Technology Trends

ForgeTalks: Beyond Authentication

Welcome back to ForgeTalks, and part 2 of our miniseries on ForgeRock Go - our answer to making authentication easier than ever. In today's episode, I'm joined again by ForgeRock's SVP of Corporate and Business Development, Ben Goodman and Senior Integration Engineer, Frank Gasparovic, for a look beyond authentication. 

In this episode we'll look at:

  • How ForgeRock's Intelligent Access and the ForgeRock Trust Network enable amazing user experiences throughout the access journey.
  • How intelligence can help you dial up or down friction based on your risk preferences. 
  • And demos that show you how the ForgeRock Trust Network creates a layered experience for customers.

I hope you enjoy both installments of this series. If you happened to miss part 1, you can view that here, and make sure to pop by next week where I chat with ForgeRock CTO Eve Maler, and ForgeRock's RVP for US Healthcare Steve Gwizdala, as we look at identity and the current state of healthcare.

ForgeTalks: ForgeRock Go and the Beginning of the End for Usernames & Passwords

Welcome back to ForgeTalks. Today's episode is the first of a two-part series looking at ForgeRock Go, our answer to killing the dreaded username and password. ForgeRock's SVP of Corporate and Business Development, Ben Goodman and Senior Integration Engineer, Frank Gasparovic, introduce me to this exciting technology and how it will help organizations create better user experiences and improve security.

In this episode we'll answer questions like:

  • Why usernames and passwords create such an unsatisfactory and unsafe user experience.
  • How ForgeRock Go fixes this problem with an out-of-the-box implementation of the WebAuthN standard.
  • Plus, we'll look at a demo of ForgeRock Go in action!

I hope you like this week's episode of ForgeTalks. Make sure to swing by next week for Part 2 of this mini-series where we look at how the ForgeRock Trust Network enables even more incredible user experiences. And if you missed last week's episode with Chief Revenue Officer Pete Angstadt on the Five Ways Identity Pays check that out here.

ForgeTalks: Five Ways Identity Pays

Welcome back to another episode of ForgeTalks. Our guest this week reveals different ways poor digital experiences cause businesses to leak money. The good news is Identity solutions can help. ForgeRock's Chief Revenue Officer, Pete Angstadt, shares his list of top 5 Ways Identity Pays. You'll get answers to big questions about the future of digital transformation and the business value identity can deliver.

  • Why are forgotten passwords undermining your organization’s bottom line?
  • How artificial intelligence can save you massive amounts of time by automating manual tasks.
  • And how ForgeRock's approach to cloud can cut thousands of hours for identity architects with accelerator kits.  

I hope you enjoy it!  If you missed last week's episode on Virtual Banking with ForgeRock's Ajay Biyani, you can check that out here. And tune in for next week's episode which will be part one of a two-part mini-series on ForgeRock Go - our answer to eliminating the need for the hated username and password.

Come see how ForgeRock’s platform drives financial upside with our ROI calculator here

ForgeRock Congratulates BMW on Prestigious KuppingerCole Award

I have such a great job. I’m constantly inspired by ForgeRock customers all over the world who are delivering breakthrough digital experiences. So I know that these individuals are innovating beyond expectations, but it’s always gratifying when the industry also gives credit where credit is due. KuppingerCole, Europe’s leading analyst firm for Information Security, awarded BMW its prestigious KC Virtual Award.

The KC Virtual Awards honor outstanding Identity Management (IM) and Security projects and this year the award for the best IAM for Digital Transformation project was bestowed upon BMW. The globally recognized automaker has a strong focus on identity. The company manages 25 million identities ranging from employees to customers to dealers, ensuring the right people are using the right products and apps, and enjoying the best possible digital experience.

How Did BMW Do It?

It was important to BMW to ensure ease-of-use so its customers and partners can easily and safely access various BMW applications. To achieve this, BMW needed to consolidate its numerous disparate systems and build a central Identity Platform (IDP) for the whole organization to better serve its employees, customers, partners, car dealers and technical providers. Prior to the consolidation, BMW was developing tons of custom code to connect various systems, which was costly and time-consuming. The disparate systems also required users to log in to multiple systems multiple times, which complicated the goal of a seamless user experience.

BMW embarked on an identity strategy, called OneIDP, which required the company to consolidate 20 different Identity Management and Access Management (IAM) systems that supported its three brands (BMW, Mini and Rolls Royce and other entities like BMW Financial Services) into one. With this project, BMW wanted to:

  • Offer an exceptional and seamless user experience 
  • Reduce onboarding and maintenance cost through automation
  • Achieve faster time to market through automation
  • Increase scalability
  • Enable new business cases such as IoT
  • Increase performance

ForgeRock’s platform enabled the company to bring together its identity systems and achieve significant cost savings, improve time to market, scalability and compliance. The new approach, which supports 25 million users, also allows BMW to deliver critical data and services to consumers, partners quickly, easily and securely. Stephanus Reiger, Group IT--Infrastructure and Technology Management for BMW Group, recently participated in a virtual panel during ForgeRock Identity Live and said, “ForgeRock is essential for us to create a central IDP for BMW.”

BMW for the Win!

Since deploying OneIDP, BMW has surpassed expectations. For example, rolling out new applications was costly and took up to 15 days. With ForgeRock, the process is automated, making it possible to deploy new apps within seconds and at zero cost. Additionally, internal performance tests revealed that BMW can process 8,000 authentication requests per second. During the award ceremony, Gerald Maier, IT Solutions Architect for BMW, said, "I'd really like to thank the 2 partners, IC Consult...and of course ForgeRock because in my opinion they not only have excellent software, they really supported us with excellent knowledge and experience."

Click here to read more about the BMW story. Want to learn more about how to replicate BMW’s transformative identity solution? Find out how you coexist, migrate, or retire your IAM system here


ForgeTalks: The Rise of the Virtual Bank

Welcome to another episode of ForgeTalks! This week I caught up with Ajay Biani who heads up the ASEAN team here at ForgeRock. In Southeast Asia, they're seeing a massive uplift in virtual banking, and Ajay was kind enough to take me through what a virtual bank is, why we're seeing such a big surge in virtual banks, and what it takes for financial services companies to be successful in today's digital world.

I hope you like this week's episode. If you missed my discussion last week with ForgeRock CTO Eve Maler, you can check that out here. And make sure to stop by next week when ForgeRock's CRO Pete Angstadt gives us his Top 5 Ways Identity Pays.

