Listen to Identropy's Jim McDonald and Jeff Steadman on their podcast at "Identity at the Center".

Both Jeff and Jim each have over 15 years of experience in the Identity & Access Management space and guide companies on their IAM Program journey through Identropy's Advisory Services arm.

In this episode, Jeff and Jim talk about how consumer/customer IAM (CIAM) is a fundamental part of a digital transformation strategy.

Brought to you by

Want to join the conversation? Leave us a message here: or email us at .

We hope you enjoy this episode and please subscribe to our podcast for updates on new episodes!

LISTEN HERE or read the full transcript below.

 *Disclaimer from Identropy: These transcripts are produced using automated tools, so may not be an exact word-for-word transcription. (i.e. - if you read something that sounds wrong, it's the tool's fault!) As always, for a better experience, please listen to the actual podcast.

 Podcast #39 Full Transcript:

Identity At The Center #39 - Digital Transformation and CIAM

Jeff: Welcome to the Identity at the Center podcast. I'm Jeff and that's Jim right there.

Jim: Hey, Jeff.

 Jeff: How you doing?

 Jim: I'm good. Sheltering in place. How about you?

 Jeff: Ditto. I've left the house twice in the last two weeks. I think both times were for food.

 Jim: I think we have a huge international audience.

 Jeff: I don't know that we even have literally a huge audience. But dozens of people listening at the moment.

 Jim: Yes. And we're taking over the Internet one set of news at the time. But I say I don't know where it's like. Well, it's like everywhere. But I think in the United States, at least, my perspective is that people are following their stay at home orders and the social distancing being pretty good sports about it overall. And haven't heard about very many people having to be forced by the alert like law enforcement or anything to comply. How about you?

Jeff: I would say for the most part, yeah. I mean, the US has like any other probably a location where you got some people who are following the rules and some that don't seem to care. But I think people are starting to come around to it. Not sure how it's working around the world.

My only other data point internationally would be we were having a conversation with Igor the other day, who's part of our team that works in Brazil, I believe São Paulo. And he said that, pretty much there, it's like normal. So it doesn't sound like it's kind of hit that area quite yet. At least from the total lockdown.

But it's just a matter of time. I mean, we're interconnected world, and you're seeing the waves as it rolls. The US, the bigger cities are getting harder hit. And that'll start to roll down into smaller cities and so forth. So.

PSA, stay home, if you can understand, is not an option maybe for.

For everyone who is listening, but take care of yourself by taking care of others.

So with that public service announcement out of the way, which is always a great Segway today.

 Jim: We're doing our part.

 Jeff: Hey, we got the word out. And, the dozens of people listening to us hopefully will pay attention.

So what that Segway we're going to move into a conversation around digital transformation and customer or consumer identity and access management.

Jim: digital transformation is. It's been around for, the concept has been around for a long time. It feels like at least for us lately, we've gotten a burst of additional clients or more interest in our IAM consulting specific to companies that are doing a digital transformation.

So it's top of mind for you and I at the moment. And I figured, hey, would this have mind is something that I could trust to talk about. We've got a one of our clients put together a slide which kind of capture kind of the main components of digital transformation from his perspective. I don't think it's anything  that much different. I think he did a great job of kind of capturing the main points of what digital transformation is, at least within his organization. But I think many organizations that are taking on digital transformation, it means very similar things. So what I proposed earlier was, hey, why don't we, use this slide is kind of a framework for discussion and, pick each of these major building blocks of digital transformation and just talk about them.

 Jeff: Sounds good. So you'll start with the first one.

Jim: Yeah.

Jeff: OK. Where do I start?

Jim: So the first one they talked about is replacing legacy and home run systems. But to me, this is kind of the essence. Digital transformation is all about. So I think when I first heard the term digital transformation, mistried over a decade ago. Look it up on Google and start really researching what is digital transformation. The idea was going from kind of a brick and mortar type of business model, something in the physical world, then moving it into the e-commerce world. Well, there are not many companies that are still 100 percent, or not already the majority of their business happening in the digital world. And so it's not like digital transformation means you're going from brick and mortar to online.

