Listen to this articleBelow is our recent interview with John Milburn, CEO of Clear Skye:
Q: This is the first time we have spoken. Can you provide a brief overview of Clear Skye?
A: Absolutely. In 2016 Clear Skye was founded as a software solution provider focused on simplifying security and compliance within the enterprise. Our design approach is to leverage the systems and processes our customers are already using as opposed to replacing them. We do this by building solutions native to the ServiceNow Now Platform. Clear Skye IGA is our first offering and it focuses on the Identity Governance and Administration challenge.
Q: What exactly is Identity Governance and Administration?
A: The simplest answer is that IGA is the process that ensures the right people have the right permissions to the right enterprise applications, and nothing more. IGA also helps enterprises prove these facts for their next audit. Since the average enterprise now has more than 300 applications that their users, contractors and partners could have access rights to, this has become a complicated challenge where the optimal solution requires active engagement across all types of knowledge workers to truly be successful.
Q: Aren’t other companies already doing this? What makes Clear Skye unique?
A: Yes, this is not a new space. I have personally been in this market for 20 years and have witnessed a very consistent value gap existing between project visions and the end results. Clear Skye IGA was designed to address these challenges, in part by building our entire solution natively in the ServiceNow Now Platform that the vast amount of enterprises are already using to run much of their IT workloads . We are the only full featured IGA solution on the market that is built this way, which enables our customers to focus on the solution as opposed to managing yet another monolithic piece of software.
Q: What are the key benefits of using the Now Platform?
A: The most obvious one is that the Now Platform provides a true cloud solution in a market space that is struggling to make the move away from on-premises software. This is one of the reasons ServiceNow was able to change the Information Technology Service Management (ITSM) market so quickly in the mid-2000s. Today’s on-premises IGA solutions require a lot of specific infrastructure and large teams to keep them going. This is an increasingly difficult proposition in an era when most organizations are trying to get rid of their data centers and have a cloud first stance. Additionally, the Now Platform provides the most flexible workflow automation capabilities in the market. This is one of the main reasons that cloud IGA solutions have been slower to take off. Having a solution that cannot support an organization’s existing business process flows is a non-starter, and is the reason that many product selections fall back to on-premises software, even here in 2020. Finally, I have seen these programs fail countless times due to lack of end user engagement. If people do not use your solution to request and approve access, you do not have the central source of truth that was desired. Using the Now Platform takes advantage of portals and interfaces our customers are already using daily, resulting in much quicker and complete adoption.
Q: What are some of the real-world results enterprises can expect with your solution?
A: Our customers are able to quickly achieve full application stack coverage and broad employee engagement in a way not seen before in this space. Since we are able to leverage the ITSM workflows and portals the enterprise is already using, we see much faster and robust return on program investments than is typical in this space. Additionally, enterprises that are using the Now Platform for Configuration Management Database; Security Operations; or Governance, Risk and Compliance (GRC) are seeing huge benefits to using this data to inform traditional IGA workflows and vice versa. For example, access requests are a common building block of an IGA solution. Only Clear Skye IGA can check to see if the user or application being requested has recently been involved in a security incident, which could inform the approval workflow in ways that greatly improve the security stance of the organization. Conversely, GRC teams spend a lot of manual time and effort pulling data from IGA solutions to ensure their controls are being adhered to. Since we sit alongside the GRC data, these teams can now automate the validation of existing controls, saving time and effort during preparation for an audit.
One final thought here. One of the common complaints in this solution space is the lack of needed IGA experts to help make these solutions work. This is a finite group of very expensive people that have typically been around for a decade or more. Our customers love the fact that our solution can be driven by a much smaller team of identity experts, with much of the work able to be done by much more readily available ServiceNow practioners.
Q: How has the state of identity and access controls changed over the past few years?
A: I would say the biggest change over the past few years has been the number of applications required to manage. Ten years ago, large enterprises had 15-20 core applications that they wanted their IGA solution to manage, with a small handful of departmental applications that typically were governed through manual processes. Today, the explosion of SaaS solutions means that the number of applications is in the hundreds or thousands. Since all of these need to be managed, it is a requirement to have an IGA solution that can govern applications thought both direct and indirect automation. As the typical form of indirect governance is ITSM processes, Clear Skye has a real advantage in providing a single control plane for the rapidly growing number of applications to manage. Another related change is the “rubber stamp” effect that is seen by application owners and business leaders during access certifications. It is now common for a business manager to be presented with pages and pages of entitlements to certify every quarter. Because the amount of data is so vast and confusing, we see more and more frequently that people are defaulting to approving everything. This obviously defeats the purpose of regular access reviews and weakens an organization’s security posture. The solution to this issue most talked about is to use analytics to better inform these review exercises, highlighting things that approvers should really focus on. I agree with this approach but would argue that the value of any analytics is defined by the strength of its signals. In the case of Clear Skye, we have access to everything in the platform that our customers are already running their businesses on, making it more likely that our analysis will be a stronger weapon against the rubber stamp.
Q: What are some of the biggest challenge’s organizations face in rolling out or maintaining their IAM programs?
A: Gartner reported this year that more than 50 percent of IGA programs are in distress and my experience is in line with this. This distress typically comes from:
• Trying to automate too much, too soon;
• Knowledge workers that are poorly trained and don’t know where to go to get things done;
• Products that cannot support the workflows of the business; and
• Time and expense needed to manage the IGA solution.
All of these common challenges were core to the way we designed our solution, and I believe our approach greatly reduces these friction points.
Recommended: Digital Marketing Agency New Paradigm Marketing Group Specializes In Website Design
Q: Can you describe a typical use case or customer scenario for your solution?
A: We are a fit for any organization that is leveraging the Now Platform and also needs to manage application and data access. Our solution provides all the necessary ingredients of a delicious IGA meal, including:
• Automated identity lifecycle management from onboarding to new roles to exiting the organization;
• Access request capabilities that leverage the portals that users are already using;
• Access review functions that are ingrained into existing IT processes and that take advantage of a wide cross section of enterprise data; and
• Analytics and reporting that help automate audit preparation.
Q: And, I have to ask, what can we expect to see from Clear Skye later in 2020?
A: IGA is just the start for us. As we move forward, you will see us continue to expand what we can simplify using this powerful platform. You should not be surprised if we start to look at other IAM processes like SSO or PAM as other areas where we can help our customers increase both speed and effectiveness.
Q: Thank you for your time. Is there anything you’d like to add before we wrap up?
A: Thank you for the time as well. I have very much enjoyed the conversation. I will make my final thoughts short. We have been led to believe that Identity Management is “hard” for the past 20 years. So hard, that it can be accomplished only by a set of very heavy solutions managed by a finite group of experts. This has contributed to a market that has continued to grow every year at around 10 percent, but has really not become any better at solving the problem. I will admit that I have been part of this machine for much of my career. I hope Clear Skye will shine a light on this fallacy and prove that there is, in fact, a better approach.
Activate Social Media:
