Transcript
Hi I'm Mike Matchett with Small World Big Data. We are here today talking about really identities. Who am I? Who are you? Well, really, when I'm working in an enterprise, anybody's working in an enterprise. Who are they in this new hybrid world? When you've got things in the data center, things in the cloud, lots of different SaaS apps. And more importantly, if I am in charge or responsible for securing their access to things, the things that are that they're getting, getting into, how do I do that in this very complex world? We've got Zilla security today. We're going to dive deep into this topic. So just hang on. Yum, yum. Hey. Welcome, Deepak. Welcome to our show. Hi, Mike. Great to be here with you. All right. We're going to talk today about what you what you've been doing with Zilla. We're going to get into AI. We're going to talk about some really cool things before we're done. But I want to start just with the idea of identity management, just to level set with everyone and how you got involved with identity as, as, you know, sort of spending your life making identity better for all of us. What does identity management and how does that how does that get you up in the morning? Yeah. Um, it's a space that I'm really passionate about. I've spent almost my entire career in the identity space. Um, identity is central to to business. If you think about, um, identity, everything that an organization does, essentially is tied into identity and access in some fashion. So the space has been around for for decades. Um, you know, historically, the concept of identities in an, in an IT environment was, was tied into individual computers. Individual host computers. We used to call them. But then as the client server computing wave came around, we, you know, the notion of directories was born. And then with with the cloud of course a lot has changed. And so we've got, um, you know, one has to worry not just about identities, but all the thousands and millions of permissions that people have across hundreds or thousands of SaaS applications in an enterprise. So identity management has sort of grown from being focused primarily on directories and authentication to more recently over the last 15 years, 20 years focused on identity governance, which is about compliance, which is about, um, life cycle management and which today in the cloud era is also about security. Because if you think about it, most data leaks today, most data breaches are rooted in some sort of identity or access exposure. So identity management has become critical. Um, indeed, a lot of organizations, a lot of folks now think that identity has taken over from the network as being the foundation of enterprise security. So it's getting a lot of attention. Right? Right. Because as you were talking about, you know, it used to be if you had access to the machine in the data center, you must have been approved. And we network things and you had to provide some different levels of authorization. And, you know, permissions were sort of also still assumed if you had access to certain things, you could get to them. We got to role based access controls on things. We got to, uh, some, some more complex ways in client server. But today, as you're explaining, I just can't even imagine, uh, in a large enterprise, really trying to do the right job of saying, you know, for every person and every different business role, what pieces of data in that organization they should have access to, you know, and getting it right. Right. It's just there's just so much potential for that huge matrix to to not be correct. It's just it's very complex. Um, so tell me a little bit then about, you know, you you have had a couple security companies, you've sold Aveksa off to RSA. Um, a decade ago already. Right. Uh, and you started Zilla here today. What is what is Zilla doing? What what what role did Zilla start to take on? What did you come back and start Zilla? Yeah. So, um, you know, at aveksa, going back 20 years, we we sort of pioneered the identity governance space. So we were the first company to focus on on managing who has access to what. Which as you, as you said, is a really complex endeavor. But managing who has access to what for compliance and for lifecycle management, for people joining the company, moving within a company or leaving leaving the company? Um, so there was that first wave of identity governance companies. And, you know, we were Aveksa was part of that first wave. Uh, and as you as you mentioned, you know, we were acquired in in 2013, but what's happened in the last ten years is the cloud has has come along and organizations have deployed hundreds of of SaaS applications. They've deployed cloud infrastructure and, um, identity has taken on, um, you know, has become the new new critical vector in the cloud. The new security vector that everyone needs to worry about. So. So in some sense identity governance is skewing towards security. So that's one one key issue. The other key issue is that the explosion of entitlements in the organization, the explosion of data, resources and permissions related to those data resources, has made the identity governance tasks much more complicated. Right. So organizations that were already burdened with a ton of manual work are now dealing with, with, you know, gargantuan, um, you know, um, problems around identity governance and the, the last sort of generation of products just can't deal with the complexity of, of that, of that, of that whole effort. And so the reason we started Zilla, going back five years now was to to enter the market with breakthrough automation for identity governance to to help people create solutions, create business processes in their organizations that simplify these tasks dramatically, that make identity governance processes such as user access reviews such as a joint process or removal process, and so on. Much simpler, um, much easier to use, much easier to deploy, more automated. And that's, that's that's the quest we've been on. All right. So you bring you bring automation because, you know, you could you could just, you know, throw out the thing and say, well, just make some policies and be done with it. But that's the the problem is so dynamic and so extensive that even making the policy was going to require a lot more help. Right? You can't just you can't just make a policy because you wanted to. You're going to have to look at hundreds and hundreds of things. And for every business rule that it's going to become possible. Uh, so let's I think this brings us around to what we're really here to talk about today, which is where you've gotten to with Zilla applying intelligence, applying machine learning, applying some AI techniques. Tell us about what you've been, what you've been up to in that space, bringing more more to the automation table. Yeah. So as you as you outlined, it's a complex problem. And if you think about it in the cloud era, there's a lot of data in any enterprise around permissions. There's a lot of data about identities. There's a lot of data about, um, the business attributes that people have. People are doing all kinds of jobs and they have all kinds of access to hundreds of applications. Right. And so when as we started to think about that and, and started to, to figure out sort of how to simplify all of this, it, you know, it became obvious to us that this data around permissions and the and the fact that the organizations were becoming more and more decentralized, um, was, was would be a great place to apply AI. Right. So, um, a lot of the manual work around giving people access or proving access, reviewing access and so on can become much easier if a lot of the access