And at least nowadays, I think nowadays what it means is that you've been doing business online in the sub optimized way or you've been doing it the way you did it 10 years ago and really haven't updated things very much or things have kind of what I think we see a lot with our enterprise clients is that they've kind of come online, they've built a lot of different web properties. They've matured at different rates. They've kind of each branched off in their own way and they lost identity and access management behind as well as some other features of the digital transformation. And so, these web properties, these homegrown systems have a lot of them have to be retrofitted or replaced. And some of the infrastructure components like identity access management, need to be replaced.

Jeff: Yeah. It's like the square one is why you're probably doing it. And, I don't know, a lot of our organizations are probably looking at digital transformation now and hopefully they've already begun that journey.

But I have a feeling that the situation that the world finds itself in now is probably gonna be a big catalyst for those that haven't gone on onto it has to figure out how to be more effective than, is potentially new world of far more remote e-commerce, online connectivity that people are expecting.

Jim: It's really interesting to see all these restaurants and I mean,  kind of in the real world, what I'm seeing is restaurants are closing and some businesses that are quote-unquote non-essential, I think just like restaurants are essential to me Jeff, I don't know about you, but I think I keep thinking is hopefully this would be the perfect opportunity for them to do a remodel. You know, just gut the building, do a remodel, do the thing that they've been kind of aching to do for years. But at the same time, they've all of a sudden gotten no income and they've got uncertainty about what's going to be like when they reopen. And so it does present a challenge that, they need to invest. They've long needed to invest. Now's a perfect opportunity because customers can't come in and sit down anyway.

But they've got to have kind of some nerve in order to be able to go out there and spend the money.

 Jeff: Yeah, and I feel like, the restaurants are a really tough spot, and if you don't have any type of online ordering and pickup type of capability, you're basically you're screwed, it's this point, I see a lot of lessons that are kind of scrambling to play it together. But the ones that had already taken that into account and had built some of their business to account for that. I think we'll have a lot better chance of surviving. But I hate to say it, but I have a feeling there's gonna be a lot of restaurants that end up closing down because it's a very hard business to be in. I used to work in the restaurant business very, very long time ago, If a stat is still true, but most business, most restaurants fail within the first year or two of being opened up because it takes that long to really kind of generate the sales that are needed to keep things going. And if you've opened up a restaurant recently, you probably haven't hit that mark of profitability. And now you're probably a position where you have to decide whether you're going to, try to keep it going through some sort of online experience, and that's where unifying a user experience probably makes a lot of sense from a digital transformation standpoint, which I think is the second box you want to talk about when it comes to kind of digital transformation. But it's an unfortunate situation. But I agree that, it's like it's a great time if you haven't done it, too. If you can't think about doing those remodels, whether it's physical or logical when it comes to the business and being able to kind of keep it afloat.

Jim: Yeah. Just of something that's pretty interesting. So take the restaurant example. Somebody who's kind of done the church transformation, in my opinion, and this is based on a restaurant that I use a lot this politically show that it's Chick-Fil-A.

So I go to Chick-Fil-A a lot.

I think their food is really good and they've got an app.

Now, all, they try and get people to pay through the app and they have a reward system, but they also know who their customers are. They also have the ability to send alerts to my phones and the emails. Stay in touch with me through this whole thing and send me special offers and get me to go to the drive thru the app required them to invest, while things were still kind of everything was hunky dory for them to invest in this digital transformation and then building themselves up digital capabilities to support their brick and mortar operations.

Jeff: I think McDonald's is a good example where if you go into a McDonald's today, you to be you'd walk up to a counter and, tell someone your order and they would punch in the computer.

And now it seems like everyone I go into, which admittedly isn't that many. So because thunderclouds all the time, but the ones I've been into recently, over the last however many years have the online or not the online, but their kiosks and you go in and you put your order in and you don't actually ever talk to anyone other than the person who is handing out the orders as they're ready. And it's a very similar experience as having an app on your phone or on the computer, you're walking up to display, you're making your selections and your tapping, you're making your customizations or whatever. And it's a totally, person free experience, whether you're in the store or you're in an app or whatever, if you're doing some sort of pickup. I think the only time you actually ever talk to anybody, like if you're walk, if you're going through a drive thru and you're yelling out your order to the right to the other thing. So having that unified experience, I think puts them in a lot better position to be able to weather that kind of situation too.

Jim: And speaking of which, so unified user experience was kind of the second item. So transformation is all about. And in my experience with digital transformation, this is oftentimes one of the biggest drivers because one of the components where identity and access management in this case customer identity and access management really are the focal point of a digital transformation because, you start out where you have to where is the first digital experience you get as a customer going into a company's web or app presences, you have to register for an I.D. and then you have to authenticate with that I.D. so it becomes the front door. A lot of times. And how often do you go through a process? You say, oh, boy, it won't be create another ID and if it's a pain to buy it. How often do you walk away? It really depends, I guess, on how badly you need to use that service. But that's something that,  this is where IT and marketing really come together. And one of the things that I think is really interesting is if you look at the CIAM space, traditionally,  if you read one the clock five, 10 years ago when they talked about CIAM, there were two major platforms that were kind of in this space. And it was Giga, which is now a safety customer Cloud, I think is the name of their product that basically Giga and Janrain, which, Akamai. And the reason I think they were considered customer IAM was they had a lot of marketing featuring a lot of ability to do like progressive profiling, some of the things that are hot now traditional IAM vendors are creating within their product. So in other words, the ability to take traditional tools or build for enterprise IAM and make them customer IAM capable tools and they're adding these marketing features. But, creating the ability to have a unified customer experience, I really do feel like it starts with the identity management, the registration process and then ongoing and authentication.

Jeff: And I feel like that's like the number one reason that we've been working with a lot of clients recently as they have this fragmented log and experience for their customers and they're looking to replace that with a more single sign on type approach.

Right. It's they've had mergers, acquisitions or they stood things up in silos and different parts of the business. And, it takes twelve different accounts to use the twelve different services that the organization has on offer. And the goal is to get it down to as fuel Loggings. Hopefully one if you can to be able to take advantage of all those services and you know it's a benefit of that. You try to get a better view of your constituents or your customers, etc.. , and try to build out from there using the identity at the center to have that 360 view. Right. Of the constituents and your customers and being able to understand all that.

Jim: You're great with the Segway today Jeff. So, yeah, that was the next area was this 360 degree view of the constituents. So you've got again, the traditional approach was we need an app or we need a Web site we need an app We need another app we need another Web site. And you start to build these data silos. Now, the worst case scenario is where you've got an identity and a set of credentials for each app. But even let's assume that you kind of approach it a little bit smarter than you've gotten all of your apps using some form of single sign on. You still lined up within the structure of that application building silos of data about the person. So let's just say you use my Chick-Fil-A example to a Web site. You've got an app and you went to each one and on the way say you've done some things. And let's assume that they're separate applications. You've done some things as Jeff 70, you've gone in and ordered a T-shirt or entered a contest there on the app. You ordered a chicken sandwich. Now, the those interactions that you're having with the company. You want to be able to pull those together so you can have one view of what is all the interactions that Jeff Steadman has done. So a big piece of the digital transformation is usually how do you take out this customer data? Bring it together and create that 360 view of the customer? Well, the first part is you certainly need to know that Jeff Steadman the same person. You use the Web site and use the app. So there's like a CRM function to this as well. Where Identity access management textbook, comes into play, is really being able to say, yes, we know this is one human being that is coming into our various different applications or it might not even be applications. There may be brick and mortar or maybe a situation where you go into mortar brick and mortar locations and use a kiosk and you provide enough information. So at some level within your digital transformation into Biehl Tile, that back to a single human being. Otherwise, it's a lost opportunity. It's a lost opportunity to market to that person in an intelligent way.

