Zero Trust & Decentralized Identity Technologies

Cameron D’Ambrosi [00:00:05] Welcome everyone to State of Identity. I’m your host, Cameron D’Ambrosi. Joining me this week is Mike Vesey, CEO of IdRamp. Mike, welcome back to the podcast.

Mike Vesey [00:00:14] Thanks, Cameron. Happy to be here.

Cameron D’Ambrosi [00:00:16] Yeah, so great to have you in. Gosh, a few years now with nothing. But you know who’s to say what happened in between our last visit? Nothing of of global import whatsoever but always great to have folks on who in my opinion are really, you know, on the leading edge of this identity space and and really kind of pushing the envelope in terms of the art of the possible and kind of hopefully dragging some folks along with them. So excited to get into what you’re building at ID ramp and the progress we’ve had since we last spoke, as well as maybe catching some folks up to speed who didn’t have the pleasure of listening to that first episode. But before we do that, I always like to set the stage, you know, for folks who aren’t familiar with you, give us a walkthrough of what you’re all about and how you came to lead ID ramp and what that career journey that you underwent was that that led you to this opportunity in the identity space?

Mike Vesey [00:01:12] Sure. So, you know, I’ve been around and the identity for forever started my career early on and on, kind of the physical network side of things. And we were doing intrusion analysis and and stuff like that and then everything always came back to identity. It took me several years obviously to kind of put those pieces together and realize that this was an identity problem. And then once we started building tools, you know, years and years ago, helping organizations better use and really utilize the digital identities as they were becoming popular. And when that vision started to solidify, you know, it was time to it was time to incorporate it. Ramp and go directly at it. So you know I’d wrap is our mission really is just to to help organizations better adapt and adopt digital identity solutions in their in their organization and their enterprise in the interest of helping them more expeditiously. Get to a, you know, a decentralized zero trust type model. And the tools and and the technologies keep changing. And so there’s this, you know, this this constant dynamic, and the organizations just can’t keep up with with their traditional solutions. So I’d ramp is kind of taking that head on.

Cameron D’Ambrosi [00:02:27] Robert And you know, let’s just get out of the way. I’d ramp for those who aren’t familiar, obviously maybe a bit more than you can squeeze into just a 15,000 foot introduction. Obviously a lot of nuance, a lot of complexities. But, you know, the cocktail party overview to to kick us off here. What is it? Rep.

Mike Vesey [00:02:45] Sure. So it’s, it’s, you know, kind of following on some of the points I just made. We are stack agnostic, so it’s an interesting concept. But early on we had to make a decision are we an identity management platform or are we a fabric that can incorporate, you know, many different tools and technologies? And and that was a tough decision because it would have been much easier to just say, okay, we’re an identity platform. Bring your identity, plug it in here, will enable it. Right. That would have been such an easy thing to do comparatively. But, you know, we took the different we took a different approach. So we’ve been talking about orchestration, you know, for years. And orchestration to us is you bring all your tools, whether it’s an identity management system, a service, a process, a flow, a biometric, whatever it is, and and plug them into this to this fabric that can really stay abstracted from the silo and the, you know, the single point of failure within the organization. And and it took a while for that message to kind of catch. And then a couple of years ago, we realized we weren’t alone. And there were others that are kind of thinking that same way, talking about the same types of things. And now we’re really seeing a lot of excitement and, you know, identity orchestration. But that is that is still kind of selling short what we’re providing. Yeah, we will provide those working orders, orchestration services, but we’re really focused on the leading edge stuff so we can take, you know, we can take all of your existing stuff, your identity management systems, all of your existing processes, you know, services you may want to deliver, and your methods of factors and all of those things that have become very popular to be able to mix and match. But we have a really strong focus in future proofing. So we’re looking at things like, you know, what’s going to happen when this Web three show gets here. All these people are bringing in things and all those things have identities. How are we going to incorporate that verifiable credentials? I know we’ve talked about that a lot or you’ve talked about a lot of instead of identity, but verifiable credentials are really making a strong push now due to, thankfully, some of the stuff that’s happened. You know, we compressed the world in the last couple of years with with some of the stuff that we now have to do virtually. So we focus on on really those it was cutting edge evolutionary points to identity management. So you’ve got your identity, you need a flow, maybe you want to plug in a liveness check, you know, before you log somebody into Workday. I don’t know, you know, whatever that is. We really take pride in the ability that we can do that with no code. You know, it’s just a it’s just a drag and drop click enable whatever you want. Turn on those those different security processes, all agnostic to your internal vendor stack. If you’re using a centralized IAM, they have some of those tools, great use them for where they can’t do it or you want to evolve that. Maybe you want to get closer to a zero trust and eliminate your passwords. ID Ram provides those types of functionality points very well and very easily in a in a service based manner.

