The “Take Control, Not the Blame: CIAM for InfoSec” webinar explores the evolving role of security teams in managing customer identity and access management (CIAM). With the increasing sophistication of attacks and growing accountability for customer-facing applications, security leaders need a smarter approach to balancing security and efficiency.
This webinar is ideal for CISOs, security architects, and InfoSec leaders looking to enforce security policies effectively while minimizing friction with development teams.
Hello, and welcome to Take Control Not the Blame, CIAM for InfoSec.
Today’s webinar is sponsored by Frontegg and produced by Actual Tech Media. My name is Scott Becker. I’m from Actual Tech, and I’m excited to be your moderator for this special event. Now before we get to today’s great session, we have a few housekeeping items that are gonna help you get the most out of it.
First off, we want this to be an informative event for you, so we encourage any questions in the questions box in your webinar control panel. Not only will we have team members responding to questions during the live event, but we’ll also have a dedicated q and a session at the end of the presentation where we’ll discuss in greater detail some of the top questions that you ask. A Q&A panel is also the place to let us know about any technical issues that you might be experiencing. A browser refresh will fix most audio, video, or slide advancement issues.
But if that doesn’t work, just let us know there in the q and a, and we’ll provide further technical assistance. Now second, in the handout section of your webinar control panel, you’ll find that we’re offering a lot of resources from Frontegg. I’d especially like to call your attention to a Hint Health case study, one on, Frontegg pricing, an opportunity to schedule a demo, and a free trial offer. So a lot of stuff there to check out.
Feel free to, click on those throughout the event. Encourage you to access those resources now or throughout the the hour here and share them with your friends and colleagues.
Now third, at the end of this webinar event, we’ll be awarding a two hundred and fifty dollar Amazon gift card to one lucky registrant. Of course, you must be in attendance during the live event to qualify for the prize. Official terms and conditions of today’s prize drawing can be found in the handout section. Just scroll to the bottom, and you’ll find the link with the details there.
Now finally, one of the best benefits of an opportunity of an event like this is the opportunity to ask a question of our expert presenters. So to help encourage those questions, we have a special additional prize for you. That’s another Amazon gift card. This one for fifty dollars for the best question. After the event is over, we’ll look at all the questions that came in, pick out the very best one, and contact that prize winner.
Okay. With all that housekeeping out of the way, let’s get into it. So it’s my pleasure to introduce you to our presenter today. We have Sagi Rodin, who’s CEO of Frontegg.
Let me bring Sagi on. Sagi, welcome. Thanks for being here.
Thank you for having me, Scott. Great to be here.
Well, I’m gonna, turn things over to you.
Awesome. Thank you.
So thanks again.
Thanks so much for taking the time to to to join me here.
And a bit, maybe on the kinda, the background. Right? So, quick background about me. I’ve been in the identity space for, kinda over a decade, with Frontec for the last, five years, helping companies secure their customer facing apps, while making sure that, you know, that the end users get a top notch experience.
So at Frontegg, we made it, as one of our main missions kinda to solve this big challenge, that so many development and security teams face on how do you stay in control of your customer facing applications, the the CIAM, so it called. Right? Let the customer identity and access management without slowing down or making, you know, engineers hate you, basically. And the the spoiler alert is that you can actually do that.
So, you know, in the last year, I’ve had, like, dozens of conversation with, security leaders, CISOs, infosec teams, and, you know, and science keeps coming up as one of their number one concerns.
This is why that’s, you know, that’s something that we’re talking about today. And, you know, I think that five years ago, this wasn’t even on the radar. Right? Like, now they’re being held accountable for the customer facing applications, not only for the workforce identity as before.
And, we also see the sophistication of attacks. Right? It’s also evolving. We’re seeing generative AI, being used to to kinda craft scalable, personalized fraud and account takeover attempts. And this is why we think that active protection, and smarter kinda AI driven insights are essential in the same, space today and basically a topic that, at least worth, discussion.
So, so this is a bit of a background, to why we’re here.
Maybe a bit on, about, us.
