KuppingerCole Webinar recording
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
KuppingerCole Webinar recording
KuppingerCole Webinar recording
Good afternoon, ladies and gentleman, welcome to our Ko, a cold webinar time to reviewing that's your current IM still suit your needs, identity access management, and the access elements done right for today in the future. My name is Martin Kuppinger I'm founder and principal Analyst of a coat.
And together with me, the webinar today, the presentations will be done by Marco wink, vice president enablement, of course, ideas, course ideas supporting this webinar, and we will do two presentations then, and afterwards, Q and a, before we start some information on copy a call and some housekeeping information could be a call Analyst company we're providing enterprise it research provides for services, decision, support, networking for it professionals through our research services.
So product reports when reports, our leadership, which compares vendors and products in particular market segment, and a lot of our types of research through advisory services, where we provide vendor neutral support in information security in all the areas we're covering. So identity access management, cloud security, cloud service, provider selection, other areas of information security ones aside of the webinars, or mainly when the European identity in cloud conference, which will be held again next year, May 13th 16th in Munich.
It's that conference on this topic and it's the conference you definitely should not miss. So plan for meeting with us and at just you there some guidelines for the webinar. Yeah. I'm muted centrally. So you don't have to mute around mute yourself. We are controlling these features. We will record the webinar and the recording will be available later tomorrow to enable be at the end. But you can end the questions at any time using the questions, featuring the go to webinar control panel, which we will find the right side of your screen.
Usually it's a good idea to end the questions during the webinar so that we have a good list of questions available after two presentations, the agenda for today, I will talk about assessing the maturity of I I G programs and where to move from here. So I have a giving a quick look on what does it mean I am I maturity, which is clearly sort of a moving target and where to move from here. So looking at some of the challenges organizations are facing some of the topics they have to deal with in the upcoming in the next year.
So I am always sort of a programum that a broad, and I think you should understand it as some evolutionary thing with new challenges popping up. And the second part, then Martin annuity, of course, ideas. We'll talk about how course the ideas as a vendor that has not been in the game 10 years ago, addresses I am IHG challenges. So then as I said, we have the U session. So I want to start with, with slide. Several of you might have seen before. It's sort of my standard slide these days.
It's about the computing cloud computing, mobile computing, social computing and news scope of information security. And I think this is one of the biggest challenges for IH I, so, so when look at many of the DM programs, which oops, many of the IM IG programs from the last time, then one of the, one of the, of the recent years, and one of the challenges clearly is that many of them really focused only on the employees. They focus on premise it and very traditional it today. Things are changing.
You have to control identities and access to cloud services from users using various devices and from an increasing number of user populations. So things are becoming more complex. And I think this is really one of the biggest challenges today. So we can't do, I, I only in a traditional little sense anymore for our on-premise it, our employees, our business partners, we have to do it on a far larger scale virtually any organization. And this aligns well with today's business challenges.
So we have these challenges of globalization, the challenge of our competitive landscape, which is changing continuously the need for grows. We have two, the need to increase earnings, the hunt for talent, and we have occasional challenges, such economic Turmo and change in regulations. And to address this, there are some success factors for organizations and one of these success factors is the extended enterprise.
So when we think about globalization, when we think about the overall change we are facing, then the clear challenge is that we have to deal with, as I said before, with far more uses than everywhere before, with a far more complex environment, I think this is one, one of the things we really have to, to, to think about. And then the other things at Tru organizations are, are, are asking for new business brokers, business partners, being set up very quickly. They are asking for onboarding of customers, cetera, cetera. We have to react on this.
We have to support a collaboration communication with external parties, and we have to do all these things compliant and we have to keep cost savings in mind. So there are various factors in all of them affect somewhere another what we are doing in IM and I. So what we really have to do is we have to support as an it in February, we have to support this new ABC, the business connected. So agile businesses, which connect with all the others out there, businesses have to be agile and they have to connect.
Whether you call it open enterprise or connected enterprise or extended enterprise, it doesn't really matter. But actually is about business models, business processes, communications, channels, organizations, it, applications, apps, et cetera. Things are changing far more quickly than ever before. And we have to connect to far more groups of people than ever before. And a lot of these things, there are many other things in there, but a lot of these things are about our entity. So whom are we dealing with and access, how do we manage their access to our on-premise and our cloud services?
