Technology Trends

Cloud Series: Building a Secure Identity Cloud


What does it mean for businesses to “go to the cloud?” While the term “cloud” can be used generically, there are many types of cloud architectures. A key benefit of moving to the cloud is that your data is secured with redundant, diversified servers managed by a third party. With your data managed by a third party vendor, it’s important to understand how and where that data is stored. ForgeRock carefully designs an isolated and secure cloud environment for each customer, while maintaining the benefits of the cloud, like sharing high-level resources to reduce costs for customers.

Secure by Design

To understand the concept of these shared cloud resources, it can be useful to imagine the ForgeRock Identity Cloud as a condominium building, with ForgeRock as the landlord. We are responsible for the general construction and maintenance of the building, as well as for shared infrastructure like common water supply and security. Condominium units within the building can be compared to individual customer environments within the cloud, each isolated and protected with walls, locked doors and windows. 

By comparison, other identity cloud architectures and deployments are less like condominium buildings and more comparable to open spaces like high school gymnasiums — more open and malleable. These cloud architectures use virtual machine environments which can be spun up and spun down quickly. Would you feel as secure and safe living in a gymnasium as in your own condo unit? 

In either scenario — condo or gymnasium — you could still have a noisy neighbor. The farther you are from your neighbors, the more sound protection you have. In the case of a data leak, being farther from your “noisy neighbors” by being in an isolated cloud environment, offers more data protection. 

Is your cloud architecture an open space, or a condo building?

This example is an oversimplification but it is meant to underscore the steps ForgeRock has taken to ensure there is no shared knowledge among its customers. We call this architecture our “secure multi-tenant environment with full customer isolation.” In the next few sections, we’ll help you understand exactly what that means for you.

Understanding Multi-Tenancy 

It is important to understand exactly what we mean by multi-tenancy. Revisiting the condominium building analogy, the entire building — from the basic condo unit to the luxury penthouse — is built to common standards using the same materials, and is operated consistently. In the same way, a multi-tenant cloud service is built on a common, consistent model to deliver service to its customers. ForgeRock provides high-level resources, like the ForgeRock Identity Platform that is shared across the entire ForgeRock Identity Cloud. All customer environments are built within the cloud from a standard template and hosted using a common technology base. These environments are maintained according to a consistent set of processes. They are continually updated against security vulnerabilities and upgraded with the latest code base. 

Another benefit of multi-tenancy is the ability for large customers to self-manage multiple environments with a high-level, real-time overview across multiple data centers. Customers who require multiple geo-specific data centers for compliance reasons find this particularly valuable.


Full Tenant Isolation Explained 

Continuing with the condominium metaphor, full tenant isolation can be compared to the individual condo unit itself. The ForgeRock Identity Cloud provides each customer with a distinct, dedicated data environment. All passwords, private keys, and other secrets associated with a customer’s ForgeRock Identity Cloud instance are generated, securely stored, and used solely within the customer environment. There is no shared knowledge between tenants — each tenant environment is self-sufficient and sovereign. Each environment runs a distinct copy of the service code under dedicated identities, with dedicated storage for customer secrets and data that only the customer can access. Additionally, the ForgeRock Identity Cloud enables customers to select their data center location so they can be in compliance with certain regulations. This is unique among identity cloud providers.

In addition to building a secure cloud architecture, ForgeRock also hardens our software by following the latest industry best practices. Our Secure Software Development Lifecycle (SSDLC) maintains high integrity though continuous testing. Our continuous deployment and integration means you will always have the latest version. 

That’s the ForgeRock difference.

Learn more here. Or, contact your sales rep today.

ForgeRock at RSA

Aside from our ForgeRock Identity Live events, there are few industry conferences more interesting and impactful than the annual gathering at RSA in San Francisco. ForgeRock delivers a comprehensive, modern digital identity platform for all identities - workforce, consumers and things - so it’s no wonder why this show is important to us. Identity is core to security.

This week, we have a strong presence at the show with a great breakout session and exciting demos at our booth: S-1161. We also have a few off-the-show activities that I’d be happy to share if you ask me for more information. 

