[MUSIC PLAYING] I'm Edward Targett. I'm the editor of Computer Business Review, and I'm joined today by Ian Sutherland, who's the VP of Sales, EMEA and One Identity. Ian, identity and access management-- where do you start?
It's a big problem if you try and approach it strategically. You're looking at managing the identities across multiple business applications with 500 to tens of thousands or hundreds of thousands of identities, depending on the size of your organization. And if you approach it strategically, it's a big challenge because you've got to implement the identity management system, connect it to all those business applications, define all your processes so that you can automate them in terms of the provisioning, managing the join and move or leave a process, for example. And then also the governance process.
So that can be a big strategic project. And that's great and many organizations are mature enough to want to address that. Others will start-- maybe if they're less mature or want some quick wins-- might start somewhere else.
A good example is focusing on Active Directory. Most organizations these days have Active Directory or Azure Active Directory if they're in the cloud. And many of their business applications are leveraging AD for managing their entitlements of the user accounts.
And so if you have a focus around Active Directory, that can be a really quick win. At One Identity we have a solution that allows you to focus very much on solving Active Directory and Azure Active Directory called Active Roles. And that gives these companies a really, really quick win.
Another area where organizations start is maybe taking you from the point of view of what's the biggest risk. And the biggest risk can be the privileged users, so the people who have access to the administrator accounts, the root accounts, and therefore can wreak havoc when they have those.
So taking control over those is interesting. You still have the same identity and access management processes. But there are a few extra things that you need to take into consideration. And that's why there are specialized privileged access management solutions, such as our Safeguard product, that allow you to take care of those.
So one of those is solving the problem of sharing passwords. We don't want to be writing passwords on Post-it Notes anymore and sharing them amongst our IT staff. So you want to lock those in a vault, in a safe, in a virtual safe, so that when someone needs access to one of those admin accounts, they're checking out the password or it's being provided seamlessly so they don't even see it.
And then secondly, you're solving the traceability of who was it who was logging on to that administrator account at the time and having full traceability of that, which is really important. And then lastly, another unique capability in these spaces is to actually record what was being done when that admin user was being active. So almost like just pressing record. And that's great because then you can play it back later. And that's useful for some of the compliance regulations that people have.
So you can start with Active Directory. You can start with privilege. You can start strategically. The great thing about One Identity is we have solutions that allow you to handle all three. And then as your maturity evolves, move from one to the other.
Ian, everybody is talking about identity and access management. Why is it becoming so important?
Identity and access management is just one aspect of all of the ways that you can improve the security posture of an organization. Organizations put in place firewalls. They put in place intrusion detection and prevention systems. They put in place antivirus. And yet, as we see in the press all the time, the bad guys still break through and wreak havoc.
And not all the bad guys are on the outside. Some of those could be rogue employees. So we also are suffering from the insider threat as well. So identity and access management is about managing the identities of all of the people inside the organization, or all of the people who have access to the resources of the organization, and putting some controls and governance around that. And if you can do that, you almost create the new perimeter around the identity itself. So it's one aspect of an overall security posture.
Very practically, what does that look like to deploy?
So if you look at it from the point of view of one business system or one business application, there's going to be people who need to access that, whether they're employees or contractors and so on. And in isolation, that's a user account that needs to be administered. That's fairly easy to set up, and as long as you give someone the right access to the right resources, you give them the right entitlements, you're doing a good job.
But the minute you then scale that across multiple business applications, across multiple line of businesses, it becomes a much bigger challenge. So you really need to correlate all those user accounts that correspond to that individual, the identity. And when you do that, you then start getting greater control over what that person really is entitled to do. And that's really important because in isolation, you can then end up in a scenario where the person has really gained too much capability that they shouldn't have.
And there is also a governance aspect to all this. Organizations are under lots of the regulatory compliance that they're required to certify the access that their employees and so on have on a regular basis to stay in line with the compliance. And so you need a system that allows you to manage that governance process.
So part of it's around the administration, and the access, and the rights that people have, and part of it's around ensuring you
15:43