This is sort of the overall changing landscape we are, we are facing here. And that means we have to think about how mature our, our program.
So we, it could be a call. We have various types of, of maturity assessments. In this case, it's more cloud services have the same thing for identity access management. It's a standard approach. We are using to compare the current status of a particular part of it, especially around information security, what we expect from very mature organizations, what we see as best of glass, what we see as good and glass, what we see as current average. So I think it's very important from time to time to step back and say, okay, where are we? How good are we? What is our current status?
How do we compare for instance, with good in class? Where are we good enough? Where do we have gaps? And this is one of the things which are from my perspective, very important, especially in these days of a fundamental change of this computing stuff, where we have to deal with a fundamental different ecosystem and environment. So this is one of the things, and as I've said, we have various types of maturity levels define. So it's a rough, I would say it's a rough alignment with the CMM model.
We do it a little bit different very specifically, but focus on, on what do you have to do from our perspective to be at a really good level where you trust need to optimize, or where you at level where it's trust. Purely, if you look at level to purely administrative stuff, but you don't need really with the, the business and the audit focus, you don't, you haven't yet integrated the stuff. So we have various methodologies. And as I've said, I think it's a very important thing to step back, because like I've said, things are changing and there are clearly various ways to do this.
So there are things you can use internally, such as KPIs and Ks, always a good idea from my perspective, to have some KPIs and Ks define, because it also helps you proving your brokers. You're making you have, the audits are happening.
Anyway, you have to look at a trends and key topics. So what are the big changes you have to review your strategy and roadmap and what I think also external benchmarking is a good thing to do. So this is sort of moving forward. And when we look at the big picture of IM I, it's far more than just identity life cycle management. So the identity provisioning stuff on the upper left edge and access governance on the upper right edge. We have a lot of more components there. Some of you will have, or should it have such as directory services.
Some are probably more, a little bit towards the future, such as dynamic authorization management and others are things where, where the market is changing. So we have to invest in Federation to deal with our, with the extended enterprise. We have to think about risk and context based authentication authorization to deal with the mobile users, their access to limit access and various situations, cetera, et cetera. So things are, are, are changing. And when I look at, I am IG programs of organizations, I frequently see that they, they don't have a, have a full big picture in mind.
You don't have to have everything in place, but you should have an understanding of where to move from where you are and what are the things. And then when something new pops up, you should have an understanding, okay, this fits in here, this fits in there so that you know how you will end up with a consistent approach over time instead of a lot of points or, and things are clearly going beyond provisioning. So we have to look at not only our employees, we have to look at all users. We have to manage the complete identity life cycle, not only the onboarding stuff, complete access life cycle.
So not only granting access, but also revoking access. We have to implement continuous and periodic reviews. Now this requires more technologies. So identity provisioning goes hand in hand. If you just look at the core stuff, this access governance, which user activity monitoring this privilege management. So privilege management dealing with the shared account stuff, etcetera. So this is really what is happening here since I'm going forward since are getting more complex, and this is a changing landscape. And that means I am IHG, is this more than when we go back some years?
So when I started with all that stuff, I started back in the old land manager days and the network three X days there, it was sort of a, you have a network operating system where you have a directory, which wasn't really a directory in these days. And then we saw saw more directory services, and then we saw media directory services, and then we saw identity provisioning. Then we added re-certification called it access governance. And this is just sort of a continuous evolution. Things are moving forward step by step by step.
And we have to understand that things which have been perfect 10 years ago might not be insufficient anymore today. So step back, review it and think about where are things moving. And as I said, the biggest influence influence currently to you is from this ABC stuff, agile business connected, and from the entire computing cloud, mobile social, how to deal with this, it's really what is changing our ecosystem.
And so we, we have to move forward. Things are, are, are emerging. And on the other hand, that's something we shouldn't underestimate. On the other hand, we still have to do our homework. And I think this is the, the other side of things. So we can't trust go out and kill what we've done and re invent everything.
