Expert Chat Interview Series with Martin Kuppinger
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Expert Chat Interview Series with Martin Kuppinger
Expert Chat Interview Series with Martin Kuppinger
Paul, when I look at what you, you said, it reminds me a little bit of many of the sweet versus best of breed discussions I've seen over the past 20, 25 or even more years. So, so the suites say, okay, I built on that platform, the best of breed.
I say, I go for the best solution for a certain problem. Would you agree? This is a little bit the same, and we could apply the same criteria in making our decisions here.
I, I think so, Martin, I would agree with you. And one, one conversation I was having with a colleague last week on this topic was around that of the SAP world. Something that I know, you know, very well where SAP actually acquired an identity product from Maxwell, I believe quite a long time ago that became their, their identity for their own ecosystem. Right?
So I, I completely agree with you that for some customers, best of breed is going to be critical. And for some other type of customers being not just good enough, but actually they see a whole world of different use cases. And that's in my discussions to our customers and our prospects when we're talking identity, those are the use cases that we often end up focusing on. Not only like the best of breed identity kind of edge cases, but also the additional value of being on the platform back To you in that context, what would you answer to a customer who, who says, okay, I'd like that idea.
I come to the logic and you brought up the logic already of doing it. So in a minute, but the customer I'd say, okay, but if I decide to shift from service now to something else, what does it mean for you? What is your answer in that question?
Yeah, that's the, that's the age old, that's the age old migration question, isn't it. And what it boils down to, and these are some of the scenarios that we find ourselves in. When we're talking to our customers, they may have a, like an old system I'll pick on a vendor that no longer exists, so it's fair, but like they may have a sun Microsystems identity product. Right. And they're like, how can we get from this world to another world?
And I, I guess, yeah, the, the ease of extracting information in a known format, the, the discovery of workflows that are already running. One of the challenges that I've been involved with with a few migration projects, Martin was always, how can we know what this solution is doing? What is the workflow doing? What is information? Is it storing?
And, and what you're saying is at the end of the day, you will run a migration issue everywhere at sometimes sooner or later, there, there are such scenarios. And so, so it doesn't mean if you go for, for best of breed that you don't have that scenario.
And, and you might, my perspective is you might be sometimes be easier able to handle that on a, on a large, very well established platform, because you'll get way more support than, than in, in, in the more proprietary, more exotic tools maybe, but let's look at the positive side of things, because I think we touched a little bit that, that some of the challenges, but from the positive side of things, you brought up this, you called it vendor thing.
And when I look at one of the challenge, every customer I've speaking with in the last two or two and a half years, for years around IGA brought up, that was how do we deal with business partners? So there's the consumer identity management for the customers, which is frequently somewhat isolated. There's the employee identity management, where there are at least some sort of solutions. And then there are the partners, the partners, which can be close to an employee because there are contractor there for a couple of years, maybe even, or they can be very loosely coupled.
And I liked that idea. You brought up and this, this point around the vendor workflows, because I really believe that this is an area where you have so many departments involved, that this can be a, from my perspective, a YouTube opportunity to, to show immediate value by dealing with the different use cases, integrating the different department. Sometimes the business department says, oh, this is my freelancer. I bring in for a while. Sometimes the HR is involved. Sometimes these, sometimes them, sometimes someone external manages. Is this also the experience of you?
What you see, do you see this B2B identity management popping up here as well? AB AB absolutely. I concur with, with everything you've said there, Martin, you know, on onboarding vendors and vendor risk management is not typically, if you go for like a best of breed solution, it might be technically feasible to do it. But in most cases, customers would have a, a vendor risk management workflow or application themselves now on the ServiceNow platform.
That's, that's just part of the platform. So in our discussions with we, we were having this discussion actually just a few weeks ago with, with a European customer about onboarding vendors and, and off boarding vendors and dealing with contractors that work for vendors and re-certifying their access. And some of these contractors may work for more than one vendor.
So having all these relationships mapped out in, in, in one place with a common set of workflows with, with HR, with security, GRC, and vendor, risk management, all sharing information, allows customers to get a holistic picture of exactly who they're doing business with. And what part of their business is, is communicating, you know, providing access to it, assets, guest accounts, privileged accounts in it, in a timely manner. Thank you. One of the other areas I, I, I find very, very interesting.
