This is identity at the center. If it has anything to do with I am this is the go-to podcast. Now your hosts Jim McDonald and Jeff Steadman. Welcome to the identity of the center podcast. I'm Jeff. And that's Jim. Hey, Jim. Hey, Jeff, how are you? Oh, not so bad yourself. I'm good. I've been wondering. Are you excited for your trip to London which starts early next week? Yeah. So recording this one advance. I figure when this one's going to go live think, probably July 3rd.
So I will have returned from one at that point. But kicked out in the fourth wall today is June 15th as we record this. So I have not even thought about London. Yet, I just want to get to the next two days and get through this week and kind of get things, you know, buttoned up. And then I will start to think about it but yeah, it is getting close. So I'm looking forward to that. Hopefully be able to connect to some people in that area and dementia.
May be meeting up with Andy for 40 or putting a pub crawl or something like that. So we'll seeing crumpets tea and crumpets. So I have not been to London proper ever. So it'll be my first time visiting the city but yeah, we'll get that. I will be looking forward to it after I get The next two days. Well, I know you're going for the, the Cubs and Cardinals game. And you remember, the question I asked you, the first time I met, you, do you like baseball?
You said, no. But you like it enough to go. There you like two Cubs and actually, the Cubs are doing pretty decent this year. Are they the Cardinals? Well, the car driving catch up on it. Cardinals are one of the worst teams in baseball and they've got a great, some big-name players. So if you had a chance to see a Cubs win, yeah, hopefully to apply that fly. The Big Apple WI. Out there and go for it. So yeah, I'm not much of a baseball fan but the Cubs are my team.
And yeah, this is a makeup from a pandemic trip. That we were planning all fears back at this point. So this is when it got rescheduled and so we're we're making the trip out there to see that and do other things so yeah, I'll be good time. So look I so I said I will be looking forward to it after I get the next two days.
So we're recording an intro. Today, I recorded with Martin grouping or yesterday he's been on the show in the Has he was on episode 106 where he gave us his origin story, how it got into. I am sitting ask that question again, as per our tradition is also an episode 194 and then so this will be episode. What? 220, yeah. Number 220. Yeah, the hits just keep on coming baby. They sure do.
So yeah, unfortunately had a late-breaking meeting and just to prove that the podcast is not our full-time job. I needed to address business first so you were able to have a conversation so so that's good. Let's see before we get to that conversation. Well why don't you tease? I guess a little bit because I have not listened to it yet. I'm going to listen to it. Obviously while I'm doing the edit for this show but what you guys talk about.
Yeah, so we talked about the EI C, which is the European identity and Cloud conference which is hosted in Berlin. I got to watch a lot of that as it was happening from LinkedIn. Gavin and having that fomo or not from, I guess I would be fear of missing out. I was just in regret not being there, really wasn't anything there, but Martin gives kind of the highlights of that. Then we just kind of, like I pick his brain. I mean, you know, he's one of
the big brains in our industry. So, went through some various topics, got his perspective. On them also went through a lightning around because we don't want to have two hour-long episodes. And Kind of the the same thing that I ask them a little bit more on. What's up coming for cooping or coal terms of additional conferences in terms of leadership compasses? Which is the name of their kind of their market analysis
reports? And I also ask them some questions about like the development of those reports and you know what, what makes a good report? What do you tell people who are new analysts working for your firm that you're looking for out of out of the Report and then kind of for a lighter note. You know, we always have to finish with a little bit of a lighter note. Okay. Now which I think you guys talk about social media or is it something else?
No, it was it was social media. I mean because I want to get Martin's perspective on. How does he use social media? Use a LinkedIn guy? I don't know him, I wouldn't have known. If he did have some Community outside of like damn that's pretty much all I use but he's pretty prolific on LinkedIn and you know I've recommended Ended, you know going out there and following him and then he kind of gives us his perspective on what he shares.
Hmm. Okay well why don't we get that conversation before we do that though just to remind people you and I are going to be the authenticate conference which is the next thing that identity is Center will officially be out where the official podcast for authenticate 2023 which is very cool. I think that's I think that's the first time we can say that is that this is the first time we're in official anything for anything, right? Exactly. That's true.
And The authenticate conferences, the Fido Alliance Conference Finals, like, blistering hot. You know, one of the things I realized that I Denver's is, you know, kind of came to the conclusion that everybody's in favor of what they do. And actually that was the topic I've come up with with Martin is like everybody seems to be in favor of this. What's your perspective? So he shares that but yeah, it's going to be a great conference
brings together. A lot of the big mines in our industry and I This one of the topics we get into which is digital identity versus identity access management and I think I didn T access management was the core the digital identity starts to get into a lot of these expending topics. You see a lot of those conversations happening at the fight Alliance authenticate conference. That's a great conference, gotten bigger and better every year, this we should be the biggest and best so far.
