Symplified Identity and Access Management Secures Your Company One Log-In at a Time
With the rise of the consumerization of IT, enterprises and small businesses alike are finding it more and more difficult to control and secure access to sensitive company information. When your employees can sign into their company accounts from anywhere at anytime, not just at the office, how do you ensure that your data is safe?
Symplified was founded to solve just that problem. We sat down with Eric Olden, founder and CEO of Symplified, to discuss where the cloud is headed, how BYOD is changing the IT landscape, and what Symplified plans to do in order to help companies keep up with the changing IT world. Also the founder and former CTO of Securant Technologies, which specialized in Web access management for enterprises, Olden had a great deal to share with us about this shifting landscape.
Can you tell me about how Symplified was founded and what the inspiration for the company was?
To understand Symplified, the key is that the IT market has gone through massive disruption. People are moving more and more of their applications and users to the cloud – whether they’re accessing applications like Salesforce or Google, or they’re using mobile devices like smartphones or tablets.
In the past, we had an IT model that was very much the fortress model, which is to say that you could manage everything in one place. Now the applications and users are spread over all sorts of different locations, so something had to change in terms of how you manage and secure that environment.
The second trend is in the mobile space. Companies used to control the devices that their employees were using to access their applications and data, and that changed with the rise of mobile. This BYOD (bring your own device) model has created very different changes in terms of how you secure and manage access to company applications and data when you don’t control the wireless device or the network that it’s accessing.
The third trend is the fact that securing and managing access to applications and data wasn’t scaling in the old world. The approach was to secure applications and lock them down, or secure data and lock them down; but when you have all of these applications and data in different locations, it’s impossible to manage it all in one place.
So instead of securing the apps and the data, you can secure the identity; you can have a single user experience across all these different applications, regardless of if you’re using a desktop computer or a mobile device. Symplified was created to create a seamless way to manage the shift to identity-based access management and single sign-on.
What did you see as the most difficult part about getting that started, getting all these disparate elements together and working properly for the customer?
The hardest thing I think was to take a new approach to this model. How do you secure all these different applications in a world where you once owned all the infrastructure? What we did was start with a clean slate, using our experience in this space, to build an identity and access management solution for the cloud operating system.
I think that the way that the market really looks at this is that it’s not going to be the companies of the past – the RSAs, Oracles, and Computer Associates – that are going to fix this problem. It’s going to be new companies, like Symplified, who are taking a fresh approach, really exploiting the capability of the Cloud.
Along that vein, what is Symplified’s approach for making it simpler for the user and ensuring that they can easily navigate their identity and access management?
There are two primary customers that we focus on. The first is the end user—that’s people like you and I who just want to get their work done. Symplified provides them with single sign-on; so instead of having 12 passwords for 12 applications, you have one password that works wherever you need it, eliminating the hassle of managing passwords and trying to remember what applications use what password.
The second thing is that we give end users a single place to log in. So with one URL – whether it’s from their phone, their iPad, or their desktop – they can access a portal that provides all their different applications in a single spot. So one password, one portal, all your applications. That’s how we make life simple for the end user.
The enterprise is our second customer that we focus on. We dramatically simplify the integration problem by making all these applications work seamlessly with the portal and with existing systems that an enterprise might have. Because we were the first company to build in the cloud, we’ve pre-integrated all these different applications so that the enterprise has a single place to integrate.
The second piece that Symplified does for the enterprise is integrate the four core functions of access management and single sign-on by allowing administrators to manage the user account itself, giving them a single place to set rules for how people can access applications.
Think of it as the four A’s – access control, authentication, auditing, and administration. Symplified will provide all four of these functions in a common policy. This means that – from a security standpoint – you have better coverage and visibility, as well as better security, because everything is unified.
On the subject of security, I imagine that customers often ask about how secure a single sign-on is. Can you go into detail about how Symplified ensures that their information is safe and secure?
We protect the end user by enabling different types of authentication. When you’re dealing with financial data or human resources data, then you need to think about how you can authenticate or verify someone’s identity with something that’s more secure than a password? To that end, Symplified integrates with different types of strong authentication. For example, you can use a token instead of a password if you need to access a secure or confidential piece of data or application.
When you look at single sign-on without access control, then you have the potential for “compromise me once, compromise me everywhere.” What we do as a part of a unified policy approach is to integrate the access control with the single sign-on, and that means that we simplify and control at runtime what applications and what data a user can access. We do that as part of our access control.
Changing tracks a little bit, who do you see as your ideal customer? Does it have to be large enterprises with tons of applications? Or is it also suited for small businesses as well?
We have customers that range from work groups of 50 to the Fortune 500, and I think the ideal customer is really somebody who is looking to use the cloud or mobile. Just a few years ago, the idea of using the cloud and Software-as-a-Service to do business critical applications like CRM with financial and revenue information was considered a very risky proposition. Today, those are some of the most popular applications.
What Symplified does is make it easier to secure all these different applications and the data inside them. It really doesn’t matter the size of the company or the industry. You just need to ask yourself, “Are you using the cloud more today than you did yesterday?” and, “Are you using mobile more today than you did yesterday?” For people who answer yes to either or both of those questions, they’re Symplified’s ideal customers.
With the companies that you work with, what do you see as the major challenges in adopting identity management or using identity management? How can they overcome those challenges?
I think the most common challenge, especially in IT organizations that are aggressively using SaaS and mobile, is the consumerization of IT. The traditional role of IT is to determine whether or not a company’s going to use an application, and then determine how to secure and integrate it.
A lot of companies now are finding that individuals will start using a website or service, then they’ll come to work and tell IT, “Look. It works. I just started using it, but I didn’t think about identity management because I just wanted to use this tool.” Many organizations are in catch-up mode right now because they’re trying to figure out to support this trend of consumerized IT when it’s already proliferated within the company.
The more that companies that are forward-thinking – what they’ll do is get their infrastructure in place, like Symplified; and that makes it easier for these lines of business to go out and use the applications and mobile devices that they want.
Can you tell me what makes Symplified different from other identity management vendors, such as Okta, for example? How do you make sure that you’re different from the other providers out there?
Compared to other companies in this space, we bring a significant depth of experience in identity and access management. We have some of the coauthors of the core standards in this space who helped found Symplified. Secondly we can provide this at enterprise scale, which is why we have more than 4 million licensed users.
The third thing is that we provide a solution that can work completely in the cloud or on a customer’s network; and let the customer decide where and how far they want to put their data and their identity into the cloud. So it’s really this capability of being enterprise ready with its hybrid architecture that is unique to Symplified.
Do you anticipate the cloud and consumerization of IT continuing to change in the next 5 years, and how does Symplified plan on meeting/addressing the shifting landscape?
Yes, I believe cloud and consumerization of IT will continue to disrupt the landscape over the next 5 years. One need only look at how quickly tablets, especially the iPad, have grown in just 2 years. The biggest impact, though, will be that the cloud becoming quietly ubiquitous; meaning people won’t really stop and think about ‘where’ something is located (in the cloud or in a data center), they will simply focus on using apps to both work and play in the cloud.
Without identity – knowing who someone is – you can’t have context; and that is what will make apps and the user experience really work. Identity management historically was difficult and expensive, and only large enterprises could use it. Symplified is radically changing this by building identity into the fabric of the cloud and simplifying it so that people can use it without knowing how it works – much the way we view electricity today.
Symplified is building a true cloud-delivered, identity utility model that I believe will completely reshape how computing across mobile, the cloud, and the enterprise will work.