Do you know who has access to what? If you are looking for identity and access management talk, you have come to the right place. This is the Identity at the Center podcast host Jeff Steadman and Jim McDonald are strategic advisors with the dentropies advisory Services practice and are here to talk about a wide range of identity and access management. Topics, comments, questions and accolades can all be sent to identity@thecenter.com.
And now on to the show. So today we've got a special guest, Luis Almeida. He's. VP of Business Development here at Edentropy. And we thought it would be interesting to have him on to talk a little bit about how the value proposition of identity management has changed. And I know that this is something that's been near and dear to his heart for a while. And we've also got Jim McDonald here too, guys, you want to say?
Hey guys, Jim McDonald here. I'm really excited about having Luis on. Luis has been a veteran in our industry. For many, many years. I'm not going to steal his Thunder by doing his introduction, but you know he's worked at several identity and access management because companies in the past. And so he has a really good unique perspective on the industry and he's really good at telling stories. So Louise, why don't you do a quick introduction of yourself?
Thanks, Jim. Thanks, Jeff. So it's for me. It's a pleasure to be here because. The respect I have for the real practitioners in the space, right, and then especially Jim and Jeff who have done it, they've been on the other side of the table really managing programs and doing the hard work. You know, so these are people that, that that I have a great deal of respect for.
I think the really good sales people are the ones that try not to speak, try try to give the customers a lot of space and listen. So this is a little bit uncomfortable for me, but but I'll do my best and I and I really appreciate the kind introduction guys. I think this is a model opening for all of our guests. If they can show the appropriate amount of deference to Jim and I, everything is just going to go great. Yeah. And I really mean it.
So, so thanks for having me. But you know, as Jim was saying, I've been in the space really 15 years over the over 15 years. I got my start at CA back back when it was Computer Associates. I was a storage guy really selling backups that, you know, you could do the backup but then you couldn't restore, which was really a horrible business to be in. And a good friend of mine, Mark Potter, who ran Identity for the
Southeast for CA at that time. He heard me on the phone banging away trying to help customers and he said I want you to come join the security team. And I looked at him and said I think you're crazy. There's absolutely no way. I know nothing about security. And I picked up the phone and kept dialing and and he insisted and it was the best thing that ever happened to me in my life. And so I was there for eight years. I was very successful selling sight minder and CA identity manager.
And you know, we used to say we'd sell out of a hole because people. One always pleased with their experience with CA, so we really had to work hard there. And after eight years, Mark left CA and went to join the team at Quest Software. He started the Identity and Access management team and I was his first hire at Quest and that was kind of a. A risk for me because Quest had just acquired Volcker Informatica, a German identity
and access management company. You know, we knew Quest is a tools company, 80 management, and we went over there and we actually did relatively well. We were there for, I was there for three years and then we suffered through a process where Vinny Smith was going to take Quest private. And then Michael Dell said, no, you're not, we're coming in and buying you. Michael Dell's engine spoke louder. And we ended up going to work for Dell and that Dell, you know, large large sales
organization. I felt Identity was going to get lost in the shuffle. Identity being such a specific thing to sell in position that that I left Dell and was fortunate enough to come join our team here at identropy. I've been here five years. It's just been for me just a tremendous experience. And the reason for that is, I think in the identity space, consulting services is so
important. And you know the ability for us to listen to the requirements a customer has and to be able to position value beyond products, right, looking at programs and and the stuff the advisory team does is just just easier. It's more flexible, we can be of more service. So. So that's it, that's that's that's my background and and here we are. I think that's really interesting, Louise.
You're there kind of in the the early days of identity management and you know the approach has changed so much over time and the vendor landscape has changed over time. I think that's been driven a lot by the the value proposition for customers and I was hoping you could maybe talk about was kind of walk us through that history. So where were customers getting value? Of and what was driving their investment say 10 to 15 years ago and how's it changed over
time? Sure. So you know I'm, I'm, I'm somewhat a big fan of the Gartner product hype cycle, right. So that's the curve that, you know, the the product increases in hype over time and then it, you know, dips down into a trough of disillusionment, starts to slowly go back up and then goes into the plateau of productivity. So I would say that I missed the upturn towards the peak. I really joined the identity space really at the peak of the
hype, right. That's when CA acquired Integrity. All these other acquisitions were going on and and identity, they really weren't identity practitioners really I mean but the people really had high hopes for identity and at that time what we were telling customers.
