Don't let it happen to you.

How to Stay Off CNN: 5 Ways To Rethink IAM (& Avoid Security Breaches)

Every business worries about it these days.  Some lose sleep over it. All across the globe, in every industry,  people are anxious that one fateful day, they’ll see their company name on TV.

They fear that sickening feeling of hearing their business discussed on CNN, for all the wrong reasons.  Finally getting great free PR…for having a massive security breach.

Don't let it happen to you.

Trust, broken.  Market share, lost. Competitors gloating and profits plummeting.

How to avoid this? What can smart enterprises do to keep from becoming the evening news?

You think you have done everything right. You’ve got a strong DMZ, secure web, VPNs, firewalls, rules-based authentication and passwords. That’s enough to keep most companies secure, right?


Those days are long gone, thanks to all the devises out there in the world and more importantly – in the pockets of your employees. Passwords, VPNs and firewalls aren’t enough any more to keep your business secure. You need strong, vigilant, experienced management of all your employees and customers’ logins, anywhere and on any device they use to access your systems.

This is why three little letters are popping up more often these days: IAM. Identity and access management (IAM) is now at the forefront of protecting your customers, data, privacy, employees and more.

Here are five reasons why you need to rethink your IAM strategy (do you even have one yet?) for the rest of this year….

1. Growing pains: You can’t drive business growth without protecting customer data

People often say that the one constant in business is change.

But there is another constant: driving business growth. In the 21st century, driving business growth means broadening ecosystems and revenue streams while becoming more responsive and agile. Doing this requires a digital transformation of internal processes and customer engagement. With all that comes a whole slew of new concerns about the security and confidentiality of data. Managing identity as part of a security posture that was designed in the 20th century just won’t cut it.

2. Big, really big data: You can’t turn unstructured data into insights without controlled accessmonitor-1307227_1920

Today, data is just relentless. It’s piling up in gigabytes by the minute and there are important insights buried in it. Insights you need for a true competitive advantage. The problem is that so many more people want access to that data for analysis, much of which is private or confidential.

Many of those who have legitimate reasons to get to it include supply chain partners, systems integrators, data science consultants and so on. Role-based authentication based on business rules is not equipped to handle this influx of external and internal data access demands.

3. Are you experienced? You can’t transform the customer experience without managing identities

Success in business rests squarely on how customers perceive their interactions and engagement with you. Customers just don’t pop into a store or online to buy things anymore. First, they do research and read blogs. They save products and services they like in lists.

They create profiles and provide information like social security numbers to make transactions easier. They also might have multiple profiles depending on your business, such as an insurance policy and a checking account. This requires more than normal identity management; customization and recognition are involved.

4: Nowhere to brake: You can’t accelerate your digital business without protecting your data and assets

Businesses that aren’t digital by now are businesses that will be left in a dust of paper trails and on-premises, disparate software. Digital transformation is on everyone’s minds because turning everything from consumer engagement to legacy systems into an online or mobile experience is how business should be done.

And without documentation or files that can be stored somewhere safely or old systems that only administrators can access or even a guard watching over a server room, there have to be other ways of protecting your data and assets. Not only that, but the protection has to be quick, clean and trusted. Passwords and keys are not the way to achieve this.

5. Mobility madness: You can’t embrace mobile without controlling access to your apps

Sales agreements, driver license renewals, prescription refills, field service operations, business reporting–there are apps for all that and so much more. Success in business requires offering customers and employees apps for doing business, doing their jobs, tracking issues and recording transactions.

However, these apps aren’t free-for-all fun and games. They are serious applications of business roles, functions and processes and, as such, need to be as protected like jewelry in a safety deposit box. Identity and access management really is the only way to earn the trust of your users. But, because there are so many platforms and channels involved, again a few business rules or a user ID and password are woefully inadequate.

URGENT: You Need To Learn More About IAM

IAM is essential for today’s business and digital transformation. The perimeters everyone created in the 1990s and 2000s are gone. Long, long gone.

Now you have more than employees, visitors, customers and contractors. You have joiners, movers, leavers, attesters and self-servers. Your treatment of applications, data, endpoint and network access must be unified and IAM is the way. The trick is to update your IAM so it can handle everything.

To find out more about how business trends are affecting IAM and the ways to address them,  you need to watch “Top Trends Impacting IAM” right now.

It’s our free, on-demand webinar featuring guest speaker, Andras Cser, VP and Principal Analyst for Forrester; Bob Jamieson, CISO of Mallinckrodt Pharmaceuticals and our own EVP, Shawn Keve of Simeio.

Tweet about this on TwitterShare on LinkedInShare on Facebook
Peter Kruszka

Meet the Next Generation of Cyber Warriors, Part Three of Three

This Spring, we attended the Southeast Regional Cyber Defense Competition, hosted at nearby Kennesaw college. For two grueling days, teams of college students faced off against fake hackers that were attempting to compromise each team’s fake company. Exhausting, exhilarating, endless challenges.

After the competition closed out, everyone met for a delicious and de-stressing luncheon. There we met and interviewed a few of what we like to call the “Next Generation of Cyber Warriors.”

