Feed aggregator

ForgeRock Consumer Survey: The New Normal

Technology Trends -

Suddenly, everybody was home. You became a homeschool teacher and you learned how to host a corporate happy hour over Zoom. Your new puppy started making guest appearances in your team calls. You downloaded a new app to deliver your groceries. Covid-19 impacted the entire world as online apps and services became our primary way to get things done.

Businesses had to figure out how to serve their customers and employees remotely as much as possible through new channels at unprecedented scale, regardless of age and geography, and quickly realized the importance of digital experiences

Now the question is when will things get back to “normal?” What will normal even be? And will our new digital habits stick?

The New Normal – Living Life Online

ForgeRock just completed a global survey that captures how the pandemic is affecting consumer behavior. Here are four key findings

  • Nearly half of all consumers polled say they will use more online services even with things return to normal
  • The second point, which should be a warning, is that more than one-third (35%) say a difficult log-in process would cause them to cancel their account, while 32% said they would look for another service.
  • Third, consumers 65 and older are really embracing the new digital lifestyles, … 31% say they will only shop online when this is all over.
  • Finally,  this shift isn’t just among retirees… a third of consumers ages 18-24 say they won’t go back to stadiums or theatres… they say they’ll keep watching sports, concerts, and movies online.

So, about that new normal, while no one knows exactly what’s next, it’s clear that we have very low tolerance for poor digital experiences and will, without hesitation, switch to apps and services that deliver easy, productive user experiences. This provides the greatest opportunity for businesses to thrive through any disruption.

Check out our report for great insight into what consumers have to say about their online experiences and how their behavior is changing now and in the future. And, don’t forget to keep an eye out for more insights from ForgeRock. 


Myth Busting at Identity Live: Cloud Edition

Technology Trends -

This month we announced some exciting enhancements to ForgeRock Identity Cloud. All of the updates we make to our platform are done with your realities and requirements in mind. The year 2020 has taken a toll on many businesses all over the world, and this has put increasing pressure on IT teams. Our customers are seeing online traffic like never before. The journey towards digital transformation has been turbo-charged as we move through the pandemic and prepare for what’s next. 

Organizations are doing everything they can to go digital while prioritizing the delivery of  exceptional user experiences. At the same time, security and trust remain critical to keep customers, partners, and employees safe online and in person. And while there is a big rush to the cloud, firms may be struggling with how to do it safely, securely, and without disrupting business. 

As companies weigh their cloud decisions, they are starting to raise critical questions about commonly held myths regarding cloud migration: Is the cloud really less secure and compliant? Does everything have to go to the cloud? Is it more expensive? 

Spoiler alert: The answer is absolutely not. We busted these myths last week during Identity Live: Cloud Edition

To kick off our event, ForgeRock CEO Fran Rosch and retired U.S. General and KKR partner David H. Petraeus discussed the CIA’s journey to the cloud, which began in 2013. At one time, security was one of the main reasons that many organizations elected not to adopt cloud solutions. Today, security is one of the many benefits of the cloud due to the scale of investment in security that cloud service providers have made – investments far beyond the scope of individual organizations. Knowing that the CIA has trusted the cloud for nearly 10 years reinforces this point.

While many companies have cloud-first strategies, we recognize that not all workloads are created equal. We were excited to chat with Amol Kabe, senior director of product management at Google Cloud, about the need for choice and flexibility. We’re here to help our customers embrace the power of the cloud and also work within their own hybrid realities. We polled the Identity Live audience and found that 80% expect to remain in a hybrid cloud world for at least five more years. On premises, your cloud, or our cloud – we will make it work for you.

We will keep working to enable excellent digital experiences. General Petraeus believes the login experience will be a differentiator, and we could not agree more. Personalization matters. Ease of use matters. Security matters. The outcome for a great user experience? It’s pretty simple. Do it fast, do it right, and do it now. We understand the need for a superior experience and, at the same time, ensure that this will not diminish security in any way. 

We also had the pleasure of hearing from Daryl Robbins, senior director of global architecture at Calabrio about their journey to the cloud. One of the reasons Calabrio chose ForgeRock to manage their 1.3 million digital identities is because of our full tenant isolation security capability. With ForgeRock, they never have to worry about their data being commingled with other customer data. From the administrator login screen to API endpoints and from the data to the application stack itself, there is no data traversal across those planes. We live, breathe, and sleep security, and we pledge to do that for you and all our customers. While we securely manage their IAM, Calabrio can focus on building incredible experiences for their customers. 

ForgeRock delivers simple truths – with no surprises. Moving to the cloud does not have to be more expensive. Having an unplanned uptick in traffic should not be costly. In times of uncertainty, we’ll provide you with more certainty. If you’re experiencing Black Friday-like numbers every day, we are here to help you scale up  – at no additional expense to you.

Cloud without compromise. Great experiences. No surprises. That’s what ForgeRock delivers. 

We know that you’re facing immense pressure to adapt and respond to a new normal. We are here to help you plan your IAM future along the way. 

Thanks to all of our customers and partners for attending Identity Live: Cloud Edition!  Want to revisit the action from our event? Watch each of the replays here.

Thinking of Modernizing Your CA SiteMinder Deployment? Now May Be the Perfect Time

Technology Trends -

New CA SiteMinder Plug-Ins Enable Coexistence and Just-In-Time User Migration Between SiteMinder and ForgeRock The Agonizing Decision to Modernize or Stay Put

Whether it’s to adapt the realities of a digital transformation program, addressing problems with scaling to provide access to new apps and services, managing the proliferation of Internet of Things (IoT), or the handling of challenges associated with a growing number of CIAM (customer IAM) and workforce users due to COVID-19, many organizations are currently exploring the options to update or “modernize” their existing legacy identity and access (IAM) systems. 

What we now refer to as “legacy” IAM systems are, in fact, platforms developed 10 to 15 years ago, back when most applications were on-premises and built on a client-server model. Fast forward to today, and these systems are struggling to keep up with cloud-first enterprise application needs. Support options are dwindling because vendors and developers are not keeping pace to support the latest feature sets. 