Is and we believe this and I think it's really important to say you know the people that I know that do well in sales and in in service providing and and helping others, you know they come from a from a place of sincerity, right. The the place is one of helping and you get paid and and you're going to make money but if your heart has to be in a in a mode of helping. So I would go out to my customers when I first got hired and and and and try to help
them. And what everybody expected that we were going to help them with was something called automagic provisioning. Okay. We were going to give everybody access to the systems they needed programmatically, with the right permissions and entitlements across thousands of applications.
And it was really an IT optimization value proposition and it was something we were sure we were going to be able to do. We were all setting out to do it. And you know that really it was a, it was a it was a value around making people's jobs easier and of course enhancing security because you're you're somewhat facilitating, least privileged. And Louise, if I could jump in for a second, these are the early days of Active Directory, right? So you're going back around? 03/04 time frame.
I think Active Directory really started with Windows 2000 so it took some time to get established and within the enterprise walls wasn't like, you know, people set up Active Directory and they integrated 200 applications into it. So if you automated Active Directory, you're good to go on a large part of your IT landscape. This is the days where applications for the most part. Each had their own username and password, those usernames to
vary things like that. So from my recollection and kind of being in that space and being a a practitioner, it was about, wow, we've got this Wild West of of Access is being managed in different ways across different applications and there was not a central identity store for the most part. Yeah, I do remember it that way. And and and the way I remember it, really. To me, which is really symbolic of that time, we're all the role engineering exercises, right?
People would get locked in a conference room for years and Ernst and Young or Accenture, whoever would come in and just do these huge role engineering exercises to create these buckets of permissions that then we would use to to provision. I was very fortunate back then that. I met a good friend of mine. He's still a great friend of mine him and the model all. Who's the CEO of Simeo today And you know I I linked up with him and that, you know, remember I
was a storage guy. I didn't really know what I was talking about so I'd let him do all the talking. We always led with this concept of role engineering, right? You need to know what you're going to provision and. That's what we led with. And I think Jim, you know we weren't looking at groups, right. We were really looking at what were those entitlements, permissions inside of the application and it was very large services projects in a large enterprise and they were
very challenging. Yeah, and a lot of, a lot of mainframes to be quite frank, you know, legacy systems, applications that were hard to integrate with. Yeah. That was, that was my background, you know when I was in first getting involved in IEM, was with Walgreens way back when.
And you know there were four of us who were responsible for creating mainframe accounts, Lotus Notes, e-mail accounts, which is a total nightmare to try and do anything with when it was IEM as I found out later on in my career. But. But yeah, it was very, it was very account based and we hadn't even considered really the concept of roles at that point. This would have been, yeah, early early 2000s. We're going through that
process. But it's funny, we didn't really even consider an I M tool at that point. Even though we were a fairly centralized team, there were still only four of us, you know, for this entire, you know, pharmacy chain essentially handling all the corporate enterprise stuff. It took a few years as we started to really skyrocket from a access need perspective within the organization to recognize and need that okay.
We really need to start to figure out how we're going to scale because Slas become a concern and. You know, this is, this is back in the old days where, you know, it's Friday and we're all working out of 1 mailbox and there's literally nothing to do, right? So we're fighting over tickets to see who's going to grab it, who's going to grab the e-mail because there's something to do because otherwise you're really kind of just sitting there
because of the man wasn't there. You know, flash forward a decade and you know, you've got thousands of tickets in a queue and, you know, you're managing a group of people. But it really was kind of a very simple time from an I M perspective. And and this conversation is really reassuring, right, because we really didn't know what we were doing. You know, we had a yeah, we had we had a vision and and we thought we knew where we were going. And together we tried to solve
problems. But what that time became was a graveyard of failed implementations and unfulfilled promises and extremely disappointed customers and. You know, and a lot of hard working sales people, a lot of hard working consultants, they're trying to figure this thing out. That was the vision and it just wasn't working. And you know, a couple reasons for that. You know, you do your role engineering exercise. It took forever.
You tried to do implementations where it was, you know, Big Bang. You try to do everything at once. There wasn't this concept of, you know. Delayed perfection, but what it what is it that Chad says all the time, you know, incremental progress which we really think about today. So there's a lot of field implementations, a lot of money spent. And you know, to this day we
still see some remnants of that. I mean, there's some large organizations that are still suffering with a large investment sunk into an identity program that's connected to Active Directory and that's it after, you know. Five years, 10 years. So that was a tough time for all
of us, I think. Why do you think from your, I'm curious to hear your perspective on this because I've been involved with implementations that have started off great having been on the customer side and then they die out and I know why those died out. It was a very good reason why I'm curious from your perspective. Where do you see the failure when it comes time to kind of figure out post mortem, you know why?