It's in Carlsbad California, which is just North of San Diego. It's October 16. 18th and we were able to score a discount code for our listeners or anybody who really finds out about it, Kitty's it. But the code is idac 15 podcast. So we'll have a link in our show notes for people to check that out. That's a great way to support the show.
It's a great conference. It's a lot of fun, a lot of really smart people be there and it's I would say it's a more technically focused conference special round of medication. So if that is, you know, your jam come on out there and see how use our code and, you know, No, let us know so we can give you a fist bumps of gratitude when you show up there. So anything else or should we get to your conversation with Martin? I think we should get to it. Okay, let's do it. Here it is.
Good evening, Martin. How are you tonight? Ducks, I had a bit of a long travel into a sort of east of Munich today, but the usual stuff was to turn right away. So we're you driving everything else. All these things that are happening right now and then travel right away, but I arrived from so it's fine. I think there's this conception that in Germany, you have the
Autobahn, right? So if you drive from place to place you get on the Autobahn, no speed limit and everybody's driving, you know, 200 kilometers an hour is that the way it is. So I try to avoid driving but I can take the train even while they are. Sometimes some bumpy things was to tell me right away, but at the end of the day, you know, driving means a lot of cues. And the times and routes where you really can speed are
relatively rare. And at the end of the bar, for certain level of speed is really became becomes dangerous. And so I really attempted to take the more relaxed train travel where you can read where you can work where you can relax, I believe it's more convenient. So great, you know. I don't trust last week and I came back from France and you're traveling rather relaxed for whatever 8 or 9 hours or so through France. Then you come to Germany and the traffic is way more dense.
It's not very well flowing when there's a terrific is 10 so then so then people are trying to trash that they have to stop again and Cetera you end up in queueing. So we spend 45 minutes in a queue. We didn't have a have any traffic chairman in France, for the time. So I think that the fun of driving having trouble is massively overrated from an outside perspective that leads to my opinion.
I probably get a lot of negative feedback right out from all the ones with me to just broadcast it. Our interests lastic drivers. But as I've said, I'm, I'm more the Public public transport side, which is very good over here. I like taking the train as well. You also see the world, enjoy it a little bit and get some work
done. Like you said, so we are Recording this episode in the month of June, it's going to drop on July the 3rd, but in the month of May in Berlin, you held the EIC which is the European identity and Cloud conference, right? It looked like an amazing event. I was kind of following along in my LinkedIn feed definitely regret missing it. Unfortunately, it's, you know, we can only make it to so many conferences per year and the travel from the u.s. to Europe is kind of was prohibited for us
this year. Hopefully, next year, we can make it. Can you give me some of the highlights from the conference? What was what was it like? Yeah. So first it was the biggest yes you ever. So we had so many people this here way more than in the previous years also. A lot of people trying in virtually we had in on the first day we had a workshop where we really looked up. So to speak all the different elements and how to sort of Select what you need identity management.
And so we were three from our clinical team, MLS team doing the drugs from and I spent more less the entire four hours just responding to questions because we had I think 60 or 70 or 80 online questions which Never experienced an in any of these events. There was a really huge
engagement. I learned that we had some 400 people, so 100 something in your room and 300 or so training virtually for this Workshop. So we added a huge audience and I think it was a cool thing at this conference because there's a lot of interaction, a lot of discussion aside of all the panels and presentations and Keynotes, and topic wise, I think what Of the hot things. Definitely was decent her identity and more to practical use case for another.
So, how to make this work. So I spent some time for instance, talking about really Enterprise, use cases, and the value of decentralized. Identify the Enterprise, I believe you can do a lot of things better in aichi, a for instance, in onboarding process. But also when we didn't add, this was another important topic. Let me comb or to policy-based access them, then all these these we seized or Proofs is verifiable trenches or cold. They can, they are in fact attributes for a position.
We can use some policies. I think this is this is a pretty pretty cool thing. So these are some of the topics that were very hot but it's usually I see there's a good mix between really fundamentals of identity management up to the very future looking topics. So we don't try to cover the entire range. What is your like average level of experience for your guests? Who attend the conference?