Cameron D’Ambrosi [00:05:50] So I guess in not to, you know, tie you too explicitly to the status quo, if you will, you know. But if I were to ask you for way of reference for for folks to kind of anchor who maybe know the space but haven’t heard of you, do you have any direct competitors? Or would you say that you guys are kind of in a class of your own in terms of how you’re approaching this digital identity piece? Like, you know, what platforms are the customers that you hope to reach maybe using now that you would hope to bring on board?

Mike Vesey [00:06:22] I’d ramp sir certainly there’s a and yeah we it it’s really kind of good news for us. A few years ago we did feel a little lonely with the message where there weren’t a lot of people that were really talking about doing the stuff that we’re doing. But it was happening and and we’re starting to see some, some really interesting movement in the in the industry specifically, you know, the people that are that are doing. We had well, I think there was just you guys covered it in a in another presentation. I think there was an acquisition that the ping identity just made of an orchestration company there there, you know, in the same space as us, I think we focus a lot more on the, you know, the verifiable credential and the kind of the cutting edge stuff, as well as doing all the traditional orchestration points. Right as another organization that does a lot of the same stuff that we’re doing with a little bit different flavor. You know, as I mentioned, we’re we are built because we have such a long DNA and a long history of of solving these identity challenges. We’ve learned that anything requiring a central identity solution is failed from the start. So we provide we take great pride and work very hard to make this a transactional model. You know, our transactional service, we take in an identity, we orchestrate the points, we create the flow, execute the flow, discard the transaction. So there’s no legacy residual private information contained within our platform to, you know, to be breached. So that’s a pretty big differentiator. I’ve yet to run into, you know, an organization that’s doing it kind of at that level. And that’s, you know, that’s really what we’re going for. We’re trying to make this a lightweight, easy to use, extremely powerful solution that an organization can just plug in without disrupting any of their existing integrated systems.

Cameron D’Ambrosi [00:08:15] I love it. So, you know, in thinking about where we are at this moment in time and adoption of next generation digital identity, you know, you’re out in market kind of talking to buyers, understanding, I think very well what the impediments are and what the needs of those buyers are to, to some degree have been dismayed with the lack of progress we’ve made towards kind of breaking out of these existing paradigms. I think we saw COVID as really an accelerant of adoption, that the experience for C-suite executives of losing the ability to have either their staff or their customers in person to adjudicate those edge cases that were the bane of kind of legacy identity technology for the longest time. But maybe you didn’t feel those pain points as explicitly, because you could always just have somebody like walk over in person and say, Hey, I’m Cameron, can you reset my thing? Or I need a new credential, I need a new password. COVID took all that away from us and we really saw, I think for the first time, this come to Jesus moment, for lack of a better word, where the physical recovery and and physical bailouts of the floors and existing systems were were laid bare. Have you seen a substantive change in terms of your interactions with buyers in the space owing to COVID and and that that pain, for lack of a better word, manifesting in increased demand and a shift in mindset in terms of the urgency, for lack of a better word, of of moving beyond where folks are today with legacy platforms.

