This is identity at the center. If it has anything to do with IAM, this is the go to podcast now your hosts Jim McDonald and Jeff Stedman. Welcome to the Identity at the Center podcast. I'm Jeff and that's Jim. Hey, Jim. Hey, Jeff, how are you? Oh, not so bad yourself. I'm doing great, man. I feel like we have a real treat here today. I think identity at the center is the the home of the identity legends. We've got another identity
legend with us here today. This man, you look at his LinkedIn profile, it's like, it's like if Tom Brady had a LinkedIn profile. Now, I know maybe I'm overhyping it a little bit, but he's also from Boston, so I figured, you know, there's a little bit of a connection there. But I mean, I don't want to give away all the details, right? That's what the show's for. But I mean, this is going to be a fantastic episode. I mean, it's in the show title, so at this point you really can't spoil it.
But yeah, we, we definitely have a great get today. So we like to say the business we've got another sponsor Spotlight episode for those aren't aware these are special episodes that we create with our sponsors. It's something we do in collaboration, gives us more of an opportunity to kind of deep dive into special products, services, whatever it may be in the industry. So kind of gives us you know a little more deeper than we would normally go in a in a in a normal episode so fully
sponsored. Today's sponsor is Zilla Security. They are working on making identity security simple for all of us. And joining us today we do have Deepak Teneja. He's ACEO and Co Founder at Zilla Security. Welcome to the show, Deepak. Thank you. Hi, Jeff. Hi, Jim. Great to be here. Thanks for having me on the
podcast. So Jim mentioned that you're the you might be the Tom Brady of I am I don't I that feels like that is either good or bad depending on who you might be in the world because there's a lot of love and hate for Tom Brady. But let's start with your identity background, because it is long and illustrious and we'll probably have some questions about that along the way. But tell us a little bit, how did you get into the world of
identity and access management? Is it something that you chose or did it choose you? Yeah, Well, thanks for the kind words first. Yeah. And the comparison with Tom Brady, I don't know about that. He's not, he's not super popular in Boston these days, but so I got started in identity management back in the 80s. I was a a developer working on security and authentication and directory services before there was a security space.
So and I found it intriguing. It was the idea that you know all of these network services, file services, print services and so on. This was the early days of the Internet that they were all coming up and the idea that at the center of it all was identity was was super intriguing to me. And that's that's sort of what got me into it. So you've been working on identity for let's see 40 some years. I feel like Jim and I, you're like 20 years each I there's
there's a lot of identity. Know how on this on this session right now I guess tell us a little bit more about Zilla security. You're CEO and a Co founder. First of all for people who aren't familiar with Zilla, tell us about Zilla and then tell us a little bit about your role. What does ACEO and a Co founder do for an identity company? Yeah. So let me sort of link up the dots there. So you know, as I said, I was started out as a developer in the identity, security, identity
and security space. But I've been doing startups now for for 25 years and this is actually Zilla's actually my third identity startup. So starting with a company called Nitigrity way back in the early days of the Internet where we we actually created the 1st LDAP enabled single sign on solution out there and our our products did very well in the
market. And then Natality was acquired by Computer Associates started another identity company called Avexa which was perhaps the first first company in the identity governance space. So we called it access governance back then and this was of course the mid 2000s when Compliance was starting to become a big deal and Identity compliance was something everyone needed. So you know Avexa as well sort of the Avexa products did really well in the marketplace. Ultimately we were acquired by
RSA. So Zilla is a company that my Co founder and I started in 2019 realizing that Identity had sort of become much more business critical than it was 10/15/20
years ago. You know, the cloud had made Identity the new security perimeter and that that fact brought with it this notion of organizations really needing to think about identity as as not just in terms of an identity provider, not just in terms of establishing the identity of a security principal, but also in terms of locking down the access that identities had. And so we we, we came up with the idea that this is really identity security.
So while the last 10-15 years in the cloud era has been about identity providers, the next 10-15 years are going to be, it's going to be about identity security providers, right. And in some sense that's the next generation of identity governance. So the identity governance and administration space was driven by compliance and driven by life
cycle management of access. But what's changed now with the new security parameter is, you know, identity security has become a key piece of that of that equation and cloud scale demands automation beyond what the last generation of identity governance solutions needed to provide.
So, so a lot has changed and really Zilla, the idea behind Zilla is think in terms of locking down the permissions, locking down the access that people, machines and AP is have to enterprise resources and do that in a way that supports security initiatives, compliance initiatives and IT initiatives around provisioning, deprovisioning and so on. So I'm curious about the name Zilla Security. I'm always fascinated by how these names get picked. How did the name Zilla Security come to be?
What's the the genesis behind it? Yeah, so there's actually 2 two reasons why we picked that name. First, we wanted to be the Godzilla of of the identity space and the Godzilla of of identity security. Right. So, so that Godzilla got shortened to zilla. And 2nd, the word zilla in in South Asia means district. So you know we thought it was quite appropriate to think about district security, right?
