[MUSIC PLAYING] Hello, everybody. Welcome to One Identity's Cybersecurity Threat and Insights video series. My name is Darren Thomson. I'm the Vice President of Product Marketing. And I'm interviewing the industry's thought leaders so that you can directly hear from them about the challenges they're facing and the solutions that they've found.
Today's interview is with Rajiv Sagar, who is the Global Cybersecurity Lead at Avanade. Welcome, Rajiv. Thank you for being here. Avanade were the partner of the year in 2021 for One Identity. And we're so excited to build on that relationship. Perhaps we could begin this conversation talking about some of the initiatives that are up and coming at Avanade, and in particular how the cybersecurity threat landscape is shaping those?
Sure. And I think the key point that you brought up is around the cyberthreat landscape. That has really played a part in what we're doing in terms of our initiatives across Avanade. And let's talk about a few of those.
One of those is around obviously the economic and uncertainty across the world as a whole. The war and conflict in Europe has not helped. And but what it's done is it's basically moved security to the top agenda for boards as a whole. And it's been really critical that it's been seen that way. So security is key there.
The center-- the next point is around digital transformation. Digital transformation is obviously exposing and stretching our clients to ways which they have not imagined before and exposing them to more risk.
Right.
And then, third, it's about the non-human identities. We've been focusing a lot more on human identities, areas such as our eco landscape, our vendors, our clients, or employees. But we've not been looking at non-human areas as well. So the OT space.
And then, finally, decentralized identity. That's a new paradigm shift. That's where we're seeing a lot of our clients moving to, particularly in the B2C and the B2B arena.
That makes a lot of sense. And the human identity thing, to a certain extent, is controllable. Because at worst, there are eight billion of them. When we come to the internet of things and managing things as well as people, the numbers, of course, are exponential.
So let's talk a little bit about identity. You mentioned identity a couple of times there. Where are companies today, and in particular their CISO teams, struggling with the topic of identity management?
Sure. I mentioned earlier about digital transformation. And identity is going to become a foundation of that particular piece. And I think we need to make sure that that's top of mind.
But what we're seeing our clients look at is, they've got a lot of-- the CISOs have a lot of competing demands. So they are focusing on so many initiatives, so many pieces. How can we help them on that pieces, and how can we help them? And generally, what we're doing there is by asking them where are they focusing on?
And so, one of the things that we've been talking to them about a couple of things, one is around having this fabric, identity fabric, covering human identities and non-human identities. The other one is around identity threat detection and response.
The fourth one is having identity analytics, auditing and reporting. And then, just in time strategies that basically cover zero standing privileges. And finally, this unified security platform that covers identity and access management, [? CIM ?] and privileged access governance.
And as I listen to you here, it becomes immediately obvious why we're such great partners.
Yeah. Exactly.
[LAUGHTER]
We're, of course, building an identity platform with analytics and all of those sorts of things. So that makes a lot of sense.
So let's go one level down. I know that a particular topic and trend and something that your team are very engaged in is privileged access governance, particularly as that pertains to active directory. Tell us a little bit about that.
Sure. The, I think, one of the points we need to first of all start with is privileged access accounts are the primary vector for security breaches. And so, a lot of our clients are looking at applying zero trust principles to be able to address those.
But what's really our clients are looking at is making sure that privileged access governance tools are providing a couple of things. One is around real-time access control so that they can provide access controls to applications and to data securely to people when they require it where they require it.
The other one is allow around basically monitoring privilege account sessions, so that what are they doing all the time, making sure we're monitoring them, make sure that we can adjust as needed over there.
The onboarding process, the discovery of privileged access accounts as a whole, and onboarding them in a secure manner probably using some sort of smart workflow would be key. And then, finally, it's around this unified platform that basically covers IGA and privileged access governance.
There's that word again, unified.
Yes. Unified.
We've been hearing it a lot. Yes. So changing gear, Rajiv, just for a second, tell us a little bit about how you're engaging with customers. Our experience right now at One Identity is that far more of our customers want to engage to talk about a value proposition that really is a complete solution. Is that something that you're experiencing at Avanade? And how are you adjusting for that?
Absolutely. One of the pieces our clients have come back to us and what we're finding from discussions with them is that the days of-- maybe I'm saying [INAUDIBLE]-- went away, but the days of point solutions are few and far between.
And so, what we're seeing is this end to end approach. In one case, in our site, we're looking at it from an advisory perspective, implementation and build, as well as managed services. So being able to own that whole end to end service with our clients is quite key.
And looking at it from not just solving a particular technical issue, but solving a business issue. And in most cases, it's about providing a fit for purpose solution that is based on outcomes and is based on having a-- solving a particular business scenario.
And just extend to that a little bit more is around the industry. The point is, once you've got these solutions, when you're talking to our clients, again, financial services want a particular solution for banking, some people want it for manufacturing or for retail, and having that flavor really makes it very solid for our clients.
And this is, again, why we're so successful together, I think. As a software company, we would find it impossible, even if we were motivated, to bring this sort of scale to the people side of a solution and the process definition side as well. And this is, of course, where you guys score very highly and we work well together.
So Rajiv, let's look to the future. Specifically with regards to identity, what are some of the bright spots that we think CISOs should be looking out for, maybe concerning, maybe opportunistic? What are the things that you've got your eye on in the future?
Sure. So number one is around decentralized identity. That's quite key. Very verifiable credentials on B2B, B2C, that's really important. I think, I mentioned this before, just-in-time strategic approaches to zero trust or zero standing privileges, making sure that we're working that properly and they're looking at that one.
I think the other one is around this-- and I'm sorry-- this unified platform, combining identity and access management, looking at cloud infrastructure and entitlements management, and making that-- having that security-first management approach.
And last but not least is obviously reimagining what we're going to do with providing an identity for the metaverse.
Right.
That is very key and an area of not concern but a challenge for a lot of our clients. And they are looking to that, dabbling into that. And we've been working with a number of those just on that metaverse piece and how we can sort out identity.
I guess when it comes to the metaverse, as soon as there's money involved, it starts being really important. There's quite a lot of money changing hands already in the metaverse.
Yes.
So heaven knows what that's going to look like in 24 months, perhaps.
You've seen the half a million dollars worth of whatever real estate being sold.
Right.
Something like that.
Yeah. So identity becomes even more important there.
Yeah.
So Rajiv, unfortunately we're out of time. I want to thank you very much for being with me today and sharing some of your insights. We really appreciate it. And thank you to everybody for joining. We look forward to seeing you in the next one.
[MUSIC PLAYING]
08:52