Mike Vesey [00:09:55] Yeah, no question. I often say it’s the only good thing that came out of the global pandemic is it made us all realize how valuable these types of identity solutions are. And, you know, we’re starting to see it’s really interesting because public sector was always that was always the place that was lagging behind. Right. It was always the corporation. The enterprise was driving new technology and all of this. And now I think we we’ve seen a shift in that, where now, very quickly, we’re seeing public sector examples that are going to be defining and leading those those charges into the enterprise. So we’ve always looked at it. I think, you know, on our previous podcasts we said the Enterprise was always kind of the was always kind of the Trojan horse of bringing this new technology in. Right. I think that was your analogy. And and now I think what we’re seeing is government and public sector could very easily disrupt this whole market with their digital identity agenda and the things that they’re doing to protect citizens. Because organizations like ID Ramp are finding a way to easily hook those digital identities and enable them across to other services or across other silos of data. So that could be a really, really interesting shift that we see. And the other thing that, you know, obviously, that the pandemic did is drove, as you mentioned, a great a great need to do better know your customer proofing. Right. There has to be a way that we know who we’re dealing with, know who are interacting with government identity or some some kind of an issued identity will certainly help. But we’re still you know, that’s only one small piece of of our digital identity landscape. So I think you’re going to see many, many organizations saying, hey, we really need a way to know, you know, even our Zoom meetings, for example, 90% of our Zoom meetings, we just, you know, we just email a bunch of people and come and just talk. But there’s a few of those where we really want to know. We we need to know who’s in that. And how do you do that? Well, I can send you email. That’s not very good. You know, I can ask you to type it in, but that’s really not good. So there are going to be solutions coming to market that that are going to do a very, very good job of KYC and proofing and identity validation. I kind of I kind of mentioned biometrics. We’ve made a big commitment as of late in the last six months. I think we’ve integrated three different biometric platforms into it where literally, again, no code, no configuration. If you want a biometric proofing as part of your identity flow, just turn it on, you know. And so we’re we’re looking at that and many other, you know, decentralized tools, verifiable credentials, obviously, chief among them, that we can reach out to to help really get organizations where they need to be. And I think we’re going to see, you know, the public sector continue to evolve at a rapid pace because the torch is lit now, you know, and everybody is kind of marching down that path. So exciting to see what will what will become of that and how that can help that can help us all, you know, adapt to better a better identity solution.

Cameron D’Ambrosi [00:13:14] So in thinking about looking forward to where you were looking to take the ID ramp platform in the future, do you think that additional capabilities beyond what you have now are really going to be required? Or is this a matter of kind of getting everybody in market above the baseline, if you will, before we can even think about expanding, you know, adding capabilities, layering on additional features and functionality, like how do we or maybe I’ll rephrase that, how do we get everybody to the baseline without having them worry about, you know, use cases above and beyond what are, you know, within their grasp right now with currently current legacy platforms?

Mike Vesey [00:14:00] Sure. I think it’s all about the the you know, the adapting. Right. So we again, we take it we try to we try to look at the world the way it is. And we try to take that as a given and say, here are the systems, here are the processes, here are the flows that our organizations are dealing with. Now, how do we build those bridges? How do we enable these new technologies in a way that we’re not asking people to take these long and large steps, even? I mean, that’s crucially important, as you know, to follow up on some of the government identity or those types of things. That’s going to be a massive, massive, massive milestone. Right. So how do we get there? We start small. We have to enable familiar processes with technology that’s usable by the masses. We can’t require a lot of custom, you know, a lot of heavy lifting or onerous tasks for for a consumer to go through to be able to participate in this same exact thing goes for the organizations. We can’t expect organizations to come in and say, okay, this time next year we’re going to be 100% zero trust. Well, what’s that mean? First of all, must define that, right? What do we do? You know, when organizations ask us how how do we get to zero trust? How do we get from where we are and become, you know, really a more secure organization? The first place I responded is, do you have passwords in your resume? Because if you do, you’re not even close. You know, we got to we got to crack that nut first. And so, you know, starting small building familiar, easy repeatable bridges is is definitely where we start to help you know help bootstrap that.

Cameron D’Ambrosi [00:15:34] We’re seeing orchestration kind of coming into its own was you know one of our buzzwords of of 2021 and and really seems to be gaining strength in 2022. Have you seen a similar trajectory out in market like when you when you hit folks with the O word kind of in conversation, are you finding yourself needing to explain yourself less and less these days? Or do we still think there is some degree of of buyer education that needs to be done around the orchestration piece specifically?

Mike Vesey [00:16:09] No, I think it’s a great thing we are having to explain it less and less. And that is that is a very healthy, very healthy thing. It’s a very it makes it easier for us to get to the magic. Right. We can get to the actual we talk about this. You know, again, I’m all about keeping things familiar. I realize if you’re talking to an organization and you can’t tell them how this is going to simplify their life and save them money, you’re really drawn down. So we focus on we focus on the cost savings of of of diminishing the importance of a centralized identity stack. When we want to talk about decentralization, we talk about the efficiencies that can come in from from not having to. Repeatedly verify over and over and over we talk about the value of interoperability and all this stuff. All we’re grounding it in. We understand where you’re at. We understand how to take you from where you are to this new place. But it’s you know, it’s it’s long past time that we can, you know, focus on the technologies, really simplify and secure that that identity management and provide an easy path to, you know, to evolve their identity strategy at a pace and a cost that will meet their, you know, the will meet their needs. To us, orchestration is yeah. Summit in some respects, it’s the tools that your identity management stack has acquired or can plug in, and that helps streamline your flow and and make things a little more efficient. But we continually find there’s not one ring to rule them all. You just can’t ever buy one product that can do everything you need without, you know, without having a bunch of stops and starts. So we found that keeping it lightweight, focusing focusing our integrations on, you know, the partnerships and the technologies that can help an organization evolve and make that leap seamlessly is a much better use of our resources and time than trying to build, you know, the next great thing, the next great identity management system. So I think it’s interesting to see. It’s interesting to see the movement in the industry for sure, the acquisitions that are happening as organizations try to provide more flexible orchestration tools. And I think our definition of what it is is generally the same as as what we’re hearing out of the, you know, the big stack providers. We just like to think that we’re a little more nimble and agile with some of the neurotechnology because experience in the space for for many, many years.