that people have can be pre-approved. And so what we've announced recently is, um, essentially the next generation of breakthrough automation, which we call Zilla AI profiles. So Zilla AI profiles goes to the heart of what, um, companies over the last 30 years have called role based access control. And so the idea with roles going back ten, 15, 20 years was to create bundles of entitlements or permissions so that permissions didn't have to be managed one by one so people could be assigned roles. And um, and the idea was that would make life much easier in terms of access management. And the challenge with that that um, organizations have struggled with now for many years is that managing roles is hard, defining roles is hard, and maintaining them is even harder. And in a world where more and more of the ownership and administration of applications is becoming decentralized, there is no central team that has the context to define roles, right? And so it's a perfect application of AI. And what Zilla has come up with is a solution that enables AI to process all of that data about people in the organization about their jobs, their business attributes, their permissions, and make predictions about what should be pre-approved. What? What is birthright access? What is recommended access, and what that ultimately results in is a set of profiles that's managed entirely by the AI. You don't need a rolls team. You don't need role owners. You simply have the AI in the background defining and maintaining these profiles, which represent pre-approved access. And having pre-approved access, makes the joiner mover leaver processes much simpler and makes the compliance processes much simpler. And so this is a we think this is a game changing approach to to identity governance. And we'll we'll make access reviews, you know, 75% easier to complete will make provisioning 60% simpler to to to put in place. Um, we've been working on this for, for over a year now. We've spent a lot of time on it. Um, our customers and partners have helped us with that. Um, and we think the AI is going to change how how enterprises govern identities and access. Yeah. If identity and access is the new security paradigm in in this complex, hybrid world, uh, and and for every person, there's hundreds of SaaS apps, thousands, if not tens of thousands of things they may or may not need permissions to or be prohibited from seeing to, to manage. Uh, I don't see how you do how you address this short of getting the help of some AI and machine learning. So it's good to see that you're on top of that. Uh, just one sort of question there. Um, with with your AI you mentioned, I mean, we've talked about access. You sort of start to mention a little bit about the governance compliance review part of this. This isn't just the upfront access to this, the proving what people have had access to or or how you've set this up is important too, right? So a lot of a lot of folks are out there going, I need to get a compliant way of showing that I'm doing the right things, setting up my identity. I just didn't give my cloud account to everybody. That's right, that's right. Um, you know, this isn't just about enabling people to do their jobs, because that is a key component. Of course. Uh, and making that operationally efficient is really important. Um, because a lot of provisioning processes are horrendously complicated. And in fact, most enterprises are drowning in provisioning tickets of one kind or another. So it's critical to, to create, um, efficient, um, provisioning processes that give people timely access to to the applications they need to do their jobs. And particularly in this age of DevOps, you know, the people who are building applications for revenue have no time to to wait. You know, you need to give them access quickly. So so that is a key part of it. However, to your point, um, organizations now need to worry about compliance proving that the right people have the right access to auditors, proving that they have business processes that, um, that, that, uh, get the access reviewed. So supervisors, application owners and so on. Um, every quarter, every couple of months in most organizations have to look at who has access to what. And there's a lot of repetitive work there, right. So there's no reason to every two months, look at every single permission that every user has. When a lot of those permissions are permissions that are pre-approved for them, they are. That's part of their job, you know. Let's review the permissions they have that that don't match up to their job description. And perhaps they're on some special project. Perhaps they're doing something, um, out of their business. Business role. Right. That's what should get reviewed so that that's the compliance angle. And then the security angle to all of this is essentially the exposures that that underlie a lot of the data breaches that are happening today. So if you, you know, if you look at most data breaches today, you can trace the history of a data breach back to some sort of identity and access exposure. Right. Oftentimes, for example, when an employee's account is taken over, you know, we hear a lot about phishing, right? So someone gets phished, their account gets taken over. You know, the rogue actor that's behind this doesn't actually start using the account they've just taken over. More often than not, they'll go create another account. They'll use this person's permissions to create another administrative account, and they'll start their mischief with a new account. Right. Well, that's the kind of thing that has to be watched. It's a new permission. And so this idea of managing who has access to what and being constantly on top of what's going on in the organization in terms of permissions, is become critical for life cycle management, business enablement critical for compliance and now critical for security as well. All right. So cybersecurity that privilege escalation threat that's always out there. The the phishing that people do to just get access. You get you get someone on a help desk line gives you their get access to that. But that person shouldn't have access to the sensitive data anyway. So lots of things going on there. Uh, man, I and we have just barely. Deepak, we've just barely scratched the, you know, the automation that you do. There's probably a demo somewhere that people would, might want to look at to get a little bit more information on how this AI works. I understand this is something people can deploy fairly quickly in their organization. Um, if someone wants to learn a little bit more about Zilla security, uh, dive into it some more. Is there any particular things they should look for, maybe on your website? Yeah. Um, you know, they should visit Zilla security. Com. We have, um, white papers they can download. Um, we have, um, you know, ways for them to see videos and demos of our product. Um, you know, we, we focus as, um, as I, as I, um, um, outlined earlier on automation. So it's, we've we've rethought a lot of what goes into these governance business processes. And we've made them really simple. And we we'd love to have folks out there who are struggling with identity compliance, identity security, with identity, with provisioning, joiner, mover, leaver processes. All of those folks visit our website and engage with us and learn more about how we've made all of that much simpler with our AI and ML solutions. A good use of AI, we might say today. Helping fight the good fight. Thank you for being here today, Deepak, explaining this to us. Um. Can't wait to see what's coming next from you all. Thank you Mike. All right, check it out. Zilla security. Com. Take care folks. Yum, yum.
