[MUSIC PLAYING] My name is Andre Priebe. I'm the CTO of iC Consult. As the CTO of iC consult, I'm taking care of our strategy partnerships, making sure we are up to date when it's about identity and access management because that is a single one topic of iC Consult.
We are specialized on digital identities and helping our customers around the globe with more than 800 professionals in the area of identity and access management, covering the most important markets in the world.
For our customers, the greatest concerns about security risks and issues, I would say about advanced persistent threats, having attackers, which really spend a lot of time and resources to get into the network to get to the critical resources. And then following up with ransomware attacks that were movement through the network. And having said that, it typically starts in how to get over the perimeter we have in place to protect the identities out there.
And nowadays, there's a lot focus on things like, how can our MFA solution be bypassed by an attacker, for instance, MFA fatigue? So people are just used to approve everything without reading it or MFA bombing attacks-- these kind of scenarios in which we have to write the right solutions in place to protect our clients against these kind of advanced attacks out there.
I would like to provide one example based on Mondi, one of our customers who focused on identity-first security. Mondi is a packaging company with a very global footprint in more than 100 locations worldwide. But instead of focusing just on one particular area of identity and access management, they decide to follow a holistic, zero-trust approach covering a couple of aspects in one project, which is about introducing MFA on a passwordless-- on a passwordless approach for their employees.
At the same time, introducing a modern IgA solution with One Identity to really having a very consistent joint removal [INAUDIBLE] processes in this very global setup, not just covering workforce, but also externals as well. And this is a kind of blueprint from my perspective when it comes to zero trust in which it really required to have a holistic approach for all these different areas in which you want to improve the security of your IT landscape.
IC consult decided to work and to partner with One Identity because we want to have the best IAM solutions out there in the market in our service portfolio. We want to have choices to find always the best-fitting solution for our customers. And as One Identity is providing a very mature, but at the same time, leading edge solution when it's about identity access management.
It's for iC consult, crystal clear, that we want to have that partnership in place. And I'm really confident that this is for One Identity and iC Consult, a very fruitful, exciting partnership. It is very important to define a solution, approach on solutions like One Identity because we understand that the topic of identity and access management is getting more and more complex and, at the same time, more and more mission critical for the enterprises.
And so by having a platform in place, like One Identity provides, we have in the situation that one vendor is providing a couple of these very, very critical capabilities. And that helps us to reduce a little bit of that complexity in order to provide a very reliable solution and also a good price point when it comes to effort implementation, effort for maintenance, and support.
And that's the reason why we decided to go down the path of One Identity for a couple of our clients. From my point of view, it is very valuable to decide for a platform instead of a single software solution when it comes to identity and access management because the topic of identity and access management is complex today and will become even more complex in the future as digital identities become more the core element of an IT security strategy.
To reduce that complexity, a platform can help a lot by having a much leaner integration between the different areas of identity and access management in place. For instance, a privileged access management for the high-privileged accounts, and the same time, combined with a management for the digital identities of all the employees in an enterprise. And applying patterns like the least-privilege paradigm, which is absolutely, absolutely critical when it comes to zero trust.
I think an approach going for a holistic platform is a huge, huge benefit for the whole IT organization, as the limiting factor for a lot of organizations today is really getting the IT resources, the people with knowledge, especially in the IT security segment. So being efficient here is a really great value for the whole organization.
Identity-first security is, for iC Consult, a kind of logical next step. And when it is about increasing the overall security of an IT organization, in the past, we were focusing a lot on the infrastructure perspective-- firewalls, networks, network zones, and making sure that the traffic is limited between the zones and analyzed and these kind of things to detect the attack.
But today, and that's somehow obvious, more and more resources, very critical resources, are not in the network anymore, but out there at one of the many SaaS providers at the hyperscalers, and partially not even managed by the IT organization at all. What is really the kind of perimeter between the attacker and the resource is the identity of the human being.
And therefore, we have to put all the controls in place to use that perimeter, and at the same time, without making it too difficult for the employee or the contractor the partner the customer to access the resource he wants to access. This is a kind of challenge when it comes to identity-first security. But at the same time, this is a pattern of the future to really protect what is valuable to your IT organization.