No, we have to, to find a way of Microsoft many years ago at a claim which was embrace and extend. And I think this embracing an extent that really is what we should keep in mind. So how can we build on what we have save our investment perfectly serve to our internal it, which still will exist. Most of the organizations will be high for many, many years and add things we need. So for many organizations, it means just moving from classic light anti provisioning to a broader view, which includes other areas. And then it might mean how do I deal with this extended world, this, all this stuff.
And sometimes it's also really looking at the more simple things. This is a picture, which is which I frequently use, which shows more, more, more some of the basic challenges when we think about the, the basic stuff of doing things, right? And then moving forward. So as I've said, traditionally, we started this directory services. We had admitted directories. And then we brought in this identity provisioning stuff and then access governance came into play.
And, and we have to understand, still understand here, what place, which level. So it's, it's that you have your access evidence at the higher level, which means that's where we control things, where we do analytics re-certification that works with the identity provisioning. And then we have down there, the systems, which we still manage separately, we have to understand what happens, where this is also one of the things we, we need to understand.
So, so not just throwing a tool, but also understanding which problem solved by which of these tools. So we will need some system level management tools for ID, maybe for SAP. We need the access governance capabilities at a higher level. We need to fulfillment at the lower level and we need to do it in a good and well integrated way. And when we trust, look at this cosing of access governance trust to, to show you on one example, how I am.
And I, so at anti access management governance, I'm moving forward. These are just some nine areas I've identified where we will see that, where we need to see change in something which is somewhere considered mature, where we need to see change. So we need more analytical capabilities. We need to support unstructured data. So who is has access to which files and fast server who can share data there.
Cetera, we have to sub dynamic authorization management. So the capability to manage dynamic authorization and the underlying set of business rules integrated with privilege management enterprise, it see integration, assignment management, improve transports user activity monitoring, including cloud access governance. So there are some other things we have to do. There's this really sort of a broad range of things to do.
And the other thing which, which really is changing things is really that we have also to think about how does our internal platform related to the things we need to do in the cloud. So an increasingly common concept I see here is that we have our internal IM and IG platform, which is built for our business partners and for, for some of the business partners and our internal uses, which manages the access to some web applications and the non web applications. And then we have business partners and customers, and we then rely, start relying on cloud IM platform.
We federated, or we have a tion, whatever we do here. And we manage access to the cloud service on one hand, but also access of these externals to web applications, maybe in some cases, even to other type of applications, but mainly it's sort of then going to the web application. So such cloud I platforms, which we see appearing in the market, an increasing number and an increasing number. These might include directory services that typically always include identity Federation, some access management capabilities cost grantedly saying, okay, you're large access is cloud service.
And that some was cloud segment on capabilities. Sometimes also more fine train access management capabilities, where you can build services, the, the task for authorization, it could cause include sation, social login logins, plus the configuration of the usage journey itself. So what happens when a user wants to Richard, when he wants to access more sensitive information, doesn't need a startup indication, cetera, etcetera. So these are things which are, are really becoming more and more important. And they also might include features to you to better deal with PII and privacy.
So personally identifiable information and in general, the topic of privacy, for instance, by implementing minimal disclosure. So this is where, where then for instance, such a platform might provide to blood service to relying party or service provider. However you want to call it all the information that the person is old enough to buy a beer, instead of saying, okay, today the birth date of this person is whatever levels, November 11th, 9,086 or whatever. So this is really where, where things are moving.
And, and what we overall see is that traditional, I, I E will not cover all of our needs. We will have to move forward both in both areas. So we will have to move forward with our traditional internal I, I E platforms to better support the new challenges, to better support us, access governance through the right things at the right level to enable business cetera, cetera. And that's what market will cover more in depth. And we also have to extend that to the cloud. So we have to move forward.
And we, that means we have to understand where we are, how much we are, cetera. That's something by the way, where could be a coal might support you and the maturity cetera. So that's it from my side right now, mark will do the second part of the presentation. Okay. Thank you.
Marking, thank you all for joining us today. I'm Marco from cross ideas and I had the chance to leave what happened in the anti management market over the last 10 years because of my experiences in multiple companies. So today I'd like to recap for you a few of the stories that I collected over time and then to touch on why is access governance adding to the stack in terms of available access control.
