The next generation of modern identity & the power of the platform
[Music] I sit here and I look at how far our industry has come over the last um 10 or 15 years right we come a long way and a lot of change uh and when you look back at how um we started identity access management right access we're given access to probably the top 10 or 15 applications it was about efficiencies right um and um I think many of you will nod your heads and say yeah we were there um IG soon became the point of focus uh and with IGA um it is really more about profit uh productivity right um and then when we got into um a little bit further down the road IGA was really more about uh uh compliance around life cycle management um and but we were never brought into the conversation around security right um and so um today fast forward to 2020 right and um you know what happened in 2020 right it all everything started to change and it was more about not not just efficiency not just productivity right but it became a about identity security and we had just renamed our platform identity security probably I don't know a month prior to the big Fallout on March 13th right um and what happened around business uh we used to call it uh we went through this process where you had buckets the customers were rep prioritizing all of their work around bucket one and bucket two right and it was all about a business essential right business essential and that basically was became our battlecry right anything that was business essential was people needed to to run the business and to keep the lights on um and that's really um what identity security was was really evolved on um depends on three things today it's no longer efficiency and productivity but most importantly efficiency productivity and security now we used to consider that as long as you protect the Enterprise from the outside in you were secure right and while the outside end is still very very important to securing the Enterprise you probably know this 80% of the breaches actually come from the inside out today okay couple that with what is already a complex typical modern Enterprise and you can quickly see how the cios and cesos in the room today and what they're up against keeping up with the influx of Technologies hitting your ecosystem on a regular uh basis ensuring everyone and everything has clearly identified and secured access to those Technologies preventing slowdowns in the business from slowing things down or locking things up too much um but also avoiding giving people too much access right trying to increase productivity and that's a risk and it's a lot and all of that cannot be clearly managed or contained by just the human capacity alone so I thought what we do we always talk about the complexity and the challenges um in my role I get to see a lot of these numbers and so I thought maybe we'd spend a minute and and look at some of these numbers and some of the complexities knowing full well the numbers we're going to talk about they're big and they're probably worst case but you can't solve for the norm if you're not solvent for the whole picture the different combinations so you've heard the old adage of picture paints a thousand words well there's an old saying that numbers don't lie so we're going to take some numbers here play with some scenarios and really help to kind of paint this picture so if we can um we're going to use a large Enterprise these numbers are not fictitious they come from our customer base but they're big right um and look we can have some fun I challenge you to get your phones out and work these numbers uh I saw a couple of you earlier with your calculator stra to your belt grab those right um but let's start with an Enterprise that has 100,000 identities right not 100,000 employees but 100,000 identities uh and let's say that Enterprise has 2,000 applications um when I looked at the day I said 2,000 that's a lot we've got companies with three four five times that many applications it's really not all that uncommon for a large uh Enterprise but then you start looking at you know if you're doing the the the the math right 100,000 times 2,000 and then we start looking at entitlements right uh and level of access varies those entitlements to applications perhap can number into the hundreds right even the thousands and when I talk about an entitlement um I I we're not talking about Millennials right we're talking about application entitlements right and so we're talking about every app you get access to and then what do you get to do within it I get to write a report I have a dashboard maybe I can do a transaction right um but it's not just access to the app what about the entitlements for the data right um it's multi F can they access all the data right just a few elements of data um do they have readon access full edit rights I mean you very quickly can get to numbers of 100,000 data entitlements right so I did the math these guys up you know the first scenario without the data it's like 20 trillion different combinations the last one I worked a week to be able to say quadrillion all right it's two quadrillion look nobody's going to do two quadrillion but the combinations are there and it shows and highlights the complexity of the problem we're trying to solve right and it's a big number and I think the takeaway that we'd like you to walk away with is that this is really complex and if you're trying to SEC secure your Enterprise you're just not going to do it with the traditional hands on the keyboard and if you are um look I started down this path with our team to say how many people go into two quadrillion right and they just they never responded so it's a it's a lot right um but let's look let's just not take a large Enterprise we actually ran some numbers on smaller Enterprise and you can do the math I'm not going to go through it but it's 2500 identities right we have a ton of customers that have 2500 identities 400 apps 50 entitlements per app 25 data entitlements do the math way smaller still big still not