Don’t Miss Our Breakout Session: Crushing Biases in Digital Identity
In this session, ForgeRock tackles diversity from a different perspective: how unconscious bias affects the way people design and build products. Join Janelle Allen from ForgeRock’s Cloud product team and board member at ID Pro, and Emma Lindley, co-founder of Women In Identity, as they explain the unintended consequences of blind spots in product development. This dynamic pair will also share lessons they’ve learned about the value of building diverse teams to help non-traditional users enjoy personalized digital experiences. The session is Friday, February 28 at 8:30am PT in Moscone West 3009.

The ForgeRock Booth: S-1161 
Representatives from across the ForgeRock team will staff our booth in the South Hall. We’ll answer questions, show you the latest in digital identity and let you have some fun.

Here are the product demonstrations on tap:

  • Identity Governance – See our brand new product line that’s creating waves in the market by bringing simplicity and practicality to identity governance. Reduce the risk associated with excessive or unnecessary user access to applications, systems, and data

  • Identity Cloud – See our next gen cloud platform that enables you Integrate modern identity and authentication into your customer-facing applications

  • Intelligent Authentication – Deliver borderless workforce access and dynamic customer access journeys with an intelligent identity orchestration platform with a drag-and-drop interface 

  • Autonomous Identity –  See how we use AI and ML to reinvent some of the most tedious and error-prone tasks in identity  management and governance to deliver real world results

And for a little fun and frolic, try your luck at the ForgeRock Prize Grab. You’ll get to compete (with yourself) to win a prize and learn something new about digital identity.

Stop by our booth, and you’ll see firsthand why we won: the Cyber Security Excellence Award for Identity and Access Management.

We look forward to seeing you this week.


Cloud Series: How Financial Services Can Embrace the Cloud

With ForgeRock, Financial Service Organizations Can Deploy Our Identity Solution Anywhere, At Any Scale, With a Unified Code Base



Can Financial Services Organizations Feel Safe Embracing the Cloud?

Given the heightened need for security and the daily challenges of keeping up with regulations, you might think the financial services industry would be an unlikely industry to embrace the cloud. But, in reality, cloud services offer more benefits at less cost than traditional on premises software solutions – often without sacrificing security. Yet when talking to any financial service organization, it’s clear many are comparing notes and still considering how they will do it. So who is really embracing the cloud? And how are they doing it?

Survey data from 451 Research finds that financial services are moving to the public cloud, cutting their on-premises costs in half and reallocating those resources to Infrastructure-as-a-Service (IaaS), Platform as-a-Service (PaaS), and the public cloud (from 9% to 28%) over a two-year period. Often the reallocation of processing resources to the cloud involves common business services such as managing human resources and accounting. However, there is the potential to use the cloud for much more.

Risks Today

Financial services have a lot to lose if there is a data breach, which can result not only in loss of funds, but also in loss of trust and reputation. According to the 2019 Verizon Data Breach Investigation Report, attacks against financial services remain number one. In Q1 2019, breaches to financial services cost the industry $6.2 billion, up from $8 million in Q1 2018. This is in line with a 2019 report from ForgeRock, where cybercriminals exposed a total of 2.8 billion consumer data records in 2018 and cost U.S. organizations over $654 billion. Of those customer data breaches reported from January 1, 2018 through March 31, 2019, 11% percent directly affected financial services, which is second in losses only to healthcare.

In light of these losses, something needs to be done.  

The cloud offers organizations faster processing, more monitoring, and more redundancy. Faster processing allows for machine learning and artificial intelligence (AI) fraud detection via pattern matching and behavioral analysis. More monitoring comes from the cloud provider, the software vendor, and customer. The cloud provider provides an initial layer of security. Then there’s the software provider following industry best coding practices and updating its released software immediately when needed. There’s also the customer, making sure their data is encrypted and the keys securely stored. All of these parties are vigilant, monitoring the status of the cloud 24/7. And in order to achieve high availability, redundancy allows for additional security testing, recovery, and failover. 

Most financial services organizations do want to move to the cloud but remain constrained by legacy technology platforms and regulation. With ForgeRock, financial service organizations can deploy a modern identity solution anywhere and at any scale. And with our unified unified code base, ForgeRock enables your cloud strategy to flex as needed based on factors such as performance and price.