Autonomous Identity: Maximize Your Identity Investments With AI-Driven Identity Analytics

Like most organizations, you’ve probably relied for years on legacy identity governance and administration (IGA) solutions to manage user access, ensure compliance, and protect vital data. Unfortunately, these solutions are falling short in their ability to meet your ever-changing business requirements and needs today. Why? Legacy IGA solutions don’t provide enterprise-wide visibility or identity context. Instead, they operate in ‘identity silos’ based on static data, including assignments, roles, and entitlements. Combined with the increasing volume and type of identities, this can leave your already overburdened risk and security teams struggling to keep up as they manually provision access privileges and rubber stamp access requests and certifications. The resulting operational inefficiencies can leave your teams blind as to who has access to what and, more importantly, why they have access. Without enterprise-wide visibility and contextual insights, organizations will continue to have outdated access rights and privileges, which can leave them increasingly exposed. 

Take heart. There is a light at the end of the tunnel. ForgeRock has developed an AI-driven identity analytics solution, Autonomous Identity, that allows organizations to maximize the business value of their existing IGA solutions by addressing identity and governance solution gaps. So, how is this accomplished? Read on.

How ForgeRock Autonomous Identity Addresses Legacy IGA Challenges  Legacy IGA Challenge: Identity Silos ForgeRock Solution: Contextual, Enterprise-Wide Visibility

Unlike siloed legacy IGA solutions, ForgeRock Autonomous Identity collects and analyzes identity data from all data sources to gain enterprise-wide visibility into all identities and their access rights. This provides security and compliance teams with contextual insight into who has access to what and why. 

Legacy IGA Challenge: Access Blind Spots ForgeRock Solution: Access Risk Awareness

Legacy IGA solutions have user access blind spots. ForgeRock Autonomous Identity increases your visibility by leveraging AI and ML techniques to proactively analyze all identity data and contextually identifies user access and entitlement risk across the entire organization. In turn, it identifies and highlights high-risk access and inappropriate access privileges to compliance and audit teams.

Legacy IGA Challenge: Inappropriate User Access ForgeRock Solution: Access Rights Identification

Say goodbye to manual rubber stamping and bulk approvals. ForgeRock Autonomous Identity automates the analysis of all identity-related data across the enterprise. By analyzing and quickly identifying the entire user access landscape, organizations can proactively rectify overprovisioned users and outliers, recommend remediation, and automate the removal of access rights when appropriate.

Legacy IGA Challenge: Inappropriate Access Privilege Patterns ForgeRock Solution: Enterprise-Wide Access Insights

Instead of relying on manual access analysis of security and compliance teams, ForgeRock Autonomous Identity saves time and effort by automating insights into all user access patterns. By continuously ingesting new identity data, Autonomous Identity evolves its machine learning (ML) model to understand dynamic changes within the organization. This enables it to predict and identify outliers, including inappropriate access privilege patterns and unauthorized user access across the entire enterprise. 

Legacy IGA Challenges: Manual User Access Approvals ForgeRock Solution: Automated User Access Approvals and Remediation

Eliminate the need for manual approvals and remediation. ForgeRock Autonomous Identity enables the automatic approval of high-confidence, low-risk access requests and certifications, as well as the revocation and removal of stale user access rights. This AI-driven identity analytics approach reduces operational access request burdens and accelerates certification campaigns without exposing the organization to unnecessary risk.

ForgeRock Autonomous Identity Benefits


By integrating ForgeRock’s Autonomous Identity AI-driven identity analytics on top of your legacy IGA solution, you can save time and money and meet compliance standards with confidence. Additionally, with the solution’s actionable information, your security and risk teams can quickly and efficiently achieve least privileged access by continually receiving a refreshed enterprise view of all user access rights. 

Maximizing the business value of your existing IGA solution with ForgeRock Autonomous Identity results in improved operational efficiencies and accelerated decision making, while significantly improving your risk posture in our dynamically changing digital world. 

Read Maximize the Value of Your Identity Solution with AI-driven Identity Analytics to learn more about how Autonomous Identity addresses the challenges caused by legacy IGA, or contact us today to start your AI-driven identity analytics journey.

ForgeTalks: Are Privacy and Security Still Important?

Welcome back to ForgeTalks. In this week's episode, I catch up with Eve Maler, who was recently appointed Chief Technology Officer at ForgeRock.  I sat down with Eve to discuss whether privacy and security are still important in the digital identity industry, and what advice she has for businesses trying to balance privacy and security with amazing digital experiences.

I hope you enjoy this ForgeTalk!  If you missed our last episode where CPO Peter Barker breaks down Autonomous Identity, check it out here. And tune in next week where I dive into virtual banking with my good friend and Managing Director of ASEAN, Ajay Biyani.

ForgeRock Identity Live 2020: What Our Customers Are Saying

CEO Perspective 

ForgeRock Identity Live 2020 went virtual last week! It was exciting to connect with everyone, share what is happening at ForgeRock, and learn from each other. While I would have preferred to meet in person, the conversations with customers and partners were just as meaningful. We heard from leading brands around the globe about how identity is shaping the future of their organizations and saw some amazing product demos from our ForgeRock team. 

Top of mind for everyone was how we’ve all experienced the way we live change overnight. The pandemic has put greater emphasis on the need for digital identity solutions that can keep employees productive and consumers connected while still protecting the security of the enterprise and the privacy of the user.

In the last nine weeks, we’ve all been grappling with similar questions. 

How do you provide secure and frictionless access to apps and information for a remote workforce? How do we reduce the enormous strain and complexity an increasingly remote workforce puts on IT teams? How can businesses keep the costs of things like password resets down when more people are creating new online accounts daily? And how can we help consumers, citizens and students get to the things they need easier and from any device? 

We heard our panelists ask and answer these very questions. We believe artificial intelligence (AI) is the way forward when it comes to access and enabling smooth and secure experiences. 

We were also reminded that digital transformation is a journey – no two organizations are the same. Aside from delivering amazing solutions that are simple to use, provide superior security and intelligence, and are delivered as a cloud service – we must also create a path that can either help you leapfrog from where you are today or build on what you have at your own pace. 

