All right, let's start from the name pronunciation of the company. It's yams. So it's not I am once. The reason for that is I combined my two passions, identity and access management and the Ramones.
Okay, so what this is not just the name, the Ramones, for those of you that are all like me, came to the punk music and revitalize rock and roll, making it faster, lighter and simpler. So when I thought about the name of my new company, well I said, well why not You use a combined name and then I use gaba. gaba. That is one of the titles of the Ramone song. I think you are approving that.
Alright, so, so what are the problems of today? Identity governance. I think I'm talking something that most of you have experienced. So first of all, all the business users are lost in translation.
They don't really get this entitlement roles catalog. That's effect, okay? There is a huge dissatisfaction. The second piece is role management cost a fortune.
And if you think what role management is is nothing more than translational layer, you know, we'll talk about today how large language model, and I promise I won't use the word ai, I'm gonna use the word large language model, are simplifying that translation and reasoning process. Last but not least, there is a bunch of paper that stays on paper. Organizational chart policy. They're just sitting there taking dust. And last but not least, the identity silos is still a silos.
There is a lot of value that we could exchange, but there is also a lot of value in security signals that if part of the identity data model could be useful for making decisions. Now let's look at the root cause of the problem, at least in our way of seeing it.
You have a bunch of very useful and rich set of information in natural language, which are manuals of applications, especially those custom built risk policy, separation of duty policy and other risk definition, job description and org chart.
What edge department is doing and and least privileged policies, they typically have a separate document. Now what we do today is we go into this massive exercise of building a role catalog, role management. Then you know the bottom line is a hundred percent of the role management, which is a huge effort, goes to a developer. 7% at best of information which is sitting in natural language document is understood by the developer that puts into an IGA system too fast. So the bottom line is I came up with this number, the TCO per user, it's anything in between 200 and $300 per year.
Everything included, okay? Software operation or whatever.
So now I want to talk to you a bit about what I see as these gr the ingredients. First and foremost, large language models. Beside the hype there is a massive capability of leveraging two things, the ability to interact in natural language, but that's obvious. It'll be obvious in six months. The other part is the reasoning or your unstructured natural language knowledge. There are other two or other one disrupting ingredient, which is another subdomain of AI or deep learning, which is called TGN Temporal graph network.
These are very good in making prediction on a time evolving graph. And identity is a graph. So graph as a database but also graph as a model for understanding and doing prediction longer run. So the way we see, and that's how we build a company identity and access governance tomorrow and I deliberately used the old term identity and access governance.
I loved it. So you will get hundred percent of the information which is sitting in your natural language. Documents can can be reviewed by auditors without having to interpret how the code has been built.
They will get a hundred percent into the tool. You will kill role management and I'm exaggerating here.
Also, the role of developer will be killed and the overall idea is that TCO will be dramatically lower. It won't be zero, it'll be dramatically over. Alright? So we built a company that we gave it a name just to give it a name. We call it generative identity. It's just a new way of defining what we do. So our platform, we are a new company, okay? We came out of the market three months ago after several months of stealth. It does a number of things. Let's start from the right and go to the left.
Some of my friends, I'm saying people think the other way around, but it doesn't matter.
So first and foremost you need to liberate on-prem data that are sitting in on-prem GA or on-prem other database. You need to put them into our identity graph, which enriches events and information. For example, time, a lot of the IGA platform adjusted a snapshot of today or what it should be. They need to have a time progression on how things were in terms of entitlement month ago. And then you need to reason today I don't have the time to get into detail how we built our identity brain, which is basically an expert into the identity word.
You can instruct things and I will give you an example of we mean by instruction. Instruction. It's accomplished through what Basically market calls and identity retrieval, augmented generative system and then the left part is the most important.
It's the way you interact with the system. So we built an enterprise chatbot where people can ask question about the identity data that have been liberated with the additional attributes. We gave it an Italian name, the company's Italian, I'm Italian. So instead of calling it co-pilot, we came up with the concierge name. So aim.
