KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
So, first of all, the topic of my presentation is the same as the title of this event, because I thought it's really interesting to look at this topic, enterprise identity, success from different angles. And that's why I just hijacked the topic and added my take to maybe add some additional aspects to that. When we talk about the three fundamentals of enterprise identity success, we are talking mainly about IAM identity and access management about access governance and privileged access management. So I will leave them aside and will have a look at other aspects here.
So, first of all, I want to start with a look at the digital trans digital transformation. So why are we thinking that identity is gaining importance and that identity to access management and access governance and privileged access is so important. And I think that is a good starting point. If we look at these circles of change, we've entitled them. So if we move from the insight to the outside, we have very different aspects. We have to think of and where time and time again, identity come into play as well.
So if we start with the external drivers, we are more and more driven by external factors that we cannot really influence, but that we have to deal with and or that we want to have. And I want to just have a quick overview here. So we have, of course, a changing competitive landscape. There are more and more new competitors coming up in the market that are in the same sector as we are. So we have to be alert. We have to be really agile at that point already. That means that our partnerships are changing and they are dynamically changing. And that also involves the supply chains.
So we are really dealing with many partners and the number of them and which they are at the time they are changing. We do that to enable rapid innovation. So we want to be sure that we are faster than the others, of course, and that we have products that are relevant to the market. On the other hand, we have ongoing ever increasing attacks. So cybersecurity is a highly important issue, and we need to make sure that we do not fall victim here at the same time, regulations are changing and getting more mainly. So we have to make sure that we keep compliant to the regulations.
We have more and more devices. We have more and more connectivity that comes into play here. And one really important factor is, and that is also involving the consumer customer organization relationship is that we are moving more and more from a product to service approach. So we do not buy DVDs anymore.
We, we make a, we subscribe to Netflix and or any other streaming service. So this is really a good example for the change that we're going through and all this means we need to have a good grip on identities. If we move one step, step further, the organizational key capabilities that are required for this digital transformation. These are three.
And I, I, I assume they are far from complete, but really important is agility. We need to make sure that in this era of digital transformation, we are agile enough to fulfill everything that we heard before in the, in the green circle. But we also need to make sure that we have the organization of flexibility to allow for this agility. So that is really an important point here. So that organizations also need to change and change always circles around innovativeness. Where do we change? These are the key areas of change.
And again, just three examples. There's much more that we could think of. And maybe all attendees are currently hopefully thinking about the areas of change that they need to look at. Smart manufacturing is of importance. So the changing supply chain I've mentioned that already. So really to be in a position to have yes, smart manufacturing to be just in time when it comes to production. Customer interaction of course, is of big importance.
So important that we even have Casey life events about consumer identity and access management and the internet of things, all these devices in the smart home sensors on our body, these are more and more important. And as we get to the key enabling technologies for this digital transformation identity is on the top. Of course. So understanding the identity of all involved parties is of high importance here.
Of course, we need to think of technologies like big data. We need to think of technologies like cognitive algorithms, AI, or better machine learning. So everything then enables us in pro providing services as part of the digital transformation, robotics, blockchain sometimes already laughed it, but it's really a big, important building block as well.
And again, the sensors are technologies that we need to think of and all these aspects that we have on that slide. That is my starting point for identifying my three fundamentals that I think are important. You can contradict, you can add others, but these are the ones that are important for me, but what's, that's what does this digital transformation mean for an organization? It means change and it means many things, more, many aspects more. So first of all, we have much more users. And I think that is true for many organizations.
We have, of course still our employees. We still have maybe some externals, but we have more and more partners, hopefully more and more customers and consumers. We have more systems and devices. So we need to make sure that we scale up to the level of IAM that we need to have. We have more services because we use more services and we provide more services. So we extend our own it by using software as a service from the cloud as a platform, and we provide services to externals. So we need to manage their access and our access to these.
And from these services, we have more data and that is really of importance because data needs to be protected adequately depending on the type of data that we talk of. So employee data context, data, what is, what is the current situation customer data, of course, hopefully our own intellectual property, highly important and needs to be protected, even more financial data, but there's also shared data that needs to be made available in the end, we have more responsibilities and that means you have to maintain security and trust.
That is all of the aspect of, and privacy, the principle of least privilege to make sure that nobody has more access rights than they should have independent of which type ID of identity that is segregation of duties governance. And in the end, also the obligation to provide evidence, the necessary certifications and much more. That all means that we need to have had to, that. We need to cope with this more regarding the users, the services, the data, and the responsibilities. And that leads me to my three fundamentals for IAM. First of all, drum role fundamental one, all identities.
I think that is of really high importance because enterprise identity and the success for that means that we should consider all identities in the unified concept. And if we look at these five pillars that we have here, they cover mainly the development over time, how we changed identity management or in the, in the beginning, even just user management.