Legacy IAM systems are functionally at their end-of-life. While they may continue to crank along and seem to perform the old workhorse identity functions, they are unable to meet new business needs. For example, updates on these legacy systems are expensive and time-consuming, and stability challenges can arise as more identities and attributes are added. Integrating new apps is cumbersome. As many of these legacy solutions live on premises, the timeframe for new apps to “go live” is often measured in months, if not years. This is not exactly what you would call “agile IT.”

Modern identity platforms in contrast, are built to truly enable digital transformation, operate at IoT scale, provide continuous security, support cloud and hybrid deployments, seamlessly integrate new applications, and support security models like Zero Trust and the Gartner CARTA (Continuous Adaptive Risk and Trust Assessment) model. They are continuously adding new features and staying on the cutting edge of the market to keep organizations at a competitive advantage. 

Not a “Rip and Replace” Decision

But why might now be a good time to consider making this move? Well, for starters, everything is going digital, and your users and customers are expecting an optimized, online digital channel experience. Access problems, slow app performance due to identity-related issues, and poor authentication experiences will send them looking for workarounds--which your competitors are more than happy to provide.

But just as importantly, the decision to migrate at this time isn’t a binary one. As “rip and replace” is an option for the few, what is needed is a more seamless, step-by-step approach that allows you to go at your own pace, migrate the apps you need to migrate, and achieve a smooth transition to a modern IAM solution with a committed innovator in this space.  

ForgeRock and our partners are here to help. We have assisted countless organizations on the journey from legacy to modern. We stand ready to do the same for your organization, no matter how difficult the challenge or how complex your IAM system may be. We have built a robust set of tools, guides, and documentation to help you make the transition to modern IAM. And it’s all available to you for free. 

Making It Easy: New CA SiteMinder Plug-Ins from ForgeRock

ForgeRock is excited to announce the latest of these toolsa new set of Open Source CA SiteMinder Plug-Ins joining the existing Oracle Plug Ins as part of its portfolio of Modernize IAM Accelerators. The CA SiteMinder Plug-Ins enable coexistence and just-in-time user migration between SiteMinder and ForgeRock, so you can migrate at your own pace. For instance, you can choose to migrate 10 apps per week, one app per month, or whatever your organization may call for. ForgeRock Accelerators enable this migration to occur without any disruption to your customers or employees. It’s all done in a totally transparent manner. One of the benefits of this approach is that you can make immediate use of the new capabilities of the ForgeRock platform  like Intelligent Access, self-service trees, and passwordless authentication.  

Specifically, the new SiteMinder Plug-Ins for the Modernize IAM Accelerators can help in the following areas:

  • Authenticate in SiteMinder and single sign-on (SSO) to ForgeRock
  • Authenticate in ForgeRock and SSO to SiteMinder
  • SSO to legacy apps integrated via CA agents
  • Migration of user profiles
  • Secure migration of user passwords
  • Just-in-time (JIT) provisioning 
  • Modular and extensible for easier integration into current environments
  • Open source so it relies on industry standard protocols and libraries

In the end the SiteMinder Plug-Ins are designed to help make migration seamless and invisible to the user, while having a significant impact in time to value around the design and build of coexistence and user migration strategies. 

Learn more about modernizing legacy systems here, or contact your ForgeRock sales rep or partner today.

ForgeRock Integrations with Microsoft Will Strengthen Compliance and Reduce Risk

Technology Trends -

At ForgeRock, we like partnerships that deliver real business and technical value to our customers and prospects. Today’s announcement that we’ve joined the Microsoft Intelligent Security Association (MISA) is a text-book example of two organizations coming together to provide even greater value for its shared customers. 

We’re proud to earn a spot in the MISA ecosystem. Membership means an organization has met a high bar for delivering an integration with Microsoft Cloud Security services that will make a meaningful difference for customers. In our case, the new integrations we’ve delivered will help reduce risk and strengthen compliance for joint customers using Microsoft Endpoint Manager, Microsoft Azure Active Directory and Azure Sentinel. 

Microsoft Graph Integrations

We approached the ForgeRock integrations in a way that would allow customers to benefit from Microsoft Cloud Security’s vast threat intelligence data to deliver a multi-layered risk mitigation strategy throughout a user's authentication and authorization journey. We did this by working with Microsoft to help strengthen the security of the user, the device they are on, and understand the user’s activities. This required three integrations with three different services, all enabled by ForgeRock’s integrations with the Microsoft Graph.

To understand the risk associated with a user we can check the posture of that user by leveraging a component of Azure Active Directory (AAD) called Confirm Compromise (a feature of their Azure Active Directory Identity Protection). We built an authentication node for ForgeRock Intelligent Access that reaches out to the Microsoft Security Graph. This node  checks whether or not AAD thinks a particular user is risky. Depending on the risk level reported by Microsoft Identity Protection, ForgeRock Intelligent Access can adjust the user’s journey to require additional step-up authentication or deny the user access altogether. 

The next layer in this risk mitigation strategy is to understand the security of the device the user has. To understand the user’s “device posture”, we once again built a ForgeRock authentication node that utilizes the Microsoft Graph to query Microsoft’s Unified Endpoint Management solution, Microsoft Endpoint Manager. We do this in order to understand whether or not the end user’s device satisfies a Compliance Policy. These organizationally defined policies may require a device to not be jail-broken, or that a machine is running the latest OS, before it is allowed to access a protected resource. Once ForgeRock Intelligent Access understands this device context from Microsoft Endpoint Manager, it can use it to make runtime decisions about the user’s authentication and authorization journey.