So this is just the front end, okay? It's the way that you as a company can configure. Who's the policy editor, who's the company admin who can delegate user end of the day it's like a co-pilot, but I hate the term. So we came up with something similar and fancier. Now I just want to give you two examples and by the way, these are in the demo system. So if you want to give it a try, you can register and you can give it a try. This is the least privileged policy for a pri for a finance department on our fictional demo data.
It's nothing more than the description that says this is a list privileged policies for the finance department. You have to do this and that. These are the roles and these are the permission that are part of the approved perimeter. So can you imagine just doing configuration in this way? And then these are what we call instructions. So each company can instruct the system with their own policy and they survive. They are limited into your company sandbox. Now this is an instruction which is written by a policy editor.
Now when you are a user that is retrieving permission of a given user, well you might say gimme the permission that was the part above of the chatbot and then you say list the permission that do not comply with the least privileged policy and the system reasons of that. There is no magic here, okay? This system is as good as you are good in writing the policies in something that the larger language model can understand.
Today we use a combination of open ai, GPT-4, O 3.5 for C, for cipher generation and Mr Large for the reasoning on the bay, on the way, on the way back after retrieving the data. So to make things simple, there is a lot to be done in the backend. So this end result is something that you can give it a trial itself. So if you go on I yas, okay, not I am ones.cloud, you can register and we will be approving you as and you can play with the system with fictional data. Now the benefits, I think they're obvious starting from the upper left side.
I mean you just talked to the system in your natural language, English, German, Italian, who care, the system automatically moves among language. You can write the policy in English and be reason upon in any language. We don't do it.
It's the power of this new ingredient, which believe me is gonna disrupt many industry, not just ours. But why is ours so relevant? Because there is a lot of translation and that's what the ingredient is good about. Well we say kill the roll, we say now your your paper as life, use them as they are.
And finally you can also use the system for example, to understand other things, other attributes that we can pour into the identity graph. Why are we doing it? And I'm going getting close to the end. So we have seen a first age 20 years ago we tried to address the problem, I call it the Elda page. We are today, still today in the governance age where it's compliance driven, but the UI is bloody complex. We all know it. And the reasoning is code and the policies are just on paper.
So the reason why we, I say we, it's not just myself, it's a bunch of people. Some of them are in the room too.
We're doing this because we believe there is gonna be a technology refresh with many more capability as a result of what you have seen so far. Where the UI is just a chat bot, forget about multi-language, multi something. It's obvious and the reasoning is done with large language model, with the benefit of everything. You configure it in natural language and the paper becomes reality. Who's the next leader? I don't know.
Let's see, a few years from now, thank you very much. That's my, these are my con Am I on time?
Yeah,
Very, very well. Thank you. Very well on time.
We have, we have a bit of time for for questions. So any questions from the audience here? Come on. What's your favorite Ramone song? What's your favorite Ramone song?
Well, I want be sedated.
Okay, I I I have one question to you Andrea. So why should we trust the AI in depth doing the things right?
Well no, no, you're right. You shouldn't trust large language model sucks if you don't tune them. So there's no magic here. Anybody of you can write a, you know, use a generator of a chat bot, do inquiry on API on on open AI or Mistral and you know, the first five minutes you might think it's magic. It's not magic. There is a lot of tuning evil details and you know, the guys we have on the team are 22 years old. If you take a developer like my age, I mean this need to tune the system in the way reason, it's outside of these boundaries of predictability.
So today there are certain domains you really can trust. ai for example, our ability to generate the query in cipher for retrieving the data out of your private tenant database. It's super solid, but it's been fine tuned. The reasoning on the policy is something that always requires a bit of extensions, but keep in mind it's something that reasoning is not available today in the product. So it's something that is starting today and is gonna change a lot in the future.
Okay, thank you. Any other questions?
No, then thank you very much again and most welcome.
Thank you. All your insights on Im ones Yams.
Yams. I know.