With the advancements in the ForgeRock Identity Platform, we’ve made orchestrating identity journeys even simpler and more secure, and that includes solutions like ForgeRock Go, aimed at making usernames and passwords a thing of the past. It was gratifying to hear Sean Carrick, vice president, identity operations and engineering, LPL Financial, echo our belief that it's a strong addition to the platform. 

Balancing user experience with security is critical. Verizon IT Executive Director Manah Khalil pointed out that the power of artificial intelligence (AI) will help determine what makes one of their millions of customers distinct while also protecting their privacy. 

The cloud is a great opportunity for organizations to deploy their infrastructure faster and at less expense. Understanding that everyone’s cloud journey is at a different stage, we’ve made it simple to manage identities across all use cases and with any cloud option – your cloud, our cloud, or a public cloud. 

Rich Kneeley, managing director of cybersecurity and privacy at PwC, shared that companies that have already moved to the cloud were in a much better position to respond to the pandemic than others: “Employees, consumers, and business partners are expecting greater collaboration, increased security, deeper personalization, and unique experiences as they interact with their trusted brands. Identity should be a business enabler for increased cloud adoption.”

When the reality of the pandemic hit, our customers had to act fast. Scalability and simplicity of deployment really matters. For example, the New South Wales Department of Education in Australia manages more than one million student and employee identities, making it the second largest school district in the Southern Hemisphere. Shane Gandy, director of identity management for the district, successfully navigated the pandemic and points to AI as a tool that will make similar challenges easier to overcome in the future: “With COVID-19, we had two weeks to mobilize all these identities for online learning with the understanding that some students don't have access to devices or even the Internet. We had to quickly and securely get people access to these services.”

Creating delightful user experiences is a passion at ForgeRock and essential in a digital world. That came into play at the Australian Securities Exchange (ASX) when the pandemic struck. “With COVID-19, we had to adjust to the volatility. In April and May, we had historic volumes of trading - 150,000 people joined or re-joined their accounts – and we went from $1.6 billion to $33.3 billion a day in revenue. Tools like multi-factor authentication (MFA) were very helpful in providing one front door for customers to enter and offer a better user experience, ” said Tristan Geering, Chief Information Security Officer, ASX. 

Final Thoughts 

The pandemic won’t be the last disruption for your organization. Customer expectations will continue to push your business to evolve. Accordingly, you need an identity platform that can flex with you and help you grow your business no matter the circumstance. 

We are committed to building on the strength of our AI-driven platform and enabling your workforce to be productive from anywhere, putting consumers on a happy path, and, most importantly, continuing to deliver innovation that does the heavy lifting for you.

This is how we see the future of identity and the role it plays for our customers. We launched a wave of new innovation last week designed to help you achieve this new reality.

I’d like to thank all our customers and partners who helped make Identity Live 2020 a success. Catch highlights from all three shows and hear from BMW, Accenture, Deloitte, and others here


CEO ForgeRock 


ForgeTalks: Smarter Access Is Here With Autonomous Identity

AI and the Arrival of Automated Access with ForgeRock Chief Product Officer Peter Barker 

We've talked a lot about the promise of AI and ForgeRock's investments in bringing the power of automation to its platform. I wanted to find out more about how we're delivering this advanced capability to our customers and how it will help them succeed. This week, I met virtually again with ForgeRock Chief Product Officer Peter Barker, to learn all about ForgeRock's amazing new Autonomous Identity offering. 

I hope you enjoy this latest installment of ForgeTalks. Make sure to tune in next week where I discuss Security & Privacy with our CTO, Eve Maler. And, if you missed last week's episode with Alex Laurie, you can catch it here.

ForgeTalks Episode 3: Creating Delightful Digital Experiences

Welcome back to another episode of ForgeTalks. I've heard the phrase "Delightful Digital Experiences" thrown around a lot, and I've never really been sure what it means. I caught up with Alex Laurie, who heads Global Solution Architecture at ForgeRock, to find out exactly what is meant by "Delightful Digital Experiences," and why it's so important for businesses competing in a highly digital world.

I hope you enjoy this latest installment of ForgeTalks. Make sure to tune in next week for my discussion with our CTO, Eve Maler who shares her perspective on why security and privacy are important in 2020. And, if you missed last week's episode with our CEO, Fran Rosch, you can catch it here.

Do We Still Need Pride in 2020?


The Stonewall riots in 1969 were a pivotal moment in LGBTQ+ history, leading to the first Pride events the following year in New York, Los Angeles, and San Francisco. London followed with its first Pride event two years later in 1972, and then the first Mardi Gras took place in Sydney in 1978.

Pride in those early days had a very obvious purpose. It was the coming together of gay people in a very visible way, with security in numbers. For one day every year, gay people could be out and proud in their home-town streets. They could be themselves. And they could hold their same-sex partner’s hand and not fear abuse. That’s why Pride was needed and celebrated.

Fast forward 50 years and the world has (mostly) changed. Being gay is much easier today than it has ever been, but there are still many parts of the world where it is illegal and even punishable by the death penalty. (Check out this interactive map.) The main thing you'll notice is that lesbian, gay, bisexual, and transgender people in Europe, the Americas, Australia and New Zealand are not criminalised. But does that mean, they have true equality and face no discrimination? 

As a gay woman in the UK, I can say things have massively changed in my lifetime. I no longer have abusive comments shouted at me on the streets as I did when I first came out. I had a civil partnership ceremony with my partner 13 years ago, which we converted to a marriage four years ago, so in a legal sense, we are equal now. 

But I have to come out time and time again. It's obviously a lot easier than when I did it the first time and most people don't bat an eye. But society is still very heterosexual in its outlook and that comes with its own set of assumptions based on how you look or act. So if you don't look “gay”, then people assume you will have an opposite sex partner, which can lead to awkward conversations and you having to come out again and again.

On a lighter note, my boss at one of my first jobs, on hearing I was gay, exclaimed, “She’s not gay, she’s French” as if the two were mutually exclusive. (And besides, I’m not even French!)

I have to consider my safety and personal well-being when choosing holiday destinations. There are large parts of the world where I don't want to travel because being me is illegal and I could face the death penalty. 

Even closer to home, we have seen an increase in attacks on gay people. Last summer, two women were attacked on a London bus by several men who felt they could demand that the women kiss for their benefit. This was not only a homophobic attack, but a blazing display of male entitlement. 