Are they people who are new to the industry couple years, or they people who've been in the industry for a long time. I think it's increasingly more about worse. So in the, in the early years there, so we are running EIC since 2007. So in the early years it was really erratic relatively small group of us. Entity professionals that crew. But in the, I would say, the past two years after the pandemic. I've seen so many people. I've met so many people, I've
never met before. The are really new to the industry that quickly come with some experience or from other markets from other areas, come from cybersecurity, come from other it areas or that our young people that are entering the market. So it really has changed. So it's not to trust the old IJ people, that have been whatever already working with son, identity manager. But really, it's a very, very mixed and very heterogeneous, very diverse group know, it's interesting.
Tell me a little bit about the expo, hall, the vendor Hall. I always feel like a conferences, that's such a great area to catch up with people and rekindle old relationships, and make new relationships. Yeah. So what we do is we don't have a, we have an act for all. We don't have an expo hall. So what we don't have is we don't have this Hall, which is segregated from the rest. But for instance, in the the boozes they are in the area where you also pick your food. So sure, get breaks.
There's there's a you a lot of interactions of people are around the different bruises etcetera and I think this is something which we Means that there's always plenty of opportunity to talk with mr. Wenders, without extra walking into separate halt halt, that are maybe even bigger way, so that it's very cozy in that sense so to speak. And so, I think this is something which is a bit different than for several other conferences.
I've been out in the past. So in terms of speakers at the conference did you have mostly Cooper Miracle analysts or were there other people who were also speakers that at different things? And you know thinking of some of the past analysts who have been on our show includes Paul Fisher and John Tolbert. Were those folks, they're presenting on their areas of expertise and then did you have
other people from the outside? As that JD I see is not a catalyst only conference, which is a few others talking. So we always try to have a very good mix between analyst analyst presenting. But also analyst participating in perils endless are frequently, the moderators so that they can moderate. Real is with a big or strong knowledge about what they are moderating.
But we also actually have to dispense Kino, it's we have a lot of panels with industry experts and I think, when you look at who were all speaking them, many many of the, the well-known industry experts are there, both from web to vendor side. But also, from the end user side, we have we have end-user presentations or best practices. A lot where people talk about what they experienced in making things work. So I think we have a really broad mix of different different Topics.
And then we have a couple of tracks always running in parallel. So a lot of choice between different types of sessions. Yeah, I really like going to panel sessions because I know personally, I prefer to participate in a panel rather than be up in be a solo speaker.
I think it invites more, people who would not speak to get up there and share their opinions which kind of leads into the next question I had for you, which was You know was there anything that you learned or heard that you didn't know or maybe challenge some existing belief that you held going into the conference? Yeah that's always a good question. So I think I'm still learning on everything around. He seemed relaxed identity
because it's so much and flow. So this is definitely one of the areas where I see it is continuously evolving given that. I spent some time in what rating
the identity fat Prix track. This truly was a bit more about the sort of the fondant foundational aspects where I'm, I'm relatively familiar with but I think that where we all I think to learn a lot of sand where I tried also to educated but there's some salt is there on the potential for policy-based Access, which is for my perspective, her Definitely a very critical area of a very huge potential, but we also saw, what was definitely some discussion around the
upcoming. Yeah, I'd us 2.0 regulation in Europe. So which is about the interoperability of Eid within Europe and potentially Beyond which also relates into EU wallet. Projects are as links to these gender identity aspects. This is really one of these areas which I will further analyze from where I've been one of those subject. I will definitely take a closer look at this everything around shared signals which goes a bit into which is somewhere between
identity and cyber security. So they were so many topics and I still I think have a quite quite a list of things I'd like to to cover in the some of my LinkedIn posts and blog posts within the next Couple of weeks a month. Yeah. So I would definitely recommend that anybody who's not following Martin right now on LinkedIn. It's something I would recommend to do. Thank you. You know, Martin, I wanted to bring up a couple of Hot Topics in the identity space.
Really get your impression or your, your current thinking on them. And what I really want to know is there some of these things Revolution? Terry or evolutionary and you're starting from the premise that the identity access management space or digital identity is I think people are calling it more. Now, these days we had access management, we had identity management, which later became identity.
Governance, we had proved privileged access management but now there's all these new areas and I want to know, you know what your thoughts are on specifically Some of these areas whether you think they're going to have a Major Impact or they're going to kind of fade away. So the first item I like that, what you said I am versus digital ID because I think digital ID is just a broader
term. It covers more than the traditional identity and access management so it's a digital ID looks at all types of identities looks at new use cases. A lot of things around decentralized identity and I think there is also reason why we see so many new people into space because it's growing well beyond the traditional, I do them. Tray ml trying to move over, never workflow and a bit of role management stuff. I totally agree. I feel like the space is
evolving. The name had to evolve to be more compassing of the space and things that are coming up. And the first one I'm going to bring up, I think is a perfect example of this. So which is this concept around decentralized or user-centric identity self Sovereign, I'd give you whatever you want to call it and wallets. Game Changer or not. And are we looking at this actually you know, coming to fruition that everybody kind of starts to feel it within the next few years.
