Technology Trends

IAM 101 Series: What Are Directory Services?

Learn why the backbone of your IT stack may be overdue for an upgrade before it slows down productivity 

The beautiful thing about IT is that it just runs. You open up your laptop, access your applications, and stay productive and focused throughout your day. The technology that goes on behind the scenes is somewhat irrelevant to your average user.

So when I say “directory services,” you may be tempted to move on and watch some cat videos on YouTube. Stay with me, humble reader, for herein lies an important message.

What are directory services?

Directory services are the databases that store some of the most essential information you need to do your job. They are often referred to as data stores, LDAP, and directories. The information stored in these vessels include your username, password(s), authentication preferences and enrollments, user preferences, application data and, more recently, information on devices such as mobile and Internet of Things (IoT). As you can see, much of this information is identity related.

What happens when you fire up an application? Whether it’s a cloud, mobile, or traditional application, and whether you’re using it for work or otherwise, the application is going to reach out to the one definitive source of identity truth in your organization – the  directory. This is to validate that you’re still a legitimate user of the organization, that you’re authorized to access the application and to find out what you can do with it. It’s that simple.

But these days, directory services are under siege. Many organizations deployed their directory services many years ago, in the pre-cloud years, so they are running what we call “legacy” directories. While they still “work” in the traditional sense, there are reasons – both technical and non-technical – to believe we’re headed for a directory slow down.

The first reason is that the amount of information being put into directories is multiplying exponentially. Consider the “Things” in the Internet of Things (IoT). Estimates are that, in 2020 alone, the number of deployed Things will reach 31 billion! That’s at least four times the number of people on the planet. And all this IoT data is being registered in directories. 

The second reason directories are slowing down has to do with the ubiquitous nature of our work and home environments. Where do you work? If you’re like me, your work is anywhere you are. It’s certainly no farther away than your mobile phone or laptop in our hyper-connected world. This reality means directory services need to be distributed and highly available so that you can access the apps and services you need quickly. A slow link or an overwhelmed legacy directory sifting through millions of entries means you’ll wait to be authenticated and connected. Waiting is costly. Waiting is time. The result? Lost customers, decreased productivity for your workforce users, unhappy application owners, and a situation that will only get worse if not addressed quickly.

Directory services – the old iron of the business – need to go the way of the mainframe and green screen applications. They need to modernize!

Unfortunately, that’s easier said than done. Modernizing directory services is probably not high on the list of projects for your IT database administrator this year. Or next year.

But there is a pathway, and real ROI to be realized by modernizing your identity and access management (IAM) solutions. It doesn’t have to be painful. ForgeRock has Accelerator toolkits that help organizations upgrade legacy IAM solutions in a prescribed way, so they can go at their own pace. Accelerators are a complete kit of everything you need to get started. They include documentation, reference architecture, and step-by-step processes that allow you to migrate one app at a time or 10 at a time, or many more.

Using a coexistence or just-in-time (JIT) strategy, you can run ForgeRock IAM alongside your existing directory to make sure there is no loss of data or lack of availability to applications. When you’re ready to cut the cord and move to modern IAM, you can disengage your legacy directory and say goodbye to those hefty maintenance costs.

ForgeRock has one of the few directory services on the market today that offers a deployment option to run in containers. A container is a ready-to-run software package that includes everything you need to run your directory service in a Kubernetes or Docker pod. They can run any cloud (or on premises) and use vastly fewer IT resources in your data center.

ForgeRock also natively supports all the apps you want, provides greater security, offers more fine-grained access control, and works both within and across your data centers. 

For organizations to stay agile and productive, your directory services need to keep up with the growing needs or your users and customers. To learn more visit us online at

ForgeTalks: How to Address Identity Governance Fatigue

Welcome back to another episode of ForgeTalks. This week I met with ForgeRock Senior Director for Product Marketing, Tim Bedard, to discuss how organizations can address their identity governance fatigue. Because of legacy identity governance and administration (IGA) limitations, IT and security teams are exhausted from manually reviewing and approving access requests. These organizations need an identity model that provides visibility into who has access to what and why, eliminating these manual processes. 

In this episode we'll dive into:

I hope you enjoy this episode of ForgeTalks. Coming up next: tune in to part of 1 of our season finale with ForgeRock CEO, Fran Rosch, and titan of the cybersecurity world, Dave DeWalt. And if you want to check out any of our previous episodes you can do so here.

E-Voting Is the Future: Busting Myths and Objections

Demand for Online Voter Registration and Voting Doubles During the Pandemic

The COVID-19 pandemic made people – perhaps for the first time – consider if it is really worth it to leave their homes for many activities. Is picking the right apple at the grocery store worth the risk? As we near the U.S. presidential election, this same question remains, although the stakes are much higher. Constituents shouldn’t have to agonize between choosing their health over casting a vote, or vice-versa, because there’s a better solution. It’s time for the U.S. to bring e-voting to the American people.   

So what’s stopping the U.S. from implementing e-voting? Creating a national system of voting online is very much within the realm of possibility today. We have all the tools and technologies available at our disposal today. Below, we address common myths and objections. 

Myth #1: People don’t want to e-vote.

As the world remains in the grips of a global pandemic, people’s preferences towards digital activities are changing rapidly across industries. In fact, findings from ForgeRock’s New Normal Report show consumer preferences for online voting doubled across all regions. Almost two-thirds of consumers prefer to register to vote online as well. Inarguably, most voters want a modern and secure way to cast their ballot, which means the end of the paper ballot’s exclusivity is likely near. 

At ForgeRock, we believe that digital identity has a huge part to play in this. Digital identity technology can be essential in securing registration, user identification, and authentication – all key steps in ensuring a trustworthy and accurate vote count.

Myth #2: E-voting will enable voter fraud.  

Today, verification of votes is utterly archaic. It relies on polling volunteers to compare signatures on voter cards, which seems absurdly low tech, given the digital world we live in. That said, it is challenging to compromise in-person voting at scale. Fraudsters would have to send pretend “voters” one by one to the polls to pass off the false votes – and that’s a federal felony. For the risk, the reward just isn’t there.  

E-voting, on the other hand, would introduce a much stronger root of trust than we have in the existing voting system. Identity verification technologies, which are widely available on the market today, can quickly validate the authenticity that people are who they say they are. They use a variety of methods that are much stronger than today’s simple signature match. Technologies such as biometrics, device reputation, behavioral signals, and other digital identity capabilities offer a much more accurate validation of a voter’s identity and avoid widespread voter fraud. These digital identity technologies would transparently put every voter through multiple layers of validation that would provide much greater security without adding friction to the voter experience. The Real ID system that has now been adopted in all 50 states in the U.S. is one step forward toward a minimum standard of identity information. Real ID state licenses are required to provide a core set of security and validation features that make state licenses a very strong level of identity validation.

