Hey everybody. My name is Barry McMan. I'm a senior manager at loud in, and the business unit that I work in is the IM or identity and access management division. I'm honored to be presented at this company called virtual event today. And my topic will be on harness and identity to position security as a business enabler. Before I jump into the session, I just wanted to briefly give you an overview of log me in log me in really is a house of brands. Many people may not know, log me in, but know the brands that are within the log, me in portfolio.
And so if we look at our unified coms and collaboration business units, we see that we have go to meeting and go to webinar and go to meeting. Many of you will be using that today to, to join this conference. So thanks very much.
We have our customer engagement and support division, which is home to our bold 360 AI and our rescue service. And then we have identity and access management with last pass and central last pass has close to 18 million users worldwide and close to 61,000 businesses worldwide using last pass. So let's get started.
So when it comes down to it, ease of access really does equal greater productivity. If there is little to no friction on accessing systems, applications and data resources, then it can be quite a seamless experience. When we look at the image here, we see that access controls are not just limited to work or personal systems they're everywhere. And so that's why we see really poor security hygiene globally. There's such an overlap on people are trying to manage too many ways of accessing too many services via a number of devices.
All of these elements combined to put businesses on people at risk. And so in our recent consumer research called psychology and passwords, which we released for world password day during the first week of may, we asked 3,250 people from around the globe about the security habits online and of that global cohort. 91% of people know that using the same or a similar password is a risk, but 66% of people do it anyway. And so what's concerning when you look at Germany, 66% of the German respondents don't change their password, even when they know that a service has been breached.
So that's a, that's a big concern.
Let look at the next tension that we have, which is adoption and technology. So we know there's a considerable challenge around adoption and technology. Many investments have been made and never adopted. And it's quite common, unfortunately for security and productivity to beheads and stuck in the middle is user experience. It's typically the trade off.
So in the productivity camp, we could have sales, engineering, HR, marketing, development teams, all pushing against security and security may deploy a solution that protects the business, but it may have may, but it may be at the cost of the business or of a knock on effect in productivity. And so when this happens, people will become very inventive and find a way around it leading to more shadow it across the business and therefore more blind spots that security has no visibility of.
And so when you're looking at user experience and managing that user experience around access, it's gonna be a unique blend that you're gonna need to solve that problem. And while I have PAMED there on my slide, it's not a solution that last pass offer.
And, but with SSO, MFA and EPM, you can cover between 90 and 95% of your organization's requirements for access and protection. And so why is last pass talking about this? So many of you may have heard or may use LastPass personally in your own life to manage your own passwords and manage access to systems. We have the last pass enterprise service and, you know, that's used, as I said earlier on by over 61,000 businesses globally, and it's probably one of the best kept secrets out there because we are keeping the secrets safe of many businesses globally.
We're keeping the usernames and passwords secure with our zero knowledge system. And so in July of 2019, we added a couple of additional features and offerings into our portfolio. And so on top of password management, we also added single sign on. And so now we can, we have single sign on capability for over 1200 applications.
Then we added last pass MFA at the same time, which is our biometric based and adaptive MFA offer with policies in the background, such as geofencing and restrictions around time of day access day of week access, etcetera.
And they can be all grouped by different teams or different day working functions. So when you bundle the SSO, the MFA and the enterprise password management M together, you have one unified platform for security, knowing that you can provide these different services to the market. We commissioned MBO to do some global research for us and the stats I'm gonna share with you here on this slide are recut for E E a purposes to, to share with you today. And so when we asked the, the E E a cohort, you know, where have you invested or where you plan to invest?
We could see there that MFA is where, where is out in front, sorry, at 89% followed by EPM SSO and path in terms of having deployed this, how successful, how the solutions been.
We see that MFA is up there 99%. And so that's all about using, using the technology that people are comfortable with to the benefit of the business.
So asking people to validate who they are by sharing a biometric, either their fingerprint or their voice or their facial recognition is something that's second nature to a lot of people now, anyway, because they're using them services either to unlock their phone or access applications online. And so that's why the, the adoption of them has been very successful, but we believe that identity access management can add a value beyond just saying that it's a security function to, to keep the identity of the individuals secure.
And therefore by association reducing the risk profile of the business, we believe that it has broader implications and, and wider implications, and therefore security team should harness this to position themselves of business enablers.
So we released a report earlier in this, in the year here, and we looked at a couple of different areas. So we looked at the limitations that the security workforce are, are, are experience. We looked at how involved they are in security, sorry, in different business initiatives, from a security team perspective.
And we also looked then at the priorities of the business and how we could amalgamate all of them, different challenges to see where the opportunity was that the security leaders could turn these challenges into opportunities to become more center to the business. And so what we see here is that security teams are busy with maintenance, busy with trying to balance security and productivity, busy competing with cloud and shadow it like we mentioned earlier on. And all of them things are eating up the time to stop them from focusing on more strategic and value, add things.
Speaking of things, that security teams should be involved in at a European level. We see that only 40% of security teams are only involved in 40% of new business initiatives, which leaves a huge 60 of business initiatives that security are either brought into live or not brought into at all.
