Technology Trends

Introducing a New Kind of Security Key: ZenKey

It used to be that before you walked out the door, you always made sure you had your keys and your wallet. The “key and wallet check” was essential to leaving your home with a clear head. Now, your smartphone has undoubtedly joined the fray as something equal to, or even more important than, those other vital items. Leaving your house without your smartphone likely seems inconceivable, and whether we want to admit it or not, it is one of the most ubiquitous things in our lives.

Your Smartphone Can Do More

Your phone understands who you are, knows where you are, it’s connected to a powerful network that is your portal to the world. So why not use that knowledge? Why do websites continue to ask me to register and log in with usernames and passwords when there is a device in my pocket that can authenticate me? Could the networks that power our smart devices play a role by adding additional, seamless security?

Using ZenKey to Unlock Trust

These questions now have an answer. AT&T, T-Mobile and Verizon have created something meaningful with the launch of ZenKey. ZenKey is a new solution that leverages the  network and SIM card details to deliver authentication and identity verification features to web and mobile applications. ZenKey is differentiated because it relies on network and device data and can’t be hacked using only a stolen username and password or even a malicious SIM swap.

What This Means for Your Security

Even more exciting is that ForgeRock is a launch partner with ZenKey, giving customers the ability to leverage the ZenKey Authentication Node in ForgeRock’s Intelligent Access solution. This node provides instant, drop-in support for the ZenKey service. By simply leveraging the ZenKey node, any website or service can offer an alternative to long registration forms and password-based logins with a highly secure, device-based, multifactor authentication.

Now, ForgeRock customers can quickly reduce abandonment during sign-ups while receiving trusted user attributes from MNOs. This capability helps reduce the risk of fraud while creating an identity pre-populated with user attributes. Once a user is enrolled in ZenKey, ForgeRock Intelligent Access can use ZenKey to power a highly secure passwordless authentication experience. This integration delivers a tremendous balance between security and usability, something every ForgeRock customer is trying to accomplish.

As more apps, websites and services take advantage of the combination of ZenKey and ForgeRock for seamless registration and authentication, one of the keys you will never leave home without will be your ZenKey.

 Learn more about ForgeRock Intelligent Access here


ForgeTalks: Busting Cloud Myths

Welcome back to another episode of ForgeTalks. My guest this week is ForgeRock VP of Cloud Success, Renee Beckloff. Renee's career has been connected to the cloud for the last 15 years, making her uniquely suited to help bust some pretty entrenched myths. She doesn't hold back in our discussion and shares why there has never been a better time for large enterprise customers to embrace the cloud

In this episode we'll cover: 

  • What are some of the most common myths holding people back from cloud adoption?
  • What are the benefits of making a move to the cloud?
  • Why you should attend ForgeRock Identity Live: Cloud Edition 


I hope you enjoy this great episode. If you want to learn more, Renee offers a deeper dive into cloud myths at ForgeRock Identity Live: Cloud Edition next week. Check out the agenda for this virtual event and register for a time that works for you. And if you want to check out any of our previous episodes of ForgeTalks you can do so here.

IAM 101 Series: What Is Identity Governance and Administration?

What is Identity Governance and Administration (IGA)?  Identity governance and administration (IGA) enables admins, security teams, and internal auditors to manage and reduce the risk that comes with excessive or unnecessary user access to applications, systems, and data.

As the digital world continues to evolve, IGA is now mission-critical to secure every organization. Yet few know what it is. With new data privacy and security regulations constantly emerging, organizations must now balance risk and customer experience while achieving regulatory compliance. Having the right identity governance and administration solution in place can play a crucial role in achieving this balance, keeping workforces productive, and enterprises secure. To fully understand what IGA is and why it’s become such a priority, we must look at how the need for it emerged in the first place.

The Early Years: User Provisioning and Mounting Regulations

To understand IGA, it’s important to understand what provisioning is and how user data was initially stored. User provisioning is the process that ensures that user accounts are created with the proper permissions. IT administrators use provisioning to monitor and control access to systems and applications. 

In the early years of the digital age (1980s - early 90s), user provisioning was rather straightforward as it focused solely on users (employees) within an organization. Access to users outside an organization, like customers or citizens, was not common. Additionally, there weren’t as many systems within an organization to manage access to, making the provisioning process relatively manageable. 

During this time, servers housed user accounts and identity data centrally on on-premises systems within the enterprise. However, in the mid-late 1990s as the .com market rapidly took off and external user access to systems and applications became ubiquitous, more sensitive user data such as name, address, social security number, country code, email address, bank account number, etc. were collected by global organizations. The need to protect this personally identifiable information (PII), the systems and applications that hosted this information quickly became critical. To address these requirements, new regulations were enacted that mandated stricter security protocols for user access permissions, required improved controls and policies to prove to auditors that the protocols had been implemented. 

The Rise of Identity Governance Regulations

Introduced in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was created to provide stronger data privacy and security provisions for safeguarding medical information. As physicians later moved to digitized health records, the HIPAA Security Rule was issued as a best practice for securing sensitive digital information and establishing national standards to protect individuals’ electronic personal health information. This rule required appropriate administrative, physical, and technical safeguards to ensure the security of patient data. 

In 2002, Sarbanes-Oxley Act (SOX) was introduced to bolster stronger trust and security around the financials of publicly traded companies. SOX imposed even more regulatory protocols regarding electronic records. It mandated the joint responsibility of auditors and management for the detection of fraud and external threats, requiring stringent record keeping, audits, and controls. Noncompliance with SOX can cost organizations up to $25 million in fines, criminal and civil prosecution, and prison sentences of up to 20 years for those found in breach of the mandate.