something you want to fool around with hands on the keyboard right and in each of these examples we're not fact factoring in any of the jml the Joiner the Mover the lever right we're not factoring any of the constant threats that are coming in Daily right and and you know look at the end of the day this helps explain why many of our customers today have a very difficult time securing over 70% of their identities because it's really hard and they don't have the infrastructure in place to be able to go do this now based on all this becomes very easy to see how quickly the complexity really starts to pile up and the question for you all is you tell me how do you keep up with that you know if you're the CIO or the sea that's on the hook for keeping up with it how do you how do you do it I have the opportunity to speak with many customers many of our prospects our partners and the fact of the matter is this the numbers we're facing today you know they're just simply daunting but at the end of the day it's the reality we're in and it's simply impossible to manage any of this at speed at scale with accuracy without the aid of automation without the scale of an identity solution that can keep Pace that's what we're collectively up against today now we're going to share a number of things with you today as Wendy said um and one of the things you know you're interest in is what we're doing about it what are we doing about it here at sailpoint how are we thinking about addressing your identity security challenge the things that I just spoke of uh and importantly I think you've got to have a moment and ask yourself what are you doing about it right how are you tracking against the threats how are you tracking against your peers in the industry all of you have a strategy by now how are you executing against your strategy uh we talk with our cesos often advisory boards and they struggle to understand three things pretty common right how do you properly GA gauge maturity and of of your uh and and uh and convey the risk right how do you do that how do you properly gauge the mature of your Enterprise identity strategy and your ability to execute it as I was saying and lastly how do you communicate upwards to the SE suite and now the board right uh in a professional methodical and data driven way and that is really the Genesis behind our second annual Horizons of identity report that we're announcing here today right now I don't know how many of I probably can't even see if I said show a hands but last year we announced the first Horizons of identity report um we partnered with our friends at McKenzie uh and we put out a state of identity security across the world right it was a thoughtful detailed survey to plot the five Horizons in identity ranging from the least to the most mature on approach and adoption this year the next generation of this report we go down a layer deeper right and again we're partnering with McKenzie uh and in collaboration with our friends Accenture and really what we're reporting is what does that Foundation look like to help companies Move Along their Journey at a much faster Pace we provide a path with benchmarking details uh industry access and um I think when you look at it it's another level deeper it's got great data content and we think uh it's going to help our customers and Prospects alike really assessing where they're at and equally as important how do I get to where I need to go faster right so uh to help me dig a little deeper into this year's report findings hugely fortunate enough to have uh our our friend and partner uh Simon G from Accenture here and he's going to come out and we're going to talk a little bit about this Simon come on [Applause] out thanks for [Applause] [Music] I think we should have won the STS I'm more comfortable on now we're going to share that yeah it's fine is it the person answering or asking get to sit down I don't know uh ah thank you guys well welcome [Music] um he made about a 10-hour airplane ride to get here right I did Y and uh he and I get to have the pleasure of doing this again next week in London uh and I'm going to return the favor so um you know what I thought um we got some questions here that that we want to share with with the audience but I thought maybe before we start it out we could take a minute uh and uh first I'd say the relationship we have with exenter uh unique uh they're they're uh one of our biggest um and forgive me for saying but complex uh customers uh we have uh and at the same time uh they're they're one of our largest Partners we we do a significant amount of business together delivering these kind of solutions to um our joint customer base so in this scenario uh Simon kind of finds himself with his feet in both ponds and I thought maybe you we just start off for a minute you can tell the audience a little bit about yourself and and Accenture and and this very important project you're working on appreciate that I got curveball question for you before we start then so I was I was just pondering because it's a fireside chat and I was wondering well hey I can't see a fire no and the appropriateness of a fireside chat being the first thing in the morning is there is there an equ is that a us thing am I missing something it is it is and we don't we we're going to have a fire but it's a fire code issue so got we just got to sit here and these nice chairs um yeah so well let let me so you've set me a challenge actually as you did your introduction I notist um because I mean I normally describe my role it's pretty straightforward I'm responsible for securing all the core Tech that runs the exentri business it's easy right I mean that's a pretty you know that's a pretty simple statement sounds pretty easy um but actually you threw a whole load of data points into your initial kind of introduction that prep you for there no so I now I now feel the need to kind of just give some context of that really simple statement so you know that securing the core Tech that runs the Accenture business I mean