The final component in our layered approach required integration with one of the Microsoft Cloud’s newest solutions Microsoft Azure Sentinel. Microsoft Azure Sentinel is a cloud-based Security Information Event Management (SIEM) that leverages advanced machine learning capabilities. To integrate with Sentinel, ForgeRock used our Common Audit Framework (CAUD) which allows us to monitor user activity across our entire platform. This enables us to record any ForgeRock event, logging it to disk, relational databases, Splunk, or even syslog. We built a deep integration between CAUD and Azure Sentinel by leveraging a data format standard called Common Event Format (CEF). Since Microsoft has a number of pre-built visualizations, reports, dashboards and alerts that work out of the box on CEF data, our integration seamlessly leverages these powerful artifacts Microsoft has already built.

We believe these integrations are going to make a real impact in reducing risk for our joint customers and we look forward to hearing your feedback.

To learn more about securing your workforce, consumers or things find additional resources here or contact us today.


Introducing a New Kind of Security Key: ZenKey

Technology Trends -

It used to be that before you walked out the door, you always made sure you had your keys and your wallet. The “key and wallet check” was essential to leaving your home with a clear head. Now, your smartphone has undoubtedly joined the fray as something equal to, or even more important than, those other vital items. Leaving your house without your smartphone likely seems inconceivable, and whether we want to admit it or not, it is one of the most ubiquitous things in our lives.

Your Smartphone Can Do More

Your phone understands who you are, knows where you are, it’s connected to a powerful network that is your portal to the world. So why not use that knowledge? Why do websites continue to ask me to register and log in with usernames and passwords when there is a device in my pocket that can authenticate me? Could the networks that power our smart devices play a role by adding additional, seamless security?

Using ZenKey to Unlock Trust

These questions now have an answer. AT&T, T-Mobile and Verizon have created something meaningful with the launch of ZenKey. ZenKey is a new solution that leverages the  network and SIM card details to deliver authentication and identity verification features to web and mobile applications. ZenKey is differentiated because it relies on network and device data and can’t be hacked using only a stolen username and password or even a malicious SIM swap.

What This Means for Your Security

Even more exciting is that ForgeRock is a launch partner with ZenKey, giving customers the ability to leverage the ZenKey Authentication Node in ForgeRock’s Intelligent Access solution. This node provides instant, drop-in support for the ZenKey service. By simply leveraging the ZenKey node, any website or service can offer an alternative to long registration forms and password-based logins with a highly secure, device-based, multifactor authentication.

Now, ForgeRock customers can quickly reduce abandonment during sign-ups while receiving trusted user attributes from MNOs. This capability helps reduce the risk of fraud while creating an identity pre-populated with user attributes. Once a user is enrolled in ZenKey, ForgeRock Intelligent Access can use ZenKey to power a highly secure passwordless authentication experience. This integration delivers a tremendous balance between security and usability, something every ForgeRock customer is trying to accomplish.

As more apps, websites and services take advantage of the combination of ZenKey and ForgeRock for seamless registration and authentication, one of the keys you will never leave home without will be your ZenKey.

 Learn more about ForgeRock Intelligent Access here


ForgeTalks: Busting Cloud Myths

Technology Trends -

Welcome back to another episode of ForgeTalks. My guest this week is ForgeRock VP of Cloud Success, Renee Beckloff. Renee's career has been connected to the cloud for the last 15 years, making her uniquely suited to help bust some pretty entrenched myths. She doesn't hold back in our discussion and shares why there has never been a better time for large enterprise customers to embrace the cloud

In this episode we'll cover: 

  • What are some of the most common myths holding people back from cloud adoption?
  • What are the benefits of making a move to the cloud?
  • Why you should attend ForgeRock Identity Live: Cloud Edition 


I hope you enjoy this great episode. If you want to learn more, Renee offers a deeper dive into cloud myths at ForgeRock Identity Live: Cloud Edition next week. Check out the agenda for this virtual event and register for a time that works for you. And if you want to check out any of our previous episodes of ForgeTalks you can do so here.

IAM 101 Series: What Is Identity Governance and Administration?

Technology Trends -

What is Identity Governance and Administration (IGA)?  Identity governance and administration (IGA) enables admins, security teams, and internal auditors to manage and reduce the risk that comes with excessive or unnecessary user access to applications, systems, and data.

As the digital world continues to evolve, IGA is now mission-critical to secure every organization. Yet few know what it is. With new data privacy and security regulations constantly emerging, organizations must now balance risk and customer experience while achieving regulatory compliance. Having the right identity governance and administration solution in place can play a crucial role in achieving this balance, keeping workforces productive, and enterprises secure. To fully understand what IGA is and why it’s become such a priority, we must look at how the need for it emerged in the first place.

The Early Years: User Provisioning and Mounting Regulations

To understand IGA, it’s important to understand what provisioning is and how user data was initially stored. User provisioning is the process that ensures that user accounts are created with the proper permissions. IT administrators use provisioning to monitor and control access to systems and applications. 

In the early years of the digital age (1980s - early 90s), user provisioning was rather straightforward as it focused solely on users (employees) within an organization. Access to users outside an organization, like customers or citizens, was not common. Additionally, there weren’t as many systems within an organization to manage access to, making the provisioning process relatively manageable. 

During this time, servers housed user accounts and identity data centrally on on-premises systems within the enterprise. However, in the mid-late 1990s as the .com market rapidly took off and external user access to systems and applications became ubiquitous, more sensitive user data such as name, address, social security number, country code, email address, bank account number, etc. were collected by global organizations. The need to protect this personally identifiable information (PII), the systems and applications that hosted this information quickly became critical. To address these requirements, new regulations were enacted that mandated stricter security protocols for user access permissions, required improved controls and policies to prove to auditors that the protocols had been implemented. 

The Rise of Identity Governance Regulations

Introduced in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was created to provide stronger data privacy and security provisions for safeguarding medical information. As physicians later moved to digitized health records, the HIPAA Security Rule was issued as a best practice for securing sensitive digital information and establishing national standards to protect individuals’ electronic personal health information. This rule required appropriate administrative, physical, and technical safeguards to ensure the security of patient data. 