Myth #3: E-voting will create a new attack vector for hackers and invalidate election results. 

One of the reasons that the U.S. voting system is resistant to manipulation today is its decentralized nature. Town to town, state to state, voting methods vary. To create an e-voting system that is resistant to an external digital attack, it, too, must be distributed or decentralized. Blockchain, which is already being utilized for online voting in several countries, is one technology that could be critical. By making it difficult to manipulate individual votes, through containerizing the voting information, utilizing encryption, rotating keys, and leveraging distributed ledger technology, hackers will face a similar challenge to paper ballots – the effort to access a single vote means it would require too much effort to impact the larger voting pool. 

Myth #4: There is no way to maintain anonymity in voting digitally. 

Identity and access management (IAM) solutions are used by the biggest brands every day with a need to balance both privacy and data integrity. A decentralized, blockchain-based recording of votes could be held as an unchangeable backup, similar to the paper backup approach used today, while the information aggregated and shared outside that blockchain removes personally identifiable information (PII). 

Digital voting would likely need to be decoupled into several steps to maintain security and anonymity simultaneously. A user would need to be strongly authenticated. A record that an individual voted would need to be stored in an immutable way that can’t be linked to their actual vote. The individual’s vote would need to be deposited in a different immutable system so that votes can be easily counted and never changed. Maintaining this strict separation ensures that the vote can’t be traced back and linked to the individual who cast it. 

Myth #5: Online voting will disenfranchise those who do not have access to smartphones or computers. 

With voters at risk of exposing themselves to COVID-19, or the potential risk of future pandemics increasing the need for voting alternatives, e-voting should replace in-person voting. While the vast majority would benefit, there would still be measures in place for those who can’t cast an e-vote. New approaches should be introduced to ensure that no one is left behind in the voting process, but providing an e-voting option quickly will give U.S. citizens an opportunity to balance the risks they face between health and patriotism without having to stand in historically long lines, which have already become an issue in the 2020 election. 

As we move towards an e-voting future, the disenfranchised cannot be left behind. Rather, our focus should be on re-enfranchising these communities while ensuring alternative solutions are in place so that every voice is heard and the digital divide doesn’t become the civic divide. These efforts will be well worth the investment in the end. 

At ForgeRock, we have a big hammer in our ForgeRock Identity Platform, but voting is a nail-shaped problem that is rooted in identity. The capability to securely identify a person, anonymize and secure their session, and then record their vote is, at its core, digital identity. While identity can't entirely make e-voting 100% viable, as lots of other factors will contribute to its ultimate success, e-voting can’t exist without identity. To create a safe option for citizens to exercise their right and responsibility to vote, the U.S. must make e-voting a reality, starting with the 2024 election. The good news is that the technology is already here.  

To learn more about how consumer preferences are changing, check out the ForgeRock Consumer Survey: The New Normal


ForgeTalks: Citizen Identity & Access Management

Welcome back to another episode of ForgeTalks! All around the world public sector organizations are trying to provide better and more secure digital experiences for their citizens. Here at ForgeRock, we believe that digital identity can help enable these experiences. With the rise of security breaches, online services, remote citizen and workforce user demands, digital transformation is a must. In this week's episode of ForgeTalks, I was joined by Tommy Cathey, ForgeRock VP for Public Sector, to talk about citizen identity and access management.

This week we discussed: 

  • How can digital identity help public sector organizations modernize their digital experiences for their citizens?
  • What are some exciting recent developments for US public sector organizations? And why are they important? 

I hope you enjoy this episode of ForgeTalks. If you want to check out any of our other episodes you can do so here

A Leader in the Wave for Customer IAM

We’ve all experienced the turbo-charged acceleration in digital transformation in the past six months of the pandemic. Working from home, banking from home, shopping from home, and eating your favorite restaurant meals at home are the new normal. We are also living this experience at ForgeRock. We’ve moved to a nearly 100% remote work environment and supported our customers who have relied on us for a seamless and secure online experience over the years. Enabling this transformation for our customers is what drives us as a company. It is also why we are all immensely proud to be recognized by Forrester Research as a Leader in The Forrester Wave: Customer Identity and Access Management (CIAM), Q4 2020. 

Innovation and Execution Matter Most 

Forrester evaluated the 13 most significant identity and access management (IAM) companies against 32 different criteria spanning three categories: current solution offerings, strategy, and market presence.  The evaluation of each company included in-depth reviews of product functionality, demonstration of capabilities, and customer references. ForgeRock was named a Leader in this CIAM evaluation which recognizes both the strength of our current offering as well as having the highest score in the strategy category amongst all vendors evaluated.

Strong Security and a Great User Experience Are Essential for CIAM

One  prominent theme in this report is the shift in CIAM from “just” a security technology to becoming a key component of the online user experience. Forward-looking organizations are seeking identity partners to help acquire and retain customers while providing them with the security, fraud protection, and personalization capabilities to engage and transact across all consumer channels including web, mobile, call center, or in person.  

As a company strongly focused on CIAM, we’ve invested heavily in designing, building, and continually improving our ForgeRock Identity Cloud to meet the needs of our customers. We’ve emphasized the importance of capabilities such as data orchestration and user management, customer identity verification and registration, and consumer self-service. We’ve also invested in high performance and scale because they directly impact the user experience. We enable our customers to securely manage hundreds of millions of identities – with demonstrated performance in excess of 3.6 million authentication transactions per minute – and ensure a seamless user experience.

Looking Ahead

Forrester emphasized future strategy, investment, and execution roadmap as important criteria in their evaluation. It’s all about cloud choice and enabling hybrid deployments. At ForgeRock, we have known this for a while. It serves as a driving force behind our strategy, product, and go-to-market plan. And, it’s what drove our decision to raise $93 million in the first half of the year to continue to invest in our business and the market. 

We believe recognition by Forrester Research is a testament to our momentum and validation of our future  strategy and direction. Increasingly, our platform is becoming mission-critical to the largest organizations in the world – and we take our responsibility to deliver on their expectations seriously. We are incredibly proud that Forrester has named us a leader in CIAM. 

Download a complimentary copy of the The Forrester Wave report here.


ForgeRock Updates GSA Schedule

With the Covid-19 pandemic causing a dramatic shift in how public sector organizations and agencies do their work and provide citizen services, digital transformation has become a priority. Easy, yet secure, remote access for both citizens and employees is no longer a goal for tomorrow, it is a must for today. 