Why is only Active Directory integrated with our I M system after, you know, two years, three years, whatever it may be? You know, I think that goes back to what the work you guys do. I always tell clients that if you enter the partnership with us in advisory, our chances of success are much higher and I think that is because we create executive support. And more so when you say, you know, executive support, that's kind of like a buzzword. What does that really mean?
What that really means to me is making them understand how difficult this thing is. Going to be. And making them understand that we're going to need the cooperation of the application owners of HR. We're going to need the the cooperation across the enterprise. And I think what happens in our projects, they used to, if you don't manage them correctly, they'll happen. Now is people get tired. Right, the the project team gets tired.
They get tired of finding the political battle, and Active Directory usually goes first. It's supposed to. Be one of the easier ones, right? And the AD team is one team. You go and you bang one team on the head. But you know, you think about people that are trying to on board and and bring into the identity program hundreds or thousands of applications and that's a long, a lot of difficult conversations for one team to be having. Yeah.
I think that exactly support one is an important one because in my mind that's money. I think when I think about where I was, you know, a decade ago and really kind of starting to roll out I M Systems, you know, for for the corporations that I've worked for, it seems like they were really only funded for a point in time, right in the next two to three years.
There wasn't really much planning beyond that, you know, and and that's just something that you kind of have to think about is this is a program, not a project. Yeah, I I remember having a conversation with the guy. You know, he was like a director level professional, super go getter. You know, he wanted to fix things and he called me and I was really just giving advice because he didn't want to buy services.
He didn't want to buy product. It was he had he'd been given by Microsoft. I think at the time it was MIM or FIM. And he's like, I'm going to do this. And I said, look, man, I'm not trying to sell you anything, I promise you. But I'll tell you that if you embark on this journey by yourself, you were entering what I like to call a career Culdesac, because you're not going to be able to do anything.
And people are going to have expectations because they're like, you've got the licenses for free. Why isn't this thing done? And you just aren't going to be able to do it on yourself? And I think that really resonated for him, you know? Free enterprise software is not free. That's what I found, you know. We see that a lot of times with, I've seen it personally with, you know, Oracle license or free from an IM perspective because they get databases or something like that.
But there's a lot of implementation that goes along with it and there is that expectation that's free. Why didn't we have it up and running already? You know, there's a way way more to it, and that really applies to any software. So, so back in the day, it was super hard. We were trying to solve a super difficult problem. We didn't really understand
exactly where we were doing. This whole coordination in the in the enterprise was difficult and we entered into what Gartner calls the Trophic disillusionment to the point that it wasn't just one meeting, it was several meetings that I went into that my sponsor said don't mention identity. You know, don't, don't, don't call this an identity project. And I I was like, what do you want to call it, man? You know, that was, that was an interesting point in time.
And then I remember being in an event and my good friend, I'll mention him again, Mark Potter pointed to a booth and he said, oh, that's a Vexa. That's hot stuff. And next to a Vexa was sale point. And I'd never heard of a Vexa in sale point. You know, I had been competing with IBM and Oracle. And I got in and ignored it. You know, it's never really a visionary. I was really, you know, I sold the cars that were on the lot and did what I had to do.
But lo and behold, those dangers were going to become very close to me. And so I, I, I, I really be started competing with. And I think they played a major role in changing the story around identity. You know, so I'll keep going. I paused there for you guys to interject, but I'll keep going. So. I was trying to think of a way to disagree with you, but no, you're right. Yeah. It was two. There were two of them.
So and at that same time, which was really interesting was there was something happened called Sarbanes-Oxley was just about at that same time as well. And this isn't my quote. This is I was at his conference and I heard somebody say this what it must have been 12 years ago or so. That the best identity sales guys were Sarbanes and Oxley,
right. They really got our space moving and it was at the time where AVEXA and Sale Point entered and pretty much what AVEX and Sale Point did was they said you know what this stuff right here that I, BM, Oracle and CA are trying to do, that's really hard, you know and that's not really where the value is. We're not looking for, we're not looking to make IT people's jobs easier.
