entire process, because not only do you wanna get more things out of the tools you already have and, and more benefits out of that, but you wanna leverage familiar processes. People are probably already familiar going to your it service desk. Porwal whatever it may be. Why add confusion by adding yet another Porwal. So the concept of trying to simplify and have that one place to shop, right. For all your it services makes a ton of sense. Okay. So thank you to all, all three of you. Thank you.
Tracks and Paul and Jeff for the insight you've provided. And with that, I hand over back to any.