Unfortunately, traditional IT environments struggle to accommodate increased access demands. For example, legacy identity and access management (IAM) and identity governance and administration (IGA) weren’t designed to provide real-time, continuous enterprise-wide user access visibility, control, and remediation, or to collect and analyze identity data to identify security access and risk blind spots. These shortcomings result in error-prone and time-consuming manual work, poor user experiences, and increased risk — making it difficult for public sector organizations to successfully implement their digital transformation initiatives. 

What’s needed is a comprehensive IAM and IGA platform capable of not only modernizing and filling the gaps of legacy identity systems, but also unlocking their value with artificial intelligence (AI) and machine learning (ML). 

At ForgeRock we’re ready to help. I’m excited to announce that the ForgeRock Identity Governance and ForgeRock Autonomous Identity solutions are now available on the GSA Schedule, which means ForgeRock’s complete IAM and IGA platform can be purchased on the GSA Schedule with Carahsoft. ForgeRock has a long-standing partnership with Carahsoft within the public sector market across US Federal Agencies and State Governments. In fact, Rich Savage, Sales Director at Carahsoft, noted “We pride ourselves on helping government agencies find the best technology solutions available. ForgeRock’s AI-powered platform is exactly what IT teams need in the public sector for solving complex digital identity challenges.” 

Both Identity Governance and Autonomous Identity are fully deployable in a DevSecOps environment. You can view the new SKUs on our Carahsoft microsite under ‘Products.’ 

ForgeRock Identity Governance and Administration

Identity Governance and Administration (IGA) is the ability to manage and reduce the risk that comes with excessive or unnecessary user access to applications, systems, and data. Users want to have easy and rapid access to all of the applications they need to do their jobs. As a security-conscious organization, you need to balance requests for immediate application access with security, while reducing the risk associated with this process. 

The problem is, many public sector organizations use manual processes or scripts to grant immediate access to users. However, this leads to a failure to implement proper monitoring and governance controls on access in order to determine whether users should continue to have access. When auditors ask for proof of proper detective and preventive controls, organizations often resort to even more manual processes that involve spreadsheets and emails. Imagine the worst-case scenario, when a security team is triaging and they have to rely on searching through emails and spreadsheets in order to understand the chain of events. Fortunately, there’s a better way.

ForgeRock Identity Governance and Administration is an integral part of the ForgeRock Identity Platform. It simplifies the manual access request, access approval, certification, and role mining processes while providing full identity lifecycle management for creating, managing, and restricting identity access to accounts, systems, applications, and infrastructure. With ForgeRock IGA, you can strengthen your security posture and automatically drive regulatory compliance.

ForgeRock Autonomous Identity 

Legacy IGA solutions operate in ‘identity silos’ based on static data, including assignments, roles, and entitlements. Combined with the increasing volume and type of identities within the public sector, this can leave your already overburdened risk and security teams struggling to keep up as they manually provision access privileges and rubber stamp access requests and certifications.

ForgeRock Autonomous Identity is an AI-driven identity analytics solution that can be layered on top of, and integrated with, your existing IGA solutions to provide real-time and continuous enterprise-wide user access visibility, control, and remediation. By leveraging machine learning techniques, the Autonomous Identity collects and analyzes identity data, such as accounts, roles, user activity, and entitlements, to identify security access and risk blind spots. As a result, public sector organizations gain wider and deeper insight into the risks associated with user access as well as remediation recommendations.

As these product descriptions exemplify, there’s a better way to do Identity Governance and Administration to improve your overall access and security landscape while reducing manual processes and extending the value of your current investments. These solutions, along with ForgeRock’s comprehensive identity platform capabilities, help you achieve the digital transformation required for today’s remote access demands

For example, the State of Utah wanted to gain greater reliability and scalability in its identity and access management (IAM) infrastructure to integrate more data and applications, and expand the number of online services available to employees, citizens, and businesses. Using the ForgeRock Identity Platform, the state integrated more than 900 applications and online services, providing the flexibility and scalability to support all 1,400 of the states online services and a growing variety of additional applications and services, including those running in the cloud. The above and more resulted in a projected savings of up to $15 million due to operational efficiencies. Read the full State of Utah customer story.

You can learn more about the ForgeRock Identity Platform, as well as our newly added Identity Governance and Administration and Autonomous Identity solutions on our Carahsoft microsite under ‘Products’. And, as always, please reach out to us directly with any questions. We and Carahsoft are here to serve you.


Six More Reasons to Love ForgeRock SDKs

The ForgeRock Identity Platform gets better all the time and our focus on delivering software development kits (SDKs) underscores our commitment to helping you build secure apps faster. Earlier this year, we talked about the Six Reasons Why ForgeRock SDKs Make Sense. Today, we are pleased to announce there are now six more reasons you can count on ForgeRock SDKs to make your life easier. 

Let’s take a closer look at SDK 2.0. 

Reason 1: Unlock Intelligent Access

Intelligent Access combines Intelligent Authentication (or authentication trees) capabilities that our customers appreciate with Intelligent Self-Service (self-service trees). Intelligent Access includes new journeys for user registration, password reset, and progressive profiling – to name just a few advanced features. With this new release, our SDKs now support Intelligent Access, effectively doubling the number of supported use cases. Now, developers using SDKs can save time and integrate authentication, registration, and self-service journeys into their apps faster than ever before.

Reason 2: Access Device Context

ForgeRock SDKs can collect contextual information from devices (or browsers) and seamlessly integrate with the new Device Profile Nodes of the ForgeRock IAM Platform. Device context can be used to build sophisticated authentication journeys and detect anomalies such as deviations in previously trusted devices, geo-fence breaches, access from tampered devices, and more. By using the SDKs, you can start building better authentication journeys with device context in no time.

Reason 3: Exceptional User Experiences With Usernameless and Passwordless Authentication


Say goodbye to usernames and passwords with ForgeRock Go while providing great user experiences without compromising security. Our JavaScript SDK now supports FIDO2-based strong authentication with WebAuthn. This enables you to build this secure and seamless login experience into your single-page apps (SPAs) with ease. Our SDK can help you go passwordless faster.

Reason 4: Improve Application Security

Our SDKs do more than just simplify the integration with the ForgeRock IAM Platform. They have native capabilities to improve application security by implementing industry best practices and adopting the latest technologies in the iOS and Android ecosystem. Starting with this release, the ForgeRock iOS SDK uses Apple's Secure Enclave for hardware-backed encryption and storage of tokens. When you use our SDKs, you can be sure that credentials are in good hands. 

Reason 5: Simplify the User Experience With In-App Authenticator

Using one time passwords generated by soft tokens or push notification based approvals are great ways to improve security by introducing a second factor in the authentication flow. Traditionally however this approach comes at the cost of user experience. End users are forced to download and use a dedicated Authenticator app which introduces a lot of friction in the user experience. With the latest version of the SDK, you can now embed these capabilities into your own mobile apps and provide your users a superior, branded and seamless authentication experience. 