In 2002, Sarbanes-Oxley Act (SOX) was introduced to bolster stronger trust and security around the financials of publicly traded companies. SOX imposed even more regulatory protocols regarding electronic records. It mandated the joint responsibility of auditors and management for the detection of fraud and external threats, requiring stringent record keeping, audits, and controls. Noncompliance with SOX can cost organizations up to $25 million in fines, criminal and civil prosecution, and prison sentences of up to 20 years for those found in breach of the mandate.

In 2006, the PCI Council (formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa) created a body of security standards known as the Payment Card Industry Data Security Standard (PCI DSS). Every merchant that accepts credit card payments must be in compliance with PCI DSS. PCI DSS includes requirements for security management, policies, procedures, and other critical protective measures. Failure to comply with PCI mandates leaves businesses vulnerable to the negative impacts of data breaches, such as fines, fees, and lost business.

With these new regulations and stricter protocols, organizations began to feel the strain of ensuring and proving compliance. This pressure only intensified in the mid-2000s as the market saw a massive increase in enterprise user demand for access to cloud-based applications and systems. As a result, this created a larger provisioning problem. Existing user provisioning solutions only supported internal user (employee) populations. They were not equipped to handle the growing numbers of users, accounts, systems and applications while trying to continue to meet regulatory compliance requirements. The need for a solution that supported user provisioning and management for internal and external systems and applications thus emerged. 

Turning to Identity Management as a Possible Fix

As traditional provisioning solutions struggled to keep up with increasing identity demands and regulations, many organizations turned to identity management (IDM) solutions to address these challenges. With the digital landscape evolving at a rapid pace as the introduction of cloud and software-as-a-service (SaaS) applications and solutions began sweeping through the enterprise landscape. The transition to these technologies meant that internal user identities were now being used to access new external cloud-based applications and systems outside of the enterprise network. The result was a tangled web of access to internal and external systems; a disorganized mass of accounts for workforce, consumers, and partners; and varying levels of access across multiple environments. 

Because of these new and ever-growing challenges, identity management solutions were unable to meet compliance regulations to ensure user access was reviewed, allowed, and/or revoked periodically. As a result, organizations would manually create and review user access certifications via spreadsheets distributed by email to business line managers annually or biannually for review and approval. Yet, with the exploding number of internal and external user identities, systems, and cloud applications, this process was no longer a scalable or viable option. With pressure mounting on organizations to achieve regulatory compliance, a new approach was needed.

The Emergence of Identity Governance and Administration

With a new approach, the existing user provisioning market morphed into identity management. In parallel, the genesis of identity governance came about due to the growing number of compliance regulations. Over time, both the identity management and identity governance markets merged into one market: identity governance and administration (IGA). IGA solutions address the needs of regulatory compliance through identity governance and user provisioning requirements through administration. In addition, identity governance and administration addresses user access privileges for both on-premises systems and applications, as well as cloud-based applications and systems, bridging the gap where previous solutions fell short.

Today, identity governance and administration helps organizations address common business challenges throughout their network and users. Benefits include better access compliance through certifying the appropriate level of users’ access and enhanced business productivity by providing this access to the right resources at the right time. IGA also benefits security and risk management by allowing organizations to govern user access with policy-based controls and minimizing operational inefficiencies by streamlining business processes.

In addition to helping overcome business challenges, Identity Governance and Administration supports a number of underlying use cases. These use cases include;  access requests (users requesting access to systems and applications), access approvals (managers approving user requests), access reviews (managers confirming user approvals or revoking user access), and role optimization (reviewing and updating role definitions).


  ForgeRock Identity Governance and Administration

The ForgeRock Identity Governance and Administration solution is an integral part of ForgeRock’s comprehensive identity platform. It allows you to establish policies for user access rights and continuously monitor their proper implementation from a centralized location. Through a periodic access review process — tied to a powerful workflow engine to ensure closed-loop remediation and built-in risk management and reporting — you can strengthen your security posture and automatically drive regulatory compliance.

Learn more about identity governance and administration and ForgeRock IGA by watching the webinar The Evolution and Modernization of Identity Governance or contact us today.


ForgeRock Identity Cloud Gets Even Better

Technology Trends -

Since launching ForgeRock Identity Cloud earlier this year, we have seen strong interest and innovative usage from a variety of customers. The COVID-19 crisis has contributed to the surge in our momentum. Financial services and retail customers have seen their foot traffic to physical locations drop by 80 percent or more. At the same time, online traffic is skyrocketing. For many companies, these spikes are resulting in massive increases in costs because cloud vendors are doubling their overage fees. We can help with this.

We built our cloud platform as a scalable service for cost-effectively modernizing large, complex, and diverse application portfolios at companies navigating their cloud migration journey. ForgeRock Identity Cloud has become even more flexible with identity platform as a service functionality, delivering on our commitment to provide the most comprehensive cloud solution possible.

Today, we’re happy to share exciting enhancements now available that make our cloud service even more powerful.

  • Seamless Orchestration: The one overwhelming request we get from ForgeRock Identity Cloud customers is: “Don’t dumb it down.” We listened. This release builds on our aim of extreme configurability. You can continue to deliver omnichannel experiences and security for all identities using the power of ForgeRock Intelligent Access to seamlessly orchestrate self-service and authentication journeys for your users.
  • One Subscription for Maximum Flexibility: With one subscription to ForgeRock Identity Cloud, we give you complete flexibility to not only consume as a service from us, but also deploy the ForgeRock Identity Platform anywhere -- in your datacenter, private cloud or public cloud -- in a hybrid configuration. That one subscription also means you enjoy predictable pricing that includes unlimited annual usage per user with surplus user coverage that protects you even if your business grows in unexpected ways. 
  • Full Tenant Isolation: We take security very seriously at ForgeRock. Our approach ensures your data is never commingled with other customer data. This not only prevents accidental data spillage issues, but also prevents the noisy and nosey neighbor issue. 
Getting Started 

All of the features discussed today are now available. Download the ForgeRock Identity Cloud white paper to learn more. 

Coming Up! 

If you’re unsure how to start planning your future in the cloud, don’t miss ForgeRock Identity Live: Cloud Edition. I’ll be hosting this virtual event and can guarantee you’ll walk away with useful tips on how to transform your organization. I hope to see you there next week! 