In 2006, the PCI Council (formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa) created a body of security standards known as the Payment Card Industry Data Security Standard (PCI DSS). Every merchant that accepts credit card payments must be in compliance with PCI DSS. PCI DSS includes requirements for security management, policies, procedures, and other critical protective measures. Failure to comply with PCI mandates leaves businesses vulnerable to the negative impacts of data breaches, such as fines, fees, and lost business.

With these new regulations and stricter protocols, organizations began to feel the strain of ensuring and proving compliance. This pressure only intensified in the mid-2000s as the market saw a massive increase in enterprise user demand for access to cloud-based applications and systems. As a result, this created a larger provisioning problem. Existing user provisioning solutions only supported internal user (employee) populations. They were not equipped to handle the growing numbers of users, accounts, systems and applications while trying to continue to meet regulatory compliance requirements. The need for a solution that supported user provisioning and management for internal and external systems and applications thus emerged. 

Turning to Identity Management as a Possible Fix

As traditional provisioning solutions struggled to keep up with increasing identity demands and regulations, many organizations turned to identity management (IDM) solutions to address these challenges. With the digital landscape evolving at a rapid pace as the introduction of cloud and software-as-a-service (SaaS) applications and solutions began sweeping through the enterprise landscape. The transition to these technologies meant that internal user identities were now being used to access new external cloud-based applications and systems outside of the enterprise network. The result was a tangled web of access to internal and external systems; a disorganized mass of accounts for workforce, consumers, and partners; and varying levels of access across multiple environments. 

Because of these new and ever-growing challenges, identity management solutions were unable to meet compliance regulations to ensure user access was reviewed, allowed, and/or revoked periodically. As a result, organizations would manually create and review user access certifications via spreadsheets distributed by email to business line managers annually or biannually for review and approval. Yet, with the exploding number of internal and external user identities, systems, and cloud applications, this process was no longer a scalable or viable option. With pressure mounting on organizations to achieve regulatory compliance, a new approach was needed.

The Emergence of Identity Governance and Administration

With a new approach, the existing user provisioning market morphed into identity management. In parallel, the genesis of identity governance came about due to the growing number of compliance regulations. Over time, both the identity management and identity governance markets merged into one market: identity governance and administration (IGA). IGA solutions address the needs of regulatory compliance through identity governance and user provisioning requirements through administration. In addition, identity governance and administration addresses user access privileges for both on-premises systems and applications, as well as cloud-based applications and systems, bridging the gap where previous solutions fell short.

Today, identity governance and administration helps organizations address common business challenges throughout their network and users. Benefits include better access compliance through certifying the appropriate level of users’ access and enhanced business productivity by providing this access to the right resources at the right time. IGA also benefits security and risk management by allowing organizations to govern user access with policy-based controls and minimizing operational inefficiencies by streamlining business processes.

In addition to helping overcome business challenges, Identity Governance and Administration supports a number of underlying use cases. These use cases include;  access requests (users requesting access to systems and applications), access approvals (managers approving user requests), access reviews (managers confirming user approvals or revoking user access), and role optimization (reviewing and updating role definitions).


  ForgeRock Identity Governance and Administration

The ForgeRock Identity Governance and Administration solution is an integral part of ForgeRock’s comprehensive identity platform. It allows you to establish policies for user access rights and continuously monitor their proper implementation from a centralized location. Through a periodic access review process — tied to a powerful workflow engine to ensure closed-loop remediation and built-in risk management and reporting — you can strengthen your security posture and automatically drive regulatory compliance.

Learn more about identity governance and administration and ForgeRock IGA by watching the webinar The Evolution and Modernization of Identity Governance or contact us today.


ForgeRock Identity Cloud Gets Even Better

Since launching ForgeRock Identity Cloud earlier this year, we have seen strong interest and innovative usage from a variety of customers. The COVID-19 crisis has contributed to the surge in our momentum. Financial services and retail customers have seen their foot traffic to physical locations drop by 80 percent or more. At the same time, online traffic is skyrocketing. For many companies, these spikes are resulting in massive increases in costs because cloud vendors are doubling their overage fees. We can help with this.

We built our cloud platform as a scalable service for cost-effectively modernizing large, complex, and diverse application portfolios at companies navigating their cloud migration journey. ForgeRock Identity Cloud has become even more flexible with identity platform as a service functionality, delivering on our commitment to provide the most comprehensive cloud solution possible.

Today, we’re happy to share exciting enhancements now available that make our cloud service even more powerful.

  • Seamless Orchestration: The one overwhelming request we get from ForgeRock Identity Cloud customers is: “Don’t dumb it down.” We listened. This release builds on our aim of extreme configurability. You can continue to deliver omnichannel experiences and security for all identities using the power of ForgeRock Intelligent Access to seamlessly orchestrate self-service and authentication journeys for your users.
  • One Subscription for Maximum Flexibility: With one subscription to ForgeRock Identity Cloud, we give you complete flexibility to not only consume as a service from us, but also deploy the ForgeRock Identity Platform anywhere -- in your datacenter, private cloud or public cloud -- in a hybrid configuration. That one subscription also means you enjoy predictable pricing that includes unlimited annual usage per user with surplus user coverage that protects you even if your business grows in unexpected ways. 
  • Full Tenant Isolation: We take security very seriously at ForgeRock. Our approach ensures your data is never commingled with other customer data. This not only prevents accidental data spillage issues, but also prevents the noisy and nosey neighbor issue. 
Getting Started 

All of the features discussed today are now available. Download the ForgeRock Identity Cloud white paper to learn more. 

