Technology Reseller - v10

technolog y reseller.co.uk 27 PRODUct OF THE MONTH When do you jump? We made the decision that now is the right time to jump. We’ve had too many large global enterprise customers asking for this to ignore it any longer. TR: What type of customers are you targeting? BB: The customers that are most likely to take us up on this offer, and the ones that have already started to pay us for it, are global customers that a have large data centre footprint regionally or globally. They have these complex infrastructures and know their on-prem applications aren’t going to move to the cloud any time soon. This is the solution they have been looking for, for quite some time. TR: How are existing customers using your solution. Are they phasing it in gradually? BB: They are doing a transition. They are removing pre-existing players and they are using the cost-savings from the reduced management infrastructure in their own datacentres to pay for our implementation. The big question always for CIOs is ‘how do I pay for something?’. While net new spend is hard to come by in the IT budget, if you can say ‘Hey, this is where I can take existing cost out of your budget and more than pay for something new’, you have something disruptive rather something incremental. We’ve seen such interest in the product because we can go to our customers and show how they can reduce maintenance fees on something like an Oracle by over 22% a year and reduce the hardware footprint within the datacentre and the headcount costs associated with managing all that. TR: What are some of the hardware reductions? BB: With on-prem instances, in many cases you have both a dedicated piece of appliance hardware that does the access management piece and you have servers dedicated to running client-side policy management that connect into the on-prem apps. So, you have an infrastructure that is both hardware and software-based within the customer’s datacentres. All of this gets taken out and all that’s left in its place is a piece of code that runs within the Docker container on an x86 server somewhere within the customer’s datacentre. The hardware footprint, as well as the licensing costs, are significantly reduced in this approach. That’s why we think it is going to be such a game-changer. Another thing from an administration efficiency standpoint is that with this approach you can start applying new technologies to old applications. One of the biggest issues businesses have around WAN-based applications or web access-based applications is that they can’t easily apply new types of technology like MFA (multi-factor authentication) to those applications. By running everything through our cloud-based architecture, everything that we apply to cloud-based applications – adaptive authentication, multi-factor authentication, all that stuff – we can now apply to on-prem applications in exactly the same way. TR: There are great benefits for the end user as well. BB: Exactly. With the current environment, the user would have a screen of tiles that they would look at for their cloud- based applications and, for each internal application, they would have a desktop icon, which would kick off a VPN session that would get them into that on-prem app. They would go through that process for each individual application. Our approach is to have just one pane of glass, one set of tiles. You click the tile and it doesn’t matter whether it is a cloud-based application or on-prem. The user doesn’t know the difference; they just log in once – one log-in. They press on the tile and the same federated policy around access management and identity works from the cloud-based system and gives them access to that application and creates the tunnel into the customer’s data centre to be able to access that application. From the user’s perspective it just looks like another tile; it looks like another cloud app – they don’t know the difference. TR: Will security improve as a result? BB: You can bring all your policies and all your privileges around access to one cloud-based directory that you run through OneLogIn. You bring MFA and you can bring Adaptive Authentication, which is a behavioural-based risk engine that we launched last year. If somebody signs on from San Francisco and five minutes later is signing on from London, you would look at that and say ‘well, I don’t think that user is who they say they are, let me throw different forms of authentication at that identity to make sure’. You can do things like that that you can’t do under the old system. Also, you have a single architecture now. You have fewer points of potential attack coming at your applications because you are not trying to maintain two different identity systems, two different approaches towards giving external access to your applications. It’s all under one system, with a reduced number of inputs or ways of getting access. So, there are fewer things to manage and monitor from a security standpoint. TR: How large is the market for the new product? It must be huge. BB: It’s massive. The initial market that we, OKTA, Microsoft have been fighting out over for the last few years has been growing at 15% plus a year. That is projected to be a $10+ billion market. The market we are now going after is probably five to six times as big. It’s not growing at the same rate, but that’s where all the legacy spend is. What makes this thing so huge is that a large company that may be looking at 5 or 6 cloud applications to put under our traditional IDMaaS system may have 100 or 200 on-prem applications. Gartner estimates that 80% to 85% of applications in large enterprises are still on-prem and those applications will eventually move over the next 5-10 years. By getting a product like this into the marketplace, we don’t have to wait for that to happen before we can apply identity systems of record and new technologies to those applications. The way we think about it internally is ‘if the app can’t move to the cloud, we bring the cloud to the app’. By doing this we significantly increase the addressable market that we can go after without changing our architecture. TR: What’s next for Onelogin? BB: We’ve got a heck of product right now and I think for us right now it is to execute, execute, execute – to get it into the marketplace. We’ve got a 12-18 month jump on the competition technology-wise. It’s taken some work to do what we did. We know what that timeline looks like and we are going to try to use that to our best advantage over the next year or so. www.onelogin.com EDITOR’S CHOICE AWARD ONE L OG I N ACCE S S