So it was zilla security. So so we kind of came up with that from from 2 angles and and the name was sort of bandied around for a while and then it just stuck. I don't want to keep bringing up the legend term and maybe we won't use Tom Brady, Maybe it's Roger Federer. I knew you're a tennis guy, so maybe we'll just use that. But to me it was like what really jumped out about that was, you know, Nettegrity was one of the biggest people on the
block. When I had my very first project, it was like Nettegrity obliques and I think IBM solution was already out at that time, right? I mean those are the big like choices in identity and there really wasn't much else. I think Sun had something at that point already too. So around like O3O4 and then Avexa, I mean Avexa was the next big kid on the block was Sailpoint, right? And now you're creating a new startup that's going to go ahead and compete in that.
Really, what's a crowded market? That identity governance market is kind of crowded and you're going to be competing against one of those firms that you know originally or products that you originally started up. I guess I'm wondering how does Zilla differentiate itself from the others in this space and what what's kind of the gap that you're solving? What is the gap in the market that you saw, saw and said OK, we can come up with a better mouse trap to solve this
problem. Yeah, that's a really good question. You know the space as we as we just discussed, identity governance has been around for a while, but it's been, it's been you know it was the design center was on Prem, it was very professional services centric, very the solutions, most solutions in this space are very hard to deploy, very hard to use, very hard to integrate with with enterprise applications and as I was saying focused mostly on compliance and life cycle management, right.
So in this cloud era, the opportunity we saw was to bring security into the mix to add a whole lot of automation. So the whole company is focused on innovating in terms of automation and we've started, you know, without AI and now we're infusing the platform with AI. And then finally, you know, making identity governance simple, right. It's it's been too hard to deploy. It's you know, organization stock in terms of an identity journey.
In fact, the vendors talk about an identity journey, and the word journey really is a euphemism for pain, right? It shouldn't be a three-year, five year, eight-year journey. Yes, you know these solutions and large organizations, there's a there's a fair bit of organizational complexity and it takes a while to herd the cats and get everyone on the same table. But organizations should be getting value inside weeks, inside two months, three months,
six months, right? So our solution was designed from day one to be really easy to use, really easy to deploy something you know, we think the whole world is going to need. Businesses of all size are going to need an identity security solution just like businesses of all size need identity providers today, right. That identity is the security
perimeter. If you don't lock down that perimeter in terms of access, if you if you don't have your privilege controls in place across the enterprise, you know you're you're asking, you're asking for a breach and and that's what's playing out out there. If you look at all the data breaches happening across the world, they're all rooted in identity and access exposures of
some kind or another, right. So so how does how does how do all these organizations of different sizes truly go off and deploy a a solution that can lock down the perimeter, lock down the perimeter and at the same time you know serve the compliance needs, serve the IT needs around joiners, movers, levers. You know there's identity is this holistic is now this holistic layer that has to get deployed properly across the organization and identity providers are a key piece of that.
We see ourselves being the identity security provider that's going to step out of the mix and complement the identity providers out there. Deepak, you threw a lot of good brick crumbs out there. We'll get to all of those. But before we go down that route, I want to bring you back because one of the things, OK, you've got this crowded market and I'm wondering what your approach was.
It's not like you went and acquired some company that had a customer list, right, and that you're just basically building from there. So my question to you is what's kind of what was your approach to the market? Did you go for the, you know, are you focused on the Fortune 500 or even bigger organizations? Did you start with going after like building a solution for the middle market? What was the approach for Zilla
Security? Yeah. So our approach was, you know let's start with the companies that care about the cloud the most, right. So let's start with cloud centric companies and and over time will address the hybrid organizations, right.
So and and if you if you go back, so we started in 2019 and if you go, if you go back and think about where most companies have been, the really large companies still have lots of on Prem applications but it's these smaller organizations you know the mid market, the low end of the enterprise that's almost entirely cloud centric today. So that's sort of where we started and we said OK let's go to them, let's not take on the on Prem mess inside most companies, right.
Let's provide those cloud centric companies with with identity security, with identity governance with the security compliance and join a mover lever automation they're looking for. But over the last year and a half we've been going up market right and so now we're starting to go into the hybrid organizations.
We're starting to support the on Prem environments, the on Prem applications and we're starting to tackle the broader needs of larger enterprises and and that you know we're still not going after the the massive organizations in the world, but you know in in 2024 we're going to start heading in that in that
direction. Yeah, I mean I was introduced to Zillow security actually by one of my clients and they started showing me around the the platform and you know, I don't think you'll have to go after the large mega corporation.