Thanks, from the entire ForgeRock Identity Cloud team!  


ForgeTalks: What is Single Sign-On?

Technology Trends -

At ForgeRock we help people access the connected world. How do we achieve it? In part, with an important digital identity tool called Single Sign-On (SSO). What is SSO? How does it work? What is the purpose of it? I was joined this week by ForgeRock's VP of Product & Solution Marketing, Ashley Stevenson, who took me through the ins and outs of Single Sign-On, using an incredibly helpful (and slightly nostalgic) analogy.

We take a look at:

  • What is SSO and what are its benefits?
  • How do privacy and security tie into SSO?
  • What is federated SSO?

If you enjoy this episode make sure you check out our previous episodes here. Next week I'll be meeting with ForgeRocks VP for Cloud Success, Renee Beckloff, to debunk common myths around moving to the cloud.

The Passwordless Enterprise Era

Technology Trends -

How ForgeRock and Secret Double Octopus Are Paving the Way for a Passwordless User Journey    

We’re living in a world where managing digital identities is becoming an increasingly complex and tedious task. Every organization must deal with multiple accounts and credentials for users, employees, and devices. Sometimes, these siloed identities can span across dozens or hundreds of locations, and number in the thousands – or even millions. All this chaos is accelerating the adoption of passwordless technologies. 

With all these moving parts, it can be extremely difficult to secure company information – and this results in a frustrating experience for both users and IT teams. With the infrastructure inside many organizations becoming increasingly fragmented across different servers, cloud services, and online platforms, the identity and access management problem becomes even more complicated. 

This is where passwordless authentication can help. The ForgeRock Identity Platform enables fully password-free user journeys out of the box, and with technology partner Secret Double Octopus, the experience can be extended to the users workstation authentication. This frees employees and administrators from the pain of remembering and managing passwords throughout the enterprise. 

The Growing Challenge of Enterprise Identity and Access Management

Companies often struggle to set up identity and access management (IAM) solutions in a secure, easy-to-use, scalable, and future-proof way. Unfortunately, many organizations end up outsourcing this task to expensive integration specialists to make complex systems work together and to maintain these integrations over time. Either way, organizations gradually get stuck with overly complicated systems that are costly, create unnecessary risk, and can’t scale with their growing needs.

 The mounting challenge of identity management has spurred collaboration among different vendors to create scalable, integrated solutions that provide robust security and easily integrate with the different on-premises and cloud-based solutions that the enterprise has already invested in. These efforts have become even more important as the COVID-19 pandemic has driven  many companies to adopt work-from-home models, making them even more dependent on reliable and scalable digital infrastructure.

 The addition of Secret Double Octopus’ technology to the ForgeRock Trust Network extends the reach of Intelligent Authentication to the desktop login experience and provides passwordless authentication to any application protected by the ForgeRock Identity Platform.  

As we’ve covered in a previous blog series, passwords are a weak spot that continues to give organizations IT cost overhead and security nightmares. The deployment of passwordless authentication provides increased security, lower operational costs, less downtime, and an enhanced user experience that results in improved productivity across the organization.

How Do We Do It?

With the integration of Secret Double Octopus, ForgeRock customers can improve security, creating a more pleasant user experience for employees, and change the way IT departments handle user authentication.

The change starts at the workstation level – with a choice between Desktop Multi-Factor Authentication (MFA) using the ForgeRock app or a passwordless desktop experience that removes passwords altogether when logging in to Microsoft Windows, Apple Mac, or Linux workstations. With additional support for existing one-time password (OTP) tokens, offline scenarios, and FIDO2 keys, the workstation becomes the first step towards a passwordless enterprise.

The next change happens at the directory level, with a choice to use to an existing Active Directory (AD) or Azure Active Directory (AAD) datastore, or to remove AD all together and rely on the ForgeRock Directory Service as the source of user profile data for workstation authentication.

Organizations have the flexibility to adopt different scenarios based on their policies, preferences, and available technology. For instance, they can choose between the ForgeRock Authenticator, the Octopus Authenticator, or a combination of both. If the work environment does not allow mobile devices, they can use FIDO2 keys as a second factor, or they can use an offline OTP if users can’t access the internet.

Integrating Octopus Authentication with the ForgeRock Identity Platform eliminates the need to create, change, manage or remember passwords, saving many headaches and complexities for IT teams and users. This directly results in boosted uptime and productivity, as well as increased security, thanks to a universal user experience across all applications.

 Together, ForgeRock and Secret Double Octopus provide customers with a clear path to transition from costly and risky user-managed passwords toward a passwordless future. Organizations can now deploy a single authentication mechanism to serve all their needs in a frictionless, cost-efficient way through a known and trusted platform.

Want to create simple and secure access experiences that just flow? Find out more about passwordless authentication here


ForgeTalks: A Local's Tour of the ForgeRock Identity Platform

Technology Trends -

Welcome back to ForgeTalks. In last week's episode, ForgeRock's VP of Product Management, Mary Writz, took me on a tour of the main landmarks of the ForgeRock Identity Platform, including Intelligent Access and ForgeRock Go. This week, we are treated to a local's tour of the platform. We'll travel "off the beaten road" and explore some of the hidden gems that the ForgeRock Identity Platform has to offer.

We'll be exploring:

  • How the ForgeRock Identity Platform makes it easier to develop applications
  • How Macaroons fix problems around Fine-Grained Scopes and Delegation
  • How ForgeRock makes Identity for Things easy!

I hope you enjoyed this two-parter with Mary. Make sure you stop by next week when I meet with ForgeRock's VP of Product Marketing, Ashley Stevenson, who unravels the question: "What is Single Sign-on?" And if you want to watch any of the other episodes you can check them all out here.