Coming Up! 

If you’re unsure how to start planning your future in the cloud, don’t miss ForgeRock Identity Live: Cloud Edition. I’ll be hosting this virtual event and can guarantee you’ll walk away with useful tips on how to transform your organization. I hope to see you there next week! 

Thanks, from the entire ForgeRock Identity Cloud team!  


ForgeTalks: What is Single Sign-On?

At ForgeRock we help people access the connected world. How do we achieve it? In part, with an important digital identity tool called Single Sign-On (SSO). What is SSO? How does it work? What is the purpose of it? I was joined this week by ForgeRock's VP of Product & Solution Marketing, Ashley Stevenson, who took me through the ins and outs of Single Sign-On, using an incredibly helpful (and slightly nostalgic) analogy.

We take a look at:

  • What is SSO and what are its benefits?
  • How do privacy and security tie into SSO?
  • What is federated SSO?

If you enjoy this episode make sure you check out our previous episodes here. Next week I'll be meeting with ForgeRocks VP for Cloud Success, Renee Beckloff, to debunk common myths around moving to the cloud.

The Passwordless Enterprise Era

How ForgeRock and Secret Double Octopus Are Paving the Way for a Passwordless User Journey    

We’re living in a world where managing digital identities is becoming an increasingly complex and tedious task. Every organization must deal with multiple accounts and credentials for users, employees, and devices. Sometimes, these siloed identities can span across dozens or hundreds of locations, and number in the thousands – or even millions. All this chaos is accelerating the adoption of passwordless technologies. 

With all these moving parts, it can be extremely difficult to secure company information – and this results in a frustrating experience for both users and IT teams. With the infrastructure inside many organizations becoming increasingly fragmented across different servers, cloud services, and online platforms, the identity and access management problem becomes even more complicated. 

This is where passwordless authentication can help. The ForgeRock Identity Platform enables fully password-free user journeys out of the box, and with technology partner Secret Double Octopus, the experience can be extended to the users workstation authentication. This frees employees and administrators from the pain of remembering and managing passwords throughout the enterprise. 

The Growing Challenge of Enterprise Identity and Access Management

Companies often struggle to set up identity and access management (IAM) solutions in a secure, easy-to-use, scalable, and future-proof way. Unfortunately, many organizations end up outsourcing this task to expensive integration specialists to make complex systems work together and to maintain these integrations over time. Either way, organizations gradually get stuck with overly complicated systems that are costly, create unnecessary risk, and can’t scale with their growing needs.

 The mounting challenge of identity management has spurred collaboration among different vendors to create scalable, integrated solutions that provide robust security and easily integrate with the different on-premises and cloud-based solutions that the enterprise has already invested in. These efforts have become even more important as the COVID-19 pandemic has driven  many companies to adopt work-from-home models, making them even more dependent on reliable and scalable digital infrastructure.

 The addition of Secret Double Octopus’ technology to the ForgeRock Trust Network extends the reach of Intelligent Authentication to the desktop login experience and provides passwordless authentication to any application protected by the ForgeRock Identity Platform.  

As we’ve covered in a previous blog series, passwords are a weak spot that continues to give organizations IT cost overhead and security nightmares. The deployment of passwordless authentication provides increased security, lower operational costs, less downtime, and an enhanced user experience that results in improved productivity across the organization.

How Do We Do It?

With the integration of Secret Double Octopus, ForgeRock customers can improve security, creating a more pleasant user experience for employees, and change the way IT departments handle user authentication.

The change starts at the workstation level – with a choice between Desktop Multi-Factor Authentication (MFA) using the ForgeRock app or a passwordless desktop experience that removes passwords altogether when logging in to Microsoft Windows, Apple Mac, or Linux workstations. With additional support for existing one-time password (OTP) tokens, offline scenarios, and FIDO2 keys, the workstation becomes the first step towards a passwordless enterprise.

The next change happens at the directory level, with a choice to use to an existing Active Directory (AD) or Azure Active Directory (AAD) datastore, or to remove AD all together and rely on the ForgeRock Directory Service as the source of user profile data for workstation authentication.

Organizations have the flexibility to adopt different scenarios based on their policies, preferences, and available technology. For instance, they can choose between the ForgeRock Authenticator, the Octopus Authenticator, or a combination of both. If the work environment does not allow mobile devices, they can use FIDO2 keys as a second factor, or they can use an offline OTP if users can’t access the internet.

Integrating Octopus Authentication with the ForgeRock Identity Platform eliminates the need to create, change, manage or remember passwords, saving many headaches and complexities for IT teams and users. This directly results in boosted uptime and productivity, as well as increased security, thanks to a universal user experience across all applications.

 Together, ForgeRock and Secret Double Octopus provide customers with a clear path to transition from costly and risky user-managed passwords toward a passwordless future. Organizations can now deploy a single authentication mechanism to serve all their needs in a frictionless, cost-efficient way through a known and trusted platform.

Want to create simple and secure access experiences that just flow? Find out more about passwordless authentication here


ForgeTalks: A Local's Tour of the ForgeRock Identity Platform

Welcome back to ForgeTalks. In last week's episode, ForgeRock's VP of Product Management, Mary Writz, took me on a tour of the main landmarks of the ForgeRock Identity Platform, including Intelligent Access and ForgeRock Go. This week, we are treated to a local's tour of the platform. We'll travel "off the beaten road" and explore some of the hidden gems that the ForgeRock Identity Platform has to offer.

We'll be exploring:

  • How the ForgeRock Identity Platform makes it easier to develop applications
  • How Macaroons fix problems around Fine-Grained Scopes and Delegation
  • How ForgeRock makes Identity for Things easy!