I think they'll come after you you know they'll find the the solution and reach out to you but kind of what you just went through there and I think it it's probably obvious to me the benefit to the buyer is really like OK you you've everybody's trying to be cloud first I shouldn't say everybody but the majority of organizations are and I think a lot of that on Prem infrastructure for a lot of organizations is things that don't translate well to the cloud.
But if you're kind of taking that to clients that you've already kind of solved most of the cloud space, I would imagine that's a large part of the the value proposition as you as you move through that strategy, would you agree with that? Yeah, absolutely. You know the the larger organizations have a growing cloud presence. They're using infrastructure platforms like AWS, Azure, GCP.
They're using SAS applications. They still have the on Prem infrastructure on Prem data, but what they need is essentially identity fabric. Fabric's a popular word these days that works across the board, right. It doesn't really make sense to have a a solution that just works on Prem and a solution that just works in the cloud. It's it's identity is a holistic, it needs to be a
holistic solution. So, so our approach is while our you know while we run out of the cloud ourselves is to provide ways to to actually integrate seamlessly with with applications and infrastructure both in the cloud as well as as well as on Prem. And that that integration issue actually is perhaps the biggest differentiator we have right. We make that, you know the last mile has all has always been a huge pain in identity management.
So we focused very hard on making sure that integrations are drop dead easy. You know it doesn't matter whether an application has a REST API or not. You know, we can integrate with it and we can integrate with it so easily that in 5 minutes someone can build a connector to an application that's driving, in addition to the simplicity of the solution and the automation, that that integration issue is
driving a lot of our success. So I think that's a perfect segue into, I want to ask some questions around the product itself. And I think one of the key features that I've seen out of it and when I remember I saw it, I was like, oh, that's pretty neat, was this idea of introducing RPA or robotic process automation into tools like this, which is not something that I've seen before with, you know, other other players in the market.
And you've got this thing called Zeus, which one excellent name can't go wrong with that Zus, Zilla. Universal Sync, I guess for people who aren't familiar with what that is, can you talk a little bit more about Zeus and how that fits into sort of the master plan for for Zilla? Yeah. The challenge for us, you know, in the early days was if we're going to provide an identity security solution, it has to work with the entire tax
surface, right? So when we started connecting with companies, they said, you know, I've got, I've got applications, home grown applications, I've got legacy applications, I have applications, lots of applications that don't have REST APIs. And what all the vendors are talking about is, is REST API integrations. We need you to help us with, not just with REST APIs, but with all the apps that don't have REST APIs, right. So that's where the robotic process automation came in, right?
We spend a lot of time trying to figure out, OK, how do we seamlessly and easily extract the accounts and entitlements, the granular entitlements, the group memberships, the roles, what have you from applications of all kinds, right? And infrastructure elements of all kinds. And that led us to this idea that the one place where that information is always available is in some sort of administrative console or administrative user interface for that, for that system, right.
So, and we said, well, since the web has become, you know, the common user interface for these applications, if there's a way for us to parse HTML and figure out what the most common themes are, what the most common approaches are to displaying accounts and entitlements and roles and so on, we can actually crack the snot. And so we spend a long time trying to figure that out and you know, the result is, is Zeus, right. So it is, it is, it is very cool robotic automation that just works.
You can, you know, deploy it super easily. You can authenticate with with whatever your authentication MFE environment is that can bring up, bring up systems, extract the data and send it securely over to Zilla. And that that helps us deal with all kinds of systems that that organizations are struggling with today. I'm going to barge. In here because this was what was demonstrated to me again by client, someone who was
responsible for access reviews. And I said, look, can you show me what this Zilla tool can actually do? And he brought me and he said, yeah, sure. So imagine I have this application that I need to do an access review of and it's this cloud application. And I go in here and Dezilla and it's like within 30 seconds he had kind of the campaign defined.
And then he went out to the app and like, I don't remember exactly what it how it worked, but I think there might have been like a ribbon bar over the app and they went into user management for the. App. And then it asked them like highlight the area where the users are or usernames are and highlight the area where the e-mail addresses are and highlight the area where the
entitlements are. And then it was like, now it just basically created a access review based on, like, you know, a business user going in there, not writing a script of like, hey, hit this API and and take this Jason file and tear it apart. It was like, just go into the page and like, draw these squares over the data. And it was like, I've never seen anything like that.
I mean, and Deepak, I know I'm like probably oversimplifying it a little bit, but, you know, I think I was more technical than this user. And I know I'm not the most technical person, but it was like, you know, OK, pretty much anybody who knows how to use a computer these days can do that. Am I describing it? Well, yeah, you. Described it very well and that's what our customers love.