if you think about the Accenture business just for context that's 800,000 give or take people um 5 and a half thousand applications over 2 million identities um we are 99% in the cloud about 30% Cloud native or SAS service consumption so whether it's um you know well we're moving to sap Cloud whether it's service now whether it's workday and soon to be identity now obviously as well you know we are I think you mentioned it you know but by all I think measures a complex and large organization my responsibility is making sure all of that Tech is secure whether it's the network whether it's the endpoint whether it's those applications and then more and more and I own this end to endend whether it's the identity Fabric and services so the thing that are the beating heart I think of everything think we now do in terms of tech enablement or more and more also I'm responsible for making sure we appropriately enable and secure our data fabric as well so I mean that's that's a snapshot of my responsibility yeah um I I think you're you're being pretty humble it's a I I know firsthand that's a pretty big pretty big project or program right in in the uh in the company in fact of the matter I think if if you talk to Grady and and and Ben in the team um they're challenging us pretty good right and this is how you get better you get partners and customers that challenge you and push you and I think these are the things that drive this great uh product to be uh even greater and and a lot of the Innovation so look um appreciate you being here um I got a couple questions for you all right shoot I I think when you I talked earlier about just the pace of change in the industry and you know probably the last four four or five years what we went through with with uh the pandemic and that and the whole work from home phenomena um how do how do you see this all evolving again when you start talking about the industry Trends uh the the Cyber threat landscape you're dealing with all of that at a huge scale right how do you think about it yeah I mean I I think there's a I've kind of I think you've said it and I've said it now so there's this increasing complexity so just the complexity of the ecosystem that we're operating is becoming one of the biggest challenges just if you're like Accenture and you're you know you're a predominantly Cloud first Cloud native organization you've got a challenge to understand you know how is how are all the services and systems plumbed together because I don't own that anymore my data could reside anywhere and everywhere so it's that it's honestly it's that complexity of the ecosystem I think presents one of the biggest challenges it's a challenge fundamentally then because you know you you don't own that in the way that you used to own so you need to change you know you fundamentally need to change your mindset in terms of how you think about honestly I think your role and responsibility particularly when it comes to securing your kind of assets and your data um so I think that just requires that that's driving a significant change and then that complexity of landscape allied with you know and I mentioned it the fact that you know the I think the crown jewels of most organizations is your data could be anywhere is anywhere potentially and everywhere and guess what um that's what people are going after I mean and and it's interesting in the context of this dialogue because they're going after it by targeting your identities and potentially your lack of or immature kind of processes and controls around identity and how it's used then to secure and I think you know effectively manage access to data so it's just it's pretty simple that stuff's big it's complex I don't think fundamentally we always have our arms around around it and that provides a massive attack surface that is only growing or a threat surface I mean I I mean I I think of it honestly that simplistically yeah no no I I um so if just in a a few words right what ADV I mean these folks are out here this they're living it too right and it's coming at them hard any simple advice for them in terms of strategy or how they should think about well and I you may have heard me mention it a couple of times but I think you know foundationally you need to have have a strong robust identity Fabric and by identity fabric I mean a set of identity services that are at the heart of your Tech strategy like they are the things that now drive drive I think all of the all of the enablement that your Tech strategy might be focused on at the heart of that is identity and if you don't have a strong identity fabric that looks at you know honestly like critical services that are important for maybe securing access maybe understanding how you manage privilege but then much more than that how those things then affect the running of the technology which affects your business day-to-day so for me it's just you know if you you need to make sure that you focus on that and that you understand what the business needs and the impact and the influence you can have because you are honestly we're moving to a world where we are the if we think about identity we are at the heart of everything there is nothing that no longer happens that isn't pivoted around identity and and and I think the interesting thing if we look at the future is that's going to accelerate so think about decentralized identity it's a completely different Paradigm it's going to draw different challenges but for organizations you still got to deal with it if you don't have a strong and robust identity Fabric and an identity framework that enables you to deal with those basic constructs how are you going to plug some of these new paradigms in um so you know that that I think for me is super important and then you know as the world moves on and we look at things like self- sovereignty of data again you we just talked a little bit about data and the explosion of data and needing to understand where data is and how you manage honestly the appropriateness of use but also the