Hello, everybody. You might have heard her say a little bit ago, that was the last session. That was a joke. That was not the last session. This is the last session. So, the good news and bad news for you guys. First of all, I did want to say, I am Larry Chinski. I'm the Senior Vice President of Corporate Strategy at One Identity. I do live in the United States, and I only know one language, and that is English. Whereas any time I come over to Europe, and I make about eight or nine trips a year here, it amazes me how many languages everybody from here speaks.
So thank you for allowing me to speak the only language that I know in this session. That's very, very, very helpful. I always make sure to thank everybody when I'm in Europe because everybody speaks three, four, or five languages, I only speak one, so thank you for that.
So I got good news and bad news. The good news is this is only a 20-minute session. The bad news is, is I have probably 30 slides. So I am-- it's very hard for me to get through this deck in 45 minutes, but we're going to try and do it in 20 today. So bear with me if I start to talk fast. You can throw something at me if you want me to slow down, but I typically talk fast anyway.
And I'm assuming you all can hear me in the back. They usually have to tune down the microphone a little bit because I talk fairly loud. So I'm from Chicago, so I talk loud anyway.
Now, so here's we're going to talk about today. This is a very interesting topic. And I chose this topic because of some specific trends that we're following in the market. Now one of the roles I have at One Identity and having been doing this for so long is, we like to look at, as a software company, what types of trends we see in the market? Because we want to strategically do what we can to actually help our customers.
And by the way, let me ask you a question. I'm going to ask for a show of hands, but don't worry, I'm not going to call on you. But typically when we see events-- or I go to events like this, there are three categories of attendees. We have the vendors, such as myself. There are the resellers or the channel partners who resell goods and services from vendors like us. Then there are the actual customers. Those are my favorite ones to talk to. Or the organizations that consume them.
So can I see a show of hands-- again, I'm not going to call on you-- where are the actual customers that are in the room today? Oh, most of you. OK. OK, sir, I'd like to ask you-- no, I'm just kidding. I'm not going to ask you. I said I would not do that. But anyway, thank you, because really, what we're talking about here is I love gathering intel from the analyst community such as Martin Kuppinger, who I always make sure I try to see him for lunch when I'm in Stuttgart. I talked to him today. So it's great looking at and talking to analysts. Love getting it from the resellers.
I really like spending time with you customers because that's where I get the most valuable information on specific challenges you're seeing, what's happening in the market. And then a lot of the research that I do around the different trends is what led me to this topic today, which is why these traditional IAM tools are obsolete.
I won't say completely obsolete. That's just really a tricky title to get you in the session so we can talk about that. But there's a few things I'd like to show you today and what I'd like to actually talk about. There's this thing out there that we're seeing, and it's really around the convergence or consolidation of all four of these market segments.
So the four market segments are access management, identity governance administration, privileged account management, and active directory defense. So this is just a screenshot here that we've used in One Identity for the last four years. And this represents our approach to what we call a Unified Identity Platform. And for a few years there One Identity, we thought we were the greatest because we were really the only ones who were talking about this idea of what we call a platform approach to identity and access management.
However, have you guys noticed this lately? So I had to actually shift at One Identity our corporate strategy because a lot of our sales teams are going around positioning that we were the only one providing a platform service.
But, when you look at all the vendors that are in the market today-- your Okta, Saviynt, CyberArk, et cetera, and all the different segments that have been singularly focused on one market segment, they're now investing in cross-platform or cross-segment investments and bringing those in and positioning that as a platform. There's a reason that everybody is doing that, so I wanted to talk about that.
Who recognizes these companies up here? Anybody recognize those? Pretty famous, pretty large organizations. Anybody know what they have in common? Yes. Who said it? Somebody over here. I wish I had something to give you guys, I would give it to you. I usually have things I throw. I tell you what, the last conference that I was at-- this is no joke, I had purchased 20-- have you guys seen these little Nerf footballs? No, I'm talking about an actual American football, proper football. Not the round ball that you guys kick over here called football. An actual football.
So these little Nerf footballs are about this big around. They got a big fin on them, and they call them the whistlers. Now, a guy like me can take and throw one about 80 yards because they're made for guys who can't throw. They're made for guys like that. Anyway, I was throwing them into the crowd, and somebody bounced off and hit a girl in the face, and so I'm not allowed to throw footballs anymore. But anyway, I would give you that if I had that. But yes, they all suffered breaches.