Jeff: Yeah, I mean, that's kind of like the marketing dream, right, to know everything that I'm doing, all the different services that I'm taking advantage of and then giving me targeted offers based on what I think might be interesting to be able to either spend more money or drive more engagement or whatever, using the food example as we have here. If they know that I go to this particular restaurant or let's say I go to McDonald's every Friday and they start to peg that behavior and they know which McDonald's I'm going to be at. They could send a targeted thing to encourage me to either come on a different day or to spend more money. All right, on the days that I typically go there, by giving me a coupon, maybe that is good for, something extra where they know they can make a little more money off me. So having all that data is important. I think one thing that would that I'm not a fan of is trying to shove all that transactional data into CIAM platform. I don't think that is the right spot for it. And sometimes you'll see folks that are trying to do that, that's better served having that information outside of consumer. IAM directories, those sorts of things, because they're really not designed to store transactional information. They're very good at what they do. But it's like any other tool if you try to use it for something else. Yet your mileage is going to vary probably greatly based on what you do with it.

Jim: I mean, that's an absolutely fantastic point. I think that's why organizations need a digital transformation strategy that was put together with the enterprise architect mindset. Understanding that identity and access management is kind of a cornerstone to that, but it's not one tool to fix every problem, as you're talking about McDonald's, I'm thinking, gosh, there are hundreds of millions of customers. Almost everybody goes in with guns at some point. Right. And so the amount of data that you're generating around a person, it's got to be dumped into some kind of, sequel database, something in the cloud, something way more flexible and capable of handling big data than and IAM system is designed or intended to be used for. So I think that's a fantastic point. So I think digital transformation needs to include identity and access management, but it certainly can't be the one solution for the whole thing.

 Jeff: And once you have all that data, we'll do some interesting things, Not only on the targeting and the marking side, but, once you know what normal behavior looks like, you can start to look at things like risk and fraud and trying to reduce cases of those by spotting potentially, weird, not appropriate transactions or, utilization the services, those types of things.

 Jim: Yeah. I mean, where you're going with this, I think is the next bullet around reducing risk and fraud. But even just thinking about what we just talked about, all those data that you're generating. And it ties back to a human being. And where are you putting that data? How are you securing that data? So, as you start to take data outside of the applications and and dump it places, you're creating new footprint that could be exposed to attacks. You're essentially just creating a new attack vector, if you will. So I think this has got to be part of the strategy as well, which is, how are we going to take all the data could be logged Peter, it could be the data that you're generating from your applications and putting into a big data kind of cloud or no sequel database. How are you making sure that data remain secure? So security is going to be a component of the strategy, more specifically with identity and access management. Obviously, authentication is it is a huge part of your digital transformation. And the tools in the access management service authentication space have really grown exponentially in terms of their strength, their ability to use other factors to get away from passwords.

And I think, this one of those areas where a really work with an expert, somebody who understands the space, understands what each of the major products are, not limited to major products, but what you each and the vendor offerings have in terms of features and capabilities to reduce fraud. And how do they go about doing that? I think what is important is really choosing one that fits your use cases. We love to talk about password lists and how passwords are dead. And we say that because we think passwords suck at the same time. How many Web sites or two that you're not creating a password? The reason is, is because it's still ubiquitous way that we all learn to use  internet, we all learn to use applications an account and a password. People understand what a password is. Even, people who aren't technologists understand what passwords are. Whether we hate passwords or not would if we were creating a customer facing application that 100 million people were going to register to use, thinking that we're going to make the whole thing password list might be. It's probably not the right business decision at this moment in time.

Jeff: Yeah, I think it's still a bridge too far. I think there are some things you can do to hide that. Think of an example of applications that use email as their password.

You're still providing a password to get to your email system to click on the link that authorizes you to use the application. So, password list is a great idea and I think it'll hopefully get here eventually. There's a lot of technologies out that I can help with it, but in the consumer space, I think it's gonna be a while still. So you got to kind of plan for that. And being able to secure the data that comes along with is incumbent on the organization as well. So you have to plan for passwords, but that doesn't absolve you from your security responsibilities if you're collecting data. You should be securing. And if you're not, you're not gonna have a good time at some point because that data is going to get out. And then the questions are going to become, well, what were you doing to secure my data? And that's going to come out that you weren't doing a very good job of securing the data. And then, that can lead to any number of things you've seen, companies fold up because of it. You've seen ones take huge hits to their market share or, stock prices, etc.., and others who have done actually a really good job of, taking a step back and figuring out what they need to work on to be able to get to where they need to be. I know that Zoom, for example, has had a lot of issues recently come up around their security model because they've seen, exponential growth with everyone working from home now and using it. And, they certainly have some security issues to fix.

