Sramana Mitra: I think we understand the business at this point and your core competencies and design principles. This series is part of the One Million by One Million effort, which is to help a million entrepreneurs reach $1 million in annual revenue around the world. A huge part of our audience are entrepreneurs who are trying to understand from people who have a unique vantage point into an industry and its problems and can shed light on open problems wherein people could start companies to solve these problems. Would you give us a perspective on the open problems on your radar screen?
Jon Freeman: I think open problems that concern analytics are turning, at least in our space. Let me preface this by saying I walk through life with a set of blinders on, and those blinders keep me in the access management space. Our open issues are being able to proactively understand what’s happening in an organization with identity so that we can start to understand trends and patterns based on the data.
I think the biggest opportunity is the ability to look at the data, an ever-increasing amount of data – you can consider just the entitlement data – and start to understand how that data can be used to establish risk analysis and other types of information for the organization to model the way that maintain and do security. I think of the situation in which the banker at UBS went out and traded $2 billion.
Everything we do is tied to policies and usage of systems. Access certifications, access requests, looking at behavior of how systems are accessed – I think the opportunities are in transforming identity and access management from a mechanical operation to looking it as data warehousing or data mining to achieve a higher level of understanding of what the systems and data are telling you. I don’t think we’re anywhere close to that right now, especially in the space we’re dealing with.
SM: This is good directional guidance that you’re providing. Would you identify five questions you would like to answer if you were managing identity for a Fortune 500 organization? What are five questions that you would like to answer based on this kind of data analytics?
JF: The first question is, I’d like to have some level of assurance that I understand the users of my system, regardless of the time I’m looking at. What companies are really good at is understanding the here and now. This user is using my system today, but I don’t have any real understanding of what she did yesterday, what she did a week, month, or year ago and, more important, what he’s done when his relationship with the organization might have changed. He left; he came back.
Typically, you see organizations grant somebody an ID. That person will leave. She might come back five years later with a different last name. Or she may come back with a different relationship. An employee may be a dealer, may be a user of a dealer or an agent, maybe a consumer. The important thing that I’d like to be able to see, as a user of these systems, is assurance that I understand whom I am dealing with, regardless of the time and relationship, so that I can start to see usage patterns. Can you give that to me? Can I get a full historical understanding of a user? Can I start to glean certain patterns about other users who have similar types of behavior or similar profiles to be establishing patterns for what they may do in the future or what concerns or what levels of security or policies I may want to synthetically apply based on what I now know might be a dangerous situation.