Reason 6: Secure High-Value Transactions

Great experiences and proper security during login are paramount, but your customers have come to expect, and are also looking for, that same level of security during each and every transaction. That’s why they need a Zero Trust model or Continuous Adaptive Risk and Trust Assessment (CARTA). With ForgeRock SDKs you can improve security by requiring the user to perform additional verifications when engaging in a high-risk transaction or while performing an action that deviates from their normal behavior. For example, they must reauthenticate by using a second factor or respond to a push notification on their mobile device.

For more information go to our SDK page or get started today with documents that provide you step-by-step instructions for your next integration project:

ForgeTalks: What are Containerized Directory Services?

Welcome back to another episode of ForgeTalks. This week we tackle how to help organizations prepare for unexpected spikes in consumer demand. I sat down with ForgeRockers Jeff Carpenter, director of product marketing and Ludovic Poitou, director of product management, to discuss the importance of scalability for millions of identities. They explained how our Containerized Directory Services can help you handle massive transaction volumes and millions of identities at thousands of transactions per second. 

We'll be answering questions like: 

  • What role does Directory Services play in identity?
  • What are the risks of ignoring Directory Services?
  • How is ForgeRock enabling a secure and reliable transition to the cloud with Containerized Directory Services? 

I hope you enjoyed this episode of ForgeTalks. And if you want to check out any of our other episodes you can do so here.

ForgeRock Consumer Survey: The New Normal

Suddenly, everybody was home. You became a homeschool teacher and you learned how to host a corporate happy hour over Zoom. Your new puppy started making guest appearances in your team calls. You downloaded a new app to deliver your groceries. Covid-19 impacted the entire world as online apps and services became our primary way to get things done.

Businesses had to figure out how to serve their customers and employees remotely as much as possible through new channels at unprecedented scale, regardless of age and geography, and quickly realized the importance of digital experiences

Now the question is when will things get back to “normal?” What will normal even be? And will our new digital habits stick?

The New Normal – Living Life Online

ForgeRock just completed a global survey that captures how the pandemic is affecting consumer behavior. Here are four key findings

  • Nearly half of all consumers polled say they will use more online services even with things return to normal
  • The second point, which should be a warning, is that more than one-third (35%) say a difficult log-in process would cause them to cancel their account, while 32% said they would look for another service.
  • Third, consumers 65 and older are really embracing the new digital lifestyles, … 31% say they will only shop online when this is all over.
  • Finally,  this shift isn’t just among retirees… a third of consumers ages 18-24 say they won’t go back to stadiums or theatres… they say they’ll keep watching sports, concerts, and movies online.

So, about that new normal, while no one knows exactly what’s next, it’s clear that we have very low tolerance for poor digital experiences and will, without hesitation, switch to apps and services that deliver easy, productive user experiences. This provides the greatest opportunity for businesses to thrive through any disruption.

Check out our report for great insight into what consumers have to say about their online experiences and how their behavior is changing now and in the future. And, don’t forget to keep an eye out for more insights from ForgeRock. 


Myth Busting at Identity Live: Cloud Edition

This month we announced some exciting enhancements to ForgeRock Identity Cloud. All of the updates we make to our platform are done with your realities and requirements in mind. The year 2020 has taken a toll on many businesses all over the world, and this has put increasing pressure on IT teams. Our customers are seeing online traffic like never before. The journey towards digital transformation has been turbo-charged as we move through the pandemic and prepare for what’s next. 

Organizations are doing everything they can to go digital while prioritizing the delivery of  exceptional user experiences. At the same time, security and trust remain critical to keep customers, partners, and employees safe online and in person. And while there is a big rush to the cloud, firms may be struggling with how to do it safely, securely, and without disrupting business. 

As companies weigh their cloud decisions, they are starting to raise critical questions about commonly held myths regarding cloud migration: Is the cloud really less secure and compliant? Does everything have to go to the cloud? Is it more expensive? 

Spoiler alert: The answer is absolutely not. We busted these myths last week during Identity Live: Cloud Edition

To kick off our event, ForgeRock CEO Fran Rosch and retired U.S. General and KKR partner David H. Petraeus discussed the CIA’s journey to the cloud, which began in 2013. At one time, security was one of the main reasons that many organizations elected not to adopt cloud solutions. Today, security is one of the many benefits of the cloud due to the scale of investment in security that cloud service providers have made – investments far beyond the scope of individual organizations. Knowing that the CIA has trusted the cloud for nearly 10 years reinforces this point.

While many companies have cloud-first strategies, we recognize that not all workloads are created equal. We were excited to chat with Amol Kabe, senior director of product management at Google Cloud, about the need for choice and flexibility. We’re here to help our customers embrace the power of the cloud and also work within their own hybrid realities. We polled the Identity Live audience and found that 80% expect to remain in a hybrid cloud world for at least five more years. On premises, your cloud, or our cloud – we will make it work for you.

We will keep working to enable excellent digital experiences. General Petraeus believes the login experience will be a differentiator, and we could not agree more. Personalization matters. Ease of use matters. Security matters. The outcome for a great user experience? It’s pretty simple. Do it fast, do it right, and do it now. We understand the need for a superior experience and, at the same time, ensure that this will not diminish security in any way. 

We also had the pleasure of hearing from Daryl Robbins, senior director of global architecture at Calabrio about their journey to the cloud. One of the reasons Calabrio chose ForgeRock to manage their 1.3 million digital identities is because of our full tenant isolation security capability. With ForgeRock, they never have to worry about their data being commingled with other customer data. From the administrator login screen to API endpoints and from the data to the application stack itself, there is no data traversal across those planes. We live, breathe, and sleep security, and we pledge to do that for you and all our customers. While we securely manage their IAM, Calabrio can focus on building incredible experiences for their customers. 

ForgeRock delivers simple truths – with no surprises. Moving to the cloud does not have to be more expensive. Having an unplanned uptick in traffic should not be costly. In times of uncertainty, we’ll provide you with more certainty. If you’re experiencing Black Friday-like numbers every day, we are here to help you scale up  – at no additional expense to you.

Cloud without compromise. Great experiences. No surprises. That’s what ForgeRock delivers. 

We know that you’re facing immense pressure to adapt and respond to a new normal. We are here to help you plan your IAM future along the way. 

Thanks to all of our customers and partners for attending Identity Live: Cloud Edition!  Want to revisit the action from our event? Watch each of the replays here.