I hope you enjoyed this two-parter with Mary. Make sure you stop by next week when I meet with ForgeRock's VP of Product Marketing, Ashley Stevenson, who unravels the question: "What is Single Sign-on?" And if you want to watch any of the other episodes you can check them all out here.

Autonomous Identity: Your Prescription for Reducing Risk in Healthcare

Earlier this year, ForgeRock published our 2020 Consumer Identity Breach Report detailing insights and data on breaches impacting consumers in 2019 and Q1 2020. As highlighted in the report, healthcare was, once again, the most frequently targeted industry (43% of all breaches), personal identifiable information (PII) accounted for the most sought after data type at 98%, and unauthorized access was by far the most common attack vector, responsible for 40% of breaches. 

As overburdened healthcare IT professionals work tirelessly to meet the demands of the COVID-19 pandemic, cybercriminals are using the global health crisis to take advantage of institutions by exploiting unauthorized access. 

This reality means the healthcare industry must protect against two threats at once. Neither is simple. IT professionals need to ask themselves whether they can identify high risk anomalous access. And just as importantly, explore how AI can help by automating access requests, performing certifications, and predicting what access should be provisioned to users.  

Identity Governance and Administration (IGA) solutions fall short in their ability to address the healthcare industry’s risk landscape and cannot meet its demanding and ever-changing requirements. Why? Simply put, IGA solutions don’t provide organization-wide visibility or identity context especially as identities continue to increase in multiple applications and locations (on-premise, cloud, etc.). This leaves your risk and security teams struggling to keep up as they manually provision access privileges and rubber stamp access requests and certifications. Additionally, the resulting operational inefficiencies can leave your teams blind as to who has access to what and, more importantly, why they have access in the first place. So, what’s the cure? 

ForgeRock Autonomous Identity is an AI-driven identity analytics solution that can be layered on top of, and integrated with, your existing IGA solutions to provide real-time and continuous organization-wide user access visibility, control, and remediation. Autonomous Identity analyzes all identity data to give you a deeper understanding into the risk associated with user access across the entire organization. The solution ingests vast amounts of workforce, partner, and consumer (patients/members) identity data from existing identity management and governance solutions, identity stores, and user activity repositories to provide wider and deeper insight into the risks associated with user access.

For example, one of the largest healthcare retailers in the United States used ForgeRock Autonomous Identity to bring visibility and contextual insight to their employee records, applications, entitlements, and entitlement assignments. The result was 550,000 entitlement assignments identified for AI-driven automation and clean-up; an accomplishment that would have taken a lot of resources and months, if not years, for IT teams to do manually.

As the customer story above exemplifies, Autonomous Identity enables your risk and security teams to accomplish the seemingly impossible — reducing risk, manual processes, and costs with one solution across your disparate identity enterprise.

To learn more about ForgeRock Autonomous Identity, read Maximize the Value of Your Healthcare Identity Solutions with AI-Driven Identity Analytics or contact us today.


ForgeTalks: Your Guide to the ForgeRock Identity Platform

Welcome back to another episode of ForgeTalks. The ForgeRock Identity Platform is a workhorse - covering every identity possible and offering a comprehensive set of capabilities. There are few people more knowledgeable about its depth and breadth than Mary Writz, VP of Product Management. In today's episode, Mary compares a tour of our platform to a traveler visiting Paris for the first time. For newcomers, the Eiffel Tower and the Louvre can't be missed. When it comes to our platform, her 'must visit' hot spots include Intelligent Access and ForgeRock Go. In our chat, she shares insider tips on how her favorite features solve some of the most common and complex identity issues companies face. 

We'll be answering key questions like:

  • How do I design the perfect access journey? 
  • What is the best way to help people recover lost passwords? 
  • Can an identity platform offer DevOps deployment nirvana?  

Make sure you check out next week's episode, where Mary takes us on a "locals tour" of the ForgeRock platform - revealing some of the lesser-known but equally powerful features. And if you want to check out any of the previous episodes of ForgeTalks you can view everything here.

Fireside Chat With Former Australian Prime Minister Malcolm Turnbull 

The Role of Cyber Security & Digital Identity in the Modern Economy 

While the connection between cyber security and Identity and Access Management continues to strengthen across Australia, it has become a keen area of focus for one of the country’s most influential leaders. I recently sat down with Malcolm Turnbull, the 29th Prime Minister of Australia, and ForgeRock Managing Director for Australia & New Zealand, James Ross, to discuss the opportunities and trends that are driving innovation and investment in the region.  

Solving complex security challenges

Speaking to a virtual audience of ForgeRock customers and identity professionals from around the globe, Mr. Turnbull shared his views about the risks associated with handling cyber threats reactively. Globally, organizations are investing billions of dollars to reactively combat threats that can be delivered, in some cases, by a single skilled individual with an internet connection. The threat increases of course, with the investments that can be made by cybercriminals and foreign governments. The impact could lead to widespread disruption to our society.

The rationale behind Mr. Turnbull’s 2016 Australian National Cyber Security Strategy - which established the country’s first formalized approach to cyber security and saw an investment of A$230 Million dollars across 33 initiatives and the establishment of the national Cyber Security Centre - was to recognize the seriousness of cyber threats that was estimated to be costing the Australian economy A$7 Billion per year and offer a strategy to get on the front-foot in combating them. ForgeRock’s approach complements this thinking. So much of our work with customers and partners is to raise awareness that usernames and passwords are not sufficient. By bringing in behavior-based authentication and biometrics, organizations can quickly eliminate a major point of exploitation from hackers while simultaneously opening up opportunities for improving the customer and employee experience by providing users with a passwordless authentication option that is even more secure. Digital identity is now a critical part of overall cyber security planning and execution.