(You can read our first two profiles: Cyber Warrior Heather Lawrence here and the profile of “The Kendallion Stallion” here.)

Today let’s meet our third and final Cyber Warrior. Meet…

Peter Kruszka

PKruszka (1)

Age:  Mid-60s
School: Kennesaw State
From:  Brooklyn, NY
Favorite movie: Young Frankenstein

Most Stressful Thing About the Competition

It’s stressful in that it’s realistic in terms of a real work environment. You’ve got technical challenges and you’ve got business tasks. They’re constant and they’re oppressive! They’re coming at you one after the other. There’s no time to put your feet up. You have to multitask and work together.

Dream Job:

Already had it. I was a System Administrator onboard a Navy ship (I was a civilian). I loved it. I traveled the world and learned all sorts of neat tech stuff. Went to Bahrain, Australia, Japan, San Diego. And the best part was – no commute!

(Well, when I did commute, it was 36 hours door to door).

So Why Go Back to School?

I’m retired but I’m planning for an “encore career.”  I want to work for a few more years. I feel like a person with my attributes would be best suited for information security because there is a shortage of those skills in the current workforce.

I’m hoping that with 35 years of IT experience and a brand new degree, I should be able to find something! That’s my marketing strategy, anyway.

What Do you Think isn’t Working Anymore in Cybersecurity?

There are lot of changes. The field has evolved – and I’m just thinking about information security, computer science, etc. – into specialties. It’s just like specialists in the medical profession. You have your computer science people, your information security people, your network engineers, your project management, your programmers.

The technology is changing too. The tech atrophies, so you’re constantly upgrading equipment. Microsoft will come out with Server 2003 and then Server 2008 and then 2012 and so on. Certifications have to come out to keep up with them, so there is a constant evolution of technology that you have to keep up with.

It’s very fluid and very sophisticated.

**This concludes our Cyberwarrior Series. But if Simeio Solutions is about anything – it’s about people. The critical, unique human factor of the world of Cybersecurity. In the coming weeks and months, you’ll see many more profiles of the smart, funny, fascinating people who work in the Information Security and Identity Management world. Stay tuned!**




Tweet about this on TwitterShare on LinkedInShare on Facebook
Kendall Morris

Meet the Next Generation of Cyber Warriors, Part Two of Three

In April, we were lucky enough to attend (and co-sponsor with our friends at EC Council) the Southeast Regional Cyber Defense Competition. There, we met and interviewed a few of what we like to call the “Next Generation of Cyber Warriors.”

(You can read our first profile of Cyber Warrior Heather Lawrence here.)

Now let’s get to know…

Kendall Morris

Kendall Morris

Kendall Morris

Age: 18
Nickname: The Kendallion Stallion
School: Kennesaw State University
From: Atlanta, GA
Favorite movie: Takedown (The story of a 1990’s phone hacker)

Most Stressful Thing About the Competition

Meeting both the technical and business needs. You have to provide so much documentation! The biz side of me was saying, “Document everything!” Then my tech side was saying, “Get it fixed RIGHT NOW, worry about the documentation and consequences later!” But you can’t do that in infosecurity because the CIO always wants to know what’s going on!

Why Kendall Decided to Join the Competition

I did some competitions with my ROTC in high school, one of them was called the Cyberpatriot competition. Now, since I’m in the infosec program at KSU, I thought it would be fun to join this with my friends and see what it’s like!

The Kendallion Stallion’s Dream Job

Eventually I want to start something of my own, some sort of internet application company. Maybe work on some kind of hardware appliance or something in IoT. But in the meantime, I’m looking forward to starting a career as a security professional.

Future of Cybersecurity

IoT is a big new risk! One huge thing to monitor in infosec is your “attack surface,” or how many things you have that are exposed to the internet. So when you have your toilet and your toaster online, it’s going to make it possible for someone to hack into your toaster. Not only will they be able to burn your toast…but they could also pivot and hack into all of your bank accounts.

Final Thoughts

If you want to get started on infosec, just start messing around and trying stuff online. Get out there and start building your knowledge base, because you never know what might come in handy later.

Tweet about this on TwitterShare on LinkedInShare on Facebook

Bring it, Hackers. Meet the Next Generation of Cyber Warriors

If you were anywhere near Kennesaw State University (KSU) the week of April 6th, you might have heard a lot of unusual noises.

Fake hacking. “Rubber ducky” and “dirty cow”* managing. If stress sweating makes a noise, you’d have heard that, too. You definitely would have heard of a lot of teamworking.

That’s because, for two nail-biting days, KSU was the site of the Southeast Regional Cyber Defense Competition. There, cybersecurity college students from all over the Southeast battled it out against each other and against a relentless round of cyberattacks from “hackers.”

Posing as the internal cybersecurity team of a commercial enterprise, the students worked together as a team to keep the faux threats at bay and then presented their findings and reports to the judges at the end of Day 2.

Simeio was thrilled to sponsor this event (with our wonderful friends at EC Council) and we even rewarded almost $20,000 worth of complimentary training for industry leading certifications to the winning team.

The Winning Team!

The winning team from the University of South Alabama.

