SushilMadhukar

foreign [Music] [Music] I mean there are too many but these are few from 2022. they were hacked they were preached as yeah there are a different region of which but all are because of the identity there were some relations either to the identity as individual employee contractor vendor privilege but all were preached why this is because it doesn't mean that they never had identity they always had the identity solution but they're still they were pleased why they were breached there were some issues and if we go online you will see the research paper everything is given there that what was the reason they were reached but all those identities so the goal is identity if we talk about we are not talking about identity management just as individual identity management now we are talking about device machines iot's everything right so we cover that identity modernization is made now it's no more that you are going to single applications active directory and you are doing the access privacy because tracking is very tough foreign impact that is what the gardener says that there is the biggest impact of the kovit is one area income and that is a identity management because everybody is remote and I was not able to even stream my successes today I don't know if that is a related to Identity but I didn't do that if you will look into this it was a Sudden Impact they found that more than 67 percent of the companies were not ready to go removed either they're had they have a bad infrastructure Legacy systems they were not able to be connected and they started hopping on that hey give me some remote access have the accessibility so that my people can work and they give some some level of the critical support so if you look into this one work from home was a critical way to go for identity wave and people were looking on identities some level of identity solution will come on to that what solution or to make sure that they have the people supporting but with security but I'll tell you 2019 and 2020. almost all company went remote and whomsoever went remote security was the least concern at that time only thing was the business continuity once business continuity started then they started looking back onto the security okay now people are working now let's start securing them and then all 2021 and 2022 was security and that is where we come on to the identity so just giving some high level view where we were but what was the problem and concern so if you look on to the IGA technology and what was the reason of the replacement we already talked that all the Legacy systems reporting a lot of regulations right if you look into this 30 29 and 26 which I have covered is a need for everyone right and that that driven or the identity Market on blue everybody has started doing identity services in cyber security so if you talk about cyber security identity management right and then you start thread and rest of it but if you look onto the business perspective being a user being a business side these are the key challenges everybody started integration limitations you have some Legacy tool Legacy system but now you are looking into the AI products you have to integrate with you have service less systems apis a lot of partner driven system if you look not 2022 Target Verizon all came from the partner or the bridge right if you look onto the third party access manager no audit support onto all devices vulnerability if you look for the standard system cyber identity so these are I mean it's being known you being part of the ideas nothing related to the idea so if you look all the challenges that has driven that let's go what we say that in false reaction that I need identity solution and if you go for that then you make a mistake so how business plan is here right most of the cases if you look maker you had some experience in some companies in past so I did some implementation of ICA in company I went to complete the before I assess the company we need I already decided what idea solution I do I mean you cannot have the same requirement yeah I can have product a product B product C I have used it to the company a but you cannot do it completely maybe they have the different requirement and you need to go for something else identity solution Trend so again I I love that foreign I follow them but they create a lot of trails every three months six months nine months and they start that Converse identity IGA Pam and whatnot cim and too many things being a leader and decision maker I start looking onto that should I go for my basic need or should I just go for cim directly right so these are the influencers for the decision maker cost constraint yes I need a solution which covers all my need and we talk about need but you have just fifty thousand dollar in pocket so you don't decide that what you have and then find the solution rather than you find the solution and then you go for money so you delay the process you develop your knee and the end of the you mess up with everything we are talking about impulse situation right so PWC came and they found that I have seven NCS in identity side and now board of directors are like how come and I need that I go and buy but I bought and after buying it then I am deciding okay what are the rest how I should proceed on this I got the Pam solution I got a product but is that the only need or do I have anything else to do right buyer has dominance so I I don't know how many of you are buyer and users so the IT industry are divided into buyers who are the decision maker maybe they don't know even what they need to buy and where they belongs for right they are getting the information from the users and they are taking a call but most of the time you will see that buyer has their own call and they just buy what they want but they never consulted and I saw the data to the users who are the real users and they know the pain point and that is where you create or you start the problem of unsuccessful implementation this is a data 3070 where we talk about business overview or focus on solution so you need to have business overview and Solutions in sync yes audit is a need cyber security is a mean but what Solutions feed right can I go as is or do I need to transform whole process so you need to be seen before deciding what you are going to do that these are few decision making process based on a lot of clients we work across I work across personally in last 15 years and I saw that how they're working let's talk how customer implementation and again these are all our experience which I'm sharing it and I'm sure you guys have experienced