You, you touched a little, that is you, you said in some way, it helps by notating functionality. But when I look at let's take HR and identity management.
So, so one of the big issues you see in many, many organizations is that the quality of identity data is not as good as it could be. It comes in from usually not the HR system, but one of the 60 HR systems deployed at customer. Yeah.
And in, in some way, no one feels responsible for the data quality. In fact, no one really knows who has to care for these attributes, who has to care for these attributes. So the processes aren't well defined. So this could, from my perspective, become a, a challenge and an opportunity for a more integrated solution, as you are describing, it could be the opportunity that because both are using the same tool interaction about processs about your possibilities is easier.
It could also be that the same problem occurs that HR and IM teams don't speak as much with, with each other as they could and should do. So. So when you look at a project also, how do you address this? How do you bring people from different departments to collaborate? It's I think they don't do trust because they have the same tool. Yeah.
That's, that's, that's, that's the old challenge. I remember back in the day, I did a project once where there was over 200 HR systems. And what the problem you described was was exactly that.
I, I also saw this problem of being able to rank information rank attributes at a, at a large European aircraft manufacturer. ServiceNow goes some way to help address this challenge, that there are capabilities on the platform to, to, to rank, to like score information that may be duplicated. What we've actually seen is people have used the HR application on service now, not, not as the bill and end all HR, but they've actually integrated it to other HR systems.
We're working with a client that has got global operation with success factors and Workday Workday in the us and success factors in Europe. And they actually pulled that information into the ServiceNow HR application, then use HR and ServiceNow workflow to consolidate, to rank those, that those potentially conflicting records people are in multiple HR systems, but it all comes down to, you know, involving people or making that information transparent and, and correlating all that information together.
So, yeah, I think that's problems not going to go away Martin that you described, but certainly the platform and having everybody playing on the same pitch right. In the same workflow and being able to collaborate backwards and forwards, that certainly does help. Yeah. And I think it, it also brings a sort of a common language. So people understand, oh, this is that workflow. And sometimes they say, oh, you could do that on your end that way, because that's the way I would do it with my experience and the, for instance, service now workflows.
And so having one workflow platform from my perspective helps it also helps them in having one tool where you build these workflows. And so you don't have this, oh, we have an IGA or our own workflows. And we have these workflows here. And then we have the business process management tool with another set of workflows. I think that also helps because you have less interfaces. And I think that idea, you, you just presented saying maybe I use the HR application, the ServiceNow world more as the, the integrator. So HR works until that.
And then I, I work at least from a data perspective from there maybe in a, from a workflow workflow perspective, more integrated. I like that idea because it also seems to be something which, which could reuse complexity, but also going a little back to, to one of the things you you've mentioned, the connectors. And I remember also these days where some vendors came and said, Hey, we have the longest list of connectors globally. I think that a lot of that's dependent on how you count. So do you count sun direct server 5.1 5 2 5, 2 0.1, etc. Is one version or not?
Or do you just say I have El up makes a huge difference in numbers, not necessarily in functionality, but aside of that fact, and I think, you know, I'm identity and IGA for many, many years at the end, there, there are many things which are just standard connectors, just JDCs there's rest APIs. There are even standard flat file formats and a couple of other formats, cetera.
So it's, it's not that you have endlessly different interfaces, which makes it relatively easy to connect a lot of things. On the other hand, we all know that there are still some, some worlds out there. And sometimes, sometimes even some complex worlds like the mainframes, which are still there, what to do them Well, the mainframe that's, that's an interesting topic, right? So we had this conversation the other day with, with a customer.
So for ServiceNow folks, they'll be familiar with the, I don't wanna say agent because it, it brings up negativity of the past, but essentially it's a demon that runs on premise. It's a Java stack and it's pretty, pretty, pretty common within ServiceNow deployments and ServiceNow provide this component as part of their, their solution, their platform, and that lives OnPrem, where it basically lives on a different network segment segment. Wherever that net network may be. It may be a rack ator running UX in, in Microsoft as your cloud, but that that bit server can speak different protocols.
It can it's Java. So naturally it's got Java capability.