Thinking of Modernizing Your CA SiteMinder Deployment? Now May Be the Perfect Time

New CA SiteMinder Plug-Ins Enable Coexistence and Just-In-Time User Migration Between SiteMinder and ForgeRock The Agonizing Decision to Modernize or Stay Put

Whether it’s to adapt the realities of a digital transformation program, addressing problems with scaling to provide access to new apps and services, managing the proliferation of Internet of Things (IoT), or the handling of challenges associated with a growing number of CIAM (customer IAM) and workforce users due to COVID-19, many organizations are currently exploring the options to update or “modernize” their existing legacy identity and access (IAM) systems. 

What we now refer to as “legacy” IAM systems are, in fact, platforms developed 10 to 15 years ago, back when most applications were on-premises and built on a client-server model. Fast forward to today, and these systems are struggling to keep up with cloud-first enterprise application needs. Support options are dwindling because vendors and developers are not keeping pace to support the latest feature sets. 

Legacy IAM systems are functionally at their end-of-life. While they may continue to crank along and seem to perform the old workhorse identity functions, they are unable to meet new business needs. For example, updates on these legacy systems are expensive and time-consuming, and stability challenges can arise as more identities and attributes are added. Integrating new apps is cumbersome. As many of these legacy solutions live on premises, the timeframe for new apps to “go live” is often measured in months, if not years. This is not exactly what you would call “agile IT.”

Modern identity platforms in contrast, are built to truly enable digital transformation, operate at IoT scale, provide continuous security, support cloud and hybrid deployments, seamlessly integrate new applications, and support security models like Zero Trust and the Gartner CARTA (Continuous Adaptive Risk and Trust Assessment) model. They are continuously adding new features and staying on the cutting edge of the market to keep organizations at a competitive advantage. 

Not a “Rip and Replace” Decision

But why might now be a good time to consider making this move? Well, for starters, everything is going digital, and your users and customers are expecting an optimized, online digital channel experience. Access problems, slow app performance due to identity-related issues, and poor authentication experiences will send them looking for workarounds--which your competitors are more than happy to provide.

But just as importantly, the decision to migrate at this time isn’t a binary one. As “rip and replace” is an option for the few, what is needed is a more seamless, step-by-step approach that allows you to go at your own pace, migrate the apps you need to migrate, and achieve a smooth transition to a modern IAM solution with a committed innovator in this space.  

ForgeRock and our partners are here to help. We have assisted countless organizations on the journey from legacy to modern. We stand ready to do the same for your organization, no matter how difficult the challenge or how complex your IAM system may be. We have built a robust set of tools, guides, and documentation to help you make the transition to modern IAM. And it’s all available to you for free. 

Making It Easy: New CA SiteMinder Plug-Ins from ForgeRock

ForgeRock is excited to announce the latest of these toolsa new set of Open Source CA SiteMinder Plug-Ins joining the existing Oracle Plug Ins as part of its portfolio of Modernize IAM Accelerators. The CA SiteMinder Plug-Ins enable coexistence and just-in-time user migration between SiteMinder and ForgeRock, so you can migrate at your own pace. For instance, you can choose to migrate 10 apps per week, one app per month, or whatever your organization may call for. ForgeRock Accelerators enable this migration to occur without any disruption to your customers or employees. It’s all done in a totally transparent manner. One of the benefits of this approach is that you can make immediate use of the new capabilities of the ForgeRock platform  like Intelligent Access, self-service trees, and passwordless authentication.  

Specifically, the new SiteMinder Plug-Ins for the Modernize IAM Accelerators can help in the following areas:

  • Authenticate in SiteMinder and single sign-on (SSO) to ForgeRock
  • Authenticate in ForgeRock and SSO to SiteMinder
  • SSO to legacy apps integrated via CA agents
  • Migration of user profiles
  • Secure migration of user passwords
  • Just-in-time (JIT) provisioning 
  • Modular and extensible for easier integration into current environments
  • Open source so it relies on industry standard protocols and libraries

In the end the SiteMinder Plug-Ins are designed to help make migration seamless and invisible to the user, while having a significant impact in time to value around the design and build of coexistence and user migration strategies. 

Learn more about modernizing legacy systems here, or contact your ForgeRock sales rep or partner today.

ForgeRock Integrations with Microsoft Will Strengthen Compliance and Reduce Risk

At ForgeRock, we like partnerships that deliver real business and technical value to our customers and prospects. Today’s announcement that we’ve joined the Microsoft Intelligent Security Association (MISA) is a text-book example of two organizations coming together to provide even greater value for its shared customers. 

We’re proud to earn a spot in the MISA ecosystem. Membership means an organization has met a high bar for delivering an integration with Microsoft Cloud Security services that will make a meaningful difference for customers. In our case, the new integrations we’ve delivered will help reduce risk and strengthen compliance for joint customers using Microsoft Endpoint Manager, Microsoft Azure Active Directory and Azure Sentinel. 

Microsoft Graph Integrations

We approached the ForgeRock integrations in a way that would allow customers to benefit from Microsoft Cloud Security’s vast threat intelligence data to deliver a multi-layered risk mitigation strategy throughout a user's authentication and authorization journey. We did this by working with Microsoft to help strengthen the security of the user, the device they are on, and understand the user’s activities. This required three integrations with three different services, all enabled by ForgeRock’s integrations with the Microsoft Graph.

To understand the risk associated with a user we can check the posture of that user by leveraging a component of Azure Active Directory (AAD) called Confirm Compromise (a feature of their Azure Active Directory Identity Protection). We built an authentication node for ForgeRock Intelligent Access that reaches out to the Microsoft Security Graph. This node  checks whether or not AAD thinks a particular user is risky. Depending on the risk level reported by Microsoft Identity Protection, ForgeRock Intelligent Access can adjust the user’s journey to require additional step-up authentication or deny the user access altogether. 

The next layer in this risk mitigation strategy is to understand the security of the device the user has. To understand the user’s “device posture”, we once again built a ForgeRock authentication node that utilizes the Microsoft Graph to query Microsoft’s Unified Endpoint Management solution, Microsoft Endpoint Manager. We do this in order to understand whether or not the end user’s device satisfies a Compliance Policy. These organizationally defined policies may require a device to not be jail-broken, or that a machine is running the latest OS, before it is allowed to access a protected resource. Once ForgeRock Intelligent Access understands this device context from Microsoft Endpoint Manager, it can use it to make runtime decisions about the user’s authentication and authorization journey.

The final component in our layered approach required integration with one of the Microsoft Cloud’s newest solutions Microsoft Azure Sentinel. Microsoft Azure Sentinel is a cloud-based Security Information Event Management (SIEM) that leverages advanced machine learning capabilities. To integrate with Sentinel, ForgeRock used our Common Audit Framework (CAUD) which allows us to monitor user activity across our entire platform. This enables us to record any ForgeRock event, logging it to disk, relational databases, Splunk, or even syslog. We built a deep integration between CAUD and Azure Sentinel by leveraging a data format standard called Common Event Format (CEF). Since Microsoft has a number of pre-built visualizations, reports, dashboards and alerts that work out of the box on CEF data, our integration seamlessly leverages these powerful artifacts Microsoft has already built.