So is Pride needed today or is it just an excuse for a party? I would argue Pride is still very much needed, even in places where we have a lot more equality. For one thing, although things have got a lot easier for gay men and lesbian women, bisexual people still are perceived negatively and transgender people still face huge prejudices, even from within the LGBTQ+ community. And being “queer” is often completely misunderstood, as is anyone who chooses not to be constrained by gender labels. 

Pride is a chance for everyone in the LGBTQ+ community to come together as they have for the last 50 years – to be visible, be out and proud, and feel included for at least one day. It is there to make it easier for a younger generation of LGBTQ+ people, who may be bullied or feel pressured to be straight, to come to terms with who they are, know they can be themselves, and not feel marginalised. Even if it’s just temporary, it gives hope. Equally important, Pride is for our allies, for us to all stand together, united. Pride should very much continue to be celebrated.

I went to my first Pride event in years last year – spurred on by the LGBTQ+ initiative at ForgeRock. It felt great, marching with my wife and coworkers at Bristol Pride. This was not something my younger self could ever have imagined!

I wholeheartedly support the ForgeRock LGBTQ+ initiative. It is a great way to make everyone feel more included and has created a safe space for LGBTQ+ people. Undoubtedly, it has helped the company recruit a more diverse workforce. I chose a company with an active drive for inclusivity over any other company when looking for work. I know there are a lot of allies within ForgeRock – and that is really cool. Unfortunately, there are people who don't think it's needed, and they are the very reason why these types of initiatives (and Pride in general) remains important. Having said that, I am confident that we will continue to make progress in educating ForgeRockers.

2020 would have been the year to celebrate 50 years since those very first Pride events but unfortunately, many have been cancelled or postponed due to the Coronavirus pandemic. Despite this, we must continue to celebrate Pride virtually, and we must strive to become more inclusive and more equal. There have been great strides made in LGBTQ+ rights in 50 years, but we must not become complacent, as there's still a long way to go.

Click here to learn more about Inclusion and Diversity at ForgeRock.

ForgeTalks Episode 2: Jumping Into the Shoes of Our Customers

Welcome back to ForgeTalks. Our CEO Fran Rosch is always telling us that "feedback is a gift", and it's true, we do value customer feedback at ForgeRock. In this episode, I sit down with Fran to discuss his thoughts and learnings from a recent virtual session he had with our customer advisory board. It was great to hear how our customers are using identity, as well as what they think of our future innovations.

Grab a drink and a snack and enjoy this episode of ForgeTalks.

Coming Soon: Don't miss our next episode where I sit down with Alex Laurie and discuss delightful digital experiences.

Check out ForgeTalks Episode 1: A Roadmap Deep Dive here

Evolution from IDaaS to the SaaS-Delivered IAM

As enterprises rapidly evolve their overall cloud-first strategy, they are also rethinking their identity and access management (IAM) deployment models. The question on everyone’s mind is how to transition from on-premises IAM, which they invested in so heavily over many years, to the cloud and still maintain full functionality.

Many organizations embarked on the journey to cloud with a hybrid cloud approach. Often, they deployed their legacy on-premises IAM solutions in their own private clouds and just leveraged the public cloud as another data center. This gave them more flexibility to scale on demand and provided the agility to meet the business needs of dynamic and ever-changing workloads without the need to invest heavily in their infrastructures.

Others chose managed services, outsourcing identity management to a third party that has the expertise and staff to run and maintain on-premises identity solutions. IAM managed services was a viable alternative for organizations that were challenged to hire, train, and retain professionals with the skills required to manage and support IAM operations.

And some were early adopters of pure-play identity as a service (IDaaS) solutions – a term whose meaning has evolved over the past few years. In the past, Gartner published a dedicated magic quadrant for IDaaS and defined it as, “a predominantly cloud-based service in a multi-tenant or dedicated and hosted delivery model that brokers core identity governance and administration (IGA), access, and intelligence functions to target systems on customers' premises and in the cloud.”

The problem with these solutions, even back then, has been their limited capabilities. But the good news is that they are evolving quickly and are becoming more feature-rich and robust. With that evolution, Gartner has changed the name of the category as well to SaaS-delivered Identity and Access Management (SaaS-delivered IAM).

Why are people transitioning to SaaS-delivered IAM?

This is primarily driven by the increasing demand for more comprehensive cloud IAM capabilities from customers who want to consume more and more IAM functionality as a cloud service.

Market projections show that the IDaaS market is expected to grow from USD $2.5 billion in 2019 to USD $6.5 billion by 2024, a compound annual growth rate of 21.1%.1

We here at ForgeRock offer a comprehensive IAM platform, whether you choose our software version to deploy it in your own data centers, private cloud, hybrid cloud, or public cloud or you choose to consume it as a service provided by us. This is the foundation of the ForgeRock “your cloud, their cloud, or our cloud” strategy. The goal here is to provide you all of the features and functionality that meets your enterprise needs, however you decide to consume it.

ForgeRock Identity Cloud

Identity Cloud is the comprehensive ForgeRock Identity Platform delivered as a cloud service. It enables you to reduce operational risk by consuming the IAM service from a trusted vendor and reducing the total cost of ownership (TCO) by offloading the infrastructure and maintenance of the platform. This allows you to focus your energy on developing business IP, not creating and running IDAM solutions or infrastructure.

Even if you’re thinking about moving to the cloud but are not quite ready for it, you can still take advantage of ForgeRock’s complete suite of modern capabilities that address any identity need, in any environment.

Read more about the ForgeRock Identity Platform and the ForgeRock Identity Cloud or contact us to get your specific questions answered.



Rethink Identity Governance with AI-Driven Analytics

Protecting Consumer Data and Your Brand 

For the second year in a row, identity ranks as the top target for cybercriminals. According to findings in our latest Consumer Identity Breach Report 2020, personally identifiable information accounted for 98% of all stolen data in the past two years. That harsh reality underscores the need for a new approach to digital identity management and governance strategies. We believe a more modern approach that incorporates AI-driven identity analytics can alleviate a lot of challenges.

Changing the Mindset

The number of digital identities and business applications and the amount of data usage is growing exponentially, but many enterprise organizations continue to rely on legacy identity and governance processes and solutions that are static, siloed-based, and cannot scale to meet the demands of today’s dynamic digital age.

So how do risk and compliance professionals get more out of their existing identity and governance solutions? How do they gain enterprise-wide visibility and risk awareness? How do they gain a deeper understanding into risk associated with user access across the entire enterprise? They can accomplish all of this by changing their approach. 