I really recommend having a strong vision for your digital identities in the company in place before doing these first steps. Having an MVP is great. But have an idea where you want to be in 12 months, in 18 months, in 24 months because IAM is not one small project. This is a program. It's a long journey for your organization.
And the challenges, the requirements, that's something what is really moving fast while doing such a project. So having a very, very robust, strong foundation in place is also very important. Don't forgot forget about this while starting your minimum viable product for IAM.
My advice, when it's about starting an IAM project, is first of all, think about your IAM vision, the vision for digital identities in your organization. And don't put the boundaries too close. Even if today, workforce is your challenge, tomorrow, your partners-- the suppliers, contractors, your customers are the challenge.
Your devices, machine identities, and so on-- it is growing as our digital ecosystem is having new interactions, connections, services everywhere. And this is something your vision has to be capable to fulfill all these requirements.
And then really focusing on the most important aspects. If the challenge is reducing the risk to your IT organization at all, bring in a risk management and figuring out what mitigations can be provided by implementing IAM. If it's about your privileged accounts, focus on the privileged access management part. If it is about all the cloud resources, making sure having multifactor authentication, a phishing-resistant, multi-factor authentication in place, having a robust role model in place, efficient processes to also have segregation of duty concerns solved.
And well-- and what all other risks you might have, making sure that you have good mitigations in place for that. And then really thinking about what are the process which really bring the most value for your organization? This is the logical first step that you have results at an early, early stage, not ending up in a situation in which you are working 12 months in a project and then end up with a very small amount of added value for the organization. That isn't the best starting point for your IAM program because identity and access management is typically not a thought project, but an program which improves over years.
The reasons for the growth of iC Consult over the last years and the reason for building up that global footprint is that we at iC Consult are sure that the challenges around digital identities by bringing digital identities, on the one hand, in the center of all the security activities and at the same time, having it as a kind of foundation for digital transformation collaboration between enterprises.
These are challenges which you cannot solve with having a focus on one single market, one single region because the world is global, is interacting with each other. And this is the reason why iC Consult followed, first of all, our global customers, providing services where they require the service-- at the same time, entering new markets in order to provide a holistic identity and access management consulting also there.
One Identity is, for these initiatives, a perfect partner, being a large company with a global footprint, with solutions which cover the whole, nearly the whole, area of identity access management. And that helps us that in new markets, we can focus on a very few solutions, few products, but being able to solve all the challenges our customers has, our customers have there.
iC Consult is expanding into new geographies, as we believe that the topic of identity and access management is something which is covered best from a global perspective. Most of our clients have customers all over the world, and you cannot just focus on one single market. They have suppliers. They have vendors all over the world as part of their supply chain.
And therefore, it is our responsibility to support our clients wherever they are, wherever they need our expertise when it comes to digital identities. And together with One Identity, we are able to provide the solutions for their use cases, wherever they are, and having consult with a global footprint, having One Identity with a global footprint, this is a perfect, perfect combination and makes sure that whatever challenge appears-- because unfortunately, identity and access management is not an easy thing-- that we both together can help our customers finding the right solution, solving their problems and bringing them live.
Today, digital identities are moving into the center of the security activities. At the same time, we are, I would say, in an area of tremendous change in the IT but also for our whole culture, for humanity et al, right? The large language models and the AI is a kind of starting point, which just gives us a kind of small idea what's coming next.
But to me, one thing is obvious. And a couple of companies are right now thinking about, OK, what about privacy when it comes to AI? What about intellectual properties? And these kind of challenges, we have to solve before we can leverage it really.
The bad guys are not doing that. They use it today, and the kind of attacks which they can build based on generative AI when it comes to phone calls, to video conferences, to phishing emails, this is a complete new level. And we, as IT security professionals, have to prepare for that.
And digital identities will be one of the most important, most important elements we have to prevent these kind of advanced social engineering attacks. And we have to prepare ourselves today to have these tools in place as soon as possible because the future has already begun for the attackers. And yeah, time is running up.
[MUSIC PLAYING]
16:37