“Identity is trust and trust is identity"

People want to feel safe and secure when they engage with brands and services online. They expect their bank, healthcare provider, or favorite online retailer will keep their personal data protected from harm. No wonder then, that the tension that so many organizations are grappling with is how to make consumer experiences easy while putting the right security controls in place to assure people that their data is being well looked after.  The ability to login using a single credential and get access to multiple services (through single sign-on or SSO) eliminates the burden of remembering multiple user profiles and passwords.

What is clear is that people are happy to hand over sensitive information to trusted brands. In turn, that personal information is used to authenticate individuals and provide access to services. As Mr. Turnbull highlighted, “Identity is trust and trust is identity.” No wonder then that, alongside Australia’s National Cyber Security Strategy, Mr. Turnbull was behind the establishment of the country’s Digital Transformation Agency (DTA), which explored, among other things, identity and access management. Out of the DTA has come Australia’s MyGov and MyHealthRecord systems that make government digital for citizens - both of which are built on the premise that authenticated identity is the cornerstone to streamlined access to services.

Powering new opportunities

Of course, organizations that use identity to create secure, streamlined digital experiences will find themselves ahead of competitors. Personalizing services for customers or citizens makes life easier and allows people to self-manage their accounts and services and has a positive impact on an organization’s bottom line.  

In Australia, this opportunity is being driven by ambitious government initiatives. Following the UK’s Open Banking program, Australia launched the Consumer Data Right (CDR) regulation, which will enable consumers to more easily transfer their personal information to competing companies. Aside from empowering people to own and use their personal data to comparison shop, the CDR will also enable vendors and third parties to securely access the personal information stored by banks, powering further innovation and customisation of services. Identity management solutions are a critical component in the success of the legislated CDR roll out.

The role of identity management is being further thrust into the spotlight by the COVID-19 lockdown, which has sparked widespread upticks in demand for digital access. In Australia, national retailer Woolworths reported a 320 percent increase in app use, while ANZ Bank saw a five-fold increase in the use of its digital channels and these are just a  couple of relevant examples.

As Mr. Turnbull observed, digital is becoming the battleground for brands and organizations and for the public sector to provide better secured customer experience to its citizens and as he stressed during our discussion, “If we crack the digital identity nut, a lot of the issues we are facing will be mitigated.”

You can watch the replay of our virtual fireside chat with Mr. Turnbull here


ForgeTalks: Digital Transformation vs. The Aliens

Welcome back to another episode of ForgeTalks. I was joined this week by ForgeRock Chief Evangelist Allan Foster, to talk about digital transformation, COVID-19 and the pivot to remote work and play. For those of you who know Allan, you know he can talk - so get comfy, you're in for a comprehensive discussion on the new digital experiences that have landed here on planet Earth. 

In this episode we'll talk about:

  • Some of the reasons why businesses are struggling to interact with employees and customers digitally
  • How digital transformation has enabled businesses to be flexible following the start of the COVID-19 pandemic
  • What businesses can do if they have yet to undergo their digital transformation

I hope you enjoyed this great episode with Allan. Make sure you check out next week's episode where I chat with ForgeRock's VP of Product Management, Mary Writz, about her favorite features of the ForgeRock Identity Platform. And if you want to check out any of our previous episodes, you can see them here.

Autonomous Identity: How to Overcome Identity Governance Fatigue

Redefining Identity: ForgeRock Autonomous Identity 

IT and Security teams are experiencing identity governance fatigue because they are exhausted from manually reviewing and approving access requests and rubber-stamping certifications. To address this weariness, ForgeRock is providing a new modern approach to identity. ForgeRock Autonomous Identity is an artificial intelligence (AI)-driven identity analytics solution, that allows you to overcome identity governance fatigue.

ForgeRock Autonomous Identity provides real-time, continuous enterprise-wide user access visibility, control, and remediation. By leveraging AI and machine learning techniques, Autonomous Identity collects and analyzes all identity data—such as accounts, roles, assignments, user activity, and entitlements—to identify security access and risk blind spots.  

The solution provides you with wider and deeper insight into the risks associated with user access by providing enterprise-wide contextual insights, high-risk user access awareness, and remediation recommendations. Autonomous Identity can be overlaid onto legacy IGA solutions, enabling your organization to increase operational efficiencies, accelerate decision making and maximize existing identity investments.

Leverage Your Existing Identity Investments  

ForgeRock Autonomous Identity works with your existing identity infrastructure to develop a complete view of the user access landscape. This includes identity management, Microsoft Active Directory, identity governance, databases, LDAP systems, and other identity data sources in your organization. The landscape provides highly accurate models, showing what good access should and shouldn’t look like.  

Unlike legacy IGA solutions that are based on leveraging static rules, roles, and peer group analysis, Autonomous Identity relies strictly on the data in your organization to develop an analysis that is free from any bias coming from human-derived rules and roles that exist in your identity management or identity governance solution.

How It Works 

Autonomous Identity links users to entitlements at the lowest attribute level. The solution uses profile data to determine the likelihood an individual will need an entitlement, based on how entitlements are currently distributed across the organization.

Why ForgeRock Autonomous Identity?  

