[MUSIC PLAYING] Hello, everyone, and welcome to One Identity's Cybersecurity, Trends and Insights video series. I'm Joe Garber, VP of marketing for One Identity. And I lead a regular series of interviews with Identity Security's top thought leaders, so you can hear directly from them about the challenges they're facing and how you can best overcome those or similar challenges, as well. Our guest today is Massimiliano Ferrazzi whose group CIO for Pieralisi, in Italy. First of all, Massi, did I get all the pronunciation correctly, or correct?
Yes, Joe. Hi. [LAUGHS]
[LAUGHS]
I mean, for everyone, you can just call me Massi. That is short. I like to keep it simple. I would say we can stay with that. That is easier to--
That sounds good.
--pronounce. Yeah.
Well, Massi, thank you so much. Can you tell us a little bit about your experience and about your background, of course, and your experience in identity security?
Yeah, sure. Today, I'm part of the joint [INAUDIBLE] venture and the challenge with Pieralisi. That is a global, international, Italian company. I would say we have over 130 years old.
So we're running through a full, complete transformation, not only from a digital point of view, but especially from a full company one. And in terms of the IT that it's taken today, an important part of this transformation, huh? Security, it's important. And I would say it's key for today, especially within this journey today and this new project in Pieralisi, considering we're coming from 130 years of history and then, especially, growing systems and systems.
So a big challenge is really to, let me say, consolidate those systems, but not only that. Really making sure that we have all the accesses controlled on all those applications that we will have. Imagine it's like creating layers of layers of obligations and even legacy applications that, today, are still critical for business. Security and identities is a big challenge for us, especially considering that it doesn't exist, an awareness of identity management. And this is one of the biggest challenges.
Well, it's certainly great to have someone with your experience to share your thoughts. Since we have limited time, I'm going to jump in and ask you some of the questions, if that's OK?
Yeah, for sure.
Great. Well, and you started to address this, as part of your lead-in there. But talk a little bit about some of the challenges you've been facing with respect to Identity security. What are you trying to address, and why?
Yeah, well, first of all, in terms of compliance, vis-á-vis. So it is important for us to-- as an IT organization and as a company, especially, it is important to monitor and understand where people access to and especially who has access to work. In terms of Identity management, this is one of the biggest challenges, especially-- my journey, let's say, with the identity management-- not today, but in the past-- started on making sure compliances and especially started with SAP. So we had to make sure, after the [INAUDIBLE] that are asking us on clear segregation of duties, again, who has access to what. And that's where the journey started.
So I would say, instead of, let me say-- I was mentioning about Identity management awareness, before, more in terms of-- before, this was not even considered as part of security. As we started in SAP, in the past, this was completely focused on the application. Today, we all read it on the news and everyone, even not IT, security is a big challenge.
One of the other part, that is going through the infrastructure. Let's say, into the [INAUDIBLE] provisioning of digital identities, that's another challenge that I would like to mention, in terms of addressing. For and IT, the more complex-- let's say it the other way around. The more simple the user experiences, in terms of using applications, in terms of connecting to systems, and so on, the more complex the background the system becomes. So the use of a tool or the implementation of an identity management program is key for simplifying.
And from an IT standpoint, and not only on that path, but even on the provisioning of digital identification. Also the time that we take to provision an identity, or access into multiple applications. We're talking about multiple systems that grow with years, and having this kind of siloed approach just increase complexity, and obviously increase times, and requires more resources to manage, requires more procedures to manage.
And for example, simply provisioning. When employees start a company, it doesn't take, let's say, more than weeks to provision all the access to the system.
And so, talk a little bit more about your company. What are some specific nuances you have within your organization? IT constraints, the regulations, resource constraints, that presented, or have presented special challenges for you?
I mean, resource. It's always an issue. All the same in terms of for us, and then for us as CIOs, and the role of CIO today has changed during the years. The CIO has to be not only-- it's no more, let's say an implementer. Now the IT is no more the implementer of systems, of solutions that business is finding, but has to be a tech translator. So we need to find the way. And building, let's say, a business case for identity, it's not always easy.