A Best Practice, Modern Approach

By embracing a more modern approach that leverages artificial intelligence (AI), machine learning (ML), and automation, organizations can address these growing challenges. This new approach meets the needs of organizations today while having the ability to easily scale and evolve to meet future challenges and requirements.   

Contextual, enterprise-wide visibility

One of the biggest challenges facing enterprises today is a siloed view of identities and the access they have. This is a result of various departments or business units within the organization deploying different types of identity, governance, and infrastructure platforms . In a typical scenario, each solution contains only a subset of identities (employees, contractors, partners, and others). As a result, security and risk professionals have a very limited view – or possibly no view at all – into user access risks across the entire enterprise.

By leveraging an AI-driven analytics solution, organizations can collect and analyze identity data (accounts, roles, user activity, entitlements, and more ) from the different identity, governance, and infrastructure solutions they have in place. This provides enterprise-wide visibility to all identities and what they have access to across the entire organization. This modern approach provides security and risk professionals with contextual insights into low-, medium-, and high-risk user access at scale. 

Access risk awareness

Over the past decade, organizations have manually built and deployed data lake-based solutions as a way to view all identities. A data lake is a simple storage repository that holds a vast amount of raw data in its native format until it is needed – typically in a flat architecture. Data lakes offer the ability to derive value from unlimited types of data and store all types of structured and unstructured data. What they do not inherently provide are Al/ML-driven analytics out of the box. Typically, organizations build a home-grown data lake solution and then develop analytics to run on top of it. These analytics need to be constantly fine-tuned, updated, and upgraded overtime.  

By leveraging AL/ML techniques in a modern solution, organizations can analyze all identity data centrally and contextually identify riskier user access and entitlement creep across the entire organization. This intelligence-based approach allows security and risk professionals to quickly identify suspicious user access and privileged and root account access violations.

Access rights identification and remediation

With the explosion of digital identities (3.2 billion and growing) over the past decade (McKinsey), organizations are drowning in user access requests, entitlement creep, and access certifications. Because of this, security and risk professionals are manually rubberstamping user access requests and bulk-approving user access certifications on a quarterly, bi-annually, or yearly basis. The end result is elevated risk due to overprovisioned user access rights.

With an Al-driven analytics solution, organizations can contextually examine all identity-related data and then identify and recommend the right level of user access rights. This modern approach allows organizations to identify and apply appropriate birthright user access rights (to accounts, applications, systems, roles, entitlements, etc.). In addition, security and risk professionals can proactively identify overprovisioned user access rights, recommend remediation, and automate  removal.  

Embrace AI-Driven Identity Analytics

With growing external and internal cyberthreats, security and risk professionals need to work smarter, not harder, in order to effectively protect the business. This simply means legacy identity, governance, and infrastructure processes and solutions need to be vastly enhanced, not only functionally, but from a business value perspective. It is time for enterprises to increase the business value of their legacy identity, governance, and infrastructure solutions by proactively embracing an AI-driven analytics solution that offers contextual, enterprise-wide risk visibility, improved operational efficiencies, and accelerated decision-making.

Learn more about ForgeRock’s AI-driven identity analytics solution.


ForgeTalks Episode 1: A Roadmap Deep Dive

Welcome to “ForgeTalks!” Today, we’re launching a new video series about digital identity trends and innovation. ForgeTalks will bring you straight-talk from ForgeRock experts and help cut through the industry hype. We’ll chat with experts on topics ranging from digital transformation, automation, cloud, privacy and share insights aimed at helping identity practitioners and leaders make smart decisions about how to use digital identity as a competitive advantage. 

The series premieres today and features ForgeRock chief product officer Peter Barker. Together we take a closer look at how the company’s recent Series E funding will help accelerate ForgeRock’s product roadmap. We also discuss how digital identity plays a massive role in enabling remote digital experiences in the age of COVID-19. 

So sit back, relax and check out ForgeTalks. To learn more about the ForgeRock Identity Platform, click here.

Enjoy the show!


Coming Soon: In our next ForgeTalk, I'll sit down with CEO Fran Rosch.


The ForgeRock Consumer Identity Breach Report: the Battle to Contain Unauthorized Access

U.S. organizations spent $1.2 trillion in recovery costs related to breaches  

The ForgeRock 2020 Consumer Identity Breach Report is here, providing insights into global threat activity and the impact felt by enterprises that have been attacked. This year’s report reveals that for the second year in a row identity remains a major weakness of the web and continues to drive skyhigh clean up costs for enterprises.

In looking at the year-over-year comparisons, it’s disheartening to see the bad guys continue to succeed. We saw increases in every category and across every region we inspected. Here are just a few of the major trends that emerged in the last year about data breaches:

  • Healthcare was once again the most frequently targeted industry (43% of all breaches). On the other hand, technology firms had the highest number of records compromised (over 1.37 billion served, er, exposed).
  • Unauthorized access, the nemesis of IAM professionals everywhere, was by far the most common attack vector, responsible for 40% of breaches, with ransomware/malware and phishing trailing distantly at 15% and 14%.
  • Breaches cost U.S. organizations over $1.2 trillion, nearly doubling the previous year’s cost, and the data was nearly all PII (98%).

The report is packed with data and insights, and we’ve expanded our focus beyond the U.S. to include perspectives from the U.K., Australia and Germany.

Here’s my take: When it comes to data breaches, security on the internet continues to be an identity problem. Poor access management is hurting consumers and enterprises the world over, so there’s no better time to implement a modern IAM platform that offers dynamic and adaptive solutions to today’s problems.

It's an exciting time for achieving cybersecurity and data privacy goals but what does success look like? To me, it's about democratizing data control, and here's what that means: This looks like putting your known users onto a passwordless express lane, and cybercriminals through extra authentication hoops. It's keeping personal data packets in the right jurisdictional boundaries for privacy compliance, and preparing for the regulatory future as well as the present. And it looks like empowering your applications to control their own boundaries to realize your Zero Trust strategy, and empowering your users to control their own permissions to foster mutual trust and confidence.

Click here to see the full report.