Autonomous Identity addresses identity governance fatigue with unique and highly differentiated capabilities, including:  

  • Global visibility: By leveraging AI-driven identity analytics, you can collect and analyze identity data (examples: accounts, roles, user activity, entitlements, and more) from diverse identity, governance, and infrastructure solutions in order to provide enterprise-wide visibility of all identities and what they have access to across the entire enterprise. This approach provides your security and risk teams with contextual insights into low-, medium-, and high-risk user access at scale.
  • Highly scalable: As new identity data is collected and old data is purged, the AI and machine learning model evolves and learns the dynamic changes within the enterprise. By leveraging predefined machine learning techniques and algorithms, you can quickly predict, recommend, and identify outliers. This intelligence-based approach allows your security and risk professionals to automatically analyze and model high volumes of identity data to identify high-risk user access and unauthorized or unknown user access across the entire organization.
  • Data driven: With Autonomous Identity, you can contextually examine all identity-related data and identify and recommend the right level of user access rights. This approach provides the ability to identify and apply appropriate birthright or leaver user access rights to accounts, applications, systems, roles, entitlements, and more. This process reduces the overall request volume by predicting appropriate user access at the right time to the right resources.
  • Transparent AI: Unlike “black box” identity analytics solutions, Autonomous Identity allows you to fully comprehend how and why risk confidence scores are determined. By visually presenting low-, medium-, and high-risk confidence scores together, your security and risk professionals can contextually understand which key risk indicators were met. This AI-driven approach recommends risk-based identity and governance remediation updates based on enterprise-wide confidence scores.
  • Dynamic analysis: With intelligent data stream processing, you can leverage existing and diverse identity, governance, and infrastructure data sources to continuously collect and process high-velocity, high-volume data (examples: roles, entitlements, attributes assignments, and more) from across the enterprise. Combined with a highly scalable and distributed microservices architecture, enterprises can process and analyze tens of millions of data points quickly to predict and recommend user access rights and highlight potential risks. This intelligence-based approach enables security and risk professionals to accelerate their decision-making process.

Autonomous Identity provides you the unprecedented ability to reduce costs while simultaneously lowering risks across your organization. It is a game-changing solution that is redefining identity by providing organizations with the following key business benefits: 


To learn more about ForgeRock Autonomous Identity, watch the “Identity Redefined: Eliminate Risks and Cut Costs with AI-Powered Identity Analytics” webinar with ForgeRock and Accenture. 


ForgeTalks: To Your Health

Hello, and welcome back to another episode of ForgeTalks. While COVID-19 has certainly made things challenging for all of us, the global healthcare industry has been hit particularly hard. In addition to serving on the front lines of the pandemic, the number of data breaches and targeted attacks against medical data is also on the rise. ForgeRock's Chief Technology Officer, Eve Maler joined me again, along with ForgeRock VP for US Healthcare, Steve Gwizdala, to discuss the challenges the healthcare industry faces in 2020 and how digital identity can help. 

We'll take a look at:

  • Current trends within the healthcare industry
  • Data from ForgeRock's recent Consumer Identity Breach Report
  • Real world results that ForgeRock's healthcare customers are achieving by investing in digital identity

I hope you enjoy this week's ForgeTalks episode. If you missed the recent two-part miniseries about ForgeRock Go you can view Part I here and Part II here, and make sure to check out next week's episode where I meet with ForgeRock's Chief Evangelist Allan Foster to discuss how digital transformation has helped businesses pivot to a remote world.

Want to see more? Visit our ForgeTalks page to catch the whole video series.

What is Identity Governance Fatigue?

The Traditional Identity Journey

Over the past decade, organizations have gone through many different stages of the identity journey. Depending on the size and maturity of your organization, you are probably in one of six identity maturity categories (see diagram below). Your progress through the stages of maturity may be stalled—but not necessarily because of limited resources or for lack of trying. Your lack of progress is likely due to the limitations of your existing identity governance solution. 


Why? These legacy solutions fail to deliver on your identity governance requirements. Large enterprises need a model that provides visibility into who has access into what and why, eliminating manual access requests, approvals and certification rubberstamping. And, the identity model should grow dynamically as your organization changes over time. 

Why Legacy Identity Governance Solutions are Destined to Fail 

Legacy identity governance and administration (IGA) solutions are failing organizations today for several reasons: 

  • Identity silos: Many IGA solutions are only integrated with a few authoritative identity sources, like Microsoft Active Directory, or your company's HR system, like Workday. The limited integrations result in poor user access visibility and a lack of consistent access visibility across the entire enterprise. As a result, you have many islands of identity sprinkled across your organization.
  • Operational inefficiencies: IGA solutions are meant to automate access requests, approvals and certification reviews. The reality is quite different. Instead, your teams are so overwhelmed with access requests, approvals and certification reviews that they end up manually approving access requests and rubber-stamping certifications. This results in the overprovisioning of user access privileges across your entire enterprise. 
  • No context: While IGA solutions are good at providing visibility into a single authoritative source, they don’t provide visibility and context across multiple authoritative sources. As a result, organizations struggle to determine what users need access to, what access they have, and why that access is needed. Without universal visibility and context across the entire enterprise, your organization is blind to inappropriate user access privileges and potential unauthorized user access. 
  • Static data: IGA solutions provide tools—like role modeling—to help organizations achieve better operational efficiencies and compliance. While role modeling helps to better align users with the right access rights, the organizational role model rapidly becomes stale and outdated. Your organization changes dynamically every hour, every day, every week, and every month. With outdated access rights, privileges, roles and entitlements of an IGA solution, your organization is more open to security risks and potential data breaches.  

These are the reasons why IT and Security teams are experiencing identity governance fatigue. They are exhausted from manually reviewing and approving access requests and rubber-stamping certifications. 

