Burning Tree were at the Gartner IAM Show on 6 March, meeting with information security professionals and keeping abreast of innovation in the sector. Peter Boyle, Burning Tree’s CTO caught up with Jackson Shaw – Senior Director, Product Management at One Identity – to talk about his vision and the key challenges customers face with digital transformation.
One Identity deliver identity governance, access management and privileged management solutions to global customers. The company has recently launched a new SaaS platform – One Identity Starling – designed to help customers optimise the cloud for business, securely.
Digital Transformation and Innovation
One of the key differentiators between One Identity and other IAM software vendors is that instead of taking the normal ‘fork lift’ approach to cloud services, i.e. by leveraging on-premises software solutions for cloud-based applications by performing a ‘lift and shift’, they take a cloud-first approach from the start.
Shaw says, “Anything new we’re doing, we take a cloud-first approach. I don’t want to invest in creating new on-prem products. As you know we have a host of on-prem products and that doesn’t mean we’re not continuing to invest in those products, but if I’m going to build anything new I’m going to want to do it in the cloud. We’re not adopting fork-lift upgrades to the cloud.”
However, as the majority of One Identity’s enterprise customers have legacy on-premises systems, a hybrid solution is required. Companies are not going to scrap their on-premises software and migrate fully to the cloud, but they want the benefits of digitalisation and the ability to integrate on-premises software with cloud applications. As Shaw says,
“It’s like with mainframes. Everyone was saying that PCs would replace mainframes but actually what’s happened is that companies still have their mainframes.
“We acknowledge that customers want to run on-prem software in different means, including in the cloud. So we’re going be spending some time over the next month’s changing the infrastructure of the products so they’re more docker friendly. We’ll give the choice to the customer to either run it in a docker container on-prem, run it in a docker container on Azure, run it in a docker container on AWS or whatever their favourite host is for docker. So that’s how we want to provide our current and new products.”
Shaw concedes that small companies and start-ups don’t have this issue, there is no need to have on-premises IT solutions at all, but for enterprise customers he believes we’re going to see hybrid “for a long, long time to come.”
Challenges of Digital Transformation
Security is perhaps the most widely discussed digital transformation challenge, and I wanted to know whether this is still a common barrier to cloud adoption.
Shaw: “A few years ago security was a much bigger concern, I think it’s less of a concern now. But for our typical customer one of the challenges is still security and ‘is my data safe in the cloud?’ I think more and more people have come to realise that it’s safer in the cloud than it is on-prem. Doesn’t mean it’s 100% safe, but we built One Identity Starling on Azure because we feel pretty confident that Azure’s encryption at REST and how they handle those kind of things; we’re pretty confident about being able to give geo-isolation to folks if they want to have their data in GB or if they want to have it in the US or Germany, France, wherever. As long as Azure’s got a data centre there we can do that for them.
“The other thing is the whole aspect of PII and GDPR, and I don’t know that anyone really knows the answers to all those things yet.
I think there are going to be a certain set of customers who don’t want to move to the cloud for those reasons but to be honest if you think about it pragmatically they’re already in the cloud even if they don’t know it. Because line of businesses are buying cloud services left, right and centre, to some degree you’re trying to close the barn door after the horse has bolted. A company we worked with did an inventory and found 12,000 different SaaS applications being used across the company that IT had no knowledge of!”
This example is something all too familiar to information security consultants and harks back to the mainframe vs. PC days. Shaw says,
“What’s happening reminds me of the shift that was made between the mainframe and the personal computer. When I was in IT and I worked with a team that supported the mainframes we’d hear, ‘Jeez, the department of engineering just bought 25 IBM whatevers.’ They did this because the price was low enough and they could put it in their own budgets and they didn’t have to go to us because we would have said ‘no’ – because that’s what we would have done. We were standing in the way of innovation.”
Shaw recognises that this is the default position of the security professional, and often for good reason:
“Security always seems to be an afterthought; no matter how much security people talk about how it shouldn’t be an afterthought. You see that in some of the cloud platforms, some don’t support things like federation out of the box, and you see the rise of the cloud access security brokers as a response to that.
“I don’t know if I have a good answer, but I think there are ways to put controls on things like privileged accounts both in the cloud and on-prem to provide holistic management. But I’m not sure about how you marry that hybrid world from a security perspective. It’s really difficult. Every vendor in the cloud has a different set of APIs – if they even have an API. So, I partially understand why security departments are like ‘no you can’t do that’ because I think there still is some validly to that especially in the cloud.”
Innovation and Time to Market
Shaw reminded me of a quote he heard recently at a Trade Show that said ‘Innovation is starting in the cloud’, which he believes is 150% true. One of the key drivers of digital transformation is how quickly products and updates get to market; some new media companies and streaming services are able to release new products to market within minutes!
Companies that traditionally have been slow to adopt new solutions, whether because of protracted procurement processes or because of the time it takes to update legacy systems, stand to become significantly more agile with SaaS solutions.
Shaw: “Another thing that’s transforming companies is the fact that they can buy something from us,