effectiveness of use fast forward to decentralized Identity models we've got another thing we have to deal with we can build to get there but you have to have some of these foundational things in place and for me that's identity and data yeah yeah that's good so um you had a chance to go through the um Horizons 2.0 and I think we we shared a little bit of back and forth on it and and if when you get a chance to go through it it talks a lot about a seamless experience right for for the for the users for the customers business partners right but it's it's far easier said than done right how do you balance securing the business with not over securing the business that you don't get some of the things needed for efficiencies and productivity uh but you're secure as heck well and there's a there's a key word you use which is balance right and balance becomes interesting when when I think if you've pivoted your focus to have that identity Fabric and identity at the center of everything you think about from a tech enablement perspective then well there's a key kind of trigger in the word right identity identity talks to every individual in the organization and if you have that at your heart then as you start to make decisions about what you want to do from a Services perspective you start to focus on you I think you start to focus on how you enable different business outcomes how you influence different business processes not how you build Tech to support doing something so for example we are just about to complete a roll out of passwordless for 800,000 people that was not a that was not a security play that was a business enablement play because we knew that guess what all of those Enterprise identities at the heart of running the exenter business if we could focus on how we remove the friction around passwords yeah obviously there's risk around passwords as well but but we could then look at and talk to the business about well what do we enable in terms of I don't know productivity it's a great measure like we talk about how have we enabled everyone to do their job more efficiently and effectively that's just helping the business go about doing its business but it's a fund so it's super simple but it's a fundamental change in the way that we are positioning honestly like security products and services so they are now at the heart of a lot of the business strategy because I am now needed to enable some of the things we want to do to be successful in a way that I was potentially an overhead two or three years ago yeah yeah and and we also talked about the idea that at the end of the day regardless of the priority regardless of how significant it is to mitigating risk and managing risk it still comes down to Dollars and cents right and being able to maximize that Roi and gain efficiencies um and and report and and I mentioned earlier that 70% of um our companies only secure about 70% of their identities right how does that work but again it's I mean it it just lacks a fundamental understanding I think of the impact you can have so if you put if you put an identity fabric at the core of your Tech strategy and the core of enabling running your business then well guess what right that makes you focus on do I have do I have all of those Services covering all of the functions and activities all of the humans all of the non-humans um all of the transactions that are critical to running your business so I mean the fact that you know in that survey we see only potentially 70% is covered is just a wakeup call that we need to get better coverage I mean I choose the word fabric for a good reason because it needs to be ubiquitous and everywhere it's a key building block to enabling I think successful running of your business so youve you know you've got to get on and start to build out those services and build out your coverage yeah um so I've got one more question then I'm going to ask you to final thoughts but um I'd be remiss if I didn't ask this right um with all the recent focus on AI I uh and especially generative AI um what are the some of the implications right from it but also what are some of the advances or advantages uh you're seeing and I guess I think of this in a couple of different ways so I think of AI and gen Ai and the use of llms just honestly being being the massive accelerator of the data security problem because it's just a it's just a fast track to enabling the use of data and in fact interestingly you know for organizations that say Hey well you know we're not really on our Cloud Journey yet or we kind of are hesitant to go there guess what gen is about to do it's just going to move everyone there like really quickly because as soon as you start to consume those Services which you're going to have to you've just stepped on that escalator and it's going at full speed so it's it's just accelerated for me all of the things that I think are critical and important to helping your business and helping secure your business um so it just honestly it just reemphasizes the need for that identity Fabric and an understanding of what you're doing with your data so I think that's that's definitely one thing that it's driving the other thing I think it's doing is it you it is going to play a critical part in all of the services so actually it's one of the reasons why we're you know we are Cloud first and Cloud native because the only way to consume a lot of the benefits of AI and gen is to be in the cloud is to have those modern agile flexible Services you I am super looking forward to the stuff that we're going to get as we move to you know identity in the cloud because the flexibility it gives us the Insight the ability to do things that I couldn't do before partly powered by gen I I I have no hope of consuming that and using it as effectively as I need to if I'm not um you know if I'm not in that modern kind of environment and position yeah no that's great um you got any parting thoughts for the audience I I'm sure I don't need to tell everyone this given this group but I