Similarly, when we look at Germany, we see 1% improvement in terms of their involvement from the start, there's still a huge 59% of initiatives that are happening, but security are not brought into. So while they're limited in terms of the workforce, in what they're able to do, they're only involved in, in the German perspective. They're only involved in 41% of the new initiatives that are happening. So there's a huge blind spot there for security. When we look at the priorities of the business, we see identity is a security priority. It ranks here in number four.
Now remember this slide because I'm gonna revisit this in a couple of moments, but we do see that security teams are challenged with the workforce limitations. They're not always involved in all of the business initiatives. They should be. And from a business perspective, managing users' identities and access is a key priority for the business as well.
So knowing all that things, as I said, how do you take all that challenges and struggles and tensions and look for the opportunity that's in them.
And so here, I'm showing you the, the five opportunities and that our report found that security leaders can take advantage of to position themselves as enablers for corporate strategies. In a few weeks time, I'm gonna be having another webinar with copy and call. I'm one of their Analyst where I'm gonna present more detail around these five drivers. So keep an eye out for that invitation. And it would be great if you could join me and we can, I can share more details, insight on these five drivers and also some em, E a stats and also some German market specific stats as well.
So just going through the five drivers here, very briefly, you see one is user experience.
Obviously everybody wants to a keen user experience and a crisp user experience, and that's never been more important than today when we find ourselves in the, in, in the COVID world. And so if you want people to do the right thing, even when nobody's watching you need the user experience to be very slick, number two, we have managing identity at digital scale to enable digital transformation. Very important.
Again, given where we are today, everything's gonna become more decentralized, not managed and secure in the office. And so being able to address that new security perimeter is gonna be key in third place. I'm gonna talk about propagating compliance without sacrificing usability in my next slide, number four, we've integrated identity support, operational excellence.
And this is one of the areas that I'll dig deep into it, copying a call on my next webinar, where we look at how this can help retain staff reduce cost, and also position security as a real driver for change and innovation within the business business leaders will take note of, and then last but not least, we have managing enterprise risk through trusted identity. And this is really about being in lockstep with the board and managing and supporting risk optimization.
So, as I said, let's look at regulatory compliance is a requirement. It is not an option as it says there on slide. And so there remains the opportunity for security teams demonstrate added value through good practice.
You know, we all know that regulatory noncompliance can risk significant damage to brand and German businesses. As we seen in previous few slides, rank rank compliance as a number one security priority top of that, any regulatory finds that may be Levi for non-compliance can have a, a significant impact over the lifetime of the business.
You know, a quick search online will show that many of the businesses that have suffered data breach are still feeling the impact of fallout, customer trust and ecosystem trust and supply chain trust is very, very hard to replace. And so it's better to avoid that than, than try to try to regain the trust of, of them people within your ecosystem and their customers as well.
So we would say that, you know, organizations need to take a more concerted approach towards identity management.
So, you know, again, back to the unified platform theory, and back to the unified platform offering, if you have enterprise password management, single sign on a multifactor authentication, you really are managing how people access, but also have the authenticated validates who they are cloud services in terms of IAM cloud services and ID a identity as a service offerings have grown hugely in Europe in 20 19 20 19 cloud based services grew cloud based ID a or IAM services grew by just over 20%. And in the same time period, on-prem grew by just under 3%.
So we're seeing that organizations now are starting to build more value from leveraging cloud security providers that have cloud that have security and identity management at their core. And it's a core competency for them.
And it's, it's, it's easier and more effective for a business to take that on as a service.
So I did mention keeping, remembering what this slide is, right? So as you've seen in the five drivers, a couple of slides ago, all the different areas where security can add value. And so while security is a priority and it's number four here for across, across Germany, we see that actually managing users' identities and access kinda a significant impact across all of these priorities, right?
From top to bottom there, compliances, I discussed IOT security, security culture, and awareness is a huge priority for organizations to now believe that they need to educate and bring people on the journey with them and turn every person in the business into a security advantage, managing identities, as we've already said, as I said, from our next company or call webinar, we're gonna look into more closely at the rationalization of security tools and the value that can bring the automation of security processes.
So people are saving time and adding value elsewhere around the business, and then operational technology, policy management and cloud security impacts by the AAM can impact all of these in a really cohesive manner and demonstrates real value to the business. So finishing up, knowing where the challenges are now, knowing where the limitations of your workforce are, knowing how to turn all of that into an opportunity, knowing that you, the five drivers to have structure that opportunity. Now you need to be prepared to work with the business and the board.
And so, you know, security leaders really need to up their game and improve their profile across the business so that they can be seen as delivering this senior approval in terms of security offerings into the business. But even more importantly, they need to demystify the security values. We need to demystify cybersecurity, the need to demystify the data breaches and data hacks, and in doing so, they'll show that there is nothing to be afraid of by being secure online, and that everybody can do it.
And in doing that, they will translate a really technical area into a more business focused area in terms of the language that they use with the board. And that's really, really important. Being able to translate the technical piece and how it relates and impacts in the business can be a huge, critical factor in the success of how security leaders are perceived. So thanks very much for your attention during my presentation.
My details are there, Barry mcmahan.com, please feel free to reach out to me with any questions or queries, or if you want copies of my, the report that I've spoke about today. There's my LinkedIn profile.
As always, you can get the most up to date, material and insights from our last com website. I look forward to openly presenting to you in the future.
As I say, any questions, please reach out your.