I won’t be selling, us too much. Right? But, but, a bit of a background.
So in 2019, Aviad, my cofounder, myself, we founded Frontegg with kinda one goal in mind to simplify customer identity, for SaaS companies, making innovation easier, by basically taking the burden of building all the, kinda surrounding noncore, features within SaaS applications and the foundations and infrastructure behind that.
And, and that’s what we’ve been doing, since then.
So, that’s about us. We’ve grown since then, with pretty big, customers, and investors backing us.
The team has grown. You know? So great things have happened.
And I’m always kinda showing this slide because it’s, because it’s real and why not. Right? So we’re the highest-rated CIAM solution, by real developers, constantly being recognized as the top emerging players in the space. And, I don’t think that it’s only about ratings. I think it really reflects what we’re hearing from real users across the industry. And, and, you know, it continues to be a privilege for us to to stand in those positions.
A bit on, you know, the the the vision. Right? So I think that this mission statement kinda really reflects what drives us, at Frontec.
We do believe that every modern product has the potential to be better, when basically the noncore stuff and and and mostly the identity management, the user identity management, is no longer a bottleneck. Right? And it’s not, just about simplifying it for the developers. It’s about creating seamless experience for everybody that, that is involved. The engineers that are building the product, the security teams that, are protecting it, and most importantly, the end users who need to interact with it, right, and get the value out of it. So I think that’s the vision that, we’re delivering every day.
Yeah. So, basically, that’s, that’s a bit about that.
Okay. Super. Yeah. So, did you wanna get into some demos next?
Or Yeah.
Yeah. We can, we can go with the chat or we can go with the with the demos now, whatever, whatever we decide. Maybe maybe we’ll leave the demos, towards the end.
Oh, sure. Yeah. You wanna do, some okay. Yeah. Some okay.
Yeah. So first one, I guess, you know, what’s your advice for a a CISO trying to get their team on board with, you know, directly impacting customer identity, especially if they’ve they’ve never done it before?
Yeah.
So I think that, you know, it’s a it’s it’s a great question. I think that, you know, we’re constantly kinda I’m I’m being asked whether, how we can give CISO kinda more power without, you know, without losing the the the benefits that developers bring or, or really interfering with their, with their job, because the responsibility aspect is is is an important topic here. Right? Like and I and I and I think I constantly say that we’re not, in a place of, it’s either in their hands completely in the hands of developers or completely in the hands of the security teams.
And it’s not about taking the power from developers. Right? It’s about, it’s about clarity. Right?
Clarity of responsibility.
Developers are amazing at kinda moving fast, you know, building the features, ensuring seamless user experience, but they shouldn’t also have to carry the burden of of, you know, setting security policies, managing compliance risk. And and I think that this is where the CISO, comes in. Right? And to to make it work, we need clear roles.
So the CISO handle the strategic stuff. Right? It define the security policies, the compliance aspect, the risk management, and the developers will focus on the implementation and making sure that CIAM, customer identity, integrates smoothly into the product. Right?
And I think that if I have one tip is, like, set up the customer identity steering committee within the organizations where the infosec, the CISO, you know, the engineering team, product folks, are in the same room regularly kinda, you know, trying to, figure out things together, trying to collaborate. And, and from my experience, it it works.
So so this is this is a very important aspect. I think that, in general, if you look at security and customer identity, it really has, like, two parts. Right? So first, security teams need to understand the existing state. Right?
Something that maybe they didn’t have visibility into before, so kind of the posture of their customer facing applications.
They need to define what is important to them. Right? Like, ground rules that cannot be broken and, and ensure the compliance and, you know, the proper standards, within the customer facing application.
And finally, after setting those, they need to get basically continuous protection regardless of whether the developers implement the features properly on the end user, or on the end user applications or the end user, chose the right settings, right, made the right enforcement. They need to make sure that they’re constantly protected on those guidelines that they set. Right? And I think that modern CIAM solutions, like we’re building here at Frontec, make sure that security teams are covered without creating this friction, for the developers.