You know, it's very easy for for for an application owner or or a security staff or anyone to just create a web recipe for, for bringing data out of out of a system that doesn't have a REST API. And it sort of goes back to the, you know the idea of automation. It's you know this is automation that that enables comprehensive integration across the enterprise. But we've we've tried to kind of infuse the the product, our solution with with automation
across the board. Automation to make it easier for stakeholders to deploy our solution, automation to to enable IT reviewers to make decisions more easily, security people to define policies more easily. Automation to leverage tools like identity providers or ITSM systems or or security operation centers automation to measure
business outcomes. So you know that's I think that's the direction the space is taking it is you know organizations have certain outcomes, business outcomes in mind and you know they need to get, they need to get to those quickly right. So no one has the time to or the money to go hire an army of professional services people to to do all this work over over three years or five years. You know, people want QuickTime to value and they want something simple that just gets them there.
I mean, can you? Ask for a better commercial than having like one of your customers talk through like yeah, this is how easy it was to set up, right. And and and they're talking to a seasoned identity expert. You know, Jim, I know you're not saying you're not technical, but 20 years in identity is nothing to to sneeze at.
I mean that's that sounds to me like that's you know a CEOs like dream, right, is to have advocates from the customer standpoint telling others in the space about the product. I mean it seems like I remember when I saw that I was like Oh yeah, I've never seen anything like that before. Like how does that work and does it work and what you know, what happens when screens changes and and all things like that.
I guess I I'm not even sure what the question is here because I remember being so fascinated by it. And I remember thinking, OK, like a lot of this is based on automation that I'm not even sure what the engineering effort was to actually develop something like Zeus.
I mean, how do you, how do you even think about the different permutations that might be out there from an automation standpoint is OK, we want to, yeah, highlight this area of text and this area of entitlements and even navigate pages and things like that. I mean, that must have been a pretty significant undertaking. I'm thinking from an engineering aspect. To pull that together, it was. It was, it took us, it's taken us many man years of effort.
It's it's patent pending and we're still taking it forward. So there's there's a lot more we can do with it. So it's going to, it's going to continue to evolve but but it is, it is a huge differentiator for us and it really makes our customers lives easier. So I. Don't ask you a a hard question because I think this is top of mind for probably people is when they see and hear things like
this. And I would definitely encourage people go to the Zilla website, zillasecurity.com, sign up for the demo and watch how this works. But what happens if the screen changes? Is it easy enough for me to go back and sort of fix the the automation or the script or whatever it's running that says OK, it used to be called this or maybe the interface changed because I'm a SAS provider and you know they like to mess around with their interfaces. How do I get around that fact?
Because I feel like that's the first thing that comes to mind and say, OK, well, you know, screen scraping, which is kind of people have that nasty reaction to it. But you've figured out a way, I think, to make that a little bit easier. And I want to give you an opportunity to talk about how that might work. Yeah. That's a great question. So screens do change. Now it turns out that the administrative side of of an application doesn't change as
often as you might think. So people, you know, developers try not to muck around in that too too often, but they do change occasionally. Now the nice the great thing about having a / 100 customers now is when a when an applications administrative screen changes it, you know, we find out about it, you know immediately, right?
Cause 'cause just think about that, it's the data collection is going to fail and we're going to get pinged and we're, you know, the Zilla support site is going to find out instantly that something's gone wrong with this particular application and the
HTM LS changed, right? So, so our engineers would overnight will overnight kind of jump on that issue and beef typically before a customer even realizes that that a certain integration has failed, a Zeus integration has failed, we've got, we've got a solution for it, right. And that that once, you know, once the solution is in place, then it's really easy for the customer to go pull that, pull that new recipe in and restart, restart the restart the Zeus,
the Zeus integration. So it it, you know, it sounds like, Oh my God, these things are probably breaking all over the place, but they're not. Do they break occasionally, yes. But when they break, they can get, they get fixed almost immediately as well. I love that. Idea of sort of almost crowdsourcing some of the information that's out there, but this idea of recipes, you mentioned it earlier in our conversation and you just
brought it back again. So it leads me to believe that there is some sort of, I don't know, Rolodex, I don't know what the right thing a recipe card holder is. If I is that how myself as a client, I would pick that up and say, hey, I'm a customer of Zilla and I have this recipe that I need to pull down for an application. Is that how it works or is there a different way? Like, how do I how do I take advantage of that recipe well? You actually don't see the recipe.
So when the integration is built and you might be the one building it, you're really building it with the Zilla's with Zeus. And so it's in some sense a a zilla recipe, right? But it's a Zilla recipe for that application. And that recipe gets saved, and that recipe gets saved in a way that enables it to be used by you, but also potentially used by by other people. Not with your data, of course, but but with with their own
data, their own applications. So I I you know the word recipe is sort of the underlying technology tidbit, but it really doesn't surface to to a typical customer Deepak I was. Asking you questions earlier about how you to market, but I'm also wondering like who's your buyer in most organizations because you did mention the compliance fees. I know that the person that showed it off to me was doing the access reviews kind of governance focus.