The Future is Hybrid

What makes the most sense for financial services is a hybrid solution. This keeps critical financial services data on premises while high-volume transaction processing can be offloaded and moved to the more efficient cloud environment. This requires a real-time access identity management that supports mature security methodologies, such as Zero Trust and CARTA, to uniquely identify the user no matter where they are and what device they use.

Financial services may also find additional value in the cloud by reducing their DevOps costs. For example, they can move their application development and testing to the cloud for rapid prototyping. Once the new applications and services have been secured, they can be moved back into the production environment, which may be located on premises. Rapid prototyping allows financial services organizations to offer more feature-rich customer-facing apps and services faster and at reduced costs.

Taking this hybrid approach makes it all the more important that organizations also have access to an independent administration view, one that can span all the environments where their data lives. The ForgeRock Identity Cloud provides that universal view of customers, employees, and things – whether it’s on premises, multi-cloud, or cloud. 

With the ForgeRock Identity Cloud, we offer the only comprehensive identity platform available as-a-service, with feature parity across all deployments. That means you can deploy the same codebase with our full DevOps capabilities on premises or within any cloud environment, including multi-cloud and hybrid cloud, to handle all your complex identity needs. That’s the ForgeRock difference.

Learn more here. Or contact your sales rep today.


Transforming the UK Pensions Industry

The future lies in Open Finance, trust, and digital identity 

We are seeing a growing appetite for better and more user-friendly applications of data across every sector – and the pensions industry is no exception. In the United Kingdom (UK), the government has proposed the implementation of a pensions dashboard that will provide a simple, intuitive interface for citizens to monitor and manage multiple pension pots from a single platform. 

With as much as £20bn currently in lost pension funds in the UK alone, it is obvious that the pensions industry must find a way to reconnect people with their savings. With digital channels rapidly becoming the default for how we engage with and manage our finances, a pensions dashboard is a logical solution.

ForgeRock has teamed up with pensions specialist Origo to develop and test a workable solution for a pensions dashboard based on the User Managed Access (UMA) protocol. We recently co hosted an event with Origo to discuss three key questions: 

  • How close are we to seeing a pensions dashboard become a reality? 

  • What do we need in order to make it happen? 

  • What can this tell us about the future of Open Finance?

  We’re seeing progress 

On the political side, there are encouraging signs. The new Pension Schemes Bill includes a dedicated section outlining a framework to support pension dashboards and compels pension schemes to provide accurate information to consumers.

Progress has also been made by the Money and Pensions Service (MAPS) Industry Delivery Group towards drawing up a robust delivery model with the appropriate governance. The MAPS group has come a long way since the project began in 2016, but important questions still remain:

  • How should the development be phased?

  • Should we have one single state-run pensions dashboard or multiple commercially run dashboards? 

Crucially, the technological solutions have come along even further, and ForgeRock’s work with Origo has already delivered a viable pensions dashboard model that has been tested  for 15 million users.

Digital identity is the key to unlocking innovation 

This bright, promising future would be possible without digital identity, which is fundamental to three crucial elements of a successful dashboard: trust, ease of use, and security. These three pillars are essential if users are to incorporate the pensions dashboard into their busy lives, while safely and responsibly accessing the nation’s pensions data.

The pensions dashboard can only succeed by empowering users to provide explicit consent for sharing their pensions data with their financial adviser in a trusted, controlled manner. The User Managed Access (UMA) model is the authorization protocol that makes this possible, allowing individuals to be highly specific about what information they share and under what circumstances.  UMA also makes it easy for users to revoke access whenever they choose. 

Another point raised at our event was the importance of data quality. The pensions dashboard has a robust foundation of customer data that provides positive matches upon request. This has implications for both the user experience and overall security. If the wrong data records are returned, the consequences would be dire and likely to damage adoption.

Again, identity is a critical factor. Although the data sets held by most providers are in need of improvement, by providing critical OpenAPI security, consent capabilities, and a consistent user experience, a robust, modern identity system will allow different pensions data sources to work together harmoniously and securely.

Open Finance: The pot of gold at the end of the rainbow? 

By using digital identity to create a secure, trustworthy, and user-friendly tool, the pensions dashboard can democratize access to financial advice and make it easier and simpler for all of us to engage more meaningfully with the process of saving for retirement. 