it right so nothing different it's a start from here in reality hey I got IGA solution is it implemented or no but I have the tool now I went and I told the port of director I got it next year everything is good right that is where it's started and then it came here so halfway they just found that no I have made the mistake I wanted to have the right implementation right Solutions but it didn't happen oh what to do then go for a strategy it should be otherwise right believe me or not that is how it happened this is based on 200 IDM implementation in last two years these are the cellular observations every second project and again some of the data are taken from analyst research I didn't get place to put all those few of the data are based on our implementation experience every second project has a scope and you are really agreed I started with five days plan I have a change request it's 1 to 10 days I never plan for cost my boss is not approving it project on hold I will get the approval in December next year implementation will happen yes you have started implementation where is the use nowhere every alternate scenario customization is needed you will go all the zero trust type I don't know how the reality is everybody says that it is out of Pop solution I sell it I am there but what will happen once you go to the application Corners if you go to the HR team if you go to the partner Team contract management no who told I need ABC use case to be done and that doesn't happen into the tool you've chosen I will have to go for customization you never plan for it right 72 percent of project overflow on either cost or time again it's related to this just go creeping right yes you bought the product what about the implementation is together and we'll see onto the solution side executive leadership towards idea programs should be aligned with the user most of the time you will find that a steering committee executive board they are not aligned with what is the need at the ground level so it's always top to down it should be down so again if we see the steering committee I mean most of the company will find is they are not large regulated organization that they don't have executive Estuary committee it's always goes to the Meat level implementation happen if it is happening the cost all those things are just across the board but having the large program like IAM ICA you need to harvesting Community Focus on Technologies driver and I will share the next slide that what are the drivers most of the time people once they start evaluating the product and the lenders are same deal they start talking to the solution hey how you will integrate workday or PeopleSoft it is my product they don't talk what is a use case to bring the workday and PeopleSoft into the ideal product so the top technology solution rather than talk to business what are the problems again we just discuss it right we don't talk and we do take onto the reaction as an impulse I have like 200 production issues per day I need something to be automated and fixed that's what I need and I just go and take a call a stakeholder again we talked that buyer so I don't know how many of you are the application team and somebody has came and talked to you hey I'm going to buy this solution or this product do you want to be a stakeholder and analyze it it happens I don't know five or ten percent nobody goes to the stakeholder and talk before making a call yeah I mean I don't know if you you are belonging to the security process and governance team yeah there are some process what are those process aligned right most of the time we have seen that once we start implementation they start defining the process so it's worth in parallel if process delays implementation delays and process if it is tweaked then everything gone whatever you had planned it will not happen ing buying process I know RFP it's very vague you hired a vendor and consultant he is having the copy test RFP he has gone he has taken he has written whatever you need on very high level change the name at all you put into the market make sure your buying process and the RFP is having your requirement once you go to the market we will talk about this point that you need to have assessment right assessment that what is your need before buying or before implementation and again this is related to that if you will see that vendors either it's implementation service provider service integrator or the product we talk about the technology driver mostly their focus on to the solutions and component that you have this tool to do this but why they never ask it implementation that if you want the product you are done that is what I was telling that everybody just take the flag after buying the product we are done but this is a key because if it is fail everything failed now we will have uh how to make it right again it's not like Bible this is again the experience I have listed it out and most of the time it works know your drivers before you start so there are four drivers for any IGA initiation implementation and everything you are the security concerns you have compliance issues you have business enablers or operational efficiency what does it mean if it's given it if you talk about security concern you talk about access issues excess reach control mitigations plan if you talk about compliance issues you are talking about that if your audience is separation of duties user access review where we talked about the certifications access oversight somebody has missed it orphan accounts always business enablers yeah I have like 300 000 user identity and having a user request flow is a pain point right so I need somebody to do the same service program I need user experience key two clicks done everything right it's it's happened at the very large organization not at the midsize operational efficiency is normal like I have like 700 tickets coming in a lot of production issues streamlining is a problem everything is manual I need to do the automation these are the key if you do but you need to know that what is your concern right and how you will come to know by this I'm sorry I was not able to remove the tech democracy from there but don't look at that so this is more of assessment and assessment is you know your need right where to start yeah I know IEM is requirement identity is also but how much this much that much what is the gap you need to have it and there are a lot of assessment process available once you go through that you find all the identity segments not only ICA but cim and all those identity segment you will see it's cover your all those sub segments