mean you have to double down an identity it is it is the foundational thing for everything we're going to do all of the challenges we need to meet all of the enablement we need to perform over the next well I don't even know how how long that period is so you know honestly you have to focus on that you have to make that a priority and then I think tie that to your you know your your understanding of your use of data and what data means for your organization if you can do those two things I think you're going to be better place to deal with what's coming in the not too distant future very good um hugely impressed with the fact that we did a pretty good job managing the clock oh with that uh look um I I hope everybody um appreciates the uh the Insight uh he's got an incredibly challenging job at an incredibly um Dynamic organization and really appreciate you making time to come here with us today thanks Matt appreciate thank you [Applause] everyone all right yall hear me all right all right beautiful so I'm going to spend a few minutes um on really I think what's top of mind for many of you which is how do we make an efficient productive and secure Enterprise a reality how are we thinking about the market today and our position to significantly evolve the market uh as a driver and a leader in this space um from a market standpoint tomorrow you're going to hear from our founder and CEO Mark mlan all right and he's gonna he's going to talk to you about convergence and we I think we've been talking about convergence for the last year and a half right but you're going to hear about our flavor sale points flavor of convergence and it's not the conventional version of convergence right the idea of bundling a large number of Technology IES as an efficiency by um we believe there's a better way of doing it we think that's a legacy view on this entire idea of convergence and what got you here will not get you there uh Legacy convergence cannot address Next Generation identity security problems like it or not change is happening and in our world that means a change in an identity population if you listen to the analyst it's about 15% keger a year changes of type of Technology and datas that we got to use to manage our business and as you heard Simon just say getting to the cloud right or getting to a SAS solution and all this change requires an accelerated approach to how you apply an identity lens to your security program today's reality means AI absolutely trumps convergence right and it is the key component to addressing Next Generation Enterprise identity security changes we got a lot of challenges how do you match the velocity of your business to ensure that your security controls are relevant how do you deliver value not just today but tomorrow and continually as part of your approach to Identity how do you keep up with the business and how do you ensure that your approach is not too light not too deep but just right I know you're thinking you've heard that where somewhere before you did it was with Goldie Locks and the Three Bears uh but it's exactly right right you got to find the the perfect match for your business and your security um with that I'm going to move along to what I think many of you were waiting for and that's the big reveal um I'm I'm excited I'm proud uh to announce today salo's Next Generation unified SAS platform salepoint Atlas with Atlas we are delivering the first generation of autonomous identity security Atlas is scalable Atlas is intelligent Atlas is an extensible platform built to manage and secure access to critical data and applications Atlas is designed with the flexibility and speed needed to grow and solve new identity security challenges without the need to re architect or re-engineer the solution this allows you to make it uniquely yours right with an upgradeable scalable way uh at the platform for our security uh salepoint identity security cloud Solutions uh salepoint Atlas is also built on machine uh learning it's a unified this is important a unified data model with a set of common Services right common Services think workflows forms connectors and these are what drives the intelligence needed to swiftly apply the right policies to access across entitlements to critical applications and data this platform removes silos and unifies all the capabilities seamlessly together to build a modern identity security program from the ground up our vision for this Market is built with the atlas platform as the foundation and the real accelerant we believe the next generation of identity has to deliver on the notion of justing time access and it's got to be built on policy not roles with a Jus in time approach we can provide a seamless identity experience for customers while delivering much more secure access to critical data and we also believe that access must be viewed and managed holistically across all types of identities it cannot be binary and it's not just your regular users right but it's your privileged users as well it's not just employee anymore we're far beyond that non employees capture upwards of 50% of the majority of today's identity population contractors Partners third party Associates and even service accounts you add this to the depth of access to technology and essential business data as I mentioned earlier the only way to manage all of that at at scale you need automation right and it's enabled by Ai and machine learning so over the next few days you're going to hear a lot more uh from my colleague Grady Summers here momentarily and again tomorrow from Mark uh mlan change is surrounding your business there is no doubt about it the risk of in action is far too great I urge each of you to take action let identity be your accelerant not your pain point with that let me welcome our next speaker Grady Summers uh he'll bring an in-depth view of our vision uh for this market and The Innovation we have coming to our platform today I appreciate you being here thank you for listening uh please welcome gry [Music] Summers
2023-11-14 10:41