And another important aspect here, we can chat about it, later is the AI. Right? Like, and I think that there’s no webinar without mentioning AI. Right?
I think that in in in customer facing application and security, it’s it’s it’s a must have. Right? Because, we think that AI, can help the CISOs gain insights, into user behavior, detect anomalies in a much better way than before, and even kind of recommend on the go on security adjustment, you know, real time protection. So that that that is great.
And it’s not just about preventing the breaches. It’s also about enabling this proactive approach that I mentioned.
K. Alright. Excellent. Excellent.
So the original shift left movement gave developers responsibility for a variety of of critical infrastructure, including identity management.
Are you suggesting we go back to how things were when infosec was the central authority for all identity management?
No. Definitely not. Look. I think that shift left happened for a reason. Right? It solved some real problems.
CISOs used to be the gatekeepers, who only cared about security. It slowed everything down.
Developers took over to move faster, but now we’ve got the opposite problem. Right? Like, security gets overlooked. The attacks get more sophisticated.
We need more strategic, thought behind it, and the developers are stretched too thin. Right? So, basically, what I’m saying is it doesn’t have to be all or nothing. Right?
Like, CIAM, isn’t just a developer thing or a security infosec thing. It’s about finding the right balance, sharing responsibility so we’re not creating the bottlenecks or the blind spots.
You know, in one of my previous roles in a bigger company, the communication between the development product and the security team was kinda like this one off meeting.
The security team would review the project, give their stamp of approval, and that was it. And after that, anything could change. Right? Like and there was no continuous oversight or enforcement that doesn’t work.
What’s needed is continuous control, monitoring, enforcement in a way that doesn’t ruin the development experience or, you know, it doesn’t it it shouldn’t feel like this big brother of security is watching you as you develop your stuff.
But it should provide real checks and balances. Because at the end of the day, the goal is the same, delivering great secure experience for the end users. I hope it’s, I hope it makes sense.
Yeah. No. Definitely. And and that’s a that’s a great goal, with the end users.
So how can we give the the CISO more power without losing out on the on the benefits that developers bring to the table?
Yeah. So, you know, as as, as I think I mentioned, like, you know, just defined clear responsibilities, make sure that the CISO understand what is happening within the organization, understand the existing situation. Because, you know, some organizations have dozens of application of customer facing application. Some of them are SaaS applications. Some of them are, you know, legacy applications that are installed, on prem or on the cloud of, of, of the end users.
And, you know, some of them are just APIs, like nonhuman identity exposed.
Now everything will become agent based. Right? Like, so you will have, like, all those agents that are exposed by, by the organization and needs protection as well. So there’s a lot of things out there. A big inventory of of value that, that, was built along the years with different technologies.
So today, there’s a gap. Right? The CISO, they basically you know, they don’t have the visibility. So first of all, let’s get them this, this visibility. It’s necessary.
Then let them decide, decide what are the ground rules, what are the policies, what are the compliance that we just have to meet, and then equip them with, you know, AI powered modern tools that can provide this continuous, peace of mind for them. So, you know, so it doesn’t matter how many applications they have. It doesn’t matter which technology or which customer identity products were used in each and one of those applications.
They should be able to sleep well at night knowing that what they enforce and their strategy, is basically being taken care of by those advanced tools. So this is exactly what we’re trying to build here at Frontegg. Just, you know, understand what is happening, define what is important to you, and that’s it. You’re set. You don’t need to worry about it.
K. Alright. Yeah. And, you know, earlier, you mentioned we’d be getting back into, to AI and and, you know, obviously, any conversation in 2025 or or 2024 involves, you know, AI. What what are you guys doing with with AI? How is how is AI helping, your your tools become more powerful?
Yeah. So, you know, we’re we’re kinda taking it from, several directions. So first of all, the, you know, the attacks are getting, you know, to be much more complicated.
So, basically, we have to, be able to, to answer on that, like, with more, sophisticated protection. I think that with the with the rise of those AI powered attacks, including, you know, scalable phishing and automated, credential stopping attempts and continuous, you know, there’s there’s just, like, we need to have, ongoing continuous monitoring, and it it’s it’s critical. So that has to be answered with AI powered, protection capabilities. So this is one thing.