But at the same time, a lot of it is user error. I'll say in that settings aren't set the way they should be is that the fault of the user is at the fault of the company? I think you can argue either case and the stance that Zoom, for example, has taken is they want to make it easy to use her software so their security by default is pretty lax. And over the weekend they made an adjustment where now the security defaults are probably where they should have been to begin with. But they sacrificed security in the name of usability. But to their credit, I think at least publicly, they've expressed, their desire to fix things and have put a pause on new features and are spending the next 90 days fixing all the security things. And I feel like they're taking it seriously. And, that's the kind of approach that I'd like to see more companies, because nothing is secure if it's built by human. It's kind of have security holes in it. And the more humans building it, the more security holes there are potential for there. So I want to know that, if you have an application that's not secure. And I'm a user of it, that you're at least trying to do the right thing. And I think there's a right way and a wrong way to respond to it. And so far, I've been satisfied with Zoom's publicly facing statements. Could be a total disaster behind the scenes. I've no idea. But at least publicly, if you like, they're there. They're trying to do the right thing.

Jim: Right. I would also say, Jeff, you care enough to dig beyond the headlines. The problem with this stuff so often is that people want the headline. We are friendly with a company that recently had a quote unquote, breach, and the headline was either somebody got breach, we dug behind the headline. It wasn't their product. They got Grecia was some third party tool that they used that had not the most essential data that got that kind of hacked. And they still addressed it very seriously. But you would think by that term, someone saying all this company got breach, that their product must suck and it must be worth it. I don't want to use that company, your security company in the breach. It was the headline.

And I know that, I saw something where a Marriott got breached again. And it went beyond the headline.

It was, they fumbled some PII data, but it wasn't like they lost everybody. It wasn't like some of the major breaches that have happened. And so these headlines catch Google's attention and what you want to try to do is not be a company that gets slammed by a headline.

 Jeff: Yeah, well, you need a snazzy headline to get people to read your newspaper or click your link to read your article, so it's going to be the headline is going to be Marriott breached and you're gonna have to read, right?

Jim: Yeah.

Jeff: And really try to figure out, OK, what exactly happened because at this point, breach could mean any number of things. And, trying to understand that is an important part of where we need to be.

Jim: I think we're all try trying goes or so much information on it is a base that we live in this world that generates so much data and we're trying to absorb it. And the headlines, we're all guilty of it. We look at some headlines and go no further and usually end up misinformed.

 Jeff: All right. Let's move on to the next one. Compliance, consent and privacy. What are your thoughts?

Jim: So my thoughts are, each organization, needs a strategy. I don't think anybody is insulated from managing this well. I am largely talking on the privacy front there, we have Richard Berg on our podcast last week. He did an awesome job, kind of talking about some of the pitfalls here. But even keeping it more simple, even if we were living in a world where there wasn't this major privacy regulation issue that exists. We were just talking about people's ability to control, how you communicate to them, how you use their private data. Most companies want to be able to do that. And I believe I know I'm an optimist.

I believe that most marketers who work for reputable firms care about, being upfront and having integrity and letting their customers control how they communicate with them.

You know, I used to hear a lot back in the day that if you got some e-mail from a company with an unsubscribe link, don't click it, because if you do, that shows that you're a real person. Now they're going to send you ten times as many e-mails.

And, if you're getting it, if that's true of, mainline companies that you trust and they're doing stuff like that. Shame on them. But I don't think that most people out there are human beings or working for these companies would be comfortable operating in that fashion. And so I think in this area and I think a digital transformation, again, it's the company that's got multiple Web properties, multiple apps that they go to market with and they need to present to their customer kind of one face of the customer as a unified customer experience and the ability to manage those contact settings the consent.