Don’t Run Your Business with a Crystal Ball

Is this how you want to run your business? With a crystal ball that provides predictions based on limited data. Of course not! That is why you implemented an IGA solution. 

Your existing IGA solution has provided you with an initial set of capabilities to manage and control the entire identity lifecycle. From a user’s birthright access to the removal of their access when they leave the organization. The point here is, access requests, access approvals, certifications and role modeling capabilities have gotten you to where you are today. You have made progress in managing and controlling user’s access. That’s the good news. 

The bad news is legacy IGA solutions have created a new set of barriers to your organization’s growth and future success. Existing IGA solutions have stalled your progress because they have not addressed the core problem: “How do I develop a model to solve my access problem?”  Until that question is addressed with a solution that meets today’s challenges and acknowledges the dynamic nature of your organization, you’ll continue to be in a “holding pattern” when it comes to managing and controlling user access across the entire enterprise.  

Grow the Business with AI-Driven Identity Analytics 

How do you evolve past the holding pattern?  The answer is artificial intelligence (AI)-driven identity analytics, which address legacy IGA solution gaps.

Using AI and machine learning techniques to consume and analyze large data volumes, AI-driven identity analytics can detect user access patterns and inappropriate access privileges across the entire enterprise. By automating high-confidence and low-risk user access rights, your security and risk teams will have more time and resources to focus on higher priority tasks and projects. 

In my next blog, I’ll explain how organizations can overcome identity governance fatigue with ForgeRock Autonomous Identity. Be sure to watch the “Identity Redefined: Eliminate Risks and Cut Costs with AI-Powered Identity Analytics” webinar with ForgeRock and Accenture to learn more.   


ForgeRock Identity Platform Updates are Here!

More Ways Than Ever to Transform Your Business With the ForgeRock Identity Platform

Since 2010, millions of people have safely accessed the connected world with the help of the ForgeRock Identity Platform. From employees at the world’s most recognized brands to consumers logging in to their favorite ecommerce sites – our platform has made it possible for large enterprises to deliver amazing digital experiences. 

BMW is a perfect example. The prestigious Bavarian automaker uses ForgeRock to cut costs and improve operational efficiencies by consolidating seven different point solutions for more than 25 million users. With ForgeRock as the foundation for their OneIDP strategy, BMW now processes 8,000 authentication requests per second while using automation to achieve a net-zero implementation cost for new applications. Check out our new case study for more details. 

As technology constantly evolves, we want to continue to ensure that anyone using the ForgeRock Identity Platform can quickly and easily keep their employees productive and their customers happy. That’s why we’ve been working on the most significant update to the platform in company history. And today, we’re proud to announce it's now available. As part of this milestone, we’ve published a new white paper that provides all the details you need to get the most out of this monumental release. 

Check out the highlights below, and watch the demos we previewed during ForgeRock Identity Live: Virtual Edition 2020 in June.  

  • Unmatched AI-driven intelligence: Now available from ForgeRock is Autonomous Identity – soon to be your answer to reducing cost and lowering risk. This game-changing solution has already eliminated 91% of the entitlements for a major ERP application for a multinational financial services organization and identified over half a million permission assignments for automated cleanup at a large U.S. healthcare service provider. Autonomous Identity is a modern approach to identity that provides organizations a wider and deeper understanding into the risk associated with user access by providing enterprise-wide contextual insights, high-risk user access awareness and automated remediation recommendations. 
  • Experiences that flow: ForgeRock Intelligent Access helps organizations build seamless and secure experiences that adapt to a user’s needs in real time. This latest release includes a killer feature called ForgeRock Go that allows you to say goodbye to passwords and usernames. We’ve also updated Intelligent Access to handle registration, progressive profiling, and user self-service to deal with forgotten credentials directly in line with the authentication experience. Intelligent Access now supports device context, so you can enhance user experience with a fast lane for trusted devices or introduce just the right level of security friction, based on data from the user’s device.
  • Cloud without compromiseyour cloud, our cloud, or their cloud: We’ve introduced a major update to ForgeRock Identity Cloud, a true identity platform delivered as a service that is complemented by rich hybrid features, enabling you to deploy identity services where, when, and how they’re needed. With one subscription to ForgeRock Identity Cloud, you get complete freedom to consume ForgeRock’s rich identity functionality from the cloud as well as in your environments – whether those are your data center or your public cloud provider of choice. It’s the same standards-based technology however you consume or deploy, so you are future-proofed and able to address any identity challenge no matter how complicated. With ForgeRock Identity Cloud, your data is under your control. You get full tenant isolation: we don’t commingle your data with other customers’ data. We also provide many options to deploy in the global region of your choice to ensure your data stays where you need it to be.

Are you ready to drive more value out of your digital experiences than ever before? Let’s do it!


ForgeTalks: Beyond Authentication

Welcome back to ForgeTalks, and part 2 of our miniseries on ForgeRock Go - our answer to making authentication easier than ever. In today's episode, I'm joined again by ForgeRock's SVP of Corporate and Business Development, Ben Goodman and Senior Integration Engineer, Frank Gasparovic, for a look beyond authentication. 

In this episode we'll look at:

  • How ForgeRock's Intelligent Access and the ForgeRock Trust Network enable amazing user experiences throughout the access journey.
  • How intelligence can help you dial up or down friction based on your risk preferences. 
  • And demos that show you how the ForgeRock Trust Network creates a layered experience for customers.

I hope you enjoy both installments of this series. If you happened to miss part 1, you can view that here, and make sure to pop by next week where I chat with ForgeRock CTO Eve Maler, and ForgeRock's RVP for US Healthcare Steve Gwizdala, as we look at identity and the current state of healthcare.