We need to keep the CFO out of jail and we need to allow accountability for access to be moved from IT down into the business. And that's when the value proposition shifted from IT optimization to governance right to and and and and the the sequel to governance or the symptom of governance is security, right? Yeah, Sox was a huge driver from from my background. I mean it essentially doubled my team just trying to just trying to manage Sox compliance, right. It's, you know, it's, it's in
its basic form. It's very simple, right? Just make sure that the access is approved and that you keep a record of that. You. Can keep all your records and e-mail and you know and and older taking systems that really weren't easy to search for or like a generic ticket. It was super hard to try and demonstrate that the otters that would come sit down at my desk and say okay here's these 30 people you know they've all been terminated. Prove to me that they've been
terminated. How do you prove a negative right. The account doesn't exist. So you're having to look back through, you know, sometimes paper and you know, at that point and it was just a total pain in the ass. I think one of the the things that I remember from that period that Louise was talking about was those come, I don't know who to attribute this quote to, but it's we still use it today. They talked about who has access
to what. You need to be able to show who has access to what and that's what there's their solutions specialized in and it's that's just resonated with everybody. Like how could you argue with that? Well, who has access to what? Not only does that resonate from the standpoint of like, yeah, that makes sense. Everybody needs to know. But remember, now we're no longer trying to do the really difficult thing. So it was like every identity guy just ran over to that and
said, yeah, let's do this. Because Jim, you know, even in our projects today, the aggregation of identities, right, the consolidation of the identities into the identity system and then correlation and doing the unique ID and cleaning the system, that's I'm not a practitioner, but from what I've seen, that's much easier than trying to automatically provision with entitlements and permissions, right. So everybody kind of flocked to that, I think.
Not everybody though that, that was just the one thing that I wanted to interject was we spent the previous five years or 10 years training up the ladder that. We need to automatically provision because there's no other way. I mean that's that's what we can do. That's how we can solve this
problem. So there was a a mindset shift, at least where I was in my career that's happening kind of grassroots of managing identities that I started to get it and I had to, you know, move that information up because I was working for somebody who said well. You know, yeah, South Point of X are great. But I need to, you know from an efficiency standpoint, I still need to do automatic provisioning for thousands of
applications. And I think you know my, my feeling and I, I feel like I'm going to say what you're going to say next was that I think South point of XI heard that they started to bolt on to their solution, the ability to manage identities right at the same time. The big legacy vendors, the CA, Oracle, IBM saw hey sale point and of XR stealing our our lunch we need to start doing
governance. So you see for example, I was in a CA shop around that time or a little bit later and you know they had a governance minder product, CA bought a bought a company, I don't remember which one you probably do. Eureka 5, right. And then they said governance Winder. So that was a bolt on and I think the advantage was it's easier to bolt on. Administration and provisioning are really not easier, but more sensical than to bolt on governance.
Where you've been pushing out, now you have to pull in versus you're pulling in now you have to push out that. That's a really interesting point and because it's really like kind of the legacy products, how they evolved over time, right. It's like all these acquisitions, the new drivers would arise and I remember that happening with role engineering, you know, son bought value. I think Eureka Fi might have been, I think Eureka Fi was actually the role engineering piece that CA bought.
There was another one that was as Israeli company IDM Logic that was kind of the governance piece as well. And these things became really hard to manage because it was just bolted on. And you know, even to this day, I don't want to criticize too harshly, but I BM has a problem where you know their their product, their their legacy product, the two aspects of it don't, don't work through the same interface as far as I understand and it can. We're still living that in the legacy world.
And now if you think about it, it's funny how in the software world things repeat themselves. This issue with maturity of the products becoming legacy vendors and we see it going on over and over. One thing I wanted to mention before we keep walking down this line here, the the, the, the, the hype cycle, is that, Jeff, something you said where your team doubled right when socks happened, To me that's a direct indication of executive support, right?
So not only did the problem get easier to fix, the products improve. We're on the second generation of products and now CFO's cared because they want to stay out of jail. Exactly. It's a big help, right? Yeah, keep the auditors off their back and you know they were happy. And I think every organization approached a little bit differently. You know the most experience that I have, we decided to create centralized kind of I am
centers of excellence, right. So things that were being disparately provisioned all around the enterprise, we pulled into one central group common set of processes. A way of doing things. And then we had a strike team, Leslie and Ray, if you guys are listening, they went out and they were brought in specifically to help pull in socks applications or applications that were identified as having socks relevance into our group and then scoring through that. So there were.