Autonomous Identity: Your Prescription for Reducing Risk in Healthcare

Technology Trends -

Earlier this year, ForgeRock published our 2020 Consumer Identity Breach Report detailing insights and data on breaches impacting consumers in 2019 and Q1 2020. As highlighted in the report, healthcare was, once again, the most frequently targeted industry (43% of all breaches), personal identifiable information (PII) accounted for the most sought after data type at 98%, and unauthorized access was by far the most common attack vector, responsible for 40% of breaches. 

As overburdened healthcare IT professionals work tirelessly to meet the demands of the COVID-19 pandemic, cybercriminals are using the global health crisis to take advantage of institutions by exploiting unauthorized access. 

This reality means the healthcare industry must protect against two threats at once. Neither is simple. IT professionals need to ask themselves whether they can identify high risk anomalous access. And just as importantly, explore how AI can help by automating access requests, performing certifications, and predicting what access should be provisioned to users.  

Identity Governance and Administration (IGA) solutions fall short in their ability to address the healthcare industry’s risk landscape and cannot meet its demanding and ever-changing requirements. Why? Simply put, IGA solutions don’t provide organization-wide visibility or identity context especially as identities continue to increase in multiple applications and locations (on-premise, cloud, etc.). This leaves your risk and security teams struggling to keep up as they manually provision access privileges and rubber stamp access requests and certifications. Additionally, the resulting operational inefficiencies can leave your teams blind as to who has access to what and, more importantly, why they have access in the first place. So, what’s the cure? 

ForgeRock Autonomous Identity is an AI-driven identity analytics solution that can be layered on top of, and integrated with, your existing IGA solutions to provide real-time and continuous organization-wide user access visibility, control, and remediation. Autonomous Identity analyzes all identity data to give you a deeper understanding into the risk associated with user access across the entire organization. The solution ingests vast amounts of workforce, partner, and consumer (patients/members) identity data from existing identity management and governance solutions, identity stores, and user activity repositories to provide wider and deeper insight into the risks associated with user access.

For example, one of the largest healthcare retailers in the United States used ForgeRock Autonomous Identity to bring visibility and contextual insight to their employee records, applications, entitlements, and entitlement assignments. The result was 550,000 entitlement assignments identified for AI-driven automation and clean-up; an accomplishment that would have taken a lot of resources and months, if not years, for IT teams to do manually.

As the customer story above exemplifies, Autonomous Identity enables your risk and security teams to accomplish the seemingly impossible — reducing risk, manual processes, and costs with one solution across your disparate identity enterprise.

To learn more about ForgeRock Autonomous Identity, read Maximize the Value of Your Healthcare Identity Solutions with AI-Driven Identity Analytics or contact us today.


ForgeTalks: Your Guide to the ForgeRock Identity Platform

Technology Trends -

Welcome back to another episode of ForgeTalks. The ForgeRock Identity Platform is a workhorse - covering every identity possible and offering a comprehensive set of capabilities. There are few people more knowledgeable about its depth and breadth than Mary Writz, VP of Product Management. In today's episode, Mary compares a tour of our platform to a traveler visiting Paris for the first time. For newcomers, the Eiffel Tower and the Louvre can't be missed. When it comes to our platform, her 'must visit' hot spots include Intelligent Access and ForgeRock Go. In our chat, she shares insider tips on how her favorite features solve some of the most common and complex identity issues companies face. 

We'll be answering key questions like:

  • How do I design the perfect access journey? 
  • What is the best way to help people recover lost passwords? 
  • Can an identity platform offer DevOps deployment nirvana?  

Make sure you check out next week's episode, where Mary takes us on a "locals tour" of the ForgeRock platform - revealing some of the lesser-known but equally powerful features. And if you want to check out any of the previous episodes of ForgeTalks you can view everything here.

Fireside Chat With Former Australian Prime Minister Malcolm Turnbull 

Technology Trends -

The Role of Cyber Security & Digital Identity in the Modern Economy 

While the connection between cyber security and Identity and Access Management continues to strengthen across Australia, it has become a keen area of focus for one of the country’s most influential leaders. I recently sat down with Malcolm Turnbull, the 29th Prime Minister of Australia, and ForgeRock Managing Director for Australia & New Zealand, James Ross, to discuss the opportunities and trends that are driving innovation and investment in the region.  

Solving complex security challenges

Speaking to a virtual audience of ForgeRock customers and identity professionals from around the globe, Mr. Turnbull shared his views about the risks associated with handling cyber threats reactively. Globally, organizations are investing billions of dollars to reactively combat threats that can be delivered, in some cases, by a single skilled individual with an internet connection. The threat increases of course, with the investments that can be made by cybercriminals and foreign governments. The impact could lead to widespread disruption to our society.

The rationale behind Mr. Turnbull’s 2016 Australian National Cyber Security Strategy - which established the country’s first formalized approach to cyber security and saw an investment of A$230 Million dollars across 33 initiatives and the establishment of the national Cyber Security Centre - was to recognize the seriousness of cyber threats that was estimated to be costing the Australian economy A$7 Billion per year and offer a strategy to get on the front-foot in combating them. ForgeRock’s approach complements this thinking. So much of our work with customers and partners is to raise awareness that usernames and passwords are not sufficient. By bringing in behavior-based authentication and biometrics, organizations can quickly eliminate a major point of exploitation from hackers while simultaneously opening up opportunities for improving the customer and employee experience by providing users with a passwordless authentication option that is even more secure. Digital identity is now a critical part of overall cyber security planning and execution.

“Identity is trust and trust is identity"

People want to feel safe and secure when they engage with brands and services online. They expect their bank, healthcare provider, or favorite online retailer will keep their personal data protected from harm. No wonder then, that the tension that so many organizations are grappling with is how to make consumer experiences easy while putting the right security controls in place to assure people that their data is being well looked after.  The ability to login using a single credential and get access to multiple services (through single sign-on or SSO) eliminates the burden of remembering multiple user profiles and passwords.