But we attended the event for reasons beyond just handing out a huge foamcore check! We wanted to find out more about these future cybersecurity professionals. Why they were there, what drove them to compete, what they thought future hackers might be up to.

So here is the first of three profiles of what we’re fondly calling “Next Gen Cyber Warriors.” First, let’s meet Heather…

Heather Lawrence

Age: 30
Nickname: @InfoSecAnon
School: UCF
Education: BS in Computer Engineering and is pursuing PhD in Computer Engineering with a focus on computer security.
From: California
Favorite Movie: Johnny Mnemonic

Heather Lawrence

Heather Lawrence

Most Stressful Thing About the Competition

Getting the business injects in on time. Particularly this year – versus last year – there were a lot more 30 minute injects. Everyone has to stop what they’re doing to triage. It’s like putting out fires every 30 minutes.

Why Heather Decided to Enter the Competition

I like to compete with my friends! We go to a lot of competitions together and they’re not just all defensive competitions, either. We do offensive ones, too. For the last two years we went to a social engineering competition. Basically, you get to social engineer a company and try to get deeper and deeper into their infrastructure. We looked at their website and found that they were running a food drive. So we called them and said “can I get a list of your employees so I can coordinate the food drive?” And many of them just gave the names to us!

Heather’s Dream Job

I want to do data science with a cybersecurity twist. Eventually, I want to run my own company because I’m absolutely tired of hearing about these companies with toxic cultures. I feel like maybe with a woman leading a company, you won’t get as much of that.

Future of Cybersecurity

Attackers are getting smarter and the cybersecurity professionals are plateauing out. We are busy playing catch up and the field needs to stay more current and ready for new threats. Some of the really critical infrastructure SCADA/ICS networks are very vulnerable.

I’d also advise people new to cybersecurity to try to prevent burnout. The field is very dense in material, there’s always so much more information to learn. New people to this field can feel very overwhelmed and burnout can happen quickly. So it’s a challenge: learning all this material and still making sure to take time out to take care of yourself. Learn what your boundaries and limits are early on. Find a way to take a break and refresh yourself. Then you can jump back in again and keep learning!


*Cybersecurity geek speak alert! A “Rubber Ducky” is USB flash drive device which resembles a regular USB flash drive, but actually helps hack into the device it’s connected to. A “Dirty Cow” is a new vulnerability discovered in Linux kernel.

Tweet about this on TwitterShare on LinkedInShare on Facebook

Identity, The Wall and the Future of Cybersecurity

Much of what I learned at RSA has stayed with me. Some things surprised me; others confirmed some trends I have been noticing on my own for a bit. More on those later.

However, one particular quote really got my attention.

It came from keynote speaker Dr. Neil deGrasse Tyson, one of my personal heroes. He was talking about how very important the role of cybersecurity was in this increasingly digital world. To paraphrase, he said: “All of us here at RSA…you are the Night’s Watch. You are the ones standing on the wall.”

My affinity for that metaphor will out me as the Game of Thrones geek that I am. (Then again, to those who know me, my geekdom is no surprise. We’ve named the conference rooms at our Atlanta Simeio headquarters things like “King’s Landing” and “Winterfell.” Yes, really.)

But Dr. deGrasse Tyson has it right: the importance of the cybersecurity’s professional’s role cannot be overstated. Online security and protection of customer privacy isn’t just one of the hottest topics in boardrooms…with the recent political climate, it’s a widely discussed topic even across kitchen tables.

That’s why gatherings such as the RSA Conference are so crucial. When 40k+ people descend on a town to trade notes on cybersecurity, the world needs to pay attention.

Here are some of my key takeaways from the RSA Conference.

Identity Comes Into Its Own

In previous years, identity was tucked away in a corner of this conference. Not so this time around. I was pleased to find identity as a full-blown track. It shows quite clearly that while security previously was thought to be just network security, IAM is becoming a cornerstone of security. For the first time at this conference, identity was being seen as a critical piece of security, and a necessary partner of privacy. That says, one cannot maintain a privacy posture without identity.

A Short-Staffed Industry

One of the things that was discussed was that the CyberSecurity industry has a talent shortage, yet not many realize just how severe it is. And more importantly, most people don’t realize what corporations who are struggling with the problem must do to get a grip on it.

Here are some stats for you: there’s zero percent unemployment in CyberSecurity. There are 1 million unfilled jobs worldwide.

What does that mean? It means the industry is seeing an increase in services spend. It means that a lot of companies cannot hire the people they need, or simply just can’t find them. Or they don’t need them all the time, but when they need them, they really need them – like for incident response.

So a lot of companies are reaching out to MSSPs rather than building in-house. Companies look to solve their skill problems by developing their own corporate training, but often that’s not enough. And as bonus, companies that have gone to the cloud find themselves with IT staff who can now be retrained on critical security skills like incident response – and that has a big impact in closing this skills gap.

The Internet of Vulnerabilities

With last October’s Dyn attack fresh in minds, one of the most heavily discussed topics was about the Internet of Things (IoT) security. Many sessions described criminal methods (like skimming) in detail and exposed common device vulnerabilities.