Yeah it's definitely more revolutionary side. I talked a lot about especially when I talked about the Enterprise use case and I said in some way it's disruptive, but it's also not disruptive it's disruptive. In the sense that it enables us to do a lot of things better and a lot of news things we couldn't do so far and I think there will be a lot of things that we don't have on the radar yet or most have don't have on the radar yet.
So truly go beyond his time in scope of today's call but many years ago probably 10 12 years ago we talked about something we called life management platforms. Which was an idea, a concept that would allow someone to keep
all the relevant things. Like whatever their to pay salary statements insurance contracts and whatever else somewhere in the the web and control access to that, I believe, with decentralised identity, we can finally realize such models, which allows us typically different way of interaction the internet. So there's a huge disruptive potential but it's also non-disruptive.
If so, a decentralized identity, doesn't break the fact that a retailer has a system of records that they have their own back-end systems, at the end of the day, it still means there's Marty cooking or purchasing something. Trusted mapping could be here comes in a little different way, so it doesn't break the bag and and for IGA for instance, we can use it for onboarding because we can use that verification. Then my wallet are is the rarefied credential based on our
video. And for instance, that I'm out in cooking oil based on my naturally ID card, that's very good for onboarding. Because it's a tool for this is Martin kobler onboarding at cooking column list and this simplifies the onboarding process which is a very costly process. When you look at onboarding process, they are really long cumbersome and it cost a lot of money. We can make them more efficient without breaking. The, I am system in the Pagan when we do. Don't do it better.
When we say, hey, we use the verified credentials for authorization because they contain a lot of information. Then we sort of speak to the next step because then we add a better identity management policy based, which truly then changes a lot. But I think what we must understand as we can use it, now, you can make a lot of value now without breaking everything. But you can evolve from there into areas we can land Our await far away from from today, with
today's technology. So in that sense, there's a also disruptive potential and it's the end. I think it's revolutionary revolutionary and it feels to me like I think in all things technology Legacy is the biggest threat to hold it back from kind of moving forward. I think in this area is probably more truth in any other area. No. So given that No, no.
It doesn't take my Ig use case. So take the onboarding process at the end, the onboarding process means that there's marketing cooking or that comes in and that may go through the HR System of the mid co-director timss, but I used the verifiable credentials Theses to justify. This is Martin is still, my trust is cetera, et cetera. And this makes the process lean and then it's in the system and the system can continue to work as it works today from their own week, then can gradually improve
other things. But it isn't that it that the Legacy hinders Us in adapting and discern drives identity. This is just not the case. Okay, so let's move on to the next one. So I Eve, the explosion of the privileged access management. Fees, when you consider Solutions, like Kim cie a more Cloud, Focus Solutions and tools to support devops Secrets management.
You're looking at at Paul Fisher's privileged access management leadership Compass. I mean, I think there are like 30 vendors and I listened to the podcast that Matthias does. When you have Paul on it was like there are still some that could make the cut. So it could have been many more than 30. That feels like an area that it's probably being driven largely by the cloud, but I want
to get your input. You know, is our revenue is a revolutionary evolutionary and is this where do you see this going in the next few years? I think, if we will see a lot of convergence here, So so we have secrets management, we have key and we have them areas where when it's cloudy for Section
title. And remember, so to speak up lights as well, then any workloads that run on premises in, on a couple native environment where we have certain but not all of the problems we have in the public cloud or a public is infrastructure as a service environment and we have to traditional impairment.
So I believe that we will see see a lot of So we will see Shirley several more startups appearing, but over time it will be the usual, some of the commercial vendors at capabilities, some acquire, some of the some will remain specialized to enter a specialist vendors on certain areas. But I think we also from a sinking should look at this as a As one big problem, which has different facets. So that complex problems past are deconstructed into smaller problems.
And then put together again by, there are so many overlaps that when you deconstruct them sort of construct. Again, you can will find a lot of synergies in the lot of overlaps between the different areas and so this is where I believe we will see you conversions from a and then evolutionary Revolution. Very depends, probably very much on the standpoint. So when you take, whatever cyber-ark solution, as it has been in the past years and they have definitely made progress in stem.