What is clear is that people are happy to hand over sensitive information to trusted brands. In turn, that personal information is used to authenticate individuals and provide access to services. As Mr. Turnbull highlighted, “Identity is trust and trust is identity.” No wonder then that, alongside Australia’s National Cyber Security Strategy, Mr. Turnbull was behind the establishment of the country’s Digital Transformation Agency (DTA), which explored, among other things, identity and access management. Out of the DTA has come Australia’s MyGov and MyHealthRecord systems that make government digital for citizens - both of which are built on the premise that authenticated identity is the cornerstone to streamlined access to services.

Powering new opportunities

Of course, organizations that use identity to create secure, streamlined digital experiences will find themselves ahead of competitors. Personalizing services for customers or citizens makes life easier and allows people to self-manage their accounts and services and has a positive impact on an organization’s bottom line.  

In Australia, this opportunity is being driven by ambitious government initiatives. Following the UK’s Open Banking program, Australia launched the Consumer Data Right (CDR) regulation, which will enable consumers to more easily transfer their personal information to competing companies. Aside from empowering people to own and use their personal data to comparison shop, the CDR will also enable vendors and third parties to securely access the personal information stored by banks, powering further innovation and customisation of services. Identity management solutions are a critical component in the success of the legislated CDR roll out.

The role of identity management is being further thrust into the spotlight by the COVID-19 lockdown, which has sparked widespread upticks in demand for digital access. In Australia, national retailer Woolworths reported a 320 percent increase in app use, while ANZ Bank saw a five-fold increase in the use of its digital channels and these are just a  couple of relevant examples.

As Mr. Turnbull observed, digital is becoming the battleground for brands and organizations and for the public sector to provide better secured customer experience to its citizens and as he stressed during our discussion, “If we crack the digital identity nut, a lot of the issues we are facing will be mitigated.”

You can watch the replay of our virtual fireside chat with Mr. Turnbull here


ForgeTalks: Digital Transformation vs. The Aliens

Technology Trends -

Welcome back to another episode of ForgeTalks. I was joined this week by ForgeRock Chief Evangelist Allan Foster, to talk about digital transformation, COVID-19 and the pivot to remote work and play. For those of you who know Allan, you know he can talk - so get comfy, you're in for a comprehensive discussion on the new digital experiences that have landed here on planet Earth. 

In this episode we'll talk about:

  • Some of the reasons why businesses are struggling to interact with employees and customers digitally
  • How digital transformation has enabled businesses to be flexible following the start of the COVID-19 pandemic
  • What businesses can do if they have yet to undergo their digital transformation

I hope you enjoyed this great episode with Allan. Make sure you check out next week's episode where I chat with ForgeRock's VP of Product Management, Mary Writz, about her favorite features of the ForgeRock Identity Platform. And if you want to check out any of our previous episodes, you can see them here.

Autonomous Identity: How to Overcome Identity Governance Fatigue

Technology Trends -

Redefining Identity: ForgeRock Autonomous Identity 

IT and Security teams are experiencing identity governance fatigue because they are exhausted from manually reviewing and approving access requests and rubber-stamping certifications. To address this weariness, ForgeRock is providing a new modern approach to identity. ForgeRock Autonomous Identity is an artificial intelligence (AI)-driven identity analytics solution, that allows you to overcome identity governance fatigue.

ForgeRock Autonomous Identity provides real-time, continuous enterprise-wide user access visibility, control, and remediation. By leveraging AI and machine learning techniques, Autonomous Identity collects and analyzes all identity data—such as accounts, roles, assignments, user activity, and entitlements—to identify security access and risk blind spots.  

The solution provides you with wider and deeper insight into the risks associated with user access by providing enterprise-wide contextual insights, high-risk user access awareness, and remediation recommendations. Autonomous Identity can be overlaid onto legacy IGA solutions, enabling your organization to increase operational efficiencies, accelerate decision making and maximize existing identity investments.

Leverage Your Existing Identity Investments  

ForgeRock Autonomous Identity works with your existing identity infrastructure to develop a complete view of the user access landscape. This includes identity management, Microsoft Active Directory, identity governance, databases, LDAP systems, and other identity data sources in your organization. The landscape provides highly accurate models, showing what good access should and shouldn’t look like.  

Unlike legacy IGA solutions that are based on leveraging static rules, roles, and peer group analysis, Autonomous Identity relies strictly on the data in your organization to develop an analysis that is free from any bias coming from human-derived rules and roles that exist in your identity management or identity governance solution.

How It Works 

Autonomous Identity links users to entitlements at the lowest attribute level. The solution uses profile data to determine the likelihood an individual will need an entitlement, based on how entitlements are currently distributed across the organization.

Why ForgeRock Autonomous Identity?  

Autonomous Identity addresses identity governance fatigue with unique and highly differentiated capabilities, including:  

  • Global visibility: By leveraging AI-driven identity analytics, you can collect and analyze identity data (examples: accounts, roles, user activity, entitlements, and more) from diverse identity, governance, and infrastructure solutions in order to provide enterprise-wide visibility of all identities and what they have access to across the entire enterprise. This approach provides your security and risk teams with contextual insights into low-, medium-, and high-risk user access at scale.
  • Highly scalable: As new identity data is collected and old data is purged, the AI and machine learning model evolves and learns the dynamic changes within the enterprise. By leveraging predefined machine learning techniques and algorithms, you can quickly predict, recommend, and identify outliers. This intelligence-based approach allows your security and risk professionals to automatically analyze and model high volumes of identity data to identify high-risk user access and unauthorized or unknown user access across the entire organization.
  • Data driven: With Autonomous Identity, you can contextually examine all identity-related data and identify and recommend the right level of user access rights. This approach provides the ability to identify and apply appropriate birthright or leaver user access rights to accounts, applications, systems, roles, entitlements, and more. This process reduces the overall request volume by predicting appropriate user access at the right time to the right resources.
  • Transparent AI: Unlike “black box” identity analytics solutions, Autonomous Identity allows you to fully comprehend how and why risk confidence scores are determined. By visually presenting low-, medium-, and high-risk confidence scores together, your security and risk professionals can contextually understand which key risk indicators were met. This AI-driven approach recommends risk-based identity and governance remediation updates based on enterprise-wide confidence scores.
  • Dynamic analysis: With intelligent data stream processing, you can leverage existing and diverse identity, governance, and infrastructure data sources to continuously collect and process high-velocity, high-volume data (examples: roles, entitlements, attributes assignments, and more) from across the enterprise. Combined with a highly scalable and distributed microservices architecture, enterprises can process and analyze tens of millions of data points quickly to predict and recommend user access rights and highlight potential risks. This intelligence-based approach enables security and risk professionals to accelerate their decision-making process.

