CIEM at the intersection of IGA and PAM

[MUSIC PLAYING] OK. Good afternoon. Hope you enjoyed your lunch. So we're going to have a session about Cloud Infrastructure Entitlement Management, or CIEM. That's one of the terms Martin Kuppinger used yesterday. What can we do with One Identity? We're going to show this for Azure, mainly. So I'm Stephan Hausmann. I'm working on the [INAUDIBLE] team. So Pat Hunter is my boss. Robert Byrne works in the Field Strategies team. He and I will do the topic together. And what we're going to present to you today is first of all, what is CIEM, and who cares about it? So why it's important, or why might it be important for you? And how do we address the CIEM challenges customers may have, or partners may have with customers? If you've seen a slide from Martin Kuppinger here, CIEM is touching IGA and PAM. And we're going to address both topics, even the IGA track. But don't worry. The main topic will be how we touch it from the IGA point of view. And then we'll show you what's now out of the box in the Identity Manager since version H21. So what's the key module that's in there? And then we have a few additional-- we call the power of the platform, where we're looking into a few additional use cases you can achieve bringing CIEM together with the events from Azure. So you have information. Who really used entitlements in the cloud? And also bring together things like CIEM and the privileged access governance. So is every virtual machine we see in Azure a portal for an PAM, for example, and things like that? But we'll start with some motivation. So Robert will start on that topic. What is CIEM and why we-- Yeah. --care about it. Thank you, Stephan. So I just realized that I'm on a microphone. I'm sucking on a sweet, so you're probably hearing weird noises. OK. I've got a sore throat, right? So what is CIEM? Who cares about it? Caring about things is really important in what we do, right? If there's nobody in the business who cares about it, who's going to pay for it, who's going to drive it? OK. So why do we care about Cloud Infrastructure Entitlement Management? Well, you guys know the story. It's the cloud, right? The dash to the cloud and the dash to the hybrid cloud. Because it's not just Google. It's Amazon. It's Oracle. It's private data centers that you're working with. So it's a hybrid multi cloud there. And there's a lot of happening. We know it's very important. We know that there's a lot of risk associated with it. So where we really want to get to is not to run like crazy to the cloud just because the boss said it's cloud first. What are we doing? We want to get to a secure hybrid multi cloud. That's the challenge, and that's, I think, why the Gartner called out CIEM as an area to bring all our attention to it, and to think about it, and how can we stay safe. And we're going to explain here, what we have for you are ideas about how identity-- in particular, One Identity-- helps you stay safe in this environment. So what are the challenges in the cloud in terms of infrastructure entitlement management? We've put that stuff up in the cloud. It's virtualized. It's all up there. If you get your hands on it, you can do a lot of damage, right? You can do a lot of damage or you can do a lot of snooping, and you can do a lot of sneaky stuff. You've got access to networks, storage. It's all been virtualized. It's all up there. So we really need to keep it safe. And for me, you heard a lot this week about, oh, everything's shifting, and changing, and distributed workforce. This, to me, is the really concrete case of that. You can go and look at it, right? And we'll see. Stephan's going to do screenshots of Azure if you're not familiar with what it looks like. OK, so it's highly dynamic. Access changes a lot. My access needs in Azure and infrastructure to carry out different task-- probably, you should already be thinking there's also a privilege angle Stephan mentioned. Yes, there is because of a lot of those administrative tasks, right? It's not just governance. Multiple teams-- these are all well-known. Inconsistent policies between Azure, between Amazon, between Google, and so on. The bane of our lives and the reason we're still being breached is these excessive long-standing permissions that we're not addressing. And we're going to show you some ideas about how you can avoid that specifically in the cloud case, OK? So if you're looking for impact in terms of what you can do around excessive entitlements and usage, this is a great place to look, right? Think beyond these things. OK. So let's do the show of hands thing. So how many people are working with Azure at-- because I know you're partners, but how many people are working with Azure? Right. So what's that, Stephan? Looks like-- I don't know-- 85% of the room or something like that. How many people have got Amazon? Put two hands up if your customers have got Amazon and Azure. Right. So QED, right? Job done, right? So it's a hybrid multicloud, right? And so on, right? So anyway, so what are we going to do? What do we have to do? The first thing, as we all know with this stuff, is you can't govern what you can't see, right? The Invisible Man-- you can't arrest him, right? We need a visibility on the entitlements and what they are. Now, the key thing for Identity Manager in this progress we've made, and what you're going to see is that we're now going to see virtual machines. It's Identity Management. What do