How to Easily Modernize Access to Your PeopleSoft Applications

Over the course of 2020, how and where we work has rapidly changed. More employees than ever before are working from home. In fact, according to CNBC, “42% of U.S. workers who did not telecommute previously are doing so now.” This new reality requires that organizations offer secure, remote access to critical work apps and services. As part of this, common applications like Oracle PeopleSoft are getting a second look. Business critical applications for managing employee lifecycles, tracking purchase orders, or performing other functions come with inherent risk because of the sensitive data they contain. Securing these applications to ensure that only the right people have access is critical. Unfortunately, organizations with legacy identity and access management (IAM) systems struggle with this. 

With the majority of employees now working from home, the ways in which people access PeopleSoft are changing, and to meet that demand, the ways in which it is protected must also change. This is especially true because Oracle is ending support for Oracle Access Manager, the 11gR2 access management middleware originally included with PeopleSoft, by December 2020. With budget constraints and limited IAM provider options competing with urgent requirements for remote access and improved security, it’s understandable that organizations are contemplating how best to solve this timely issue. 

At ForgeRock, we specialize in helping organizations like yours meet the demands for secure, easy access from anywhere by coexisting with applications, like PeopleSoft, and their related legacy IAM systems, such as Oracle Access Manager. 

For example, I recently had a conversation with a customer whose employees are now all working from home. Because PeopleSoft is the primary application used by the Human Resources department, they needed to be confident that the sudden shift to working from home wasn’t going to cause any security issues to their critical applications. With ForgeRock, this customer succeeded in modernizing and strengthening their access security to support remote sessions for PeopleSoft by quickly building and delivering a secure, frictionless authentication journey utilizing multi-factor authentication (MFA). They are also now exploring expanding this same security model to other applications within their network. 

How can you leverage ForgeRock to secure your critical PeopleSoft applications?

To start, the ForgeRock Identity Platform comprises the following components, which can be used on their own or as a complete solution to support desired enhancements to PeopleSoft:

The ForgeRock Identity Platform and its industry-leading capabilities allow for significant enhancements in security-related functions. Intelligent Authentication, a component of ForgeRock Access Management, enables you to build robust, customized authentication flows (called authentication trees) using a dynamic menu of pre-integrated nodes within a drag and drop interface. This authentication journey agility not only provides users easy, secure authentication options that can be utilized from any location, such as work from home scenarios, it also helps organizations prevent fraudulent access attempts. For example, users can augment a failed username/password attempt to access PeopleSoft by requesting a one-time use passcode or facial recognition via a mobile device using MFA controls. 

In addition to leading access management capabilities, ForgeRock Identity Management includes built-in provisioning and workflow capabilities, so you can manage and orchestrate all access to PeopleSoft applications by monitoring changes both within the PeopleSoft data store, as well as other data stores within your organization, like LDAP directories. This unified view provides you with greater control and accuracy in terms of who can access high-risk applications such as PeopleSoft.

Of course, knowing what’s available is one thing --- getting it done is another. ForgeRock can help there too. We provide out-of-the-box accelerators to get you up and running quickly, as well as seamless migration tools for when you’re ready to migrate away from your legacy IAM systems.

The ForgeRock Identity Platform can coexist with any legacy environment to give you more agility in how you secure business-critical applications like PeopleSoft. From the toughest legacy systems to the most cutting-edge applications, ForgeRock can handle all of your organization’s unique identity and access management needs. Contact us today to learn how we can help you.

Want to learn more about how to integrate Oracle PeopleSoft with ForgeRock? Read our white paper Modernize Access Security for PeopleSoft with ForgeRock for more details. 


From Evolution to Revolution

How COVID-19 has accelerated digital transformation


As shelter-in-place restrictions caused by COVID-19 slowly start to lift around the world, the notion that it will be “business as usual” is far from reality. At this stage, we know comparatively little about the virus and its long-term impact on business. But there are definite indicators based on the countless conversations I’ve been having with customers in the last eight weeks that companies with strong digital identity strategies have fared much better than those that did not.

The discussions I’ve had with leaders inside financial institutions, media conglomerates, and others offer some very interesting insights into how customer preferences, needs, and expectations might evolve in the coming months. Here are my virtual “notes from the road,” which I hope are useful to any organization looking for guidance on starting their rebuilding efforts in a post-pandemic world. 

COVID-19 has forced dramatic change in the digital world

The pandemic has pushed organizations to accelerate their digital transformation at an unprecedented pace. Pre-COVID-19, most businesses were on an evolutionary path to digital transformation. Now, necessity has forced them into a digital revolution. 

Overnight, our customers saw spikes in online traffic at levels normally associated with special events such as Black Friday or the Olympics – events where, historically, people had months or years to plan. COVID-19 afforded no preparation time. Huge spikes in activity across e-tail, education, healthcare, banking, telecommunications, and other sectors  became a reality as both adults and children turned to a new remote way of life and working. Simultaneously, an uptick in malicious activity took place, as cybercriminals tried taking advantage of organizations that slashed red tape and bureaucracy in a desperate effort to keep up.

At ForgeRock, we believe this is a moment of truth for brands. An organization’s core mission won’t change because of COVID-19, but how they deliver on it has. Ensuring secure access and a streamlined, frictionless user experience are vital to maintaining competitive advantage. As a result, identity and access management (IAM) has emerged as a top priority. Even as some organizations cut spending, digital identity remains a must-have priority, with most identity and access management initiatives moving forward with even greater urgency.

Seize the opportunity to disrupt 

Looking at the situation optimistically, we see this time as a unique opportunity for your business to rally and to stand apart from the rest. Zoom is a perfect example of a brand that has achieved cultural awareness as a result of the global health crisis. It has moved beyond the enterprise and is now one of the primary ways housebound people connect worldwide.

“Getting identity right” means making it easy for your customers to connect to you digitally –  making it easy to login, reset passwords, receive personalized digital content, and feel secure, with respect for their privacy. Users deserve a digital experience that is both simple and safe. Getting identity right could change the trajectory of your company and make your brand a household word. By 2022, it’s estimated that businesses that provide great customer experiences are projected to earn 20% more in revenue than those with less than optimum customer experience.1

Identity technology is an enabler

The data we’ve gathered from our own customers attests to this. ForgeRock has enabled many organizations to scale up in order to meet consumer demand. Here are real-world examples of how organizations across multiple sectors adapted quickly to address the changing needs of both consumers and the workforce.