So I'm wondering about these different personas within an organization that buy and use Zilla. So is it like auditors, GRC leaders, identity practitioners, or are you selling to Cisos? Like who contact Zilla or who do you contact at those orgs? Yeah, so the. Economic buyers are the chief security officers, the Csos or the CIOs or the heads of IT. But invariably there's, there's folks that report into those, those, you know, those leaders who become champions of of our product, right.
So if you think about the compliance driver, it would typically be someone on the identity team or someone on the GRC side who's responsible for access reviews or responsible for segregation of duties. If you think about the security team or the security operations team, it'll be someone who's who's involved in, you know in nailing down the, the security posture for the organization or in in identity threat detection,
something like that. And then if it's if it's join a mover lever management or access request for employees, that's probably something that folks in IT will get involved in right. So. So you know the thing about identity is and the thing about our approach to locking down access, locking down permissions is it becomes one holistic identity solution that then gets leveraged by different teams in
the organization. So you know the Identity team certainly gets involved, GRC team gets involved, auditors get involved, security team gets involved, SEC OPS and of course the the folks in IT, you know we we actually leverage popular ITSM systems for a lot of our workflow. So we've tried not to reinvent the workflow, reinvent workflow
for our own purposes. So we work very closely with systems like ServiceNow and and fresh service and JIRA service management and so those teams get involved as well, right. So there's a lot of stakeholders which which kind of makes sense because Identity is is unique in that it's one area of security that touches every aspect of of a of a business, touches so many
business processes. So the stakeholders across the board, right, But the people who actually, you know, become champions of our solution are are typically on the identity team, the security team or the OR the IT team. You brought up an interesting thought for me, which was around
integrations. And so I know a lot of organizations say all right, we're going to, you know here's all the requirements or use cases that we have and when it comes to integrations to 3rd party applications, those that you can provision to or pull data from, you know what is your
approach to that? Is it that you have a lot of name connectors like hey we have a sales force connector and a work day connector and these fifty applications or is it more of like a standards based or is it really come back to the Zeus model or is it a a mix or hybrid of those? Yeah. So there's a lot of different ways and way in which to integrate with the systems,
right? So we talked about Zeus, we talked about REST APIs, there's some applications, legacy applications and so on that that simply have file imports. There's no, there's really no other way to get at the data. The only way to get at it is to export some sort of report or export some sort of a CSVA comma separated file.
And then sometimes particularly with on Prem systems or on Prem applications, you'll find databases that have that have permissions in them and of course you use Sequel to get at those at those permissions. So. So we have a lot of different ways in which we could we could
bring data out. It really depends on, it depends on the application and when you walk into a large organization typically they've got so many applications that you use one of you know you use 30 REST API integrations, 30 Zeus integrations, you know twenty of those integrations you use all the different types. And so our approach to that is we've got you know over 900 at this point built in integrations, they're just part of our platform.
You can just start to use them immediately, but then you can build your own, right, because it's so easy to build your own right. And and a lot of our customers will just go off and and start, they'll use the built in integrations. They'll have 10 apps that 20 apps that don't have built in integrations. They'll go create no code REST API integrations or they'll create you know the Zeus integrations we were talking
about earlier. So what we're trying to do is to make that process really, really simple and and build a community around it. So over time there's there's always a Zilla integration for any application out there, right? And if you've got some homegrown applications or web portals that only you know about or digital through digital transformation, you've built your own apps that no one else has, well, you can build your own integrations for
those as well. I think I I. Like that question a lot, Jim, because they think, you know, we saw Zeus and they're like, OK, that's pretty cool, but it's not the only way, right? I'm looking at the website now and you've got API integrations and you can search, right? You got file imports and as cool as Zeus is, it's not the only way to integrate with an application. I just think it seems to be like it's it's sort of that missing link, right? We see a lot of vendors in the
space who have API integrations. We have A and they also typically have some sort of file import, but there's really not
anything in between that. And I think that's where the differentiators that I've seen Deepak from you from Zilla, is that Zeus offering right to be able to go in and sort of bridge that gap in a low code, no code way to really kind of solve that that in between issue, I'm probably not as articulate as saying it, but it does that resonate with kind of what you've been seeing from, from your clients and out there in the field? Yeah, that's exactly.
Right, that's exactly right. They leveraged SU state, which makes it easy for them to to bring in the data. And as I said, it all kind of comes together in, in the context of more and more automation to very quickly get to value, you know, QuickTime to value, make it, make it simple, make it easy, right. That's that's the idea here. So let's talk about. That QuickTime to value because I'm always interested in finding out. OK, sounds cool. You know I'm a little bit jaded
when it comes to security tools. Yeah. Sounds really neat. Deepak, you know how long does this actually take to get set up? What do I need to put in place? I guess. Can you talk me through? Sort of what does it actually take to get this up and running? Can you kind of walk me through that? Maybe in a very high level, step by step, we've got a. Process.