It goes back to what is the awareness of identity management, the awareness of security, and explaining and justifying that. It's a big challenge.
Also resources is first. It's the first thing in terms then of, I would say, then again, we have a little bit of let me say, support. And we're kind of lagging in terms when touching the finance part, and the access to what I was mentioning before. Segregation of duties in the system, this is a requirement from a finance department, in this case, and from companies, so it gets easier to justify those resources. And that's the thing.
But on the other side, I would say also one of the constraints in this case is also the, let me say that, I call it the IT business shadowing. For each department, for each function there's an IT on the other side that is helping or implementing and let's say, consulting or guiding the transformation journey with the different departments. So those are the say, complications that we see on the day-to-day
And not unique to you by any means. I've heard some of those same things from others as well. Those are just common challenges. Well, so you talked a little bit about solutions. But how did you solve some of those challenges? And what lessons did you learn along the way?
I mean, obviously, the tool an identity management tool helps you to simplify those things and then consolidate, and then drive these programs. But it's not only about the tool. So, because then the tool needs to be managed by people. And if you don't have people, and those sorts of constraints, it doesn't work a lot.
On the other side then, it's a full continuous alignment with business, and being a business partner, and being an innovator in technology, and improving the awareness. Talking communication with, again, with business, it makes sure that you raise up the importance and the risk in the case of not having an identity management program or tool. And improved security.
Today, security is not only a CIO or an IT issue. Today, security is a company issue. We again, we meant, it's kind of, let me say, fashionable today, having cyber attacks everywhere. So that's something we need to take care.
And in that case, I would say that the key of solving-- one of the key aspects of solving those challenges is really making a web in business of the risks in this case, and then again creating the process of simplifying the accesses, in this case through the implementation of a proper program, which then ends up into having a right plan in place.
Well, so we've done some research. We did a survey recently, and we had been told that, or learned from the survey I should say, that the average organization manages identities in 25 or so different silos. And as a result, the survey suggested that organizations are looking to be-- to look at identity security a little more holistically. Is that your experience or aspiration, to be more holistic with identity security?
Yeah. I mean, definitely yes. Again, the thing is that identity management shouldn't feel like a Catch-22. It's not a label, and that's the point, and I would agree on the survey results in terms of the amount of systems and applications that you have. Obviously it creates an identity probe.
And in this case, it starts from, first of all, the customer. Let's say, customer experience, no? I mean, we're just going through a journey of integration of all countries, and globalization of the systems, and we are realizing that country by country that we started, that we're integrating into the global network in this case, and in the global systems, they have more than seven made identities, digital identities to access those applications.
So a holistic approach is obviously-- it helps at having an, let's say easy to use, or hard to lose, security for any organization that requires the wise protection of data in this case.
And especially-- let's say that from a holistic point of view, simplification is key. Simplification is key. Legacy elimination is key, and harmonization of systems is key.
So you talked a little bit about what you'd need to do that. From a technology perspective, you kind of talked a little more about process, but from a technology perspective, what would you need to have in order to manage identity security a little more holistically?
Well definitely the proper tool that is simplifying that, which is able to, say, we have just said that there are people that have more than 25 different systems to manage access right, so again, simplification is key as I mentioned. And the right tool that is able to connect, and then integrate those different systems, and then even consolidate. That is the right technology aspects of it needs to be taken.
Well, with that I see we're close to being out of time, so I'm going to wrap up today's discussion.
I'd like to thank you, Massi, one last time for giving us some excellent things to think about with respect to identity security. We certainly appreciate your time.
Thank you Joe. Thank you so much, and I hope to speak to you soon then.
Thanks. And thank you to all for attending this session, and be looking for additional discussions like this in the near future. I'm hoping you'll join us. Thanks once again, and goodbye.
[MUSIC PLAYING]
13:05