Burning Tree were at the Gartner IAM Show on 6 March, meeting with information security professionals and keeping abreast of innovation in the sector. Peter Boyle, Burning Tree’s CTO caught up with Jackson Shaw – Senior Director, Product Management at One Identity – to talk about his vision and the key challenges customers face with digital transformation.

One Identity deliver identity governance, access management and privileged management solutions to global customers. The company has recently launched a new SaaS platform – One Identity Starling – designed to help customers optimise the cloud for business, securely.

Digital Transformation and Innovation

One of the key differentiators between One Identity and other IAM software vendors is that instead of taking the normal ‘fork lift’ approach to cloud services, i.e. by leveraging on-premises software solutions for cloud-based applications by performing a ‘lift and shift’, they take a cloud-first approach from the start.

Shaw says, “Anything new we’re doing, we take a cloud-first approach. I don’t want to invest in creating new on-prem products. As you know we have a host of on-prem products and that doesn’t mean we’re not continuing to invest in those products, but if I’m going to build anything new I’m going to want to do it in the cloud. We’re not adopting fork-lift upgrades to the cloud.”

However, as the majority of One Identity’s enterprise customers have legacy on-premises systems, a hybrid solution is required. Companies are not going to scrap their on-premises software and migrate fully to the cloud, but they want the benefits of digitalisation and the ability to integrate on-premises software with cloud applications. As Shaw says,

“It’s like with mainframes. Everyone was saying that PCs would replace mainframes but actually what’s happened is that companies still have their mainframes.

“We acknowledge that customers want to run on-prem software in different means, including in the cloud. So we’re going be spending some time over the next month’s changing the infrastructure of the products so they’re more docker friendly. We’ll give the choice to the customer to either run it in a docker container on-prem, run it in a docker container on Azure, run it in a docker container on AWS or whatever their favourite host is for docker. So that’s how we want to provide our current and new products.”

Shaw concedes that small companies and start-ups don’t have this issue, there is no need to have on-premises IT solutions at all, but for enterprise customers he believes we’re going to see hybrid “for a long, long time to come.”

Challenges of Digital Transformation

Security is perhaps the most widely discussed digital transformation challenge, and I wanted to know whether this is still a common barrier to cloud adoption.

Shaw: “A few years ago security was a much bigger concern, I think it’s less of a concern now. But for our typical customer one of the challenges is still security and ‘is my data safe in the cloud?’ I think more and more people have come to realise that it’s safer in the cloud than it is on-prem. Doesn’t mean it’s 100% safe, but we built One Identity Starling on Azure because we feel pretty confident that Azure’s encryption at REST and how they handle those kind of things; we’re pretty confident about being able to give geo-isolation to folks if they want to have their data in GB or if they want to have it in the US or Germany, France, wherever. As long as Azure’s got a data centre there we can do that for them.

“The other thing is the whole aspect of PII and GDPR, and I don’t know that anyone really knows the answers to all those things yet.

I think there are going to be a certain set of customers who don’t want to move to the cloud for those reasons but to be honest if you think about it pragmatically they’re already in the cloud even if they don’t know it. Because line of businesses are buying cloud services left, right and centre, to some degree you’re trying to close the barn door after the horse has bolted. A company we worked with did an inventory and found 12,000 different SaaS applications being used across the company that IT had no knowledge of!”

This example is something all too familiar to information security consultants and harks back to the mainframe vs. PC days. Shaw says,

“What’s happening reminds me of the shift that was made between the mainframe and the personal computer. When I was in IT and I worked with a team that supported the mainframes we’d hear, ‘Jeez, the department of engineering just bought 25 IBM whatevers.’ They did this because the price was low enough and they could put it in their own budgets and they didn’t have to go to us because we would have said ‘no’ – because that’s what we would have done. We were standing in the way of innovation.”

Shaw recognises that this is the default position of the security professional, and often for good reason:

“Security always seems to be an afterthought; no matter how much security people talk about how it shouldn’t be an afterthought. You see that in some of the cloud platforms, some don’t support things like federation out of the box, and you see the rise of the cloud access security brokers as a response to that.