I want to say at least several dozen that kind of fell into
that. When you consider mainframes, I series, you know, kind of all that stuff, but there was definitely support to staff it. What I didn't really see as much support though was on the software side until it became a scaling problem where yeah, we're going to have to double, triple, quadruple the size of the team just to keep pace with the volume of requests as the, you know, business continued to grow because when I first started. We were on store 4000 at Walgreens when I left.
I think we're like 8000, so we doubled just the store count alone. If you imagine that's hundreds of thousands of users trying to manage all that. We definitely had to make an investment from the technology side just to keep pace, yeah. And something Jim said, right, the provisioning requirements still remained right and and
people were still doing that. Yet I think you know these side projects around governance were going on even when people had CICAIBM and Oracle, they were deploying sale put it of Vexa in parallel to that and we had two magic quadrants, right. We had the identity management, nobody says they did any management anymore, right. We had the identity management Magic quadrant. We had the Governance quadrant and then we started to suffer a lot of business disruption in
this space, right. A vexing got acquired around this time I think by EMC and then EMC got acquired by RSA, the RSA and then he means EMC and then Dell you know so. So things started getting shaken up in this, in this space. Meanwhile BMC was falling off. Remember Guy BMC had a product here and sale point I guess acquired the BMC customer base or licenses. I wasn't really close to sale point at that time. So I don't know exactly how that went down, I was competing with them.
But the net, net is what Jim was talking about was you know the products got integrated and you had I provisioning and governance in the same product that became a requirement. And Gartner released the identity governance administration quadrant, which is still what we're what we're seeing today. And we were on our way kind of moving up that height, back up to where we weren't a bad word towards the the plateau of the plateau of productivity.
You know, another thing that's happening in the background in this time frame time frame, was major public, publicly announced data breaches. And so we're also seeing, you know I yeah, TJMaxx, Home Depot, things like that target. But you also you know you'd have the the smart executive 1015 years ago would say well you know you want me to invest $1,000,000 in security. Show me how it's going to save me more than $1,000,000. How's that a good This is your
best. The shock factor of saying, hey, what if you suffer a data breach that cost you $300 million in brand equity that that wasn't even a conversation back then. Now it's like people know that that's that's a reality, right? I mean all over the, it's all over the news. So that's happening in the background I think more because one of the other things that you see, you know Gardner does a really good job, I think all the analyst firms do.
But talking about how the investment and security is you know increasing every year and it's just that it enabled the industry to grow. And one of the other I keep taking these sidetracks, but I think it's important to point out is that the identity and access management industry is always being driven by startup companies. So you we talked about CA and Oracle. Neither one of the those companies really started their
identity management system. I think, you know I was really more close to Oracle. They had some things, they went out and bought objects. Then they went out and bought the worst of small companies that grew into big companies. And you know and you still see that today where this is an industry where you can start, it's a very small company build, you know a killer technology and then get bought out by.
A larger company and added to a suite and then sometimes those companies go, you know, take a sale point or an Octa for example. They'll start as a startup and grow all the way and become a public company on their own. Jim, this conversation is great because I'm remembering things that I hadn't thought about in a long time. So about this time, you're absolutely right. People would come to us and they'd say, all right, this sounds great, Can you, can you guys do an Roy analysis?
And I'm not kidding. I look at the we as sales guys, we would look at that guy and we would say no, you're not ready to buy this. We really, we really did not do them and we ran away because this was a governance. Play so security play. You just do this. You don't ask me for an ROI. So you took me back to the day there, man. It's. All these cold shivers and. Bad memories, one of. My one of my stories is, you know, we.
The company I was working for eventually went out and we bought obliques, which later became Oracle Access Manager. But we try trying to convince an executive they should spend a lot of money on on the technology called obliques that they've never heard of before. They have to explain what it does and why it's a good investment and things like that. And again, data breaches weren't in the news all the time, so we.
