Ask the CEO: Dynamically Speaking live Q&A highlights – Part 1
This is part one of a two-part article featuring highlights from that session where Jim responds to questions surrounding our partnerships, customer success, authorization and Identity Access Management (IAM), and meeting today’s access control challenges.
How we work with our partners to serve our customers (and why)
Kelly: A lot of prospects and customers look to partners to be able to implement security frameworks and architectures particularly as we start to see new and better ways of thinking about security when it comes to things like Zero Trust or looking at the cybersecurity mesh architecture, and how would you go about implementing those pieces and parts.
What are the things that that partners in particular are chatting to you about or the issues that they’re seeing to your mind?
Jim: Yeah, first, I’d like to say, again, reiterate. We’re 100% channel, organization 100%, partner friendly. I believe in cybersecurity. The only way that our customers and prospects can be successful is off of the expertise that our that our partners bring. And so whether that’s people at the at the global integrator level, or the people at the local cybersecurity partner level, all of them are bringing value to their customers.
And I would say, similar to what I talked about the challenge that our customers are looking at, certainly the partners are the ones dealing with the integration between these technologies. Which technologies can I bring together that match a Zero Trust or a NIST-800 reference architecture that says, “I’ve got a an identity centric strategy and these are the pieces that I know if I bring these together, complete that loop that everyone was looking for?”
The partners have the biggest challenges that they’re tasked with making these things work together. And so if if us as vendors aren’t providing that that easy access access point, that orchestration, that places a lot of strain on them to really, you know, how do they put these best of breed vendors together for the customer and not make it look like siloed projects, which it often is at this point, right?
So what happens now, mostly for our partners, and the burden they share is someone may or may not get budget for a specific project, a specific need that is just one part of the story, and the organization thinks they’re done. I’ve gone in I’ve put in an IGA or an Information Access Management (IAM) system, or I provided a PAM, or did multi-factor authentication, and they think, “Okay, great. I’ve stopped that and I’ve digested it. Let’s see how it works.”
And as we all know, obviously on cybersecurity side, that those are just pieces, those are stopped along the way In order to get to maturity, where you’re truly protecting your organization, you need to add all of those components into into a solution.
Further reading: Axiomatics Deployment Methodology
How business leaders can find value in our authorization solution
Kelly: Technical people more or less understand the need for Axiomatics and that certainly, I think, been our experience as well. However, higher managers may not understand the value.
How do you position the solution that makes it acceptable for them? So and I know we’ve had these conversations, how do you translate that technical value to to those higher-level users?
Jim: It’s such a great question. And this is a truly still a work in progress for me.
So just a little bit about me. I’ve spent, certainly the most recent in my career in the CEO level and running the entire organization, but I came up through the sales ranks. My passion lies with conveying a message at an executive level and creating a project in most cases, educating the customer at an executive level to what their exposures are, how this fits into their business strategies, and then create a project with all the constituents involved.
In our cases, you know, obviously, it’s the technology team. It’s a security team. It’s the IBM team. It’s the business team. And in some cases, the end user, the themes that represent the end users. And so that’s what I always find the most successful approaches is, of course, the go high and educate them. In this particular market, we’re we’re focused on an orchestrated authorization and we just saw this firsthand last week at the Gartner security conference. A lot of great people there a lot of C-level titles. I would say. It was difficult for them to grasp or to comprehend, you know, where does authorization fit right?
So many of them think authorization is already happening, or I’ve already done this, this is this isn’t a problem. And I think they fail to see often how does, how does this connect, or their teams aren’t bubbling up enough the problem and where this fits into the broader strategy.
So you know, our audience, our partners, our customers, the people that are controlling this, certainly, it’s in the CISO office, but I am that the IAM teams are the ones that have the lead. So you know, our, it’s in all of our best interests to try to educate the I am teams or show them, you know, the different the different challenges that they have not just in, you know, one specific technology, like, for example, on the identity, show them the larger orchestration, play and then help them to sell this internally to their own organization.