But when you take it for additional cyber, I can stall from that perspective, just will be sort of speak revolutionary because it's really something way bigger, very different. I think, for most vendors in this space, it's a loser because they are already on their Journey. These are from the Secrets are the key more the Tricia pan space but they are sort of rolling their products.
Yeah it kind of feels to me like we've got to traditional Pam vendors that have focused on the Enterprise for many years and it's now this rapidly evolving Cloud infrastructure model AWS. Google Cloud azure. And it's creating opportunities for innovators to come in for for start-up companies to come
in and solve specific problems. That larger firms are will ultimately have to catch up to. I also think there's some new capabilities, you know, like, you know, we talked about that Kim space to me. The biggest thing that comes out of that is finding identifying over-provision accounts and to me that approach has been the over-provisioned account is the account that has roles has access assigned and it's not using them. Yeah, it's not using the access.
Yeah. And then by the way, that means that, that showcases its that only Pam that relates to Keen, for instance, it's also, I Che because right, what what you're talking about, this at the end, that's an X components challenge. That's right. And it's over so and we tend to First vendors moving from sort of speak access governance for humans and the traditional static access, chewed-up world of systems except accessing resources. So I think we will see a lot of
a lot of change here. And I'm I'm very convinced that neither the past nor the IGA Market will look the same in three or five. It's from now. Yeah, I've said it a few times on the podcast that I think the way that the IGA Market evolves because, you know, we kind of like point to that Gartner stop doing their magic quadrant on it. In other words, the space was mature and there's not enough Innovation happening in the space to keep doing a magic quadrant.
To me that that might be true. But I feel like the definition of IgA, you know, having one place to go to know who has access to what it's got to be more. It's who has access to what, and what are they doing with it? Or they have access to what and is that the appropriate access right? Are they using the access?
You know, you see a lot of things happening around AI am L, whatever it is in Iha, for instance, we see Things like was one of the topics, I see, I trusted put finalized my, my leadership competitors on the case. Risk management Access Control tools for sap and find a lot of business applications of who separate ones fun focusing, really on the sap space. One more heterogeneous, line of
business applications. That it's interesting to see that several vendors from that space are are expanding into. I j. So, to speak. For, also, the whatever. Sort of traditional, Ash radiactive director and so on what work. But you also see IGA Wonders that are shifting like 88 Point mr. Erp master that position shifting into the outer space, the aiarm space. And so I Che is not standing. Still, this Market is still
evolving. I think I will be way more Evolution. There's weight was a need for a more Evolution to go more into just, in time, access and Sarah, but And so that's why I say it'll look very differently differently in three years from now or five years from now. But we need still a means to to manage identities and accounts and title months and access. Maybe not primarily for static entitlements. We push it to systems wire connectors, but basic Travelers, including the access governance
charge. And is it then governance for forced Adding a title, montsouris. A governance for policy based Access Control to access governance. This will not go away. Yeah, so that's the, that's the next topic that I wanted to bring it into, was authorization authorizations now on the front page, you can. And if I think the industry has been in love with role based access control, it has warts, it's not perfect, but people conceptually understand.
Role-based Access Control Where's policy based access? Control is really more focused on Dynamic grouping of access Dynamic, grouping of users, providing them access and expanding the data that could normally be used within a IG, a or Nexus management tool to develop roles, that would go into role-based access control. So it seems like policy-based access solves so many problems. Alms. But my concern is that it's held back by the fact that people are would be nervous, not understand it.
And that I think you've got another perspective. Also around the auditability of it. Yeah so I think that we need to differentiate. I think what organizations best for takes a multi-speed approach. Because policy-based access for legacy applications is definitely more difficult.
It's not impossible but it's more challenging but on the other hand we see a strong adoption for instance around opat open policy agent so developers of Digital Services laughs this concept because they don't want to care for authorization. They want to ask the system. They want to rely on policies and just this is facing a strong uptake. So I think it depends really On the audience, how fast it's going forward.
So basically I think as an organization what you do today is you should think about how can I move forward towards the policy based access future. And you know, we need to be clear. This is not a new thing. Tim, you know what has been released in 1976 as a product? What's right? IBM, Rockettes Russell's access control facility. So 1976 this is 47 years ago,
policy based access control. So to speak, in some sense and the externalization of authorization already was something that was coming to into the market back then, so it's nothing fundamentally new. I think we, there's Surely some, this will use also from exact meal that was hot for a while and it didn't become as broadly used as a lot of people expected in the industry. But I see a huge potential as he also very significant benefits and policy pays taxes.