We realize that particularly in larger organizations there needs to be a deployment methodology that that that's well understood and guardrails for for for a deployment like this. But you know, the basic steps are very simple. You know, you first tell Zilla about your environment, right?
And that could be as simple as saying, well, we're using Okta for single sign on, or we're using Microsoft Azure AD for single sign on. And you know, Zilla can pick up the apps from from the single sign on solution, but that that's perhaps only half the apps you have. The others you, you, you tell us about individually or you tell us, well we've got this information sitting in a database somewhere. We can pull it in from there.
But the first step is essentially tell us about what's out there, what is your environment like? And then one by one you start integrating, integrating those apps. Now I mentioned the directories and single sign on solutions because that in you know that's where you you get your your basic notion of identities in the environment right. It doesn't tell you about about the machines, all the machines you might have or all the APIs
you might have. But it certain certainly tells you about all the users and the workforce and. And so as you start to bring all of this together, the system starts to now correlate the accounts and entitlements and all that granular information it's getting from the various applications or infrastructure elements or systems. It starts to correlate that to the identities from the directory, right? And it starts to create this complete picture of of who or what has access to what, right.
It starts to identify you know what's what's what's third party, what's privileged, you know, what's a service account, what's an unused account, you know. And now that correlated identity and access map of the enterprise becomes a foundation for the compliance processes, the security processes, the join a mover lever processes, right. So that's how the the identity, governance and security features that we provide are essentially layered over that that access map. So you start.
Talking about your direct resources and and I now I'm going back to the recipe. It's like, OK, you're you're collecting your ingredients you've got your process. What is the. And here 2 questions. What is the fastest time to value that you've seen to get something out of Zilla that's usable and the and you know, the client or the customer's happy with it?
And then what's the average time 'cause I know we we all times hear stories of like, Oh yeah, I got this deployed in 36 hours, like, OK that sounds really neat, but is that realistic? Is it more like, you know, from an expectation settings standpoint, is it generally around 2 weeks, 4 weeks, six weeks? Like what do you typically see as like a normal sort of setup? Yeah. Typically it's the order of, it's in the order of weeks, but
there's a lot of variability. And you know, the biggest issue often is who really has the knowledge and the credentials to set up those integrations right 'cause we don't need much. But if you think about a REST API integration, for example, we're going to need something to get that going.
And and often times the person we're working with on the other side isn't the one who has access to that, to that data and has to get an application, the technical owner of that application involved, even if it's just for 30 seconds, right. So that's that is often the biggest hurdle in in getting going quickly but usually it's of the order of weeks. You know in a in a mid sized organization it might be just
two or three weeks. In a large organization with 30,000 employees, you know it might be 6 or 8 weeks. If you've if there's a organization with 200 applications, it might take you know three months, but it's it's typically in the weeks and or or or a couple of months before organizations start to get get real time to value Do you find. That there's a particular use case or something that people tend to start with when they're implementing Zilla.
Do they focus on access reviews? Do they focus on kind of plumbing, maybe onboarding, offboarding. Like what's been the go to for for folks so far? Yeah, the. In the early days for us, it was access reviews, right, 'cause we, our initial product was had a compliance module, was focused on visibility and compliance, but all of that has started to change over the last year. So now it kind of depends on the organization. Some folks will start with just compliance with access reviews
or segregation of duties. Others will start with visibility and security posture. They want to nail down the, the security exposures, the access exposures they have from a security standpoint and and and we see some organizations that are starting now with with you know life cycle management with provisioning with access requests so. It kind of depends on on the on the company depends on you know
what, what they're looking for. But I would say that visibility is almost always that's kind of a a common denominator across the board because everyone's looking for, well, how do I, how do I just get to see what I've wrought on my enterprise, right, What, Because folks don't even know all of the applications
that they're using. And so bringing all of that information into one place starts to give them that sense of, yeah, I've got my arms around this and now I can do compliance, I can do security, I can do, you know, life cycle management. Deepak, I mean just thinking back through your history again. Integrity, one of the original web access management platforms, AVECSA, one of the original identity, governance and administration platforms. Now we're thinking about Zilla's security.
What's the, what's the next chapter look like within Zilla's story? I mean you've got IGA, do you continue to just make a more kick butt IGA platform or do you go down this converged identity route that's so popular? What? What's the next chapter? Or a few chapters? Yeah, awesome question. You know, I think that Identity security itself, the way we've just been talking about it, has a long way to go.
I think organizations of all sizes are going to need a solution like this that's automated, that's simple, that just plugs into their environment and works, right. And so when we think about the future you know we're we're always thinking about how do we make this simpler, how do we make it more automated. I think AI is going to is going to change is going to make this that you know so much better than it is than it is even today.