Autonomous Identity provides you the unprecedented ability to reduce costs while simultaneously lowering risks across your organization. It is a game-changing solution that is redefining identity by providing organizations with the following key business benefits: 


To learn more about ForgeRock Autonomous Identity, watch the “Identity Redefined: Eliminate Risks and Cut Costs with AI-Powered Identity Analytics” webinar with ForgeRock and Accenture. 


ForgeTalks: To Your Health

Technology Trends -

Hello, and welcome back to another episode of ForgeTalks. While COVID-19 has certainly made things challenging for all of us, the global healthcare industry has been hit particularly hard. In addition to serving on the front lines of the pandemic, the number of data breaches and targeted attacks against medical data is also on the rise. ForgeRock's Chief Technology Officer, Eve Maler joined me again, along with ForgeRock VP for US Healthcare, Steve Gwizdala, to discuss the challenges the healthcare industry faces in 2020 and how digital identity can help. 

We'll take a look at:

  • Current trends within the healthcare industry
  • Data from ForgeRock's recent Consumer Identity Breach Report
  • Real world results that ForgeRock's healthcare customers are achieving by investing in digital identity

I hope you enjoy this week's ForgeTalks episode. If you missed the recent two-part miniseries about ForgeRock Go you can view Part I here and Part II here, and make sure to check out next week's episode where I meet with ForgeRock's Chief Evangelist Allan Foster to discuss how digital transformation has helped businesses pivot to a remote world.

Want to see more? Visit our ForgeTalks page to catch the whole video series.

What is Identity Governance Fatigue?

Technology Trends -

The Traditional Identity Journey

Over the past decade, organizations have gone through many different stages of the identity journey. Depending on the size and maturity of your organization, you are probably in one of six identity maturity categories (see diagram below). Your progress through the stages of maturity may be stalled—but not necessarily because of limited resources or for lack of trying. Your lack of progress is likely due to the limitations of your existing identity governance solution. 


Why? These legacy solutions fail to deliver on your identity governance requirements. Large enterprises need a model that provides visibility into who has access into what and why, eliminating manual access requests, approvals and certification rubberstamping. And, the identity model should grow dynamically as your organization changes over time. 

Why Legacy Identity Governance Solutions are Destined to Fail 

Legacy identity governance and administration (IGA) solutions are failing organizations today for several reasons: 

  • Identity silos: Many IGA solutions are only integrated with a few authoritative identity sources, like Microsoft Active Directory, or your company's HR system, like Workday. The limited integrations result in poor user access visibility and a lack of consistent access visibility across the entire enterprise. As a result, you have many islands of identity sprinkled across your organization.
  • Operational inefficiencies: IGA solutions are meant to automate access requests, approvals and certification reviews. The reality is quite different. Instead, your teams are so overwhelmed with access requests, approvals and certification reviews that they end up manually approving access requests and rubber-stamping certifications. This results in the overprovisioning of user access privileges across your entire enterprise. 
  • No context: While IGA solutions are good at providing visibility into a single authoritative source, they don’t provide visibility and context across multiple authoritative sources. As a result, organizations struggle to determine what users need access to, what access they have, and why that access is needed. Without universal visibility and context across the entire enterprise, your organization is blind to inappropriate user access privileges and potential unauthorized user access. 
  • Static data: IGA solutions provide tools—like role modeling—to help organizations achieve better operational efficiencies and compliance. While role modeling helps to better align users with the right access rights, the organizational role model rapidly becomes stale and outdated. Your organization changes dynamically every hour, every day, every week, and every month. With outdated access rights, privileges, roles and entitlements of an IGA solution, your organization is more open to security risks and potential data breaches.  

These are the reasons why IT and Security teams are experiencing identity governance fatigue. They are exhausted from manually reviewing and approving access requests and rubber-stamping certifications. 

Don’t Run Your Business with a Crystal Ball

Is this how you want to run your business? With a crystal ball that provides predictions based on limited data. Of course not! That is why you implemented an IGA solution. 

Your existing IGA solution has provided you with an initial set of capabilities to manage and control the entire identity lifecycle. From a user’s birthright access to the removal of their access when they leave the organization. The point here is, access requests, access approvals, certifications and role modeling capabilities have gotten you to where you are today. You have made progress in managing and controlling user’s access. That’s the good news. 

The bad news is legacy IGA solutions have created a new set of barriers to your organization’s growth and future success. Existing IGA solutions have stalled your progress because they have not addressed the core problem: “How do I develop a model to solve my access problem?”  Until that question is addressed with a solution that meets today’s challenges and acknowledges the dynamic nature of your organization, you’ll continue to be in a “holding pattern” when it comes to managing and controlling user access across the entire enterprise.  

Grow the Business with AI-Driven Identity Analytics 

How do you evolve past the holding pattern?  The answer is artificial intelligence (AI)-driven identity analytics, which address legacy IGA solution gaps.

Using AI and machine learning techniques to consume and analyze large data volumes, AI-driven identity analytics can detect user access patterns and inappropriate access privileges across the entire enterprise. By automating high-confidence and low-risk user access rights, your security and risk teams will have more time and resources to focus on higher priority tasks and projects. 

In my next blog, I’ll explain how organizations can overcome identity governance fatigue with ForgeRock Autonomous Identity. Be sure to watch the “Identity Redefined: Eliminate Risks and Cut Costs with AI-Powered Identity Analytics” webinar with ForgeRock and Accenture to learn more.