We believe these integrations are going to make a real impact in reducing risk for our joint customers and we look forward to hearing your feedback.

To learn more about securing your workforce, consumers or things find additional resources here or contact us today.


Introducing a New Kind of Security Key: ZenKey

It used to be that before you walked out the door, you always made sure you had your keys and your wallet. The “key and wallet check” was essential to leaving your home with a clear head. Now, your smartphone has undoubtedly joined the fray as something equal to, or even more important than, those other vital items. Leaving your house without your smartphone likely seems inconceivable, and whether we want to admit it or not, it is one of the most ubiquitous things in our lives.

Your Smartphone Can Do More

Your phone understands who you are, knows where you are, it’s connected to a powerful network that is your portal to the world. So why not use that knowledge? Why do websites continue to ask me to register and log in with usernames and passwords when there is a device in my pocket that can authenticate me? Could the networks that power our smart devices play a role by adding additional, seamless security?

Using ZenKey to Unlock Trust

These questions now have an answer. AT&T, T-Mobile and Verizon have created something meaningful with the launch of ZenKey. ZenKey is a new solution that leverages the  network and SIM card details to deliver authentication and identity verification features to web and mobile applications. ZenKey is differentiated because it relies on network and device data and can’t be hacked using only a stolen username and password or even a malicious SIM swap.

What This Means for Your Security

Even more exciting is that ForgeRock is a launch partner with ZenKey, giving customers the ability to leverage the ZenKey Authentication Node in ForgeRock’s Intelligent Access solution. This node provides instant, drop-in support for the ZenKey service. By simply leveraging the ZenKey node, any website or service can offer an alternative to long registration forms and password-based logins with a highly secure, device-based, multifactor authentication.

Now, ForgeRock customers can quickly reduce abandonment during sign-ups while receiving trusted user attributes from MNOs. This capability helps reduce the risk of fraud while creating an identity pre-populated with user attributes. Once a user is enrolled in ZenKey, ForgeRock Intelligent Access can use ZenKey to power a highly secure passwordless authentication experience. This integration delivers a tremendous balance between security and usability, something every ForgeRock customer is trying to accomplish.

As more apps, websites and services take advantage of the combination of ZenKey and ForgeRock for seamless registration and authentication, one of the keys you will never leave home without will be your ZenKey.

 Learn more about ForgeRock Intelligent Access here


ForgeTalks: Busting Cloud Myths

Welcome back to another episode of ForgeTalks. My guest this week is ForgeRock VP of Cloud Success, Renee Beckloff. Renee's career has been connected to the cloud for the last 15 years, making her uniquely suited to help bust some pretty entrenched myths. She doesn't hold back in our discussion and shares why there has never been a better time for large enterprise customers to embrace the cloud

In this episode we'll cover: 

  • What are some of the most common myths holding people back from cloud adoption?
  • What are the benefits of making a move to the cloud?
  • Why you should attend ForgeRock Identity Live: Cloud Edition 


I hope you enjoy this great episode. If you want to learn more, Renee offers a deeper dive into cloud myths at ForgeRock Identity Live: Cloud Edition next week. Check out the agenda for this virtual event and register for a time that works for you. And if you want to check out any of our previous episodes of ForgeTalks you can do so here.

IAM 101 Series: What Is Identity Governance and Administration?

What is Identity Governance and Administration (IGA)?  Identity governance and administration (IGA) enables admins, security teams, and internal auditors to manage and reduce the risk that comes with excessive or unnecessary user access to applications, systems, and data.

As the digital world continues to evolve, IGA is now mission-critical to secure every organization. Yet few know what it is. With new data privacy and security regulations constantly emerging, organizations must now balance risk and customer experience while achieving regulatory compliance. Having the right identity governance and administration solution in place can play a crucial role in achieving this balance, keeping workforces productive, and enterprises secure. To fully understand what IGA is and why it’s become such a priority, we must look at how the need for it emerged in the first place.

The Early Years: User Provisioning and Mounting Regulations

To understand IGA, it’s important to understand what provisioning is and how user data was initially stored. User provisioning is the process that ensures that user accounts are created with the proper permissions. IT administrators use provisioning to monitor and control access to systems and applications. 

In the early years of the digital age (1980s - early 90s), user provisioning was rather straightforward as it focused solely on users (employees) within an organization. Access to users outside an organization, like customers or citizens, was not common. Additionally, there weren’t as many systems within an organization to manage access to, making the provisioning process relatively manageable. 

During this time, servers housed user accounts and identity data centrally on on-premises systems within the enterprise. However, in the mid-late 1990s as the .com market rapidly took off and external user access to systems and applications became ubiquitous, more sensitive user data such as name, address, social security number, country code, email address, bank account number, etc. were collected by global organizations. The need to protect this personally identifiable information (PII), the systems and applications that hosted this information quickly became critical. To address these requirements, new regulations were enacted that mandated stricter security protocols for user access permissions, required improved controls and policies to prove to auditors that the protocols had been implemented. 

The Rise of Identity Governance Regulations

Introduced in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was created to provide stronger data privacy and security provisions for safeguarding medical information. As physicians later moved to digitized health records, the HIPAA Security Rule was issued as a best practice for securing sensitive digital information and establishing national standards to protect individuals’ electronic personal health information. This rule required appropriate administrative, physical, and technical safeguards to ensure the security of patient data. 

In 2002, Sarbanes-Oxley Act (SOX) was introduced to bolster stronger trust and security around the financials of publicly traded companies. SOX imposed even more regulatory protocols regarding electronic records. It mandated the joint responsibility of auditors and management for the detection of fraud and external threats, requiring stringent record keeping, audits, and controls. Noncompliance with SOX can cost organizations up to $25 million in fines, criminal and civil prosecution, and prison sentences of up to 20 years for those found in breach of the mandate.

In 2006, the PCI Council (formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa) created a body of security standards known as the Payment Card Industry Data Security Standard (PCI DSS). Every merchant that accepts credit card payments must be in compliance with PCI DSS. PCI DSS includes requirements for security management, policies, procedures, and other critical protective measures. Failure to comply with PCI mandates leaves businesses vulnerable to the negative impacts of data breaches, such as fines, fees, and lost business.

With these new regulations and stricter protocols, organizations began to feel the strain of ensuring and proving compliance. This pressure only intensified in the mid-2000s as the market saw a massive increase in enterprise user demand for access to cloud-based applications and systems. As a result, this created a larger provisioning problem. Existing user provisioning solutions only supported internal user (employee) populations. They were not equipped to handle the growing numbers of users, accounts, systems and applications while trying to continue to meet regulatory compliance requirements. The need for a solution that supported user provisioning and management for internal and external systems and applications thus emerged. 