Cameron D’Ambrosi [00:18:41] So you know you obviously again as we keep alluding, I think have your finger on the pulse since you’re out there, you know, actually pushing these solutions into market. Are you finding one area in particular is resonating with buyers? You know, I think we’ve seen to some degree an ongoing shift in the identity space from thinking about identity as. As a cost center, as a risk center, as a pain point, and needing to upgrade technology purely from a almost a defensive posture, if you will, you know, risk avoidance, the realization that, you know, identity is the entire surface area of your business, whether it’s your employees, whether it’s your customers, and that this is about facilitating growth just as it is, you know, about preventing data breaches, preventing cybersecurity lapses, things of that nature. Are you seeing those more proactive use cases resonating out in the market or do you still think folks are kind of on the back foot and thinking defensively more reactively about these issues?

Mike Vesey [00:19:46] Yeah, I think we’ve got a ways to go. There is certainly some some some thinking going on along those lines, but there is. And again, this is it’s really been accelerated, I think, in the last couple of years. So that’s a good thing. The thing that is is really hard for an organization to grasp is, is that very point you’re making it. So I take you take such for so many years we’ve been taking such a strong defensive posture. Keep everybody out, keep everybody, you know, and it’s and we spend money, we buy products, we implement processes, and they repeatedly fail. You know, they repeatedly fail. And so by embracing the change, embracing digital identity as a perimeter of security, then things start to get interesting, right? Because you can you can now provide tighter, more, more you know, more security around the identity layer at the edge than you ever could by trying to reactively anticipate who someone is by where they’re coming from and and all that stuff. So I really think we’re seeing the organizations now start asking those questions, hey, if we implement some of these better digital identity solutions, where else can it help save us money? And that’s you know, that was kind of my point about the money. Why why are you creating all of these different digital identity attributes if you can get them, if you know the person to bring them with them? And that’s that’s the that’s the era that we’re just entering, is that I’m going to come into your organization with a bunch of stuff. The more stuff you can use instead of recreating makes it more efficient for for you. So, you know, if you fast forward a few years and what what’s going on in Europe, the European identity standard ideas, what happens when those when those solutions are are ubiquitous. And all of the organizations and service providers in that in that area, in that region can say, why do I need to have this person create an identity in my platform? Because I know they’ve already got one, so I’ll just use that and that. What do they do that saves you money in the process, saves you money and password resets and all that other frustrating stuff. It lowers your security risk because now you’re not having to store that information, you’re just asking for it when you need it. And and so it’s all good, right? These things all add up to efficiency, cost savings, and that alone should be the driver for the enterprise to say, we’ve got to get smarter about digital identity because I want to save money, right? By not having to expose my my applications to all this risk, by not having to expose you know, we’ve to I mean, we may have mentioned this before previously, too, I can’t remember. But if you think about an organization that says I’m going to take my internal digital identity or my internal identity silo and I’m going to issue every person in my directory this credential and I’m going to put it on their smartphone. I’ve got a cryptographic connection now with that person. And when they go to to access their systems or access their, you know, come into the building or or log into, you know, an application, whatever it might be. If I can verify that directly against their smartphone and not have to call them back to a centralized identity stack, I think what that does to my security footprint. Right. What’s that do to my my threat surface? It’s drastically reduced because I don’t have this predictable process where I have to back all this connections back to an identity management system that somebody can see build an attack for. So there’s just so many advantages to to to progressively and proactively evolving your organization to more of a decentralized posture that, you know, it will happen again. We’re seeing acquisitions by the biggest organizations in identity management to do specifically those things. So it’s an incredibly exciting time and I think we’re going to see a lot of a lot of disruption, a lot of change in the next 3 to 5 years. But arguably we would have said that 3 to 5 years ago, and it just hasn’t really happened. So but I really feel like we’re at the point now where all the stars are aligned, and I think we’re going to see a big shift here very soon.

