Sramana Mitra: So, this is not a software as a service company; it’s a professional service company.
Jon Freeman: It is. It is a professional services company that now has [characteristics of] a software as a service company. So, if you’re looking at whom we compete with as a software as a service, we’re more security as a service. The list is very short. To be honest with you, we’ve look at the simplified to the world that are offering a pure software security as a service and identity as a service solutions, and they tend to cater more to organizations that are looking for a cloud-based solution. The solutions that they’re trying to address are about how the organization integrates with the cloud. Our solutions do both. Our solutions offer a strategy for cloud integration as well as the enterprise security requirements that all organizations face.
Cloud adoption is important, and we do see that space starting to fill up with one logins and the simplified to the world. But the reality is, our security as a service offerings are much more mature, much deeper in their feature function set. Because of that, we don’t find many competitive situations in which there’s a comparison between our security as a service offering and some of the what I call greenfield service organizations that have started offering from a greenfield position.
SM: Would you give me some use cases? Let’s say you take a Fortune 500 company that is a customer of yours; walk us through. What would an implementation of your solution in that context look like?
JF: Our solutions are organized based on feature function sets. A typical set would be one in which an organization would require a set of onboarding/offboarding types of use cases, being able to provision a new user into a set of downstream applications, at the same time, being able to change that user’s role based on his change of business association or change of position within the organization or the deprovisioning of a user. The user is leaving the organization. He’s been terminated. She’s going on sabbatical. And then, an important component would be the certification or the attestation that a user’s rights have all been attested to by a higher level manager or managers, so that when you’re talking about compliance and regulatory compliance, the organization is able to meet the audit requirements by doing that. What we do is provide that functionality without an organization’s having to make a large upfront investment in both the infrastructure and the licensing costs associated with building out that environment.
SM: How is that priced? If you’re doing onboarding/offboarding and policy control for the identity part of the organization, and the compliance; how do you price it?
JF: We price it per user. The more users you have, the cheaper it gets. Depending on the amount of functionality you require, the price changes. If you’re starting out today where what you’re looking for is an account deprovisioning-type operation that’s priced one way, then as we layer more services on top of your subscription, the price can increase depending on the number of services that you’re looking for.
SM: What do you need to provide in terms of your infrastructure as a solution to do this kind of identity management as a cloud service? What are the design principles of the product to be able to offer what you offer to your customers?
JF: Great question. I think the design principles have been built based on the requirements or the change in the way customers are thinking about and deploying these technologies. The first tenet of our design principle was that you needed to provide a customer with a service and not with a bunch of components. You can talk to the fact that you can offer things like access control and account provisioning as a component, but if you have to expose the customer to the underlying infrastructure, the complexities of the infrastructure, then they’re not interested in that. They’re looking to consume a service, and they’re looking for it to be as simple to consume as possible and as secure as possible. So, I think that the first one is that it has to be a service offering, and it has to be a service offering tied with specific service level agreements. If you don’t offer a service level agreement, you’re not going to get far in being able to offer any type of service in this area.