And then I, the evolution from those of you already leveraged, I think, analysis management solution to access governance to possibility, and then will also cover a bit of the diversity of the approaches that the multiple vendors are, are, are dealing with. So while at the very beginning was just about provisioning. Provisioning was the key word was what really happened was about addressing the anti related issues. And that was, was effectively addressed. It was maybe not really addressed at the time.
It was often not in the expectations sometimes was in the expectation, but really maybe sometimes broken expectation related to the access to the access and compliance issues. Well, the, the mantra, the, the DNA of this project was around cost reduction. It was really about that. And it usually implied pretty cost integration of multiple applications and meant to be delivering automated changes, propagation. And this was ultimately focusing primarily on application with the night turnover.
This was automatically happening because of the cost integration, given that it takes quite some time to integrate a new application well, better to focus on those that delivers the highest cost reduction. And that goes with the turnover number.
So if I, if I summarize what are the, the most exemplifying customer story I collected over time that the very first one is around numbers. So the customer was going like, well, the intention was to ate, say 50 application, but well, again, we closed the project after the seven just stayed too long. It is indeed the case that very frequently the integration cost not necessarily just technical, but also from an organizational standpoint, from the content point from the push backs and point from the application owner was kind of preventing the project from moving on.
And so sometimes it just stopped. Another story can be summarized, like, like, like this one.
So the, the project was meant to have a phase one around the technical integration. So that phase two was meant to be around access request management, but unfortunately we never made it to phase two. There are multiple reasons for such a story. One again is around AME of integration so that the customer kind of gets scared around the cost of deploying the technical integration.
So trying to, well not to drop anymore money on the, on the project, but most often was around usability in many solutions at the time, at least a years ago, and still happening sometimes from time to time in some solution, the user interface, which is meant to be delivering access request management capability to business user is far too technical is far too complicate. It requires far too much training to be effectively adopted, and this is kind of preventing the adoption itself.
So, and that well I'm, I'm trying to picturing something very bad here. They're also project that goes nicely and there's been delivering on premise on the promises, but maybe they, they face other issue, which is my story. Number three, which feels like, well, the, to get here, it costs us well, some, some resources and some time, but we are happy about what we have, what we currently lack is the option to move up in the terms of control we deliver just because the vendor we pick is not offering what we're now looking for.
So we have some emerging needs that are not addressed by the solution vendor. And this is pretty much the very frequent case that we see these days. So bottom line, there is a significant number of customer, which I really have an identity management solution that find themself in pretty much the situation they deployed, technical integration, maybe not on the entire it estate, maybe only partially covered and basic provisioning roles.
I will call them meaning automation of rules for joiner movers or deliver, and some simple identity self-service functionality delivered to agree, but that's where they are and what their struggle is. How do I move from here? How do I move up in the set of control that I can, that I should be delivering now, according to my business needs. So summarizing what the evolution is that occurred in the last five, three to five year, I would say, is that the attention onto the technical integration has been, has been decreasing significantly.
Now it's no longer an it talk no longer about synchronizing stuff across different application is rather around. The logical integration is around making readable what you pull out from the application, making it understandable and making it visual and consumable by business users.
So the most frequently path maturity path that we now see from our customer is that the first priority is to, to get one current view, one single point to go to check who can do what if in a way, a Google-like experience where you type a name of an employee, and you can check what this employee's doing inside the company. And this goes with the coverage of the entire it material. Once you have such a thing, the next thing is to is really to remove the appropriate access distribution. And this often lead to the notion of access, the certification campaigns.
That seems to be the most in a way UN fashion, quick win that our customer are asking for. And then once you are clean, the, the very last step is often to manage access requests to stay clean. So interesting enough, what was in the beginning, the, the trigger for identity management solution maybe 10 years ago, which was managing access request is now the last step in the maturity path. So it kind of flipped entirely the priorities.
So, but what are this access control? The access governance introduced, maybe just in a single slide. I tried to recap what sort of things we can add onto an identity management infrastructure with an access governance, with an access governance, full blown solution.
We now in, in cross ideas distinguish between what we call controls and countermeasure. And just to give you a, a very quick summary controls include things like segregation, UT advanced segregation of meaning, not really just role a should not be delivered with role B. This is what you may also find already in identity management solution, but rather more business level description of what segregation of at business process level is. And this is followed by other controls, like the notion of outer roll, outer roll, just drop an example.