Went back to the Alex sales Rep, who by the way was Tom Neckle who had been to the dentropy who later up. I know, Tom, Yeah. I was here a little while with him. He was here at I dentropy for a while. He was our sales guy and I asked him the same kind of question. I think he gave me the same cross eyed look, but ultimately their the way they would build an ROI was well how much do you guys pay for a password reset,
Password reset? Now you're now you're going to the you're digging deep in the album crate here man. That's right. Yeah password recent. We used to love that cuz we'd be like that is ROI. There was tons that we'd justify the whole identity project with password reset. That's how I got into it, and I spent way too much time running reports trying to figure out how many passes we were doing. And it was just that's exactly
how ours started. And that's funny too because you know that is significant value to the business, right? Like that's an identity value proposition where the users are grateful. The only thing perhaps better is single sign on. And if you remember back in this day, and I'm I'm mixing Gartner quadrants, I'm missing mixing sectors. But everybody wanted to do what we called enterprise Single Sign on, which was single sign on inside the organization, which was a pain.
It was not easy to do. And then things shifted again, right? It became more about web single sign on. It became and more things were Active Directory centric. It wasn't really single sign on, it was simplified sign on where you just used the same password over and over, but you didn't just automatically have access without authenticating. Yeah, you'd have like little listeners running on a D They'd pick up a password change, right? And then? Push that out so it wasn't synchronization.
Yeah, exactly. Spent a lot of time in Windows genus, right? Trying to make sure those things were. Working right for the user. Yeah, so go ahead. I was gonna say, I know you guys don't want to have a 2 hour podcast. I know we could probably. How are we doing on time? I think I got a couple minutes. I want to ask you a couple questions outside of this and I want to ask you the first one is. From a hype perspective, what's something that you see today that is either really overhyped
or underhyped, in your opinion? AI, AI. And is it over or under? I mean, so I think this is really interesting, right? This is actually now let's get the plateau. So what happened? Right, these things became easier. Applications have programming interfaces. Now that we can go in, the synchronization probably became simpler. Expectations are less so. I don't want you to provision entitlements, some do, but you know I'm okay with you creating the account.
So got easier. The environment got less got you have more access to build these integrations and we hit this plateau where where is working like we can look at our clients. So we can say it's going to work. We have you know 30 active projects. You know a couple people might not be 100% satisfied, but generally we're doing our jobs and we're coming in under budget and they're on all these issues. So now enter this new era right now, right, where everybody knows that the enemy is within,
right? Everybody understands insider threat, Everybody understands the walls are gone. People are accessing our data from outside of our data center. So the old paradigm of firewalls and keeping people out is gone. So what's left for us, right, is identity. You know, if everybody's coming in and out, at least I want to know who's coming in and out where they're going, right?
And then you know these concepts of deep learning and machine learning and A I and all of this stuff that could process data more fat, more quickly and look for behavior patterns. That's the big promise we're all living right now. And to me that creates now getting us out of this plateau and starting a new hype cycle, right?
A new hype towards behavior based auto magic provisioning and behavior based authentication and authorization and all of these things that I'm sure you're seeing as well. Would you agree with that, Jeff? Yeah, I think probably talking about things like adaptive authentication, conditional logic, those types of things, right. I wonder if it's AI is because there really hasn't been. A real good application yet in the I M space, I think there is logic, right? And you're trying to detect
behaviors. I think that's probably just one phase of it. I look at more from the end user side, right? When am I going to go and say, hey, I don't want to trigger my things in here, but you know, if I say Alexa or Google or Siri, when are they going to that natural language kind of input going to be able to infer, you know what I'm trying to do and then how does it help me get
access to what I need you? Know going forward, you know so I think what we're seeing in a I that's not necessarily over hyped is you could apply a I within the product to simplify tasks right. Repetitive tasks no longer need to be manual. There are things inside the product that are are are made easier let's say. But the real value spans the product and it really creates spans outside the product, it creates new product categories
right. So we're seeing the opportunity for integration between behavior analytics and identity governance, where identity governance tells us who has access to what and now we have to start caring about what people are doing with that access, right.
So there's a whole new shift that involves identity that surrounds identity that's wrapped around a I and intelligence and and machine learning that is going to force us to reevaluate our organizations that say, OK, I had identity over here and I had seen and behavior analytics over there. These teams need to collapse or at the very least they need to start speaking with one another, which somewhat reminds us, remember when you said you got
your strike team formed. I think this this is happening again and I think it has to happen. Yeah. There could be obviously maturity in the in the space as well, right. So products need to find some way to. How do you make either get more value out of that or explore new avenues and you know you know other ways to kind of get feet in the door to fix security things right like blockchain, right. Everyone's been talking about
blockchain. You know for I AM I'm still not quite sure where where that's going to be really applicable. Yeah in an enterprise situation I understand the benefits, right. You've got your distributive, Ledger etcetera. But how does it fit in an I AM space beyond just a management of an identity? You know, that's maybe more self sovereign. Well, I think that's yours and Jim's job, right. That's what's so interesting because we sit somewhere between
the vendor and the client. Our interests are aligned with the client. Always what the client expects for us is to push them or pull them or help them really evolve right and improve. So once you're doing that, you're not no longer doing meat and potatoes, you're you're really encouraging people to to progress. So in that sense we're moving towards the vendor yet we're looking at the vendor and looking back into the customer saying well we've never seen that done before, right.