There is still much work to be done to deliver an effective pensions dashboard, but the industry is already starting to look ahead to how the same principles could be applied to a wider Open Finance initiative that would allow consumers to take back control of all their financial data and enshrine data ownership as an economic right.

At ForgeRock, we are excited about the potential benefits of Open Finance, not just within pensions but across all aspects of financial services. The pension dashboard’s architecture – federated digital identity, UMA, and interoperability – can provide a viable model for Open Finance more generally. Through a healthy cross-pollination of standards and technologies built on secure open APIs, the pensions dashboard could extend the value generated by Open Banking. It can enable financial advisors and brokers to deliver important financial advice through a more complete, immediate, and easily visible financial statement.  

This broader vision is only possible if the final pensions dashboard model is built on open standards. By allowing for unlimited interoperability and creating more choice and flexibility for providers, a pensions dashboard based on open standards could become the foundation for a connected ecosystem that encourages healthy competition and innovation while putting the consumer firmly in control of both their finances and their data.


For more information about ForgeRock’s work in Open Finance, please visit: 

Calculate the Business Value of an IAM Solution With Our ROI Calculator


Identity and Access Management (IAM) solutions are the cornerstone of secure and modern digital transformation. The ability to securely and easily interact with customers and prospects is becoming a differentiating factor, as customer experience is the new competitive battleground.

What is at stake is customer loyalty, lifetime value, and, frankly, survival. So you’ll want a way to calculate the costs of implementing a solution. 

Technology investments as a percentage of total corporate spending are on the rise and so is the expectation from the C suite that those investments will drive greater business value. ForgeRock is making it easy to help you explore the benefits of a strong, smarter IAM solution and help you make the case that our platform drives impressive and measurable financial return for your organization. 

Calculate Your Savings With Our ROI Calculator

If you are investigating today’s IAM products, ForgeRock can help you understand the potential value and what’s at stake when considering how to justify your investment.

At ForgeRock, we have created a set of five ROI calculators that allow you to enter some basic metrics – employee numbers, average pay rates, and number of applications users interact with daily. The calculator will then approximate the value of implementing a best-in-class solution like ForgeRock.

With these ROI calculators, we have simulated the costs associated with some of the most common challenges a business faces with their IAM systems. There are three internal (workforce) focused calculators and two that are external (consumer) focused.

Workforce Value 

Consider the savings in investing in single sign-on (SSO), a capability that increases your workforce’s productivity by enabling them to access all their applications securely with a single click, rather than having to go through the time-consuming process of having to sign in individually to each application.

Or think about the process of provisioning access to your new employees on day one when they join your organization. In some enterprises, it can take days for new employees to gain full access to all the systems and applications they need to do their jobs. Multiply that by the number of new employees joining per annum and the amount of wasted time can really add up. On the other hand, if you automate provisioning, your employees will be up and running on day one, adding immediate business value and increasing productivity. 

Finally, since we are on the topic of employee efficiency, provisioning self-service capabilities to your employees so they are empowered to amend and update their personal details, passwords, and more can significantly reduce IT help desk overhead, allowing your IT team to focus on high-value activities.

Customer Value 

If your challenge is customer access, we have also addressed the issues around consumer onboarding. The easier and faster you make the experience for the consumer, the faster the route to sales and profit. You can achieve improved loyalty and lifetime value if you ensure a seamless, frictionless registration and authentication experience. ForgeRock uses social sign-on for consumers, along with progressive profiling to streamline registration processes. And as in the above employee self-service scenario, by providing your customers with the ability to amend and update their personal details and passwords – consumer self-service – you can dramatically reduce your support call center costs.

Today, digital identity is an essential part of any successful digital transformation journey. We know that the costs can be difficult to measure as a concrete value. That’s why we’ve created the ForgeRock Business Value Calculator. Now you can get insight that tells you the ROI of IAM for your business in real dollars.

Try one of our calculators now to uncover the potential value of IAM to your organization.

Employee Single Sign On

User Provisioning and De-Provisioning

Employee Self Service

Customer Registration

Customer Password Reset


Learn more here. Or contact your sales rep today.