But few offered real solutions. IoT vulnerabilities were cautioned by the SANS Institute’s annual keynote called the “The Seven Most Dangerous New Attack Techniques and What’s Coming Next”. The session explored the relatively simple means in which regular home automation devices can be used as an entry point for hackers to enter, and then move laterally within a corporate network.

With the recent explosion of crypto-ransomware, which has become an ideal mechanism for the “bad guys” to hold company data hostage, this talk also highlighted the looming danger of IoT as a new attack surface for ransomware.

Given how much money criminals make with ransomware, it is logical they would use that tool to exploit IoT vulnerabilities. Gartner predicts that by 2020, more than 25% of identified attacks in enterprises will involve IoT devices, so the industry needs to quickly agree on and universally enforce a security model for IoT.

The Future of Device Identification

The problem with identity of things is that all devices are not the same. Hugh Thompson touched on this topic in his keynote presentation on “Revolutionizing the Future of CyberSecurity,” where he presented a really interesting concept that struck me as the way forward for device identification and IoT security.

The idea is to tie something that resembles a food label to every single IoT device. It could be captured by the identity system at time of device registration, and then transmitted in the ID Token as part of a handshake.

This “label” could be used to communicate various immutable properties of the device such as voice recording capabilities. So, if it can indeed record voice, then maybe I want to apply special security policies & data restrictions, like not permitting it in boardrooms.

But it might also communicate security information about the device, such as when it was last checked, vetted, had maintenance – so that I can trust that device. And wouldn’t it be great if every device came with a behavioral graph describing how it should be functioning normally – and then we could apply UEBA tools to better understand when it’s behaving strangely and is a risk?

This ties in quite well with what we are doing at Simeio with our Identity Platform.

We believe that once you are able to establish the identity of a device, you can start fingerprinting the device and establishing an identity footprint. So if it is a brand-new device, the footprint is fairly new, so you know there is a certain amount of risk involved with that device. And you might apply a different type of authentication policy for that device.

You might trust a device if it has been working there for years. You’ll know the geo-location of the device, that it is coming from the right place, that the manufacturer ID is correct. If it is a phone, you’ll then know that the IMEI is registered with this user.

There are a lot of variables involved in this kind of situation. What we have been doing is developing a trust model solution for identities, and to establish a confidence score based on the information we know about the device, and this identity can be a person (physical user) or a device.

One Fate We Must Prevent

The conference presented several more captivating presentations on advancements in digital identity standards, including methods to secure customer access, ways companies can prepare to be compliant with GDPR, etc. And we will get into those topics in future blogs.

But today, I’d like to close out this post with a quick shout out to Ian Glazer’s inspiring call to arms on professionalizing the identity management industry in a talk named “One Fate We Must Prevent.”

In his presentation, Ian spoke on the long overdue need for a professional organization for identity, and presented a sound maturity model for achieving what he calls the “de-weaponization of identity systems” model.

In today’s world, digital identity is being sought after as a basic human right (United Nations ID2020) as a means to end trafficking and ensure basic human services. So we, as identity professionals, need to answer this call today, to come together and find ways to prevent identity systems from being harmful. (All while ensuring they deliver services that everyone expects from our society.) To this purpose, we have signed the Kantara Initiative’s Identity Professionals pledge.

After all…we are the Night’s Watch, the guardians on the Wall.


Abhimanyu Yadav
Vice President of Product Management
Simeio Solutions

Tweet about this on TwitterShare on LinkedInShare on Facebook

2016 Year in Review

I can hardly believe another year has gone by. But what a year it’s been.

When we founded Simeio nearly ten years ago, we had a very clear mission: to help businesses and governments reinvent how they engage with customers, how and where their employees work, and the way they partner with others. The upside is compelling: huge productivity and efficiency gains, greater employee and customer satisfaction and loyalty, deeper insights into customer needs and behaviors, and entirely new revenue opportunities.

I’m pleased to say that as we begin 2017, we are succeeding at that mission beyond my wildest dreams.

Today, we protect over 100 million identities, and our growth shows no signs of slowing. For the second year in a row, Simeio was named as a Deloitte’s Technology Fast 500™ award winner, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America. We also made Silicon Review’s 50 Fastest Growing Tech Companies in 2016, no doubt in large part due to having added new customers across all major verticals, including financial services, insurance, hospitality, energy manufacturing, healthcare, government and education. I was also personally honored by Ernst & Young as an Entrepreneur of the Year finalist, and I was proud to be included in such amazing company as James Whitehurst at Red Hat, Paul Brown at Arby’s, and Ben Chestnut at MailChimp.

Gartner took notice of Simeio, too. In its most recent report on Critical Capabilities for Identity and Access Management as a Service (IDaaS), Worldwide, Simeio received the highest score out of all 18 vendors reviewed in what Gartner calls the “traditional/legacy workforce” use case. This use case describes organizations that have a mix of legacy (i.e. non-web-architected) on-premise applications and cloud-based software-as-a-service (SaaS) applications.

While Gartner uses the term “traditional/legacy workforce,” I think a better term is the “typical” use case. In today’s enterprise, the typical IAM infrastructure is a hodgepodge of systems from multiple vendors controlling access to a rapidly expanding array of disparate resources, from legacy systems and on-premise enterprise applications to cloud-based SaaS applications.