Now here's the interesting thing about that. Does anybody know what the attack point was on those breaches? What did they go after? Or how did they get in? Let me put it that way. I think I heard it somewhere. Somebody yelled it out. Starts with an I, ends with a Y. Identity, yes. They targeted their identities.
Now, that would lead you to believe that these companies did not have any type of identity protection. But the interesting thing was, every single one of these organizations had some sort of identity-based-- what I'll call a credential-based cybersecurity tool in place that then they still got breached, and there was a reason that that happened. So that's one of the things I'd like to talk about today.
Now, what we're seeing today is that the user credentials are the most commonly-breached access point. There's an acronym that I like to use called EFL. Does anybody know what EFL means? Probably not because I made it up. It's one of the-- you take a tech guy and put him in charge of marketing and that's what he does, right. It stands for Easy, Fast, and Lucrative.
Now the bulk of when you see these type of attacks, they're after money. They want to get, they want it to be easy, they want it to be fast, and they want it to be lucrative. That's what ransomware is completely based its foundation on. Get it in a hurry, try to get some money, and get out and get gone.
So a few stats up here. I'm not a huge statistics guy, but 42% of them go after the credentials, and there's a reason for that. Anybody aware of the recent breach about three weeks ago from AT&T? By AT&T? Anybody remember how many identities were breached on that? 73 million. 73 million identities were taken and then put up on the dark web.
Now the reason they're put up on the dark web is for-- they can sell them. They want them to be sold, so that's why they're put up there. That is the primary method for ransomware attacks today. They typically purchase-- as a matter of fact, Colonial Pipeline, a breach that's, what, two years ago.
You guys probably remember that. Shut down basically all the oil and gas distribution in the eastern half of the United States because they purchased a batch of user IDs and passwords on the dark web, they fired them down and unsecured VPN tunnel at the Colonial Pipeline. One of those identities was actually mapped to an intern account that had no longer been at the organization, but that was just enough credentials to get in, inject an encryption algorithm, and that's how the Colonial Pipeline breach happened.
So these different types of breaches are coming in pretty easily, and that's why these identities are all ending up on the dark web. So it's pretty-- I would say it's pretty sophisticated, but that's actually pretty easy. So EFL is the acronym that we like to use for all these breaches are occurring.
Now there's basically-- what I've uncovered-- and I shouldn't say uncovered. What I've noticed from talking to all of you, our customers, and our channel partners, is there's four main reasons why we're seeing this easy, fast, and lucrative thing occurring where they're attacking the identities. And the first one is around cloud services.
Now that might sound pretty easy. Like, well, yeah, things are up in the cloud. Goods or services are in the cloud. However, what we've seen is this enterprise attack surface, which an enterprise attack surface is really easily defined as a method by which these threat actors can get into an organization somehow and then get access to some type of data or identities or things like that. And again, that breach point typically is coming in the form of an identity.
But the four chief reasons we've seen-- this is the first one right here and that's cloud services. So not only are organizations investing in cloud architecture and infrastructure to try and get their goods and services there, but now what we've seen very rapidly over the last few years is the security tools to protect the organization are now also being deployed as a service.
And I'll give you an example of that. At One Identity, we participate in four market segments. Like I said, PAM, IGA, access management, active directory defense. Around 92% of all of the new opportunities that we get from customers all wanted to be deployed as a service. They're not deploying these solutions on-prem.
So that trend has shifted. And so not only are organizations moving their goods and services to the cloud, the security tools are also being moved to the cloud as well. It's a lot cheaper, a lot easier to manage, and that sort of thing. So that's the first reason why how we've seen this attack surface grown. And there's a reason why I'm telling you about this attack surface, which we'll get to hopefully before my 20 minutes runs out.
The next one is a remote workforce. Anybody remember this thing called COVID? Or have we all forgotten about that already? I've forgotten about it. Sort of. But what happened during COVID-- and most of you guys who are actually in IT-- or have been in it for a long time have probably never seen a phenomenon like that happen to an IT world like you have when COVID hit.