and then you just write it right so complete your assessment it doesn't take much time the minimum time is two weeks to six weeks depending on how big your setups are spend that two weeks or four weeks before spending billions because this fifty thousand to two hundred thousand dollar investment will help you to safeguard at least five hundred thousand dollars to million dollars if there is to expand that time how does it look like so one of the again it's just a reference data don't relate anything so how does it look like again different vendors does different way but most of the time you want to know where you are in between right so if you look into this current state so assume that this is your company and after assessment because it's take time right you will have the process to do that assessment and then you will come to this data you will find that current state you are somewhere around two between one to five Where You Are but if you look into the Benchmark in your sector it's a benchmark into the other sector so we say today again things are changing that financial sector is the most mature in IGA right but if you look into the financial sector data this is a real data right they are St 3.3 for the governance of the organization out of five so now you can see where they need to reach so they are the most mature but now you think you are a healthcare organization assume that where you are the Baseline is start from 1.3 onwards some of the healthcare organization not through them they are even below one at some of the same level so again each of the verticals are having the transformation journey and they have started but you want to know that where you are and I will tell you everybody wants to go to the design level and the defined level is 2.5 enabled but you need to know that where you are what are the gaps so this is how you will see it right that if you talk about taxes management or data management governance what are the gaps you have and if you look onto those gaps categorize it high medium and low you cannot have the concept of everything at one row but you can have immediate one Define the road map start and long term and start from there so if you see here these are the differentiation and the distribution across what you need to do and how you need to drive if you know this now you think where you are to make a right decision so it's not ideal project you are not building applications you are not developing an infrastructure right right so how you want to look into it's a ICA treat as a program and that is where we were talking about a steering committee having the right stakeholders it is not technical but business focused engagement yes I know a lot of clients I work with they asked hey can we Implement IBM as a sign now you think how we will start to create a screen of a receipt program and start implementing it even one application integration method one month to two months sometime if it is a customized how you will Define the recipe right so be flexible how you want to have your deployment model how you want to take it if it is on-prem and SAS how you want to take it right so don't take it hard for technical but make it business focus other of the ICA thing is I have a big implementation I started in January my go live is 2024 January because that is when I want to do that because that is how my project plan has been defined nobody likes it because it's a business saving program business wants to see where you are certified or leaving even if you have like identity tools ready Pam tools ready CM tools ready whatever it is you just integrate one application HR System integration done so to the business that hey your HR consolidation is done in identity tool that is a success don't have all 100 application on boarded together have five applications on board a and then Define the certification process you don't have to kind of show you how it should work have integration at least provisioning and deep provisioning is happy it's automated so you have already reduced and showing to the business there is a value right so Define your early View and create ongoing deliverables like we say customization is neat but limited because you know ongoing how long you will transform right you have to upgrade the products you need to integrate something every time you will do it will create the overhead so try to live with it and minimize the gap between business need and program roadmap program has been meant for your business so make sure that your focus is your primary queries Your Business Solution so your program should be defined based on the business need don't Define the program and ask business to follow align with them again whatever we talk so far we look on to the focus visualization coordinances and security framework this is again related to your drivers because maybe you don't have only one driver but you have two drivers three drivers maybe all four because you are big organization you are fortune five Fortune 10. so Define your framework align with whatever Focus visualize and we talk about the broad and deep across all the identity don't look on ICA but you look on to your customer identity replace access if there is cloud identity framework you need to have it have that Vision structured you don't go in isolation right governance scope is very needed like we talk about because I see and meant for audience awareness compliance so make sure that your compliance team is integrated most of the organization you will find IBM is engineering at some extent the governance and compliance team is somewhere and the external auditing is somewhere you need to have all those three triangles integrated what is the implementation approach the best part and the first thing you need to know how to communicate and why we are talking about is multi-stakeholder environment you need to them have them on board and again whatever we discuss you need to have this four pillar once you do the implementation the first one is determine your use case don't see at high level this is your idea no really nice here how you treat your employee how you treat your partner device Customer because they are your identity what access they need they find those use case that will help you to Define your operational model that is the next step and that makes a step we talk about workflow how you are going to have I don't know if you guys have been ready for uh Familiar of identity members LCM lever mover all right so all those workflow definitions will only come in picture or Thrive if you know how you treat your identity then you go on to the IGA requireme