I think the other, the other thing to consider, the other thing we think about is you know identity has been, hasn't really been a core security concern and we've been talking about security posture management and identity threat detection and so on. But if you go and talk, talk to most SEC OPS teams today, they really don't understand identity
that well. And I think that's going to change over the next five years and it's going to change partly because solutions like ours will will evolve so that they fit right in to the to the whole SoC ecosystem, you know all of the tools that that SoC teams are working with.
So. So I think I think it's all, it's really all about more automation and and more simplicity and more more sort of security more kind of fitting in with the security ecosystem and providing A streamlined solution for for identity security, right. So the governance, again, I don't, I don't see the governance requirements changing dramatically. There's always more regulation, but the fundamental requirements are probably going to stay the same.
There's going to be more and more requirements on the security side, right? And I think automation, there's going to be more and more automation needed. And so that's that's what we think about when we think about the future. I love the idea.
Of making things simpler because I think this is something that the identity industry and maybe security in other industries as well, but identity specifically struggles with very complex tool sets and things that are being done to simplify everything from the deployment to the usage to the, you know, the the consuming of the information coming out of it.
I love the idea of that. So, you know, I'll definitely be, you know, supporting you guys from as far as like, yeah, make it easier for people to do this stuff because that's probably the biggest complaint that I see from a lot of a lot of areas, not just, you know, from the the, the process, the technology side of it. But it's great. I have this tool. I'm not getting the maximum value out of it. It's not easy to use. I think it's a common thing that I hear quite a bit.
So I love the idea of, you know, making identity security simpler. If it's simpler, people are going to get more value out of it. Is that fair? Absolutely. You know. It's interesting Gartner says that the 50% of IGA deployments are in distress. So the legacy solutions just haven't served the industry that that well. I mean and you know they were
fine for an on Prem era. I think here we are in 2024 with with you know rapid adoption of cloud systems all around us and those solutions just just aren't working. You know you mentioned the word converged and I just want to comment on that. I think this idea that you know, organizations can, can, you know, go down this vendor consolidation spree and simply use converge platforms for
everything is a myth, right? Yes, some things make sense to converge, some consolidation makes sense, but but you have to think about which features hold together. It goes back to you know, there's a natural, a natural way about this. There's holistic solutions that hang together very well together. You know you you, you bring feature sets together when it makes sense. Naturally you don't. You don't just throw things into a platform and say I've got to
convert solution. So although there's, you know, big vendors are always talking about how their platforms can do XYZ and ABCI think most Csos see through that and best of breed is still very much alive and kicking. It's interesting. I was going to say something else, but then you brought up that piece and it made me think back to the Integrity was acquired by CA and they also had Identity. So they had Site minder, identity minder and Governance Minder.
They're all products and just because you put them under one brand name doesn't mean it's an appealing product. I mean, it really has to all work together or we're not. And I'm not going to ask you to comment on that, but feel free to. But the other thing I was going to bring up, Jeff was going to steal one line that used to say all the time, I haven't heard you say it in a while, but around this user experience, nobody teaches anybody how to use Amazon. You go into Amazon and you
figure it out. And why can't identity systems be that way? Because if you're going to have self-service out there, and I think self-service and automation kind of a theme for today, it just makes the whole thing work better. You can make your whole identity ecosystem work with fewer people and have it be more efficient. Customer satisfaction goes up because people can do things themselves, get quicker results. So I think this user experience pieces not to be looked past you you.
Described our vision for identity security very well, right. People should just be able to go up and start using it just like they use Amazon, right. That is what that is what folks in IT security and compliance want today. Something that is easy to use, they can just start working with it. So it's a great, that's a great. That's a great point we're not
going to top. That so we'll start to wrap things up. I I love the idea of self-service and my cheesy segue from that is tennis and service. Get it? Ha ha ha. Deepak, we were talking before the show started and you mentioned that you're into tennis, you've been playing for a long time. One of the things I could do is end up kind of on a wider note and I I'd love to talk a little bit more about tennis with you. I I'll be honest, I'm a newbie.
I have no idea what's going on in the world of tennis. I don't even think I'm trying to think. I don't think I've ever swung A racket. I did play racquetball, which is about as close probably as I I've gotten to tennis. But tell me about your tennis career. Do you have a favorite tennis player? Is it a rememberable match or something that you've played? Take me into the world of Deepak and tennis. Oh, I love tennis. I've been playing for a long time.
I've been playing since I was a little kid. It's a lot of fun. It's you know you forget about it gets you gets me into the zone you're out there on a tennis court and you're hammering away on the on the at the balls. So it's it's just it's a great hobby memorable matches memorable players that I like. You know there's a a kid he's a sensation right now.