It ought to be central. You ought to be one place and then those settings should flow through all this. As you know, we're talking about privacy and we go to the next seven GDPR and I want to tell you, forget me. Take me out of your system. I should be able to go to one interface, run that workflow, and then they should flow back to all the applications. So I think from a digital transformation strategy, I would be looking at those. How do we provide consent and privacy control from a single pane of glass? What are your thoughts?

 Jeff: I think that's roughly the gold standard is to have that kind of like customer portal page where I can go in and manage all my interactions and things right around the service or company that I'm working with.

And it's important to make sure that works because.

At this point, I'm not coming to name the company because their company, but I get an email from them, it seems like every other day. That is obviously a spam email route, not spam. But, their marketing, their product and service etc.. And that's great. But I don't want to receive it every day. So I click on subscribe because for the most part that seems to be working now. It used to be like you said, that didn't. I don't know how many times I've had to click unsubscribe on all their different marketing lists. This really bugging me to the point where now anything coming from that domain is going straight into my junk folder. I'm just tired of dealing with it. So if you don't provide a good user experience for people to opt out of the things that they don't want to see, but still retain the ability to view messages or services or e-mails or whatever it may be for that, what for a service that they do want. You run the risk of just saying, all right, one is can take a shocking approach to it and say, I'm just going to read anything, send me anymore. So I think having good consent management as part of user experience is, borderline critical, right up there with offering things like, the appropriate security and,, M.F.A. and the single login experience all that stuff, that's kind of like, yeah, makes sense. Don't drop the ball when it comes to. Okay. Now you got I'm in your system the way you wanted it to. How do you gracefully let them manage? What interactions they have with you is a big part of it.

Jim: I love that story, I've had a similar situation where unsubscribing, I can just process my mail at all, you know, unsubscribe from newsletter one, two, three. But obviously you're good with all the other news.

We'll give you a chance to one click the other newsletters. And when a company, Esquire, kind of harped on the idea of like integrity, like if I go and if I'm going to pick a real company of a valuable company and I feel like they're doing something, that I'm going to have a bad impression at that company.

So, one, I'm probably not going to do business with that company. But even number two, I might go and tell other people not to do business with that company. You don't want to do business for them.

They have no integrity. They spam you once they get your information. They treat you like, they're a bad company. So I do think this is very critical for marketers to make sure that their brand doesn't fall into that category of junk mail.

Jeff: You wanna be sticky, but you to be so sticky that people can't escape the web that that gets put together.

So once you've got all this stuff taken care of. I bet you're done right. You've built the perfect CIAM system and there's no more work to be had. And you can just probably go home and play video games.

Jim: No. So this is the last bullet in this deck, which, again, are not in this deck and in this slide, which I think are our friend did a great job of capturing those less only streamline operations. And so, give me something and I'm going to pull one thing out of it, which is, we talked about multiple generations of technology. Obviously, digital transformation. So my first IAM project sixteen years ago, I would call it digital transformation project. And when I started pulling back the covers and what I did at the access management was at the time, I said, we need to get one ID per person across all these Web sites, and I talked it through with my boss, she said I don't get any new features with that. Why can't I just get one new portal? And problem was that we were going to market with six or seven different portals and they were all being developed independently and people had different log ins for each of the portals. And just to get it all moved into one portal, DI was just such a gargantuan task. It would have never happened. It just would have never succeeded. It was too big. I feel like the reality is for many organizations that they're going to have to support a heterogeneous technology environment, things of different generations and cloud apps that did a certain purpose that, are just that they need. And they're going to have that homegrown application that they built 10 years ago and keep fixing and updating. And then they're going to have some other things. And so for me, having an identity and access management platform that supports is various use case that lets you lets the technology be independent, that has a layer of abstraction capability, API, things like that, so that you can bring in new technology and leverage the underlying services such from the IAM standpoint. But when you look into digital transformation overall is having the tools that can make that possible, the ability to provision or move data around and master data. Having integration platform is a big one that a lot of companies take on first, I know I need to connect everything with API. But I can't just do point to point all over the place. I need to have some kind of hub and spoke type approach. So they moved to an API gateway or ESP. Or, you know, using the term integration platform to kind of bundle those two ideas together and provide a kind of a hub and spoke highway system for API communication. So to me, all this is, getting to the mine operation, but there's obviously much more to that.