Cameron D’Ambrosi [00:24:02] I couldn’t agree more. I think you. Or you were spot on in terms of both those those pain points in and how we best as an industry need to need to address them bringing us home on the on the final stretch here. Love to have you pull your crystal ball out and make some predictions for the next couple of years in the space just to stir the pot a little bit before I kick it over to you. You know, do we think we’re going to be able to keep up this momentum that we have seen coming out of COVID? Or is this going to be like, you know, mask usage where the second we’re out of the pain, the folks who were acutely feeling the need to pump some money into fixing their identity challenges is just going to say, well, covid’s over, so maybe we can put this back on the back burner. What do you expect to see in terms of continued growth and deployment in the space and, you know, any other topics you want to expand on?

Mike Vesey [00:24:56] Sure. I, I feel like on that point explicitly, I feel like the genie is out of the bottle. We are starting to see real world value, right? We’re starting to realize some of the efficiencies that can be gained by decentralizing and adopting these better, you know, these better, more forward thinking, digital identity solutions. Frankly, you know, we’re just we keep growing our I mean, there’s more and more applications, there’s more application turnover. There’s I mean, there’s so much stuff going on that the enterprise has to just be, you know, really on how to keep up. I mean, there’s the massive backlogs for onboarding new applications. Why is that? It’s the identity layer. It’s always the identity layer. It comes back to how are we going to onboard a person, you know? And just a few years ago, onboarding, onboarding someone, it was was a physical process interview. It was a it was an expensive asset process. We had to send them a laptop or create some VPN converged credentials and a very, very expensive process. Now we’ve got the tools and the technology that we can do all that virtually right away. And it’s integrating maybe biometrics to some extent. It’s integrating verifiable credentials, it’s integrating all these KYC and proofing processes. And it’s so much cheaper and so much more efficient and fits with kind of where the world is. I mean, certainly we’re still seeing organizations lagging in and bringing employees back to the office. I don’t think that’s ever going to change. I don’t think we’re ever going to go back to whatever the ratio is of of people working in the offices versus those working virtual. It just seems like that’s the new the new normal. And I think all of the things that we are frantically implementing around the identity security layer to accommodate those types of things are going to evolve and and change the way that we that we operate. So crystal ball, clearly, as I mentioned, you know, I think we’re going to see a lot more commercial solutions around digital identity, password removal. There’s still a lot of meat on that ball. Right. We look at the password, the you know, the space of password managers and things like that. That was all you know, that was so two years ago. Right. But there’s still real companies that are having crazy challenges. And so now we have these standards, these technology standards that we can use for verifiable credentials or whatever that we can use as our password manager platform. The future proof us right from a silo. I’m not just buying a solution from a company that may or may not be here next year. I’m buying into a technology that I can get from multiple vendors and can be maintained throughout the life of of of my need to use it. So I think we’re going to see a lot of that. We’re certainly going to see in the short term continued growth in know your customer, the KYC, improving. And I think, you know, biometrics are going to be a piece of that. I’ve mentioned that many, many times, but it just feels to me like controversial. Yes. Is it going to be perfect? No. Is anything ever perfect? No. But there’s going to be a lot of movement in that space. I think we’re going to see a real closer a much closer integration of biometrics and digital proofing and all of that stuff is going to kind of get thrown together so that an organization or a government maybe can do a really good job of saying, I know exactly who I’m interacting with and I can I can move some of those traditional in-person processes. Virtual.

Cameron D’Ambrosi [00:28:38] Fantastic. Mike, last question. Opportunity for a shameless plug here. If folks want to get in touch with you, learn more about ID, ramp the solution, how to deploy it, or how you can help them solve their identity related challenges. What is the best place for them to go for all those things?

Mike Vesey [00:28:57] Yeah. Hit our website ID crypto.com. Lots of good stuff out there. We’ve got many other. Presentations and podcasts that I’ve recorded and we have links to all of them out there. So feel free to to, you know, to go through and learn what we’re up to. Love talking to people. So reach out any time. You know, we our community involvement stuff, we’re involved in all things identities so cardio project and survivor network and disclose or trustees on their network. So lots of stuff going on and we love to talk to people about solutions. So please, please set us up and reach out.

Cameron D’Ambrosi [00:29:34] Amazing. Thank you so much and hope to have you on again soon.

Mike Vesey [00:29:39] Please. Yeah, let’s do it. Thank you.