And as I said, when we when you develop your applications of all the stuff you do around Digital Services, I think it's the logical thing to do and then this is the fast track so to speak and then there's the slow track which is Modernizing your legacy which takes longer and in between you know we using policies for Access Control, 40, trust everywhere there are
policies. So we do a lot around policy based access already and this is so to speak somewhere between the fast track and the slow track, where we have where we have. A lot of things. We've actually do. What we need to do is we need to to to combine that we need to set up the governor's. I think the governance is definitely very interesting point because We have one thing where it simplifies a lot. So policy, power analysis policy, lifecycle.
Policy governance is way way simpler than roll. Based governance a role based environment policies are easy to understand. You can write an natural language or something which is very close to natural language and you can implement the life cycles, all that stuff and then do a super reviews because people understand it because it potentially are less our policies. All good. The other point is policies. Make decisions based on data they receive from certain bond.
That means that what we also need is. We need Ate our governor to ensure that we have the correct data. We are basing our decisions on. So data governance from that perspective, must be one of them. Next, big things that are at rest. Yeah, I think you're right. I mean, the example, I always use with the policy based access control is say, you have data in a financial system which is
maybe your account balance. And if you're a high net-worth client-server over a million dollars in assets with this firm, then you get access to a policy based. Grouping or roll and you can access certain portions of an application or things like that, but that's that data. And from a data governance perspective, you need to make sure that the inputs into that data that it's not going to be
changed by some application. You weren't aware of and now, all of a sudden, it starts, giving people access that they shouldn't have access. Yeah, so yeah. Now I want to have, you know, getting better than what we have today. It's also static entitlements, that's not step difficult. So because at the end when we look at what is the root cause of most of the challenges, we have an identity traditional identity management in our
static entitlements. We need these complex role concept because we need to manage that entitlement they get out of control. So all the recertification stuff is because of talent. So some of the most painful area you're dealing with our because of these static entitlements. Yeah. I think Is that the reason Robb are back. So attractive is so many people are starting at Ground Zero and it seems like such a major Improvement of her where they are today.
They understand it, but let's move on because I thought it is questions, we were talking and I really think that this is an area of concern for me is that I hear a lot about the All these schnoor, the idea of companies kind of building a suite of IM capabilities. So rather than I'm an IGA vendor and I continue to improve my product and build out the functionality that I'm going to improve by also having single sign-on by also having privileged access management.
My concern is that comes with the cost of innovating within your course space Us, and we get less Innovation, the course space, and we just get up a bunch more sweets. Do you think about that? I like I said, you know, I see so many startups and probably more startups never. So when we found that compared called analysts several people that, you know, that is too narrow space. So few vendors did weren't that many identity management
vendors, back them. Nowadays, we have probably ten times as many vendors as we had when we founded a company called some close to twenty years ago. So I think that that means we see, always startups coming up. And yes, we see Wenders to go into we provide more capabilities. She got very fundamental difference to two to four. More days has Tweets are very different than Suites have been so to speak. These are the Commander's call it platforms. You may like the term will not.
But what in a world where we talk about container-based, diplomats very talk about microservices very talk about apis. It is that we don't talk about big monolithic systems anymore. So what happens in The Innovation is usually that smaller services are added that can communicate that are integrated via dashboards and biotic by a consoles Vallarta abilities that have a consistent set of apis and that makes it simple.
And I think from a customer perspective, we introduced this concept of identical bricks a couple of years ago. And this is not about saying I have one product, but it's about saying, I have a very good understanding about which Services, I need, which, how they are provided, and how they
interoperate. And this is always has always been Based on the assumption that this goes into is based on all these modern architectures based on apis based on micro Services based on its of that container based employment Etc. And I think, in that way, you can well-balanced these two challenges of on one hand saying I want Innovation, I want to be able to add Innovative Parts into it. And this is way easier than in the past, you know, you can
address examples. I'm frequently talking with taking westerners and when I go back a couple of years, then then one of the biggest concerns were that if it. Okay, I have here, one in, Western, in my portfolio. I wender a dad. Like to purchase one or two. All right. I'd like to acquire winter. A be a to vendor. B is why I have a, I want to eat. But unfortunately, my render a Builds on Soft that and went to be built in China. Travel, for instance, in this area is extremely complex.
This is not a big issue anymore because you say, okay, these are services that runs a, the cloud to communicate where IP is, who cares about the other pod. That's very long as you can maintain as, but there's also the I feel like we need to for the I am practitioners out there. Yes. Everything you said is true, but I also think that we we can't fall into the Trap of thinking because we put something in the cloud.