Turning to Identity Management as a Possible Fix

As traditional provisioning solutions struggled to keep up with increasing identity demands and regulations, many organizations turned to identity management (IDM) solutions to address these challenges. With the digital landscape evolving at a rapid pace as the introduction of cloud and software-as-a-service (SaaS) applications and solutions began sweeping through the enterprise landscape. The transition to these technologies meant that internal user identities were now being used to access new external cloud-based applications and systems outside of the enterprise network. The result was a tangled web of access to internal and external systems; a disorganized mass of accounts for workforce, consumers, and partners; and varying levels of access across multiple environments. 

Because of these new and ever-growing challenges, identity management solutions were unable to meet compliance regulations to ensure user access was reviewed, allowed, and/or revoked periodically. As a result, organizations would manually create and review user access certifications via spreadsheets distributed by email to business line managers annually or biannually for review and approval. Yet, with the exploding number of internal and external user identities, systems, and cloud applications, this process was no longer a scalable or viable option. With pressure mounting on organizations to achieve regulatory compliance, a new approach was needed.

The Emergence of Identity Governance and Administration

With a new approach, the existing user provisioning market morphed into identity management. In parallel, the genesis of identity governance came about due to the growing number of compliance regulations. Over time, both the identity management and identity governance markets merged into one market: identity governance and administration (IGA). IGA solutions address the needs of regulatory compliance through identity governance and user provisioning requirements through administration. In addition, identity governance and administration addresses user access privileges for both on-premises systems and applications, as well as cloud-based applications and systems, bridging the gap where previous solutions fell short.

Today, identity governance and administration helps organizations address common business challenges throughout their network and users. Benefits include better access compliance through certifying the appropriate level of users’ access and enhanced business productivity by providing this access to the right resources at the right time. IGA also benefits security and risk management by allowing organizations to govern user access with policy-based controls and minimizing operational inefficiencies by streamlining business processes.

In addition to helping overcome business challenges, Identity Governance and Administration supports a number of underlying use cases. These use cases include;  access requests (users requesting access to systems and applications), access approvals (managers approving user requests), access reviews (managers confirming user approvals or revoking user access), and role optimization (reviewing and updating role definitions).


  ForgeRock Identity Governance and Administration

The ForgeRock Identity Governance and Administration solution is an integral part of ForgeRock’s comprehensive identity platform. It allows you to establish policies for user access rights and continuously monitor their proper implementation from a centralized location. Through a periodic access review process — tied to a powerful workflow engine to ensure closed-loop remediation and built-in risk management and reporting — you can strengthen your security posture and automatically drive regulatory compliance.

Learn more about identity governance and administration and ForgeRock IGA by watching the webinar The Evolution and Modernization of Identity Governance or contact us today.


ForgeRock Identity Cloud Gets Even Better

Since launching ForgeRock Identity Cloud earlier this year, we have seen strong interest and innovative usage from a variety of customers. The COVID-19 crisis has contributed to the surge in our momentum. Financial services and retail customers have seen their foot traffic to physical locations drop by 80 percent or more. At the same time, online traffic is skyrocketing. For many companies, these spikes are resulting in massive increases in costs because cloud vendors are doubling their overage fees. We can help with this.

We built our cloud platform as a scalable service for cost-effectively modernizing large, complex, and diverse application portfolios at companies navigating their cloud migration journey. ForgeRock Identity Cloud has become even more flexible with identity platform as a service functionality, delivering on our commitment to provide the most comprehensive cloud solution possible.

Today, we’re happy to share exciting enhancements now available that make our cloud service even more powerful.

  • Seamless Orchestration: The one overwhelming request we get from ForgeRock Identity Cloud customers is: “Don’t dumb it down.” We listened. This release builds on our aim of extreme configurability. You can continue to deliver omnichannel experiences and security for all identities using the power of ForgeRock Intelligent Access to seamlessly orchestrate self-service and authentication journeys for your users.
  • One Subscription for Maximum Flexibility: With one subscription to ForgeRock Identity Cloud, we give you complete flexibility to not only consume as a service from us, but also deploy the ForgeRock Identity Platform anywhere -- in your datacenter, private cloud or public cloud -- in a hybrid configuration. That one subscription also means you enjoy predictable pricing that includes unlimited annual usage per user with surplus user coverage that protects you even if your business grows in unexpected ways. 
  • Full Tenant Isolation: We take security very seriously at ForgeRock. Our approach ensures your data is never commingled with other customer data. This not only prevents accidental data spillage issues, but also prevents the noisy and nosey neighbor issue. 
Getting Started 

All of the features discussed today are now available. Download the ForgeRock Identity Cloud white paper to learn more. 

Coming Up! 

If you’re unsure how to start planning your future in the cloud, don’t miss ForgeRock Identity Live: Cloud Edition. I’ll be hosting this virtual event and can guarantee you’ll walk away with useful tips on how to transform your organization. I hope to see you there next week! 

Thanks, from the entire ForgeRock Identity Cloud team!  


ForgeTalks: What is Single Sign-On?

At ForgeRock we help people access the connected world. How do we achieve it? In part, with an important digital identity tool called Single Sign-On (SSO). What is SSO? How does it work? What is the purpose of it? I was joined this week by ForgeRock's VP of Product & Solution Marketing, Ashley Stevenson, who took me through the ins and outs of Single Sign-On, using an incredibly helpful (and slightly nostalgic) analogy.

We take a look at:

  • What is SSO and what are its benefits?
  • How do privacy and security tie into SSO?
  • What is federated SSO?

If you enjoy this episode make sure you check out our previous episodes here. Next week I'll be meeting with ForgeRocks VP for Cloud Success, Renee Beckloff, to debunk common myths around moving to the cloud.

The Passwordless Enterprise Era

How ForgeRock and Secret Double Octopus Are Paving the Way for a Passwordless User Journey    

We’re living in a world where managing digital identities is becoming an increasingly complex and tedious task. Every organization must deal with multiple accounts and credentials for users, employees, and devices. Sometimes, these siloed identities can span across dozens or hundreds of locations, and number in the thousands – or even millions. All this chaos is accelerating the adoption of passwordless technologies. 

With all these moving parts, it can be extremely difficult to secure company information – and this results in a frustrating experience for both users and IT teams. With the infrastructure inside many organizations becoming increasingly fragmented across different servers, cloud services, and online platforms, the identity and access management problem becomes even more complicated. 