Jeff: Yeah, I think you've covered quite a bit of it, and I think it's not specific to, digital transformation or consumer IAM, but the phrase it's OK to get smarter.

You can always improve. It's OK to become better at what you do or what you offer. That's just the way things work. Hindsight is always 20/20 is like, OK. Hey, you know what? Next time, let's do it this way. Or hey, we've noticed this issue that's come up because circumstances changed or products changed, consumer behavior change, whatever may be great. OK, that's part of the world. How are you going to handle it? It's OK to get smarter. It's OK to improve. And if you're not continuously improving, processes are looking for ways to improve. You end up stagnant. And, at some point some other technology or company is going to blow past you because you didn't keep up with what is required based on consumer behavior or consumer needs, desires, etc.

Jim: Right. And those news are going to continue to evolve. So I wouldn't look at digital transformation as something we do now and never have to do again is something that we do it right now. You should be able to continue to evolve, but you're never going to stand still if you do it now and then do nothing to kind of stay current. You're not through it again 10 years from now. So that's the whole thing we talked about with IAM has to be treated like a program, not a project. If you think about it, you're going to be in the IAM game going forward. I think digital transformation overall interest includes IAM in other capabilities, you're looking at it more from a higher level, like a business focus. And what are the technology components, I need to know order to make that work?

Jeff: I think it's more evolution, right? You start with transformation and then you can just continue to keep that ever evolving catalog of services and capabilities, etc..

So that way the organization evolves along with behaviors and society, to be able to remain relevant and move forward, kind of like people who thought the car. Right. The first cars weren't gonna go anywhere because they weren't as good a horse. Yeah, you can now, but tell me now. Now cars everywhere. And so what's  next is that electric cars and people moving away from combustion engines, those sorts of things. So being able to stay at the forefront of where things are going is just as important to keep the longevity of our business going.

Jim: One other thing I should probably bring up is we've been talking about a certain approach in digital transformation, which is I've got all these applications. I want to bring them together to present things with a unified user experience. I want to get 360 with, these apps they have. In other words, I don't want to rip and replace everything I have yet. Other organizations are taking a different approach, which is what I call like a platform or approach. They'll say we want to move everything on Salesforce, Salesforce is like to me, one of the application platforms that is the most popular ones that we see because it has so much flexibility. That's a different approach. But I kind of don't think, well, it's just a different approach. It could be in the long run, just as successful. I think what I'd find with a lot of my clients is that they say Salesforce we can use to a certain extent, always everybody wants to at least put their toe in the water ourselves force. But it's, are you achieving 80, 90 percent replacement of your of your app footprint or are you replacing, you know, 20, 30 percent as a big difference in terms of what are the other components technology that you need to come in to the stage of transformation?

Jeff: All very well and good. I think that's probably a good place to leave it. Any final thoughts before we wrap for this week?

Jim: No, I think we did it again. Jeff. start out with the quality topic and somehow I talked for 45 minutes about it.

Jeff: Somehow, someway, that's the way it works. All right. I think we'll go ahead and call it for this week.  I hope people stay healthy, stay home, and we'll talk to you all in the next one. Take care.




Jim McDonald & Jeff Steadman

Jim McDonald & Jeff Steadman

Jim McDonald is a professional with over 15 years leading teams through business-critical technology initiatives. Technical Strategist, Leader and Champion of Change with history of crossing organizational boundaries, cultivating strategic alliances and building consensus and alignment among diverse constituents to leverage IT as strategic asset and deliver solutions that rejuvenate and advance global business’ financial performance. Also as part of our advisory practice and with over fifteen years in the identity and access management space behind him, Jeff Steadman helps develop realistic IAM strategies and provide vendor agnostic recommendations to move the needle on IAM maturity for organizations large and small.