“I don’t know if I have a good answer, but I think there are ways to put controls on things like privileged accounts both in the cloud and on-prem to provide holistic management. But I’m not sure about how you marry that hybrid world from a security perspective. It’s really difficult. Every vendor in the cloud has a different set of APIs – if they even have an API. So, I partially understand why security departments are like ‘no you can’t do that’ because I think there still is some validly to that especially in the cloud.”

Innovation and Time to Market

Shaw reminded me of a quote he heard recently at a Trade Show that said ‘Innovation is starting in the cloud’, which he believes is 150% true. One of the key drivers of digital transformation is how quickly products and updates get to market; some new media companies and streaming services are able to release new products to market within minutes!

Companies that traditionally have been slow to adopt new solutions, whether because of protracted procurement processes or because of the time it takes to update legacy systems, stand to become significantly more agile with SaaS solutions.

Shaw: “Another thing that’s transforming companies is the fact that they can buy something from us, [for example] subscribe to One Identity Starling, and we’re releasing new features every two weeks on a two-week cadence. No one wants to be taking 300 days to move from one version to the next, and I personally don’t want to be developing software that when we come up with a problem I have to notify 250 different customers and hope that they upgrade and patch it. It’s a lot easier to do it in the cloud.”

How One Identity are Innovating

As mentioned at the top, One Identity has recently launched One Identity Starling, their cloud platform. I wanted to know what the vision is for Starling, how it addresses the hybrid problem and helps customers transition securely to the cloud.

Shaw: “One of my strategies is ‘use the cloud to manage the cloud.’ So, we’ve debated things like how do you manage the privileged accounts of cloud based properties: like SalesForce, Office 365 admin accounts etc.

“I think the best way to do this is in the cloud. So you’ll see situations where we start releasing products that are specifically built on the One Identity Starling platform, they integrate the cloud properties, but at the same time using RESTful APIs we’ll be able to connect back to on-prem systems. If a customer happens to be using our privileged product on-prem, and they decide they’re going to use the privileged product in the cloud they will talk to each other. So an on-prem person can check a password for their Twitter account, for example. But if they just want to buy the one in the cloud, they can just buy the one in the cloud. So we’re just going to try to give a lot of flexibility to our customers in how they deploy, and of course it will all be SaaS based pricing.”

One Identity Starling runs on Azure. According to Gartner 80% of customers have moved, or are moving to Office 365, which uses Azure Active Directory to manage users. Therefore, Starling’s user experience is enhanced as users login with their corporate ID to access the platform and software.

Shaw: “The benefit of that it that when someone leaves that company they no longer have access to our software. So just from the whole aspect of digital transformation we’re taking out the identity layer so to speak, which from talking to customers they think it’s a great thing because they don’t have to do password sync, they don’t have to do creation of user IDs anymore; it’s all based on the corporate credentials, corporate identity.”

Data intelligence is another feature of Starling, aggregating data from users to provide baseline intelligence for customers. Shaw says,

“One of the things we’re doing is the next release of Password Manager will hook into the One Identity Starling platform in the cloud so we’ll know every time someone resets a password on a counter. With this information, we can tell a customer when they’re implementing Password Manager that ‘your password policy is less restrictive than 75% of the other companies that have set one up’, or ‘you’re not using multi-factor authentication but 50% of the customers that are using our product are using multi-factor authentication.’ A lot of customers have asked for it. They’re asked for things like ‘what are other people in my vertical doing?’”

Making digital transformation easy for customers is perhaps the most significant challenge for vendors like One Identity. However, as many companies are already exposed to security risks because of users are deploying SaaS applications without authorisation, it would seem that IT and security teams need to start ‘using the cloud to manage the cloud’ fast.

If you would like to discuss any of the topics discussed in this article, or to talk about specific issues your company or organisation face with digital transformation please get in touch. Call 01252 843014 or email info@burningtree.co.uk