We’re building our own proprietary engine. Some of them are already enforced within our product, to really detect, you know, anomalies, behavior, that that just doesn’t make sense. And I think that the important thing here is that, you know, everybody are kinda looking for anomalies. But with customer facing applications, the most important thing is being able to kind of recognize what is important to detect.
I speak I spoke to, you know, dozens of of of CISOs, and most of them say, listen. Like, ninety percent of those attacks, I’m either kinda well protected against them or, basically, even if they happen, I don’t care. But there are the the gems within my product. And if those get attacked, then, basically, I will be out of job and maybe, you know, the the the whole business will be at risk.
I’ll give you an example. Like, in an HR platform, you know, if somebody gets in and sees, you know, some of the information, that’s okay. But if somebody gets, visibility into the Social Security numbers within the payroll slips, right, like, that’s that’s a big problem if that gets, exposed. So so the the power that we have as an identity solution is that we have the visibility into the the real activity, but also in the real capabilities, the the roles that a certain user has. So if we direct through AI that something is abnormal there, and the risk is big because this is a super admin user, right, we can make enforcement, in that moment real time.
So so and and and another thing that it adds is that we’re not just blocking everybody, but we’re doing the smart blocks, and we do not affect, or degrade kind of the user experience of 99% of the other users.
So those are capabilities that we can provide, today. The second thing, that we’re doing with AI is, providing an ability for, setting policies and getting information in a much easier way. So think about a security person that’s trying to enforce a certain, protection.
So for example, they’re trying to say, you know, only users that, that connect from some, you know, from some country in some hour of the day to some part of the product should be, stepped up with their authentication.
Get a multi-factor authentication, challenge. Right? This is very hard if you need to drag and drop and find the exact, kind of place in your in, you know, in the rule based, table in your product, and, you know, that leads to a lot of mistakes. So today, with the power of AI, you can just write it down, kinda in a human language.
I wanna do that and that just the way that I explained it to you. And like that, it’s being enforced, with the policy that you can trust. That’s something that we couldn’t do even a year before. Right?
So so, you know, we have to leverage those capabilities that come with this great age of technology.
Those both sound pretty exciting. It’s it’s, that that’s that’s great to hear about.
So can you share with us some recent examples of of CIAM failures that that could have been avoided if Infosec was more involved?
Yeah. I can I can I can think of of some?
You know, we had the kinda misconfiguration breach, in, you know, 2019. We we got started, with, you know, Microsoft getting a breach where two hundred fifty million customer records, were exposed.
You know, I think that infosec kinda constantly, being on top of these things and and, you know, understanding the posture and configuring the access and getting this continuous approach could have definitely prevented it. I would also say that, you know, we had the incident of Okta in twenty twenty three where hackers kinda stole access tokens, and this allowed them to impersonate users and etcetera. I won’t get into that. I’m sure you heard about it. But that also like, if Infosec had kinda implemented stronger token management, real time monitoring, the tricks could have been, mitigated.
I think that the challenge that security teams are having today is that, you know, it it it like, four years ago, five years ago, it was a clear boundary. There was a clear boundary between what are external users and what are internal users. Right? And I think that those boundaries kinda, been pretty much broken, like, in the last few years because you have users, that are not working in an organization. So those are external users, but they’re accessing internal apps, and you have, employees that are accessing developed apps, so kinda like customer facing applications, and you have partners that you’re working with, at the end of the day, there’s kind of this identity chaos, and it’s very hard to protect against this chaos.
So we have to figure it out. Right? We have to kinda put an order, in this mess and, and treat everything.
So I think that, you know, with the rise of kinda the fraud and account takeovers, which often kinda exploit weak authentication or API misconfigurations, a developer forgot, you know, to, to protect the certain APIs. We all know, when that, happens.
The stakes are even higher than that than before. And modern CIAM systems need to integrate fraud detection mechanisms, account, takeover, protection deck mechanisms that adapt dynamically and ensure that threats are mitigated before they escalate.