Is, is there anybody outside the procurement department that can do purchase or recreation? And the answer needs to be found in the access, right? Distribution, if you have access right, to perform a purchase or recreation into a marketing guy while that that's violation and obvious one other R for instance, out of that changes, this goes with the granularity of the control you wanna implement.
For instance, if you, if you manage application goals, if you add, if you, if you use application rules to deliver access what our, our application role changed over the last weeks, is there anything that I should be aware of is something maybe felt and happening inappropriately around changes in the access right structure? So this is again, another type of control.
Then there are the more traditional well known managing of orphan and service account, meaning those accounts into the various application, which are not really linked to an identity or to a physical identity, but rather to a group identity or to no identity like the orphan. And the final one around threshold threshold is a very broad definition, but to include things like what are the user, which are very different very, really far apart from the other, in terms of what they can do so that they are, let's say interesting to be checked more frequently, just because of their diversity.
This is what pre-sold implies. Anyway, this sort of control are not meant to be deployed at once, but rather integrated way. And they are flanked by what we call counter measure, which are more the end user capability that actually surface to be supporting the control enforcement like notification and reporting mitigation control assignment, the notion of access re certification, which is pretty well known and obviously the approval flow. So this is what you can add on top on the average identity management solution, which is not answered by an identity management solution.
So how do I deploy them? So I, it looks like to do a phase rollout of an access login of an access governance solution.
Well, it's a two for phase approach. It goes with the application integration and degree and with the control categories degrees. So starting with application integration, there are multiple options. There are five grain integration and cost grain integration. It really goes with, with sort of component deploy.
When you, when you think around about original identity management, that pretty often the case, or always the case that is just course grain integration. You just fetch from the system, what is to be assigned to users. But if you want to apply other controls more refined, like the one I described before, for instance, if you want to detect changes in application role, it means that you need to integrate a final grade. You need to integrate also the role constituents into the system.
Another clear example is when you wanna manage segregation of E P that require a ti tight degree of integration, meaning that the, the authorization model of European need to be need to be important. So that's, again, one degree of, of phase that you may have, you may start to cause grain, or may you may go fine grain with some application and then move to fine grain or to move fine grain.
Later on second, the priority is now more on making sure that I add in my, I attribute the control to the entire it infrastructure, to the entire it, to a state rather than to manage the ride back on, on systems. I, most of our customers don't really care about riding back and automating changes. It really goes with being happy with manual fulfillment or sometimes with integrating with existing service tax solutions to have manual fulfillment occurring to operators or auto system already in place. And also the integration is low, is always red only, and he's a very frequently justified based.
So it means it's not real time that doesn't really matter to many customers. They're happy with one every day or every other day, or even sometimes weekly, weekly update of what information in the system, talking of the control category, what really drives the phase approach is the change management impact that they're delivering a solution. Implied. For instance, if I deploy access request, it goes, it request requires the, the, the training to all business users that are supposed to be either creating or approving access request.
And that takes time while for instance, other control and literally no impact at all on business user, apart from receiving a report instance, segregation or violation detection can be delivered to a report and with no no training attached. That's why it's very often the case that before looking at graphical user interface is our customer first concern about what sort of report they can get. They can pull out of the system. Okay. And then later introducing graphical user interface capabilities.
Then what also drives the choice on what is in phase one and what is in phase M is the distinction between preventative and detective control. So detective control means understanding what is the situation like as of today, and starting from there in cleaning up while preventative is really anticipating the option of creating new violations. Okay. So obviously this sort of things has different impact, and that's among the reason why, for instance, access request management often move to later phase rather than being at the beginning as it used to be in identity access management.
So that being said, let's quickly look at the evolution scenario. Ideally, if a customer is going field, so they, if the customer has nothing already deployed, well, obviously that easy to say, we can just deploy an access governance solution like ours. And that goes again with choosing the right mix, of course, grain and try integration and read only a red right integration, depending on what is the project, the project purpose. And then over time, a greater rollout of this tool stack of access control that I briefly introduced before.