It’s exactly this kind of technology complexity and diversity that Simeio was designed to address. Our industry-leading Managed Identity Services are transforming the way organizations handle security and identity. Unlike most other IDaaS providers who simply host IAM software for you in the cloud, Simeio offers full-service IDaaS – we handle everything for you, from operations to maintenance. Our VP of Product Management, Abhimanyu Yadav, explained our unique approach at the heart of our success in his blog series, Putting the “Service” in “Identity as a Service.” If you haven’t already read it, I highly recommend it.

In 2016 we also expanded our partnerships with leading IAM and security software providers. For example, we now offer the RSA SecurID suite as a Managed Service, as well as the entire CA Technologies IAM portfolio. Our CA partnership was particularly rewarding this year as Simeio was recognized at CA World as “Partner of the Year” in the “Delighting the Customer” category, and our joint customer, Best Western, was named “Customer of the Year” in the “Customer Impact” category.

We capped off the year by passing our ISO 27001 certification on the first try with zero non-conformities. ISO 27001 requires having a comprehensive business management system to detect, evaluate and treat information risks effectively. We take security and risk management seriously – it’s our business, after all – but it’s nice to have independent audit confirm we’re at the top of our game.

As we now turn our attention to 2017, you can expect more such partnerships, with more growth and progress. We continue to add features and capabilities to our groundbreaking Simeio Identity Platform at a breakneck pace. The platform is the “secret sauce” that enables us to provide Managed Identity Services far more effectively and efficiently, especially in heterogeneous environments. It provides a single, unified UI with consistent, easy-to-use workflows for managing identities and access privileges regardless of the underlying technologies. Because the platform is vendor and deployment agnostic, we can use IAM and security technologies from any leading vendor, and deploy in your infrastructure or ours, on-premise, in the cloud, or a hybrid of the two. You simply can’t find a more powerful, flexible and portable solution.

The platform also provides exceptional real-time monitoring capabilities as well as identity intelligence designed not only to help ensure the security and reliability of your IAM systems, but also to provide insights into user behaviors that can illuminate business and revenue opportunities. Together with our identity and security experts, it can turn your IAM capabilities from a costly drag on your business into a powerful business enabler. If you’d like a demo, just get in touch.

In closing, I want to give a big “thank you” to our customers, employees, partners, investors and industry analysts who made 2016 such an incredibly successful year for us. I wish for all of you a healthy, happy and prosperous 2017!


Hemen Vimadalal
Chief Executive Officer
Simeio Solutions

Tweet about this on TwitterShare on LinkedInShare on Facebook

Simeio Gartner IAM Summit Recap

One of our team’s favorite cybersecurity events is the annual Gartner Identity and Access Management (IAM) Summit. The theme of this year’s conference was “Reimagine IAM to accelerate digital business.”

Analysts delivered a variety of sessions discussing how successful IAM projects can facilitate an organization’s digital transformation and boost the results of digital business.

Conversations around the show floor made it clear that the cloud was top of mind to many in attendance. This prompted us to take an informal survey of our customers, which revealed a couple of accelerating trends related to the cloud:

  • 40% expect to move more of their mission-critical applications to the cloud in the next 2-3 years – if they aren’t already doing so. Many told us that this migration was already well underway in their organizations today.
  • 60% expect to take a “cloud-first” approach to IT by 2021.

But even as enterprises adopt a “cloud-first” strategy, there will continue to be legacy, on-premise applications in the foreseeable future. This requires IAM capabilities that can unify and simplify such complex, heterogeneous environments – capabilities that help rather than hinder the move to the cloud.

We think this is the reason so many people responded enthusiastically to our recent recognition by Gartner where Simeio received the highest score in the traditional/legacy workforce use case, which describes organizations that have a mix of legacy, on-premise and cloud-based software-as-a-service (SaaS) applications.

The Gartner IAM Summit also made it clear that the same benefits that are encouraging organizations to move their business-critical applications to the cloud are also accelerating the adoption of cloud-based IAM. In fact, in the opening keynote, Gartner analysts said that 22 percent of their clients expect to deploy cloud-based identity governance in 2017, driven by a goal of adopting a cloud-first strategy.

The Gartner analysts confirmed something we’ve been saying for a long time – that Identity governance is ripe for cloud-based deployment as organizations accelerate their digital transformation. With a true, cloud-based identity governance solution, organizations can get the immediate benefits of the cloud while still having full visibility into – and control over – their entire IT ecosystem, on-premise and in the cloud. That’s the power of identity: giving organizations the ability to charge down the cloud-first path efficiently, effectively and – perhaps most importantly – securely.

Simeio had the opportunity be part of two education sessions. In the first, “How Identity and Cloud Security Enable Next Generation Security Operations Centers (SOC),” Simeio EVP Shawn Keve, Palerra’s Rohit Gupta and our friends from Oracle delivered a powerful update to a full house, eager to hear about this exciting new offering.

The key takeaway from this session was that identity has become the new security. In order to engage in digital business, the enterprise must open up its sensitive resources to employees, customers, partners and suppliers. But this also opens up the organization to attacks, which are increasing in both frequency and sophistication. Unlike a traditional SOC, which focuses on perimeter security, an identity-based SOC monitors the internal usage of identities to detect and prevent unauthorized or inappropriate access.