We've absolve themselves of the responsibility for being secure because I think ultimately the buck still stops on our plate. Your foot do a one of your your podcast to that. It was my colleague, Mike, small and talk with him about tenant and provide a responsibility and all these things. I'd love to. I'd love to. I think there would be A great topic. Martin I don't want to not get through our full list here and so what I'm going to propose is that we do a lightning round.
Now I'm going to throw a topic out there and then, you know, take 60 seconds to two minutes to kind of give your thoughts on each one. So one of the topics that's been really hot and it feels like we have unanimous opinion that this is good. Great for the industry is Fido to you know, passkeys web. Fan excetera. What are your thoughts? Yeah. So I think path keys are just making things more convenient for users. That's good.
I think that it's erupted too. Disruptive thing is really webathon, because web Austin means that you go from the user and the device directly to the service. You don't go through access management system.
You don't go through gateways anymore, at least not necessarily you stood potentially could use them, that means but But that that you have potentially a couple of applications that are excess directly and so you need to rethink the way how you manage access and control access across these applications where again policy based Access Control definitely would help that that we also have our options.
But you this this will change a lot in the way we interact to applications and which components we use for work or need for what? In our? I am infrastructure. So this has a A disruptive potential. Great second one it wouldn't be an. I am discussion. We didn't bring this up generative AI. I've seen cool things really cool things there. We I think we are all aware of the risks that are in there.
There are things that are definitely over high and you know, imagine everyone trusts would use trap GPT for creating output. Then there would be nothing new anymore, so to speak at a certain point, you know, if it would become a self-contained system. So there are limits there are risks. We should be aware on the other hand. They are really extremely smart Solutions. I've seen based on generative. A I specifically, when you combine that with for instance log data in security analytics
etcetera. So that just conversational but really bringing together a Lot of information, then this is something which is very helpful. I believe that, for instance, the way we are and already starting it's the way we are using search engines change fundamentally. So the typical prompt we used as you can, whatever, one year, two years, three years. Maybe we won't see it anymore. Yeah, I think, you know, I've used the generative AI, the chat
GPT a few times. I say, you know, write me a summary of something and it seems to take that something and form it into a really good search gets the data back and then forms it has pros and like this pretty cool. I don't know that this part is revolutionary but I've also seen demos of where entire legal documents at least you know, if you took the 80/20 rule of, I'm a lawyer, I need to create this document. I put it in a report. Request for a document, it spits out 80%.
Now I just have to edit and do 20%. I've made myself potentially much more productive. Yeah, that's I think that's what we should should understand. It has a potential for making us more productive. Making up. If you use it the right way, it will be a journey as usual. Okay, next one. All right, last one orchestration. Yeah, cool thing we see. So many good orchestration Solutions, nowadays. How's it going Beyond? Sort of certain use cases into really more generic solution.
The one thing I own, I'd like to bring up here is what? Let me use. All these are consideration tools. What about, for instance staging? So development test production, which is still needed. What about code? Versioning coding quotas. What about documentation? You know, I started with very traditional programming languages and I used I learned that we need to commend every line of code more or less or every section of code at least.
So a lot of things that are essential for for development and at the end, its development frequently are lacking in the orchestration tools. This is what when just must fix. We need to because otherwise you know, imagine you using the solution which is orchestration tools for a decayed or so and a lot of people have changed who's able to maintain it. So I want to shift gears a little bit and I want to understand more about what's coming up for Cooper.
Nicole, do you have any more conferences on the horizon? Anything else this year? Or are we looking at next year? So we are currently working on launching a Cybersecurity to arrange more cyber security conference, in November of a shorter run, in mid-november in Frankfurt, which we call cyber Evolution. So, the are could be revolution or LPS revenue for in cyber and evolution. When we look at different aspects of whereas, evolving.
Also truly a bit, the impact are the intersection between identity and cyber security. But also, So surely the impact of a I will fiber security but also that positively and negatively but also some of the more down-to-earth subject. So this is thing and then surely next year in I think next year or early June due to all the public holidays we have. And in May and tronie, early June European identity conference again and Berlin. Definitely did the away.
You want to miss and up to miss. You should be there. So first we'd love to You know, I mentioned a few of the leadership compasses that have come out recently, they privileged access management. The IGA leadership Compass. What else has been published recently or is coming out soon? That's how I talked about the application risk or Access Control tools leadership come boxes.