  • Scale at unprecedented levels: A large media organization serving a major European country had to scale dramatically during COVID to accommodate billions of access requests from citizens tuning in for live news updates and streaming content at different times of day. Historically, events of this scale would be related to a major sports event or an important political event and would be planned for months or years in advance. With COVID-19, this scale is occurring daily.  
  • Massive switch from “in-person” to digital relationships overnight: Overnight, a large banking organization saw a 300% increase in online/mobile banking while also experiencing a 51% decrease in local branch foot traffic.
  • Rapidly mobilizing a new remote workforce: One large financial company shared a common experience of going from 95% of the workforce located in offices pre-COVID-19 to the same number now working from home. The impact to productivity was felt immediately by both IT professionals and staffers when the rollout of new collaboration apps for virtual whiteboarding and video chat began and the need for multi-factor authentication for securely implementing remote work became apparent. 
  • Black Friday every day: Many of our retail customers reported unprecedented increase in online activity – surpassing Black Friday level traffic. DevOps and auto-scaling capabilities in ForgeRock IAM have been critical in supporting these levels of traffic.
Zero Trust timelines have accelerated by over a year

Zero trust and “identity as the new perimeter” have been popular thought leadership topics in IAM and often on an organization’s roadmap, but in the midst of COVID-19, the roadmap for accomplishing these initiatives has been accelerated by a year or more. 

In addition to navigating  increased customer demand, many organizations have also come to realize that their traditional approach to digital identity management falls short in enabling all their employees to work remotely and to access applications securely. The need to adopt a work-from-home policy for employees has put pressure on capacity for many businesses. Realizing that there is no such thing as a trusted network or device, organizations are now opting for risk-based authentication and authorization methods. 

Another concern is an increase in Coronavirus-themed security threats – from phishing campaigns to fraud. A joint alert issued by the U.K. and U.S. lists more than 2,500 COVID-19-related scams. It’s more critical than ever to provide a secure online experience for all types of users on all types of devices. ForgeRock helps you protect user privacy while ensuring secure connections on all their things.

Consequently, the adoption of a Zero Trust model – the foundation of the ForgeRock IAM Platform – has accelerated.

Enable safe and simple digital access

With more people relying on online services, it’s critical to ensure that the first steps in any digital journey are smooth and seamless. It’s often at login that you are most at risk of losing users, especially when they have forgotten their usernames or passwords. We will soon roll out new capabilities that ensure you retain customers – regardless of their technical skill level –  during the login process. Soon you’ll be able to quickly and easily determine who the user is, what device they are on, and what their preferences are.  

Protect digital users

During COVID-19, everyone has opened themselves up digitally to a greater extent. This new “all digital” lifestyle has caused people to want more control over their data and privacy. Our self-service privacy and consent dashboards enable users to securely share and revoke or authorize consent. We also offer users choices, asking them whether they prefer passwordless or password-driven logins. 

As the digital revolution unfolds in all of its permutations, we are here to help you meet and exceed the expectations of your customers and employees alike. When it comes to digital identity, remember: you are not alone. Find useful resources at Connect Everyone


 1. Gartner Identity and Access Management Summit, Keynote: “The Future Identity and Access Management in 2019 and Beyond,” Gregg Kreizman and Mary Ruddy.





Bring Digital Identity Out of the Shadows to Fuel Digital Transformation

CPO Vision


Everyone that has anything to do with security is all too familiar with the term “Shadow IT,” which applies to situations when users across virtually all departments in an organization access applications and services without the authorization of corporate IT. Driven by the consumerization of IT and the convenience of the cloud, Shadow IT has introduced significant risk to enterprises due to lack of visibility and control. 

Today, as more businesses invest in their digital transformation – to the tune of more than $3.7 billion in 2019, according to Gartner – they are faced with yet another security and privacy challenge that also undermines the customer experience and hampers business success, namely Shadow Identity, or “Shadow ID.”

What is Shadow ID?

In the process of creating and delivering new digital services for their customers, business units within an organization can inadvertently create identity silos. In many organizations, a fragmented approach to identity consists of legacy, home-grown, and off-the-shelf point solutions that create a crazy quilt of applications that cause what we now call Shadow ID. This occurs primarily because organizations lack a unified consumer identity and access management (CIAM) solution  and oversight over the process. 

The end result is that a single customer who signs up for various digital services with a company may actually have multiple sets of identities. Every time an innovative digital service is rolled out to users, there is the potential for another identity silo to crop up. So why is that a problem?

  • The user experience suffers in a big way. Let’s consider this simple scenario: A large financial institution offers an array of services – from ATMs to bank cards to online banking portals to mortgage loans, and more – and requires customers to create separate logins for each of these. Each department at this bank houses this customer identity data in a different silo for each service, and these silos are disconnected. When customers call their branch to have a question answered, they are typically shunted around to different people before they have a conversation with someone who has their customer information (and even that may be incomplete or inaccurate). The end result is a frustrated customer who gets even more frustrated with each engagement across all channels.
  • Cross-sell opportunities are limited. Without a single source of truth about customer identities, it’s difficult to perform meaningful marketing analytics. And without reliable analytics, companies will have a hard time cross-selling services to their existing customers and delivering personalization for online applications and services. Clearly, Shadow ID can hinder business growth and put organizations at a disadvantage vis a vis competitors who have a unified identity architecture that can provide better, more streamlined customer experiences.
  • Shadow Identity increases security risk to enterprises. Identity silos inherently result in an inconsistent security posture due to differing password-strength and reset policies and some services requiring multi-factor authentication but not others. Further, as security and identity standards evolve (examples: HTTP/2, mutual TLS, and newer crypto algorithms), it’s nearly impossible to consistently update disparate identity silos in unison, and this exposes the enterprise to greater risk. 
  • Identity silos create privacy and compliance problems. Fragmented identity silos make it increasingly difficult to keep up with ever-changing government and industry regulations. The EU General Data Protection Regulation (GDPR), which imposes strict regulations on usage and sharing of private customer data, is an excellent case in point. Without a single view into all customer identity data points, GDPR compliance becomes exceedingly difficult, if not impossible. Additionally, when a customer chooses to opt out of a service, managing this process across multiple silos becomes a hugely painful and time-consuming effort.
Enter the ForgeRock Digital Identity Platform

At ForgeRock, we help people safely and simply access the connected world by enabling exceptional digital experiences, no compromise security, and comprehensive functionality at any scale with simple, flexible, and rapid implementations. With ForgeRock, you can address – and get ahead of – the requirements of the digital Disruptive Economy. Using ForgeRock’s comprehensive, flexible customer identity and access management (CIAM) technology, you can support customer experiences that exceed expectations and foster consumer trust and loyalty to create new opportunities for growth and competitive advantage.