All of a sudden budgets fell out of the sky, and all of a sudden, everybody had money to deploy a remote workforce technology framework somehow. You remember-- how many old guys like me remember the Shiva workstations and remote dial-ins from years ago and all that kind of stuff? Got a lot more sophisticated.
So all of a sudden, we started seeing organizations all of a sudden had a whole lot of money to somehow enable a remote workforce. So this is one of the biggest ones right here. When you have a remote workforce-- we are shifting our protection model-- we're going to talk about that in just a second.
But when you have such a large remote workforce like that, you no longer are being able to rely upon network segmentation and port blocking and content filtering and that sort of thing. You now have to rely on the identity tools to protect those identity, and essentially, protect them from themselves.
And what's the fourth biggest thing? Or one of the biggest things is this lack of cyber skills. So what we're actually seeing is as this remote workforce shifts, these organizations have a lack of cyber-- enough people to support what they're actually doing and how they're accessing the data and that sort of thing.
So what do they do? Invest in two big phenomenons out there right now as well-- AI and hyperautomation. So hyperautomation would be tools like-- anybody deploy bots like Blue Prism, UiPath, Automation Anywhere? Few of you out there. Where we're actually using bots to provide basic tasks and things like that. Those bots represent a digital identity.
Now the interesting thing about bots is the security mechanism for a bot is typically held in a credential manager inside of that software application, so it kind of gets forgotten about. And we've had organizations and customers come to us saying, we need to somehow protect these digital identities because it's not being done with traditional tools. So that's another thing.
So as organizations deploy this large remote workforce, move to the cloud, they can't find enough people to help, so they start relying on automation and AI to help them because they just can't find enough people. So that widens that thing out even further.
Now, here's the biggest one you have with these remote workforce. Anybody heard of this thing around social networking? How many of you think that your employees are not accessing their personal social media accounts on their work devices? Yeah. They all are.
Now, social networking and social-- we use that internally at One Identity for things like posting blogs on LinkedIn, ads on Facebook, and all that stuff. So social networking has a really good place for all of us IT guys out there, but it also is a breach point because this is what our end users do. Unfortunately, they use their work devices to get on their social media accounts.
And I think one of the stats up there-- yeah. 73% of workers admit their social media usage is personal. So they're doing that on their phones, they're doing that on their workstations, et cetera.
So again, what happens now is this attack surface has gotten really wide. And so, again, going back to what we have-- or what we see with this fragmented market, this is traditionally how we see organizations making purchases of identity tools today, one at a time. If you, for example, need a privileged access management solution, you buy a PAM tool. If you need an IGA solution, you buy an IGA tool.
Well, the way that these breaches are occurring is they're actually finding gaps in between those tools. So that's-- you've got these four circles there. You see how there's in between. Those are the routes that the breach-- or the threat actors are finding in between. It's very simple to bypass that if these things aren't connected.
So that is why, when we look at how we have to build our protection models now-- you've heard this term out there, identity is the new perimeter, identity is the new perimeter. We've been saying that for several years. Well, the reason that identity is the new perimeter now is because, number one, your workforce is not actually working from behind the protection of a firewall. They're working outside. And so we have to build our security framework around the identity.
So essentially what we've done, we've taken the identity, moved it into the center, and now we've got all these things dancing around the edge that they're accessing. So we say that identity is a new perimeter because of the fact that this enterprise attack surface has gone so wide, the threat landscape has got a lot bigger, and now you've got these-- organizations that are trying to figure out and scramble. Man, how do I build a true security platform around the identity to protect them?
So that's why we see, again, these different types of organizations moving more towards a platform service. It's really because all of you who raised your hand as a customer or an organization out there have actually demanded that sort of thing. And that's the challenge.
So when we look at how that's occurring, those are some of the common-- those four common reasons why that attack surface has gotten larger. And so now here we go, we got these breaches.
So when we actually talk about this whole unified identity platform concept, I've done a lot of sessions like this. And typically what I get asked right afterwards-- because how you guys know how it is who have presented before. You talk about these challenges. Your session is done. You've got 15 minutes before the next one. And they run up and you've got a crowd of people around you asking questions about it.