That's very easy to say, but reality says that the average starting point is something that looks like this and deployed identity management solution. Most of the time with no access request management running, even if it's in the box is not used and maybe a significant number of application already integrated. And if it's such well, that is not really the case to rip and replace the connector. The connectors are doing their job are probably coming from a very good solution in synchronizing information in and out. So there's no reason to rip and replace them.
So what we need to do is to add, to flank the identity management solution with the access governance solution. We need to keep the connector there where they are and the way they work nicely. And to have the stack of capability, it looks like this where you have a bidirectional integration in between the two systems, and then you take it from there and building the up the greater approach in delivering control that I mentioned before.
Well, sometimes you have customers that really use the access management, the access request management components on the identity management piece. And I suppose the choice should I add additional controls and specifically Google level control from the access governance, meaning with that, that I'm introducing another interface, or should I transition the access request management from the handy management onto the access governance? So keeping it in one single interface only again, there is a big diversity there.
Most of the time, what we see is that the workflow system, the access request management solution in place is again, there to stay user are already trained on that. So it would be extremely costly to retrain them, to make them aware of a new interface. So it's preferable usually to keep it there and maybe whenever possible to leverage the additional control in real time. So that for instance, you can do segregation of duty check still from the original interface of the original systems. Okay.
Again, this is one of the possible scenario. Then there is another thing that deserves attention and then is where the advanced control that I mentioned before need to be deployed.
As I said, identity management often keeps the integration at a pre course screen level while advanced control requires a finer integration level. So this leads to have a double integration sometimes. And this is a situation where some customer may actually be in the transition from one solution to another, or just where they be for where they find themselves because of the kind of control and the kind of interface they want to use.
Well, this is again something that at the multiple times and something that may happen with multiple solution vendors, solution vendors, that again, are not really offering capabilities with their own software, but, and as the customer need to look around, for instance, example, being better systems, Siemens directs, or IBM icing being good example of that. So I would like to close this presentation with a few words on what is our approach at across ideas.
First of all, our, our name itself is representing what we do in terms of bridging capability that usually belongs to the traditional identity access management space and the governance and risk and compliance space. We consider ourself an access and identity access governance player.
But again, the name kind of reflects the nature of introducing things like entitlement management feature along with sod for at the same time in the same solution, which is one of our distinguishing factor. If we want to represent ourself in the play in terms of positioning depicting, what are the most frequently acronyms that you find in describing access control solution?
We do play again in identity management and access governance, and that's why we're an identity access governance player with a unified solution with a single code base that includes natively all the capability that goes under that name. And this is something that I like to reemphasize, especially because some other vendors are more yes. Dealing with the two of them, but in a more, let's say independent way, separate component, separate solution, maybe acquired through over time through acquisition and integrated one.
Another integrated means by definition, that there are multiple pieces around okay, like in this picture. So what if with a cross idea solution we are to build on top of deployed advance management solution, what is the integration going to be like? So let me just give you a couple of examples, talking for instance, on what will we doing, what we do if we build on top of IBM identity manager. Okay. So in this case, this is one of those cases where we have a dedicated connector to make the two system talk.
And what is interesting here is that it's not really cross ideas, that integrate IBM identity manager. ISIM okay for those of you who knows what I'm talking about, but rather the other way around. So that is a, IIM connected to cross ideas, reason being that ISIM is already there to integrate the various application in the company. So why don't, why shouldn't we use the same technology also to integrate cross ideas. And that's why is ly directory integrator connectors that does the job okay. Which is created and supported by cross ideas. Okay.
SIM applies for the NetQ formerly Noel identity manager, again is a cross ideas deliver component, but is it, is that the same? Model's not across integration to NetQ, but rather the other way around is it NetQ identity management connectors that deploys and contribute just like any other one and provide by irrational synchronization. So closing my, my presentation, we believe that identity management solution and especially the investment in connecting application is there to stay.
And there is no reason to get rid of them unless you need fine grain integration in each and every application you are looking at well, is that the case? And you need to redo connectors.
Well, probably that, that open up alternatives in case of need to move up from identity management, well, evaluate mixed environment, friendliness of solution vendor. And when, I mean, friendliness, I mean both on a technology standpoint, but also on a support standpoint, there are multiple approach and available on the market. And finally vendors such as cross ideas, not even build on top of multiple identity management solution.