This concept is the foundation of Simeio’s Identity Intelligence Center, which combines highly skilled identity and security professionals with proprietary and cutting-edge technologies to protect corporate resources and information by monitoring the use of digital identities and access privileges.

Next, we delivered a case study on how Simeio helped one of Canada’s provinces to deliver a seamless digital experience to its citizens, while lowering costs. This case study highlighted another trend that we see playing out: the need for Identity Verification. The benefits showcased during the presentation actively engaged the audience and led to an informal Q&A session that was twice as long as the presentation! These benefits include…

  • Fast, easy online access to a full-spectrum of government services for 4 million citizens
  • Total security and privacy of citizen data
  • Greater citizen engagement and satisfaction
  • Significant cost savings – many processing fees cut in half

The session represented a special treat as it is the first time that our CEO, Hemen Vimadalal, and Shawn Keve have delivered a joint presentation at a conference.

Finally, we couldn’t stop smiling as Staples spoke about their project success around Identity Governance. Our friend Firdaus Modak leads that project, and along with CA Technologies, Simeio has been able to contribute to Staples’ great success. Special thanks go to Albert Briones and Niketa Parikh from Simeio for delivering superior value to Staples.

Staples at Gartner

Staples speaks about their project success around Identity Governance.

Gartner IT Symposium, RSA Charge, CA World and Gartner IAM Summit in the past six weeks – it’s been a whirlwind! What we keep hearing from our customers, prospects and partners is that Simeio’s capabilities around identity governance, IDaaS and Identity Verification position us very well for 2017. If you didn’t get a chance to catch us at the Gartner IAM Summit, let’s connect at the RSA Conference – see you in February in San Francisco!



Ed Pascua, SVP Channel Sales
and the Simeio Team

Tweet about this on TwitterShare on LinkedInShare on Facebook
Putting the “Service” in “Identity as a Service” – Part 3

Putting the “Service” in “Identity as a Service” – Part 3

Simeio’s next generation Identity Platform


In my previous articles, I discussed the 5 growing expectations businesses now have that are driving transformation in the Identity as a Service (IDaaS) industry – what I’ve called “next-generation IDaaS.” In this, my third and final post in the series, I get to toot our own horn a bit and explain how Simeio is responding to these new demands. If you missed either of my first two blog posts in this series, you can catch up on them here:

Unlike most other IDaaS providers, who primarily host and maintain your identity and access management (IAM) infrastructure but still expect you to operate it, we offer Managed Identity Services – we operate, monitor and defend your IAM infrastructure as a full-service solution.

Of course, the concept of Managed Services isn’t new. But there’s a fundamental difference between simply outsourcing the task of managing your IAM infrastructure and delivering on the promise of next-generation IDaaS. While it’s inherently valuable to have experts handling the job, next-generation IDaaS requires more than just people; otherwise it’s just a different group of people doing the same old things.

Next-gen IDaaS requires a next-generation identity platform. That’s exactly what we’ve built at Simeio.

By definition, every IDaaS provider has a platform. Although the list is pretty extensive, what makes ours different – and an enabler of next-gen IDaaS – boils down to two key features: identity virtualization and identity analytics.

Identity virtualization

Identity virtualization is a unique and critically important feature of our platform, abstracting the functions used to operate and manage your IAM infrastructure from the underlying technologies.

Okay – I’ll admit that “identity virtualization” sounds like just another IT buzzword. So as my marketing colleagues often remind me to do, let’s talk about the benefits.

First, it enables us to be vendor, technology and deployment agnostic. Put simply, this means it doesn’t matter what mix of IAM vendors or technologies you have, or where they’re deployed – on premise, in the cloud, or a combination of the two – in order to enjoy the benefits of next-generation IDaaS. No other IDaaS provider can make this claim.

We can use your existing IAM infrastructure – or we can augment it with advanced capabilities or replace it entirely with our IDaaS solutions. You can choose from a wide-range of IAM and security solutions from leading vendors, including Oracle, CA Technologies, Dell, IBM, ForgeRock, Saviynt, Palerra, ObserveIT, Lieberman Software, CyberArk, BeyondTrust, RSA, Brinqa, Securonix and more.

I can’t overstate the importance of this. No one-size-fits-all IDaaS model can possibly meet the dynamic requirements of today’s digital enterprise – which is why we sell capabilities, not software.

In fact, in order to offer the broadest and deepest set of Managed Identity Services on the market today, we have to combine best-of-breed technologies from multiple vendors – no one vendor’s stack does it all. So rather than introduce complexity to achieve this goal by adding multiple technologies that have to be managed separately, our platform enables us to actually simplify operations.

There are important business benefits too.

Regardless of the complexity of the underlying infrastructure, you still get “one throat to choke” with our Service Level Agreements (SLAs) guaranteeing uptime. It also significantly reduces risk by eliminating vendor or technology lock in.