ForgeTalks: ForgeRock Go and the Beginning of the End for Usernames & Passwords

Welcome back to ForgeTalks. Today's episode is the first of a two-part series looking at ForgeRock Go, our answer to killing the dreaded username and password. ForgeRock's SVP of Corporate and Business Development, Ben Goodman and Senior Integration Engineer, Frank Gasparovic, introduce me to this exciting technology and how it will help organizations create better user experiences and improve security.

In this episode we'll answer questions like:

  • Why usernames and passwords create such an unsatisfactory and unsafe user experience.
  • How ForgeRock Go fixes this problem with an out-of-the-box implementation of the WebAuthN standard.
  • Plus, we'll look at a demo of ForgeRock Go in action!

I hope you like this week's episode of ForgeTalks. Make sure to swing by next week for Part 2 of this mini-series where we look at how the ForgeRock Trust Network enables even more incredible user experiences. And if you missed last week's episode with Chief Revenue Officer Pete Angstadt on the Five Ways Identity Pays check that out here.

ForgeTalks: Five Ways Identity Pays

Welcome back to another episode of ForgeTalks. Our guest this week reveals different ways poor digital experiences cause businesses to leak money. The good news is Identity solutions can help. ForgeRock's Chief Revenue Officer, Pete Angstadt, shares his list of top 5 Ways Identity Pays. You'll get answers to big questions about the future of digital transformation and the business value identity can deliver.

  • Why are forgotten passwords undermining your organization’s bottom line?
  • How artificial intelligence can save you massive amounts of time by automating manual tasks.
  • And how ForgeRock's approach to cloud can cut thousands of hours for identity architects with accelerator kits.  

I hope you enjoy it!  If you missed last week's episode on Virtual Banking with ForgeRock's Ajay Biyani, you can check that out here. And tune in for next week's episode which will be part one of a two-part mini-series on ForgeRock Go - our answer to eliminating the need for the hated username and password.

Come see how ForgeRock’s platform drives financial upside with our ROI calculator here

ForgeRock Congratulates BMW on Prestigious KuppingerCole Award

I have such a great job. I’m constantly inspired by ForgeRock customers all over the world who are delivering breakthrough digital experiences. So I know that these individuals are innovating beyond expectations, but it’s always gratifying when the industry also gives credit where credit is due. KuppingerCole, Europe’s leading analyst firm for Information Security, awarded BMW its prestigious KC Virtual Award.

The KC Virtual Awards honor outstanding Identity Management (IM) and Security projects and this year the award for the best IAM for Digital Transformation project was bestowed upon BMW. The globally recognized automaker has a strong focus on identity. The company manages 25 million identities ranging from employees to customers to dealers, ensuring the right people are using the right products and apps, and enjoying the best possible digital experience.

How Did BMW Do It?

It was important to BMW to ensure ease-of-use so its customers and partners can easily and safely access various BMW applications. To achieve this, BMW needed to consolidate its numerous disparate systems and build a central Identity Platform (IDP) for the whole organization to better serve its employees, customers, partners, car dealers and technical providers. Prior to the consolidation, BMW was developing tons of custom code to connect various systems, which was costly and time-consuming. The disparate systems also required users to log in to multiple systems multiple times, which complicated the goal of a seamless user experience.

BMW embarked on an identity strategy, called OneIDP, which required the company to consolidate 20 different Identity Management and Access Management (IAM) systems that supported its three brands (BMW, Mini and Rolls Royce and other entities like BMW Financial Services) into one. With this project, BMW wanted to:

  • Offer an exceptional and seamless user experience 
  • Reduce onboarding and maintenance cost through automation
  • Achieve faster time to market through automation
  • Increase scalability
  • Enable new business cases such as IoT
  • Increase performance

ForgeRock’s platform enabled the company to bring together its identity systems and achieve significant cost savings, improve time to market, scalability and compliance. The new approach, which supports 25 million users, also allows BMW to deliver critical data and services to consumers, partners quickly, easily and securely. Stephanus Reiger, Group IT--Infrastructure and Technology Management for BMW Group, recently participated in a virtual panel during ForgeRock Identity Live and said, “ForgeRock is essential for us to create a central IDP for BMW.”

BMW for the Win!

Since deploying OneIDP, BMW has surpassed expectations. For example, rolling out new applications was costly and took up to 15 days. With ForgeRock, the process is automated, making it possible to deploy new apps within seconds and at zero cost. Additionally, internal performance tests revealed that BMW can process 8,000 authentication requests per second. During the award ceremony, Gerald Maier, IT Solutions Architect for BMW, said, "I'd really like to thank the 2 partners, IC Consult...and of course ForgeRock because in my opinion they not only have excellent software, they really supported us with excellent knowledge and experience."

Click here to read more about the BMW story. Want to learn more about how to replicate BMW’s transformative identity solution? Find out how you coexist, migrate, or retire your IAM system here


ForgeTalks: The Rise of the Virtual Bank

Welcome to another episode of ForgeTalks! This week I caught up with Ajay Biani who heads up the ASEAN team here at ForgeRock. In Southeast Asia, they're seeing a massive uplift in virtual banking, and Ajay was kind enough to take me through what a virtual bank is, why we're seeing such a big surge in virtual banks, and what it takes for financial services companies to be successful in today's digital world.

I hope you like this week's episode. If you missed my discussion last week with ForgeRock CTO Eve Maler, you can check that out here. And make sure to stop by next week when ForgeRock's CRO Pete Angstadt gives us his Top 5 Ways Identity Pays.