I mentioned, IBM, I mentioned that AQ, but there are others coming like for response, better system and Siemens direct, which are going to be integrated exactly in the same way. I just mentioned in the next few months, and with that, I turn it back to you Martin. Thank you, Marco. And we are right now starting to enter the Q and a session. So if there are any questions, please enter them now. So if you are free to enter your questions, that we can pick up these questions and, and provide you answers on that. Maybe a question also from my side.
So what, what we see as, as an approach and also a solution to each, some of the challenges organizations are facing as sort of adding an excess governance layer to integrate various provisioning systems they might have in place for torical reasons such as merchant acquisitions or whatever else. Did you also see that or see these challenges and address these challenges in the practice? I'm sorry, I didn't really get the question.
Did you, So, so if you have a customer has more than one provisioning system, one of the situations we we frequently are, are, are seeing as one of the reasons to add a, a layer on top of it. Yeah, indeed.
The, with our customer, which are, well, obviously we're talking big customer, big names here, which are currently using more solution just to better explain what is the scenario like you often find that for instance, the entire SAP state is integrated with, with net river, while other application are integrated with other identity management solutions. So you find already convention of multiple identity system that you need to deal with.
And well, needless to say, that's just, this is not really something that happened very frequently, but yes, it happens. And the approach is pretty much the same. Okay. That I just described. Okay. So the fulfillment bus becomes not just one, but rather a combination of more than one, Maybe to add one when we are talking about these topics.
What I also see is that I think I'm a big believer in that is using ticketing systems or service test, whatever, as one of the layers access governance access request management solution talks was because as you indicated, in some of your, your earliest slides automatically connecting all those, so usually usually failed. And so the approach of connecting the most important, the most critical the most, and the biggest systems on one hand and then using a ticketing system becomes that seems to be the, the increasingly the, sort of the number one choice, what a few perception of that.
Well, I believe that it's interesting that we, you read this question. I mean, we do often just talk around integrating application, meaning target system, where we pull account users and permission, right. But there is indeed a huge attention on how can we leverage existing interfaces already there for services, which already deployed. And that's where service desk things comes, comes in place. Because as I said, historically, NC management solution for instance, has a, as a, at a pretty technical interface, not really appreciated by business. Okay.
So for the same reason, I've seen multiple customers deploying building themselves user interfaces to do a better job or asking system integrator to do that for them now, with access governments, we and other vendors are much more sensitive around usability, but maybe there are already solution out there with deploying the customer. And I can name our various flow that we does a better job. So that's again, something which is rising, absolutely increas in terms of attention.
And that definitely something that we will see more and more in product roadmaps, including ours as something that is going to be delivered ethically by multiple solutions, the ability not to leverage our own go, but rather to leverage existing UA for some of the services that we deliver. Okay.
So, so if anyone else for a question, please enter them. Now, another question I have here is one that was asked to me in my, during my part, the presentation, I think I, I already I've provided an answer. So the questions, where do you see as attribute management? So for example, this, this user old enough to buy a beer. So maybe the answer just yes or no, not the actual age for privacy and reasons. I I've ly think that this is increasingly done more on the cloud. I am side because this is also where we see more, more interaction with the end user.
But we also will see it in standard Federation products, which tend to pick up things like UMMA. So user managed access, etcetera, new upcoming standard. So this is really the area where I expect this to happen, sort of a, a new, and this is, I think this is and using an I am and IG. And I think this it's not fully new, you're talking about for a while, but it, it shows it's, it's not one thing you deploy once and then you are done. It's a journey. It's a program. It takes it's time. Okay.
If there are no first questions, please have a look at our upcoming conference, have a look at our research. We have a lot of research on the, also around the, the vendors and the access governance market is our leadership C etcetera architectures for access governance on things like large service provider selection. We provide maturity assessments, etcetera. So just have a look at it, contact our team. I hope you found this webinar. Interesting. Thank you for your time. Thank you for attending this group. Call webinar.
Hope to have you soon again, as attending one of our upcoming webinars or as participant of our upcoming European identity. Thank you.