Carlos Alvarez, he is awesome on the on the tennis circuit and I remember a match that he played, I think it was last year at Wimbledon. Carlos Alvarez beat Novak Djokovic. It was a five set match and it's one of the best matches I've ever seen so and I've seen quite a few. But yeah, it's a great, it's a great hobby. I'm not a pickleball fan. I know we were chatting about pickleball earlier.
I think pickleball's probably a fun game as well, Fun sport as well, but I think Dennis has has more finesse, so I was gonna. I was gonna say, you know, the most challenging question I was gonna ask you today was about pickleball. I'm gonna come back to that in a second. But what is the strongest part of your tennis game? The strongest part of my game happens to be my backhand, which is unusual. Most most people have a have a great forehand. I'm not a great player by the
way. I'm I'm just a club level player. But my backhand is is something that I developed when I was a teenager. There was this, there was this concrete wall, it wasn't really a tennis practice wall or anything. It was just a wall in the neighborhood and I'd go hammer away on my backhand with a with a ball on that wall. And so I I managed to develop a strong a strong backhand. I wish I wish my forehand was as good as my backhand but it isn't. Can you play with?
Just backhands. I imagine that's a lot more running, no? That. That. Yeah, that I I know people who do that with their forehand, right? They run around their backhand. But somehow I haven't figured figured out how to do that with my backhand Jim. How are you with tennis? Not a very. Good tennis player, but you know when you brought up tennis, I started to think about, you know, Serena Williams was the guest, one of the guest speakers at Octa Octane 2 years ago.
And man, what a fantastic person. It made me think of the time that, I don't know, she's like complained and got loud on the court a few times. And then it got me thinking about John McEnroe and how many times he's gotten loud on the court. And it what I really loved about John McEnroe is like, now he totally makes fun of himself, right? He he totally uses that as like a comedy tool. I think that's fantastic. The other thing that got me
thinking of is like, I don't. So I don't play much tennis, but I've golfed a lot. And what I found was the more I golf, the better I got. But the more angry I got. If things didn't go the way I wanted to, wanted them to, or if I missed a shot, it's just like I would get completely angry. So I can totally see how you know a professional tennis player can totally lose, lose their cool when something
doesn't go right or you have. I mean everything is with these like high tech cameras now, but before all that existed, if you felt the ref got the call wrong, blow a gasket. I could see how that could. Happen, Deepak? Any tips for For Jim on how to keep calm on the tennis court? I don't know, but you're absolutely right about about McEnroe. He's perhaps the most I'll tempered player ever, right. Who is a? Who is a bigger bad boy of tennis, John McEnroe or Andre
Agassi? I think John McEnroe Agassi was was the was a rebel, right? He was. He wasn't. I mean, he could, he could lose his ghoul as well. But McEnroe was a repeat offender many, many, many, many times. All right. I wanted to ask you about pickleball, and I saved the most controversial question for the
very end here. Tell me about your thoughts on pickleball 'cause I think you kind of alluded to it before, but I feel like, you know, in the Asheville area of where I live, North Carolina, there is this very, very much a struggle between the tennis players and the pickleball players. I'm not sure what the struggle is, but I'm hopeful that you can demystify it for me. I think pickleball is probably a great sport. I've never played.
I just worry that all the tennis courts in my neighborhood will get taken over by pickleball folks so that I don't want. So I, you know, but it's a great sport. I know it's there's a lot of people who've started playing pickleball. There's a mall near not so far from my house where they now have an anchor store's been replaced by 16 pickleball courts.
So you know, that sort of thing is probably going to happen in in lots of neighborhoods around the country, but where I will get word is when when my Dennis cords start disappearing and getting replaced by by pickleball courts. So that would not be good. So it's really more of a. Real estate question at this point, yes. OK, let's. I think that's a good spot. We can leave it. Deepak, thank you so much for taking the time with us. I would definitely encourage
folks to reach out. We'll have a link in our show notes for people to reach out to you on. On LinkedIn, we'll have links to Zilla Security, ZILLA security.com where people can check out more that you guys are working on. There is a very shiny green button in the upper right hand of the website Zilla Security where you can book a demo. So we talked about kind of seeing as believing. I think that would be, you know, great for people to go check out and actually see how this works.
And definitely I think people will be impressed by what they see. So I think we've had a great show. I always like to leave on a high note, so we'll go ahead and wrap it up for this week. Again, links in our show notes. Deepak, thank you so much for being here. And thanks again for sponsoring this episode. You can find Gemini and LinkedIn
as well. So if you've got feedback about this or anything else, feel free to drop it on us and you can find us on the web, idacpodcast.com and on Twitter or X or whatever it's called when people listen to this at IDAC podcast. So with that, thanks everyone for listening and we'll talk with you all in the next one. You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and
review and we'll be back soon. But in the meantime, hit the website at identity@thecenter.com and find us on Twitter at IDAC Podcast. See you next time on Identity at the Center.