Starting at the executive level, in many cases, has been very difficult for them to understand something that really is a technology that becomes part of the plumbing, right? It that what we do authorization is in the fabric of all of these applications, and it can get down to a very granular level, that sometimes it’s difficult, I think, for the executive leadership to wrap their wrap their arms around.
How Axiomatics is helping customers meet today’s access control challenges
Kelly: Solving complex access challenges is a part of the Axiomatics strategy as of now. How do you see that changing in the next two years and a tip of the hat here, because that was going to be one of my questions, which was what’s coming up for Axiomatics? Jim, what are your thoughts on that?
Jim: Our vision is clear in this space. First, the broad support was orchestrated authorization. When you look at an enterprise level, what goes into that, right? And so there are several different constituents in that, in that process that want to have this should have input and abilities to make changes or create policy, but it should all be with a really easy to follow and easy to put in place system for balances and checks.
And so if you’re a developer, you should have a certain type of access. If you’re a security specialist and you’re helping create policies, maybe there’s a global policy that you want to put in place, you should have that ability to over to supersede, follow on policies. And then most importantly, when you look at the users that are non technical, the the everyday business users that understand what types of access they want to give to the consumer of their application, they need very simple access to create non-technical policies, not not from a developer or a security analyst, but more from the everyday user.
So, it’s continuing to build, we provide all three of those things today, but enhancing those capabilities, so that that becomes much more seamless. That’s our near term roadmap. We already deliver on it today. But that’s where we’re going to continue iterating on it and you’ll see lots more to come from us on that front.
Further reading: Four Ways Isolated Authorization Challenges Zero Trust Success
What investors in Identity Access Management (IAM) are looking for
Kelly: Where do you think investors in this in the security space and in particular, in the IAM space are going to be looking for the balance of the year?
Jim: I think it’s it’s much of the same, right? There’s not an unknown technology that yet needs to be developed or thought of, at least in the IBM space, it’s clear.
What I think will happen is that there will be there’ll be more clarity, there will be more partnerships, there will be better integrations between the technology ecosystem, between the IAM vendors and the authorization vendors. And I also see a growing, you know, we’ve already pioneered and been long been advocates from both an application level, which is, what are the what are the types of interactions and policies about what I’m allowing the user to see or do inside the application and the data or the big data access, right?
So, when you’re talking about a data lake, or you know, something like data bricks, for example, or large data sources of structured data, where you want to control the access of things coming to specific points of data more in the data access governance market. So when you see you look at the CDO, and their teams, they’ve got access issues as well, so we’re starting to see some of those requests combined into the IBM team where they’re trying to come up with a cohesive strategy for how do I how do I, how do I take this centralized theme around authorization and access and apply it to all my types of systems?
I think you’ll see some continued investment in those areas and we already see it from amazing partners like Immuta, for example, that just raised raised $100 million in that space.
Further reading: The future of access management: Babak on the evolution of IAM
How Axiomatics supports authorization at the API database level
Kelly: Can Axiomatics support authorization at the API or database level?
Jim: we just kind of talked to talk to that. So, yes. So that’s certainly one of our strengths. And if so, if you look at kind of the lowest hanging fruit for any organization, it would be at the API gateway, for example. Connecting and intercepting multiple applications, especially when you’re talking about legacy applications or cloud based applications, you’ve already leveraged an API gateway like a Mulesoft, for example.
At the data level, there’s there’s really two instances, right? There’s the data as it relates to me as the single user coming into an application and interacting with data. We do that natively through our application platform.
The big data, the data access, governance opportunity that I’m talking about while we’ve played in that space, that’s where really I think you’ve got to look at there’s very specific partners and needs in that space that address the larger Big Data portion of those types of use cases. And so we’ve got several strong partners in that space as well.
Have a question? We’re listening.
If you have any questions regarding the challenges you’re having with your authorization and Zero Trust strategy, there are ways we can help:
- Connect with us on LinkedIn for recent announcements and tools.
- Subscribe to our YouTube channel for more insights, demos, and webinars.
- Download white papers and briefs from our Resources archive.