You get unparalleled flexibility and agility with the freedom to combine best-in-class offerings to create a solution that’s customized to meet your specific requirements, and the freedom to add, switch or upgrade any component at any time to meet new or changing needs and seize fleeting business opportunities.

We can deploy individual IAM capabilities such as privileged account management and multi-factor authentication, or even entire IAM solutions in a fraction of the time – and a fraction of the cost – of building and developing your own. And so your IAM capabilities can actually become a business enabler instead of a bottleneck as your business needs evolve.

The business model is equally as flexible. You have the option of using a cost-effective multi-tenant solution or using a dedicated environment. You get a choice of “pay as you go” pricing options; services can be licensed per user, per transaction or subscribed through a fixed monthly fee.

Identity analytics

As I discussed in my previous post, next-gen IDaaS solutions must provide organizations with a new and improved level of analytics that enables them to better understand risk and to address it up front – as well as to identify opportunities to add value.

In today’s connected enterprise, you can’t simply firewall off your sensitive data to keep it safe; too many people need access to it in order to do business. So what’s the key to keeping the bad guys out while letting the good guys in? Analytics.

Simeio Identity Intelligence combines proprietary and best-in-class monitoring and alerting technologies, System Information and Event Management (SIEM) technologies, and User Behavior Analytics (UBA) to create a powerful solution that’s designed to provide real-time insights into how digital identities are being used – or misused.

It’s designed to detect both security vulnerabilities and malicious activity tied to identity, such as ghost accounts or undeleted default accounts, or atypical access patterns such as unusual times or locations.

It includes special features for monitoring and recording privileged user activities – those associated with accounts used by system administrators that provide nearly unfettered access to your entire IT infrastructure where, in the wrong hands, the damage can be catastrophic.

It then goes further to provide identity intelligence and behavioral analysis. It offers insights into patterns of usage among employee, partner, supplier or customer accounts, and analytics that can be exploited by sales or marketing to identify new business opportunities.

People still make the difference

While I’ve focused here on the Simeio Identity Platform, I don’t want to conclude without at least a nod to our people. IAM is a complicated discipline that requires rare and deep expertise that lies outside the typical company’s core competency.

At Simeio, we have the largest in-house team of consultants, engineers, analysts and advisory professionals compared to any other IDaaS provider. You get greater efficiencies through aggregation of knowledge, harnessing broad actionable intelligence, and having a full complement of security professionals on hand at all times.

Our people and our technology come together in the Simeio Identity Intelligence Center™ (IIC), our cutting-edge Center of Excellence for Identity and Access Management. Simeio IIC™ enables us to deliver Managed Identity Services far more efficiently and effectively than any other provider.

Get in touch and we’ll be happy to show you how our next-generation Identity Platform can transform the way you look at identity management.


Abhimanyu Yadav
Vice President of Product Management
Simeio Solutions

Tweet about this on TwitterShare on LinkedInShare on Facebook

CA World 2016 Recap

CA World 2016 has come and gone, but its impact in the industry still reverberates. It was easily the most impactful and engaging CA World of the seven in which Simeio has participated. It’s always fun to see old friends and make new ones!

It started with an invitation to the Partner Advisory Board. Simeio was invited, along with other strategic CA partners, such as Deloitte, PWC, EY and HPE. The Board received a presentation about the latest developments in the CA security product lineup. The members of the Board provided feedback about the messaging of CA’s newest products. The opportunity to collaborate at this level was a reminder of the strong, strategic partnership Simeio enjoys with CA.

The Partner Summit was held the next day. Session after session hosted by members of CA’s leadership team, including Mike Gregoire, CEO, and Adam Elster, President Global Operations, emphasized the strategic importance of partners to CA’s near and long-term business plan. It was exciting to see the revenue targets that SVP John Eldh, Global Channel Leader, is expecting from CA’s strategic partners.

At the end of the Partner Summit, CA recognized partners who had delivered outstanding value in the past 12 months. Imagine our surprise when Simeio was named a finalist for the Partner of the Year in the Disruptor category! But the best was yet to come… Simeio WON the Partner of the Year award in the Delighting the Customer category! Tony Jennings, CA’s North American VP of Channel, presented the awards. The Simeio teams that work on customer sites as well as remotely, from our global Identity Intelligence Centers, truly deserve the credit – this is THEIR award!




Tony Jennings presenting the Partner of the Year award to Simeio

The next day, CA’s Mo Rosen, GM of the Security BU, delivered the Keynote Address for Security. At the conclusion of the Keynote, he presented Customer VIP Awards. We were thrilled to learn that our customer, Best Western, was named VIP Customer of the Year for “Progress”. Harold Dibler, Denise Tedeschi and Boyan Vassilev accepted the award on behalf of the Best Western team. This recognition happened right on the heels of Best Western Hotels & Resorts receiving recognition as a finalist for ISE North American Project of the Year award in the Commercial category. Today, Best Western secures its 25 million members using Simeio IDaaS powered by CA Security: CA Identity Suite, CA SSO and CA Advanced Authentication.




From L to R: Ed Pascua (Simeio), Serena Dynes (CA), Boyan Vassilev (Best Western), Harold Dibler (Best Western) and Shawn Keve (Simeio). Missing from the photo, but important to recognize, are Denise Tedeschi (Best Western) and Shashi Dasari (Simeio).