At ForgeRock, we are well aware of the pitfalls of Shadow ID and are passionate about helping our customers grow and innovate while offering a safe and frictionless experience for their users. It’s all about giving the right people the right access at the right time – by using the right IAM platform

Learn more about how to connect everyone, anywhere, or contact us to get started.


Media Giant BBC Credits Digital Identity Strategy as One Key to Success During Pandemic


As COVID-19 continues to affect our world, the importance of keeping citizens informed is even more critical now than ever. Media giants like the British Broadcasting Company (BBC) have found themselves serving as a central player in helping millions of people stay connected and safe with new programming and services aimed at educating, entertaining, and keeping everyone calm – from small children to aging adults. 

The venerable brand has met the challenge by mobilizing its workforce quickly to work remotely and by doubling down on a digital transformation strategy grounded in identity in order to handle a massive influx of consumer demand that came to the BBC nearly overnight.  

We recently talked with Matt Grest, director of platform for the BBC, to learn how his organization is able to successfully keep employees productive and provide the essential information consumers need during the crisis. 

Supporting Remote Workers

ForgeRock: When it became obvious that working from the office was no longer possible, how were you able to get your team operational from home quickly? 

Matt: We were fortunate in many ways. I have about 350 people on my Platform team at the BBC. Many already had experience working remotely before the pandemic hit and were using best practices, like morning stand-up meetings. To help make the shift smooth for everyone, we were also able to quickly give employees instant access to appropriate applications so they could continue their work from home. In the last six weeks, I’ve been very fortunate that my team has continued to be productive whilst our offices were running at about 10% capacity. We’re still in the early days, but it’s appearing that efficiencies are comparable, if not better, than with the on-premises working model. 

Scaling to Meet Demand 

ForgeRock: Seismic shifts in audience size can present unexpected risk. What sort of growth have you seen?

Matt: We’re getting World Cup numbers every day at 5 p.m., right when everyone tunes in to hear what the Prime Minister is saying about the COVID-19 crisis. Millions of people want the information instantaneously and in different formats, such as video, text, and audio. Our challenge is to respond to this ever-increasing demand and provide seamless service to our audience.

During the COVID-19 crisis, we are experiencing record numbers of customers tuning in for live news updates and streaming content every day. We’re also seeing changes in usage patterns, such as significantly more consumers demanding content in the middle of the day. Meeting scalability challenges is something that never goes away. As an increasing number of people shift their viewing habits away from traditional broadcast TV and onto digital platforms, scaling up to meet this demand becomes a daily focus for us. In 2017 we introduced the ability for our audience to sign-in to iPlayer. Getting people signed in means we can offer them a truly personalised experience. Now, in 2020 the majority of people in the UK have a BBC account and use it to access our personalised online services. Again, this posed another huge scalability challenge as we had to build out our systems to cope with an ever-increasing demand.

Launching New Services and Content

ForgeRock: Meeting the needs of consumers across a wide range of demographics can’t be easy. What challenges have you faced? 

Matt: In addition to supporting remote workers and changing capacity, we are also rolling out new content and services. In April 2020, we introduced BBC Bitesize, a website that provides parents and students with free videos, step-by-step guides, activities, and quizzes by level and subject. We relaunched the service within weeks and saw three million people use the service on launch day, with zero downtime. 

Children can be more challenging to authenticate. Article 8 of the GDPR dictates that users under the age of 16 need parental consent to access content. We deliver highly personalised, age-appropriate experiences in a compliant manner while ensuring kids are using their own accounts versus their parents. Kids can even authenticate their identities via voice-first commands, an age-specific preference that could have been difficult but we were able to deliver it with minimal headaches. 

Personalized Data Is Better Data

ForgeRock: Offering personalized services adds significant value for your consumers. But with that comes a huge responsibility to protect a vast amount of customer data. How do you earn the trust of your users?   

Matt: A personalised BBC makes for a better BBC. Once we get our audience signed in, we can then understand people’ likes, dislikes, device preference, time-of-day usage, and more in order to deliver a bespoke and optimal user experience. At the same time, we must remain compliant in keeping customers’ data secure and allow users to opt out of the personalised experience if they desire. 

Future Scalability Considerations

ForgeRock: Innovation is at the heart of what you deliver every day for millions of customers. What’s next at the BBC? 

Matt: The future is digital, and the biggest ongoing challenge for us is scalability. Today, we keep users signed in for two years (compare that with banks that log users off after a few minutes of inactivity). In addition, each user leverages the BBC with three different devices, on average. With 45 million users working with three to four devices, it could be a big challenge to manage access and active sessions, but we have the right technologies to help us meet our goals.

As we look to introduce more new and exciting services over the next few years, continuing to scale up our ability to deal with increasing millions of people who wish to access an ever-increasing amount of content is an ongoing challenge for us  – a challenge our team thrives on.  

The BBC is a public service, and we need to keep pace with customers, but we can’t leave anyone behind. For example, we need to balance expanding our digital content and services whilst also catering to the audiences who prefer to tune in via traditional channels like radio and television.

As a BBC consumer personally, I am one of those who enjoy BBC content, such as the fabulous TV show “Killing Eve.” I can’t wait to see what they offer us next.

As Director of Platform, Matt is responsible for leading the transformation of the BBC’s digital and broadcast products into a fully integrated platform, bringing together the BBC’s content library, digital archive and audience services into a single integrated platform, and preparing the BBC for an Internet-fit future. Since starting at the BBC in 2017 Matt has created the Platform Group; bringing together teams around the UK that provide content and personalisation services to the BBC’s digital products, and created a single integrated organisation. Matt sponsors the BBC’s Step into Tech initiative, giving women training and a pathway into a digital career. Matt has also sponsored the BBC’s technology expansion in Glasgow. Prior to joining the BBC, Matt was Director of Digital Platforms at Sky, where he was responsible for the technology that powers Sky's Digital products. Matt also lead the creation of Sky's digital hub in Leeds. Previous roles include leading the team responsible for the main NHS digital platform, leading technology teams on large scale financial services mergers and acquisitions, and took an ISP from start-up through to exit.

Identity Connects Everyone to Everything, Everywhere 

Find out how ForgeRock delivers work from home and online consumer experiences at scale here.