Which I have been working on which are currently, in fact Jack. So when the review and We have one on software supply chain security which just our work in progress attack surface management will be one of the other a couple more. We would definitely cover some of the upcoming topics, like at end, this threat detection response, which probably will be that out in 2024 because the true leadership combat takes takes its time. I'm currently working on email security topic that I have to
say really came back. Some way. So which is, which is a very important subject. So many, many different topics across identity and cyber security. So, you guys do the leadership Compass? What other types of reports you publish? That's what we have. We have to execute, give you, which is really product-focused thing. We do leadership, brief and advisory notes sometimes, which already more conceptual, we have a platform Casey open select, which is growing.
Are we where customers can sort of use information? We have from leader to composite cetera, to come up. With a short list of products, they want to look at have a closer look at which is read online tool to support tools choice. And so these are some of the format's. We are doing video. Also writing a couple of white papers together with vendors and stuff like it. Well, I knew you guys best for the leadership Compass. Probably all laugh.
For our listeners to as well. What is this secret to writing? A good leadership Compass. If you hire somebody new to write one, what do you tell them? What advice to give them. Yeah, so when I, when someone you starts with the leader to combust L, then we work with a very close mentorship, so across the entire process. So that is always something where experience analyst is guiding a new analyst. What is most important? I think most important is, I would say at the end or what
have really thorough and lasses. So, really got through a lot of data. We have this question as we do the briefings to cetera but also sort of a critical mind. So how do we rate or vendors? Tell us and what do I unders ride the questionnaire ecetera. I think this is this together is
to secret of ethical. And that's right, we have in our leadership Composites that we have multiple dimensions of a look at market and product and way, should leaders and combined leadership and that have spiders, which go more into detail. So we take really different, different perspectives, which I believe is very healthy for the
customer as well. I like the breath of the leadership compass that the number of vendor solutions that get looked at and analyzed and I can imagine the amount of data that gets crunched to come up with a 50-page report. So what you must start with, to get down to 50 pages, must be immense, Martin. You've been super, super generous with your time today. And what I'd like to do now is to try to do our normal Cadence of ending on a lighter note.
And one thing I know about you is that you seem to use your social media. I follow you on LinkedIn, use your social media, very effectively. I was wondering if you could share with our listeners, your strategy for using your social media. Yeah, so so first, I concentrate on LinkedIn because I think fall from my domain or unidentifiable Securities is the most relevant one. So I don't spend time on other social media channels. I think that that is part of the
secret. And then I've learned as a very, very good social media manager, Marina. And she gave me a lot of his wives and so I'm currently working. So, I had a gap for a bit of a plan, B, being on vacation but currently preparing a couple of Articles and posts on different subjects, also to become a bit more continuous and what I'm covering them. Surely us rib. Flying back to comments to questions Etc. And so, I think this is basically there's not much sort of rocket science in that.
It is really I think sharing enough of your salt and I was asking for feedback asked, if he'd love what they think about it, this usually tends to trigger more discussion than and in the comments section cetera and this makes it more Interactive. So just the way I use it. Yeah and I think it's a very conscious approach.
I try to be conscious as well because I realized that sometimes you if you like a message or you comment on a message it it's going to potentially end up on somebody's feed and you don't want to waste their time by liking somebody's like, you know potential like a graduation picture of their kid. Nothing wrong with talking about the graduation of your kid. I think that's a great life moment. That probably is more face. Exam for LinkedIn, right?
So but it's a balance. I also want to like that picture because I like that person and I'm happy for them that they've reached that Milestone. So I think that's a big part of it is, you know, for me is making sure that things that I potentially put out. There are relevant to the folks
that I'm connected with. So that I'm not taking space on their feet with things that they don't care about people, they don't know, I This is a good approach just kind of final thoughts and takeaways that you might have for everyone. Yeah, I think we touched so many topics and I think that the most important thing is probably this all this Innovation happening to to look at the positive potential. So not being scared by all, this is changing, this is changing.
But speaking about, how can this help? In what I'm doing, potentially even without breaking everything, because a lot of this Innovative stuff really adds, instead of breaks the things likely to rise identity
with touch this. And this is, I think, the way of thinking we should take looking at the potential but not in fear of, oh, this will break everything because it will not, it will help us to evolve identity management or digital Identity or maybe from identity management to digital identity. Absolutely. Thank you Martin, for all of our listeners, you can visit the show on the web at idac
podcast.com. I'm follow us at at IDC podcast on Twitter, we also have a mastodon setup which is at idac podcast at info dot X Change and you can connect with us on LinkedIn. Thank you everyone. And we'll talk to you on the next one. Thank you, Tim for inviting me. You've been listening to
Identity at the center. We hope you've enjoyed the show, make sure to like rate and review and we'll be back soon, but in the meantime, hit the website at identity at the center.com and find us on Twitter at ivac podcast. See you next time on identity at the center,