It, it has power shell. So we can talk to the world of.net. It also has secure shell. So it may not be suitable for every customer for mainframes, but secure shell to the Linux subsystem of, of a mainframe that is quite often how administrators in the world of mainframe, they connect. They may be using an SSH key.
And those, those TSO commands that are issued to the mainframe, they can do the same, but by orchestrating through the ServiceNow platform. Yeah, I think that, that is one thing. The other thing is also when, when we look at it realistically, so few customers start in a Greenfield approach. And one of the big challenges, one of the many challenges I hear around IGA from customers. So one is our re-certification is bumpy.
Managing roles is not easy, but one of the, and probably the most, most challenging one, when we look at the IGA part is users complaining about how, where do I request my access? How do I know the status of this request? And why is it so slow? That is the story.
And, and that story is something we need to fix. And what would I, again, and again, see this customers hear from customers is why don't we have one place where we can request everything. And I think this is something where, where there's a launching and saying, we have this neat integration, however, it's constructed into the world of service.
Now, if service now is just strategic tool for requesting it and enterprise services, and, and then if you're not starting greenfields, so might be an idea to, to use your existing legacy, identity management product for trust, passing through some things to the systems you can't easily switch over. That is also from, from my perspective of welled architectural approach.
And so, so it, I think that there are really many ways to go, and it leads us always to that point of where, where are you, where do you want to be? What are your challenges? How does it help you addressing the C? I think this fits to a question I've just got from the audience, which is around. Do you see service now falling short with IHA workflows, or do you see most folks integrate with IGA solutions?
Maybe this is more a question to me as the Analyst than the two us, the vendor, but feel free to jump in after, after I start with answering that, I think the point is, and Christopher already touched this, don't reinvent the wheel yourself. So basically there are two options. Either you integrate your existing IHA or your future IHA with ServiceNow. And Paul talked about us in his presentation, or you say, I use an IHA based on ServiceNow, or I, as I trust say, maybe even a mix of that. And I think you see interesting evolutions on both sides.
So ServiceNow native IGA solutions and IGA solutions that integrate. And I think the point is really understand where you are, where do you want to go? And which combination of technology at the end fits best to you. And I think for many, as Paul said, for many, there's a logic in saying, I look at these ServiceNow native IGA approaches, depending on what you're missing, what you need, where you are. And this is, I think that the answer to that, I don't think it's falling short. If you trust, say I use service now without anything, that's not the right way to go.
But I think there are two, two ways which you can look at with pros and cons. And Paul already brought up couple of pros for these approaches.
I, I totally agree Martin with what you said. I mean, I T SM is not IGA, right? ServiceNow is, is not IGA. We've seen two very large European companies that I'm sure will be household products in, in, in your homes, try to build out IGA on ServiceNow, because if the, the low code, no code marketing and it to degree, it's true.
You can, low-code no code workflow, but you need to have the experience, the industry knowledge, you need to have been through these battle scars before, and you need to assemble the right people from both worlds of service now and identity in order to hit the mark. Otherwise you're going to have a very expensive lesson. Yes. And the first steps go fast. That's the point at the beginning, it goes very fast. And then you end up in that complexity where you really need this long domain or subject matter expert knowledge, this domain knowledge.
And this is where, where seeing that really become interesting final question. We need to short answer on that. And that is what is your take? And I think this is heavily overlooked integration use case in for many between it service management and it, and that it, but access management and privilege access management that is application onboarding.
So, so if I onboard my applications into the it service management world, maybe have the CMDB really in place, isn't that the logical place to start an efficient application onboarding to the rest of your entire identity and access management world. Well, this, this is what we've seen.
You, you touched on a few things in the last couple of minutes that I, I think come to come together is one using an existing IGA investment for a particular purpose. Like almost like a, a network proxy. And we've seen, and, and we've also seen, you know, customers say we are not going to onboard thousands of these apps into Y G because it's too expensive, takes too long. So service now and being the disconnected world and having a workflow that brings everything together is the right way. And if these systems are connected, then identity native to the platform can certainly help. Perfect.
Thank you, Paul. This was so interesting. I like always talking with you. It's a pleasure to the audience. Paul will be around in the networking lounge right after his talk. So don't miss the opportunity to dive deeper into details with Paul. I think you've seen, he can answer every question with really good and comprehensive information.