So, but, but over time, this grew and the identity moved center stage more and more. As of today, we are now looking at identities that are even no longer managed by ourselves, but are provided by trusted partners through Federation. We have non-personal identities. We need to think of our customers in a more holistic ways. When it comes to shared KYC, know your customer approaches, we need to make sure that we tie this all together. That does not mean that we put all identities just in one single system, one large database.
And there they are know that does not mean that that is not what I mean. It means that we understand them in the unified concept. We keep them restore them, where they are, where it makes sense for them, but we correlate them. We understand them in the right way and all these aspects are important. So first fundamental, all identities, second fundamental architecture. This is something that Martin in our very first life event presented Martin Kuppinger. But this is really something that I consider key.
If I want to achieve what I've shown in the first fundamental, I need to have the right architecture to achieve this. So I need to tie all the identities that I'm working with. And this is just a small selection of those that I'm looking at. I need to tie all identities to the systems where they should have access to. So everybody on the left hand side should have access to a system on the right hand side. And they do that with their own identity, which they bring with them. That might be a traditional enterprise employee, somewhere in an active directory or in a, in a traditional IAM system.
That might be a partner who's federated, who, who comes with his identity through an identity API platform, or it's a customer with a variety of different identities. And they need to be connected to the target systems through the channels that make sense there, there, so web single sign on APIs when it comes to legacy app, outbound Federation and APIs, when it comes to using federated or cloud and in the middle, there needs to be the right architecture. And that is what we entitle it as an identity fabric.
If you're interested, there's much about that on our website, but it's not the core topic of today. So we combine access management and IGA administration in governance together with all the framework that is required when it comes to privacy content and much more. And this system, this architecture needs to be designed in a way that it fulfills the challenges that I just mentioned before. And if you come to my fundamental, I think that is a very important thing.
And I hope, I hope you guess it, because if we want to tie all these services together, we have to go in a way that we make access between all the components that we've just seen. So the, the glue between the identities to the left hand on the last slide and the services to the right hand side is APIs.
And this is of this is gaining more and more importance to achieve what I just described before, when it comes to digital transformation for achieving what we've seen in the first slide about digital transformation and to connect every system that we have together and to connect all identities together. So if we quickly go through it, first of all, APIs are the tool, the mechanism to be scalable and versatile. And that is of importance.
And especially when we look at standardization because APIs need to be standardized, that we can make sure that we get access from each service to each service from each user to each implemented applications. So APIs enable interoperability and therefore we require basic technical standards. So API is one important aspect when we need to look at a comprehensive and scalable and, and durable I am system. So this enterprise identity success that we are aiming for the second APIs, the second point that APIs are really important for is they serve as this digital glue.
So they make sure that we are also scalable enough. So if we want to extend our services, either just by adding more performance, by adding more scalability, the APIs serve as the missing link between the services. And this is true also when we add additional services. So we make sure that we have APIs as the means for scalability, especially in hybrid environments. And this is the true, the truth for many organizations, as of now extensibility and adaptability.
We we've seen the, the picture of the identity fabric and that, of course, isn't architecture that is designed to be capable of growing. So it is really of importance that we can add functionality that we can scale up individual functionality, and that we also can retire and replace our architecture over time.
So if we use APIs as the tool for connecting all the building blocks of an identity and access management, including Pam and including IAM and AGI IGA, sorry, then this is also the way to go when we want to scale up when we want to replace, when we want to add that next big, shiny service that all employees want to use to the service when it comes to authentication and authorization, finally, APIs are important for security and connectivity because API on the one hand makes the connection has a standard makes this, this digital pipe between two services, but on the other hand, it needs to be done well and done well means secure and secure means in the ideal world and to end secure so that there is no way to get into the system to intercept, to get data.
And API management capabilities are highly of importance. There are specialized tools, tools. There are API management platforms in the cloud and on premises, but we need to make sure that APIs are designed in a way that they can ensure the required levels of protection. And on the other hand, provide well defined services to all kinds of consumers and consumers here meant not as the customer, the consumer, but as a consumer of services. And that's already almost the end of my presentation. I just want to sum it up.
We want to have, first of all, all identities, not in one system, but in one overarching concept, or to be more precise in one overarching architecture that is already the second fundamental that I want to put the focus on. So we need to move.
Even if we have an IAM architecture already in place, we need to move towards an architecture design that serves as a foundation for that, so that we can define and continually, continuously update our architecture for these three main building blocks that we want to talk about today for IAM access governance and privileged access management, and much more, many services will build upon that.
So we have all identities in one architecture and APIs as the glue that puts things together together so that we understand enterprise identity as a set of services, exposed to a variety of consuming services, applications, and infrastructures. And if we design an IM a Pam at an access governance solution in that manner, we get to what we want to achieve. We get to an enabler for digital, digital business, and much more. We can also think of governmental organizations in the same way, but we need to make sure that we are service oriented, secure, adaptable, and standardized.