Alright. Excellent.
So it seems clear that when it comes to CIAM, you know, a lot of teams are stuck in a reactive mode. You know, they’re fixing issues after something’s already gone wrong. So what can infosec teams do to get ahead of the threats? And and if you’re just starting to make this shift in mindset, what’s that first step?
So, you know, I’ll use an analogy of something that I like. Right?
I think it’s like it’s like going to the to the gym.
Right? Like, you don’t wait until you’re injured to kinda strive start, you know, making yourself stronger.
And the same is with the Scion. Right? Like, you need to anticipate those threats before they become kind of this full blown problems.
And I’ll give you a few kind of tips on how to do that. So first of all, use data. Right? Like, use data to spot these unusual, patterns pretty early.
Automate the risk. You know? Automate the risk detection, the risk response.
Don’t just wait for kinda these manual reviews like the ones that I, described that were done in, you know, in one of my previous experiences.
You need to implement layers of security. You know? So adaptive MFA, step-up authentication, those are great, tools for that. And I think that most importantly, educate your teams. Like, teach them about this zero trust mindset, but also remind them that, you know, we’re not talking about internal tools. We’re talking about user facing apps. So any change to the behavior impacts immediately on an end user.
And at the end of the day, the users hate your security features.
They’re either bypass them or or, you know, they will just get out of the product and churn, and then we haven’t achieved anything.
So I think that the proactive you know, to summarize, proactive kinda, time approach isn’t just about prevention. It’s about ensuring that once policies are set, they’re enforced continuously, and, regardless of whether developers or end users, don’t act on them. So that’s that’s, that’s my take on that.
Okay. Yeah. You made some some great points there. Appreciate that.
So you said that CSOs don’t need to be coders to lead CIAM effectively. So what does that leadership actually look like in practice? What tools or strategies can help CSOs enforce policies and act quickly without diving into the code base?
Yeah. Totally. You know, CISOs don’t need to be writing code. Some of them wrote code in the past and, and probably, you know, with the tools today, they can even do that.
But but they do not need to write the code. They do need to set the direction.
Right? And and I would say that, you know, in practice, it would look like that. So first, communicate the security risks to the engineers Frontegg. Right? Like, don’t wait until they already build something. It’s in staging, in production, and then, you know, it’s it’s very hard to to change things.
Second, use low code customer identity and access management tools.
Those, will let security teams take direct action, set the policies as I mentioned, manage the the rules, manage the the the step up authentication, the multifactor, policies, monitor the threats without needing to touch the the code base.
Partner with your developers. Right? Let them own the technical implementation, so don’t interfere there.
But but but, you know, you need to basically get their trust. Right? Like, earn their trust, and make sure that they understand why it’s also beneficial for them.
I think that at Frontegg, we’re kind of focused on building solutions that make this possible. Right? Like, where infosec can lead strategically without feeling like they’re micromanaging or being left out of the loop.
And I think that by leveraging AI driven insights, you know, CISOs can better understand their security posture, take proactive steps, you know, to mitigate the risks for fraud, for account takeover, and everything, around that.
So, you know, it sounds like Frontegg platform has a strong security focus.
Can you give an example of a customer of yours who maybe used your platform to improve, their security?
Wow. Yeah. I can I can think of a few?
If I need to choose one maybe for the few minutes that we have, I have one that is favorite, which is Hint Health, one of our customers.
They’ve been with us for a few years, successful organization. They’re in health care. So security and compliance are huge for them as you can understand.
And after an acquisition, basically, acquisition that they had, two identity systems that didn’t play nice, together. And with Frontegg, they’ve been able to offload the identity management entirely.
So, you know, we gave them tools like tenant level, multifactor authentication, compliance with HIPAA, even kinda do it yourself options for their customers. So self-service capabilities. So their customers can manage security settings without needing to open tickets, to get requests from the heal hint help, customer success team.
The result within a month, thirty percent of their users switched to, you know, to Google sign in, which which reduced the login friction.