Later in the conference, Simeio had the privilege of hosting two educational sessions:

  1. Ed Pascua moderated a discussion between Harold Dibler and Boyan Vassilev as they explained the different phases of the Best Western project, the value delivered to the business and the key lessons learned.
  2. Dave Culbertson, VP, Global Advisor (CA), and Shawn Keve (Simeio) shared insights from a detailed survey of 210 C-level executives.


Sharing insights from the survey of 210 C-level executives

To put an exclamation mark on our CA World experience, Simeio was featured in a press release with CA and quoted in a CRN Magazine article. The buzz and activity at CA World, the quality of the sessions, and most important of all, the enthusiasm expressed by so many satisfied customers make it evident that CA is on the right track with their strategy around CA Security. We’re excited about what’s ahead and can’t wait for CA World 2017!


Ed Pascua, SVP Channel Sales
and the Simeio Team

Tweet about this on TwitterShare on LinkedInShare on Facebook
rsa recap

RSA Charge Recap

This fall has been a busy time with lots of trade events related to identity and security, and as usual, the 2016 RSA Charge Conference was one of the more interesting ones.

At this year’s conference, there was lots of buzz and awareness about Simeio having just received the highest score in Gartner’s recent report on Critical Capabilities for IDaaS, Worldwide, in the traditional/legacy workforce use case. This recognition was viewed by both RSA and its customers as a huge advantage and a real contributor to the strength of our partnership with RSA.

Day 1 kicked off as team Simeio soaked up the opening keynote by RSA President Amit Yoran. One point he made stuck with us: the value of perspective.

RSA Charge Recap - Perspective

Yoran described how perspective changed the game of Dick Fosbury, the famed Olympic high jumper. Fosbury was the first to take advantage of the new soft foam landing pads, which had just replaced piles of sand, to change his jumping style. Fosbury could have kept using the same old style that jumpers had been using for generations and simply enjoyed the benefit of a softer landing. Instead, he saw the introduction of the new pads as an opportunity to reinvent his style. This new jumping style, dubbed the “Fosbury Flop,” resulted in breakthrough results…all because he changed perspective.

It seems to us that there is a parallel in enterprise Identity and Access Management (IAM), where the newly introduced elements are the cloud and managed identity services. What happens when the full capabilities of traditional on-premise IAM can be achieved with a cloud service? What happens when the cloud service is accompanied by a high-touch, concierge-level, “white glove” service?

Some may simply continue to do what they’ve done in the past and enjoy the benefit of lower costs that such a solution affords. But others are likely to see these more secure and robust capabilities as an opportunity to reinvent their entire business – to make a significant digital transformation by changing how they engage with customers and partners and creating new revenue opportunities. It all depends on their perspective.

Day 1 continued with a dinner event with our trusted partner Lieberman Software, where we were able to show appreciation for our mutual customer, SeaWorld, as well as engage in a lively discussion around Privileged Access Management. We discussed how organizations like SeaWorld can take advantage of Simeio’s Managed Identity Services for Privileged Access Management to beef up their security in this area – one that many consider to be the most vulnerable part of any enterprise network.

The next day, we were especially gratified to be able to share the stories of our awesome customers SeaWorld and Asurion in our session “The IAM Journey – From ‘On-Prem’ Implementation to Sustainable Managed Service.” Our EVP, Global Sales and Marketing, Shawn Keve was able to add his insight as well.

The SeaWorld experience was of particular interest to many in the audience. SeaWorld, which operates 12 theme parks and entertainment facilities and related corporate offices, had been struggling with Sarbanes-Oxley compliance due to manual and difficult-to-manage processes. The panel detailed the three-phased implementation approach that Simeio used to help SeaWorld streamline and automate those processes with minimal disruption to ongoing operations.

Simeio helped SeaWorld use the RSA Identity Governance solution in parallel with the old manual method for a period of time to get everyone used to the new processes and to instill confidence in their accuracy and reliability – but it also clearly demonstrated the incredible savings in time and effort that the conversion to the new solution afforded.

RSA Charge Recap - Simeio Panel Session

Probably the most rewarding part of the experience was the way people we had just met reacted to the Simeio value proposition. In particular, many told us that they understood that that no one-size-fits-all identity solution could possibly meet the needs of the typical enterprise. They really appreciated the flexibility that only Simeio can offer because – thanks to our cutting-edge Identity Platform – our security and identity solutions are vendor, technology and deployment agnostic. It means we can offer the right combination of software and services to meet the unique needs of any organization at any scale, using their infrastructure or ours, on premise or in the cloud, or a hybrid of the two.

Such flexibility is possible only when combined with deep expertise with a broad range of identity and security technologies, something we pride ourselves on here at Simeio. Several times in just a few minutes of conversation, the Simeio team was able to find common ground, establish credibility and build resonance. We are really excited about exploring how we will be able to assist these customers.

We are already looking forward to RSA Charge 2017. See you in Dallas!


Ed Pascua, SVP Channel Sales
and the RSA Charge Team
Simeio Solutions

Tweet about this on TwitterShare on LinkedInShare on Facebook