So what I typically get asked is, that platform concept sounds great, but how do I actually get to it. What are the ways we can actually build a platform? And typically, what I do is I say you need to find three routes. You gotta look at three routes. So you can actually start to combine these things-- or one or two of these market segments to build three routes. And the first one is one that's what I call privileged access governance.
And I'm going to go through these quickly because I got less than-- about a minute left. But when you look at combining things like privileged access management and IGA integrated together, that gets you something called privileged access governance where s provision administrative accounts, and then take real-time immediate action on any type of risky activity that you see from those privileged accounts.
The next one is JIT. Who's here is zero-trust out there? Zero-trust. You see it all over the place. JIT is an acronym for Just-in-Time privilege, which is the same thing as zero-trust. What I like to look at is instead of focusing on trying to build a massive zero-trust framework that's very complicated, focus that just on your privilege because there's a lot less privilege accounts in your organization than there are regular user community. So that's one that's pretty easy. You can get that by providing your active directory defense tool, your privileged account management tool, or IGA and vice versa.
The last one, behavior governance. When you look at your access management framework, combining that with your IGA platform to track what users are accessing over a period of time, we can actually get to a point where we can remove and push access to certain applications automatically.
And I'm going to build this out-- last slide. I usually like to build it over time, but I'm going to give you just a conceptual model of what this looks like. This is just a high-level block diagram of, really, what a combined or a unified platform looks like where at the core or the basement layer is your identity correlation or your workflow orchestration, and then your four market segments on top of that hosted by and protected by a series of connectors and identity intelligence.
It's really all about how that data is going to be protected. Looking at the different traffic that comes into the organization to build a more modern framework around a platform to protect against what we see on that large enterprise attack surface. And by the way, I think you'll be able to download all of these slides. If not, I'm happy to send those out to anybody.
One more here. Customers typically ask me, where am I at? What stage am I in? I look at these as four stages. You get a fragmented state, which is like you've got no security tools in place. You've got identity sprawled out all over the place. The next one is, you've got a few identity tools. Most organizations I talk to are in that stage 2, that basic state. They've got a PAM solution, they've got IGA, active directory defense, something like that. Really not much integrated.
The third one, though, is when we get to the integrated state where you've got some routes defined of how you're going to build your platform, that's really, really good. We see about 25% of organizations building that now. A lot of the predictions we see in the market is that by the end of next year, more than 78% of organizations will be moving towards-- or at least integrating a platform approach.
Martin Kuppinger, who is roaming around somewhere-- I'm not sure if he's out in the crowd today, his analyst firm did a really good thing, I think, two years ago. They were the very first ones to create an identity fabric survey report. So basically where they pulled all of the vendors and said, these individual market segments are important, but we really need to see what you're doing around this platform approach.
And so that's a really good report. You can read that's just a little shout-out to Martin on that one. And it's really about this creating this whole identity fabric and what a platform looks like and how that's going to work for everybody.
And then that unified state, obviously, is when you get that complete identity orchestration, you've got all four market segments talking together. Really lays down a solid foundation to protect against any of these identity based breaches that you see today.
So with that said, I think I'm only a couple of minutes over. I'd like to thank you guys. I'll be roaming around, be here all week. Come over to the identity booth, I'll be sitting there, happy to talk to you guys, and tell some jokes or talk about identity. All right? OK. Thank you very much, guys. All right.
Well, you were only two minutes over, Larry. We'll give you that. Congratulations for getting to the end. Congratulations to all of you for getting to the end, but there's just one question for you, Larry.
Oh, yes. I'm sorry.
Despite the time. Within what time frame do you expect One Identity Manager to be available as a multi-tenant cloud--
Oh, as a multi-tenant cloud, yes. So that's a very good question. I thank you-- thank you for asking that. So One Identity Manager-- and let me explain to you a little bit of the history of that. So One Identity Manager is what we call a dedicated tenant right now. And I was behind creating that platform for One Identity-- I didn't develop it, but I put together the model and the construct behind that.
And so we elected to go with a dedicated tenant because we have a lot of customers--
Just give a date, Larry.
--space and all that that can't actually use a multi-tenant. So we're building that out right now. We expect it in probably about a year. We'll have a true multi-tenant IGA platform, but right now, we're sticking with dedicated tenant because that's what our customers are mostly asking for.
OK, great. Thanks very much.
Thank you, everybody. All right.
21:22