And and and I think that that's really our biggest value proposition from an advisory and consultative perspective. Execution's huge, right? Chad and Wolcott who runs our services, his teams and screwing it in, it's like the two people you gave a shot out to. That's the Super hard work. But I think our job is also extremely valuable to say, yeah, you know what, I don't really buy that.
I don't really know if that's going to work, but we can try it and we can mitigate risk and we can do it in a pilot, but we're not just going to sell you that hook line and Sacre. All right. I think you should probably start to close it out here. Jim, do you have anything that you want to add? You know, I just just the thought that I was having, as you guys were talking about that, it seems to me that one of the areas where, you know, Louise identified the AI piece as overhyped.
I think it might be overhyped from the standpoint of whether or not it actually gets a foothold, but in terms of the promise of what it could. Deliver. I mean, I think that's the biggest threat to organizations is that they won't even know when they're breached. But the data is there. I mean all these systems are
being logged. It's just you need the technology to piece it all together and put it on a dashboard to somebody to say hey something fishy is happening over here, or to figure some automated actions to disable accounts, things like that, potentially either identifying or preventing data breaches before they occur. So I feel like the the promise of where you know, hey that the identification of this is the potential solution to the main problem that we have. I don't think that's overhyped.
But whether or not the technology of user behavior analytics really ever gets there, the thing that I've found that I think holds back technologies from really succeeding is any kind of lack of standards. So if the smart people or the. You know the big leaders within the industry to come together and form a group to set a standard like the SAMOL standard or the XML standard, you know,
and people really dot. And there are a lot of examples of those standards that haven't been nearly as successful as the ones I just mentioned. However, I feel like that could potentially help drive things products build around those standards. Then companies have an easier time adopting them. Yeah. So I agree. I think the technology's there,
right. And it goes back to the same problem we saw with Identity is that, you know, we work a lot with X of being their great friend of ours, great friends of ours. We pick them to integrate with sale point because of phenomenal product, phenomenal team. But the experience in the end user is what are the use cases, right? What are the data sources we're
going to bring in? And in the intersection of Exabium and sale point, you know what are the use cases, what how can we leverage this extremely powerful tool. So I think it's organizational and the vendors push and lead the way. But you know I challenge our friends out there. They're doing the hard work in the IT teams and the security teams, the practitioners to really consider and and they don't have time to do it, but to
consider. How can we cooperate with these other people, you know, and how and how can we get our processes together? How can we make these different tools all a part of our program? And I know we're wrapping up, but I'll just say, you know, along those lines, an example of that is pretty much everybody owns MFA, right? Everybody owns a Pam tool. Everybody to some degree kind of has an IGA tool be it you know an AD tool like Active Role Server or Oracle Identity Manager.
The challenges, how, how are we going to integrate those into our processes and how do we tie all those things together. And I know that's what you guys struggle with and that's why I'll end the, I'll end my piece here where I started it, which I always have a great deal of respect for you guys that are customer facing in the account. Challenging and helping people move forward. I think my job's a lot easier.
I agree. You know, and going back to Jim's point, as we'll close out here in a second, you know, there's, there's so much data out there that's just not being used. And I think a I definitely can help with that or at least, you know, the behavior analysis parts of it. There's an old saying and I have no idea where I heard it or when, but there's two types of companies. There's ones that have been hacked and the other ones that don't know it yet, right?
It's just there's and it's just the way it works so. So I think with that we'll go ahead and wrap it up here. Louise, totally appreciate your time. Being able to have a conversation like this is great, but hope you come back and. Hey guy, it's a privilege. Just for the record it is Friday at 4:00 PM and you know a sales guys about this time of day on a Friday we start we start you know wondering what we're doing here in front of the laptop.
But it to me this was great and and thank you guys for having me and you know have a great weekend. You've been listening to the Identity at the Center podcast. To access all episodes, visit identity@thecenter.com.