This is where passwordless authentication can help. The ForgeRock Identity Platform enables fully password-free user journeys out of the box, and with technology partner Secret Double Octopus, the experience can be extended to the users workstation authentication. This frees employees and administrators from the pain of remembering and managing passwords throughout the enterprise. 

The Growing Challenge of Enterprise Identity and Access Management

Companies often struggle to set up identity and access management (IAM) solutions in a secure, easy-to-use, scalable, and future-proof way. Unfortunately, many organizations end up outsourcing this task to expensive integration specialists to make complex systems work together and to maintain these integrations over time. Either way, organizations gradually get stuck with overly complicated systems that are costly, create unnecessary risk, and can’t scale with their growing needs.

 The mounting challenge of identity management has spurred collaboration among different vendors to create scalable, integrated solutions that provide robust security and easily integrate with the different on-premises and cloud-based solutions that the enterprise has already invested in. These efforts have become even more important as the COVID-19 pandemic has driven  many companies to adopt work-from-home models, making them even more dependent on reliable and scalable digital infrastructure.

 The addition of Secret Double Octopus’ technology to the ForgeRock Trust Network extends the reach of Intelligent Authentication to the desktop login experience and provides passwordless authentication to any application protected by the ForgeRock Identity Platform.  

As we’ve covered in a previous blog series, passwords are a weak spot that continues to give organizations IT cost overhead and security nightmares. The deployment of passwordless authentication provides increased security, lower operational costs, less downtime, and an enhanced user experience that results in improved productivity across the organization.

How Do We Do It?

With the integration of Secret Double Octopus, ForgeRock customers can improve security, creating a more pleasant user experience for employees, and change the way IT departments handle user authentication.

The change starts at the workstation level – with a choice between Desktop Multi-Factor Authentication (MFA) using the ForgeRock app or a passwordless desktop experience that removes passwords altogether when logging in to Microsoft Windows, Apple Mac, or Linux workstations. With additional support for existing one-time password (OTP) tokens, offline scenarios, and FIDO2 keys, the workstation becomes the first step towards a passwordless enterprise.

The next change happens at the directory level, with a choice to use to an existing Active Directory (AD) or Azure Active Directory (AAD) datastore, or to remove AD all together and rely on the ForgeRock Directory Service as the source of user profile data for workstation authentication.

Organizations have the flexibility to adopt different scenarios based on their policies, preferences, and available technology. For instance, they can choose between the ForgeRock Authenticator, the Octopus Authenticator, or a combination of both. If the work environment does not allow mobile devices, they can use FIDO2 keys as a second factor, or they can use an offline OTP if users can’t access the internet.

Integrating Octopus Authentication with the ForgeRock Identity Platform eliminates the need to create, change, manage or remember passwords, saving many headaches and complexities for IT teams and users. This directly results in boosted uptime and productivity, as well as increased security, thanks to a universal user experience across all applications.

 Together, ForgeRock and Secret Double Octopus provide customers with a clear path to transition from costly and risky user-managed passwords toward a passwordless future. Organizations can now deploy a single authentication mechanism to serve all their needs in a frictionless, cost-efficient way through a known and trusted platform.

Want to create simple and secure access experiences that just flow? Find out more about passwordless authentication here


ForgeTalks: A Local's Tour of the ForgeRock Identity Platform

Welcome back to ForgeTalks. In last week's episode, ForgeRock's VP of Product Management, Mary Writz, took me on a tour of the main landmarks of the ForgeRock Identity Platform, including Intelligent Access and ForgeRock Go. This week, we are treated to a local's tour of the platform. We'll travel "off the beaten road" and explore some of the hidden gems that the ForgeRock Identity Platform has to offer.

We'll be exploring:

  • How the ForgeRock Identity Platform makes it easier to develop applications
  • How Macaroons fix problems around Fine-Grained Scopes and Delegation
  • How ForgeRock makes Identity for Things easy!

I hope you enjoyed this two-parter with Mary. Make sure you stop by next week when I meet with ForgeRock's VP of Product Marketing, Ashley Stevenson, who unravels the question: "What is Single Sign-on?" And if you want to watch any of the other episodes you can check them all out here.

Autonomous Identity: Your Prescription for Reducing Risk in Healthcare

Earlier this year, ForgeRock published our 2020 Consumer Identity Breach Report detailing insights and data on breaches impacting consumers in 2019 and Q1 2020. As highlighted in the report, healthcare was, once again, the most frequently targeted industry (43% of all breaches), personal identifiable information (PII) accounted for the most sought after data type at 98%, and unauthorized access was by far the most common attack vector, responsible for 40% of breaches. 

As overburdened healthcare IT professionals work tirelessly to meet the demands of the COVID-19 pandemic, cybercriminals are using the global health crisis to take advantage of institutions by exploiting unauthorized access. 

This reality means the healthcare industry must protect against two threats at once. Neither is simple. IT professionals need to ask themselves whether they can identify high risk anomalous access. And just as importantly, explore how AI can help by automating access requests, performing certifications, and predicting what access should be provisioned to users.  

Identity Governance and Administration (IGA) solutions fall short in their ability to address the healthcare industry’s risk landscape and cannot meet its demanding and ever-changing requirements. Why? Simply put, IGA solutions don’t provide organization-wide visibility or identity context especially as identities continue to increase in multiple applications and locations (on-premise, cloud, etc.). This leaves your risk and security teams struggling to keep up as they manually provision access privileges and rubber stamp access requests and certifications. Additionally, the resulting operational inefficiencies can leave your teams blind as to who has access to what and, more importantly, why they have access in the first place. So, what’s the cure? 

ForgeRock Autonomous Identity is an AI-driven identity analytics solution that can be layered on top of, and integrated with, your existing IGA solutions to provide real-time and continuous organization-wide user access visibility, control, and remediation. Autonomous Identity analyzes all identity data to give you a deeper understanding into the risk associated with user access across the entire organization. The solution ingests vast amounts of workforce, partner, and consumer (patients/members) identity data from existing identity management and governance solutions, identity stores, and user activity repositories to provide wider and deeper insight into the risks associated with user access.

For example, one of the largest healthcare retailers in the United States used ForgeRock Autonomous Identity to bring visibility and contextual insight to their employee records, applications, entitlements, and entitlement assignments. The result was 550,000 entitlement assignments identified for AI-driven automation and clean-up; an accomplishment that would have taken a lot of resources and months, if not years, for IT teams to do manually.

As the customer story above exemplifies, Autonomous Identity enables your risk and security teams to accomplish the seemingly impossible — reducing risk, manual processes, and costs with one solution across your disparate identity enterprise.

To learn more about ForgeRock Autonomous Identity, read Maximize the Value of Your Healthcare Identity Solutions with AI-Driven Identity Analytics or contact us today.