They gained, enterprise SSO to handle bigger clients, and everything was very smooth. And I think that they’re a great example of how security and and UX can work hand in hand when you have the right tools. And Hint Health, as I mentioned, isn’t alone. You know, security is quickly becoming one of the main reasons companies are rethinking their CIAM strategies, and and we’re proud to help them navigate, through that, shift.
You know, as I mentioned, as fraud and account takeover threats rise, we’re focused on kinda delivering those solutions that are not only, do not only protect, but also provide actionable insights to keep our customers kinda ahead of these challenges.
Excellent. This is a great example. Really appreciate it. Well, maybe, maybe at this point, we could take a look at, at some demos.
Yeah. Let’s do that.
Now that you have more context, I think that, you know, we’ll we’ll show kinda quickly, some of the examples. So first of all, the first example, demonstrates blocking, or forcing additional kind of verification steps, so step up, authentication within our product.
So we can see here the email credibility, check settings, Frontegg. We basically block any user. We can add exceptions, obviously, very easily added into the product.
And, obviously, we can do that, at Frontegg because it’s a multitenant based system. We can do that by user. We can do that by account.
Our account management is hierarchy based. So if you’re selling through a reseller, you can sell it on a on any level, basically. Right? So this is, one of the main advantages, to our platform.
So so that would be the the first example. I think it’s a perfect example. I’m started started with it, because, you know, it’s it’s kinda like a great visibility into how security can stay dynamic and and adaptive.
And, you know, like, a step up step up authentication ensures that you’re not pulling unnecessary friction, on trusted users while you still provide this extra layer of protection when suspicious behavior is detected.
And, this balance of security and usability is critical kind of for both, protecting new users while still delivering a great seamless experience.
The next one I will show is applying advanced policies, kinda consistently, across all of your applications.
So you as you can see here, this is the, the security center within Frontec. We’re going to one of our engines. So today, we have eight engines.
You know, I’ll just give you kinda behind the scene information that, yeah, there’s gonna be, many other beneficial engines coming out soon. A lot of them are AI based, kinda advanced behavior detection. But you can see here how easily we set up, one of our engines, which is impossible travel and, you know, just kinda updating the the configuration. It don’t need to be an x-ray.
It don’t need to write code. Right? You have ability with hooks, to to write custom things if you want to, but you really don’t have to. So, you know, what’s great about adaptive MFA is that, it removes the guesswork, right, for, for users and security teams.
Right? Like, policies are enforced consistently, across every app regardless of of how and where the user logs in. So you get this kinda single pane of glass if you have, like, one application, two application, or dozens of applications, the behavior, will be the same.
And, and the next one I will show is monitoring.
You know, visibility is key. Right? Like we we mentioned, understanding what is currently happening.
And, so you can see here on the security center, for example, we saw the breach password, one of our advanced engines.
You can filter the visibility.
We’re constantly kinda dealing with how to make it easier for security teams because they have so many products. Right? Some of them just export all all of that into, CIAM solutions. Some of them are are are getting into those. So you can really dive into all of the information on any one of your users, or you can filter by certain types of users, certain type of of, accounts behind those users. Anything is, basically possible.
Alright.
Great demos.
Yeah. And I I like in the in the second one there, just the the way, you know, you’ve got the options for for what to do, like, you know, have a challenge or or block it or allow, by default.
They’re really nice.
Okay. Alright. Well, we’ve got some time for for audience questions here, and we’ve also got a a couple of QR codes up here. One, two, sign up for free so you can, take a picture of that or there’s a Frontegg one pager.
And, also, just a quick reminder that in the handout section, we’ve also got, I think at least four resources, you know, also, like I said, demo and and that, that, case study as well. So, don’t forget to grab those if you’re interested.
As far as audience questions go here, Sagi, first one, they’re wondering if you had to pitch a few key metrics or numbers to keep an eye on to see if your CIAM strategy is working? What would they be, and how do those help make the case for CISO involvement?
Yeah. So, you know, if if to get into very kinda specific things, you know, track login success rates, right, like, track multifactor adoption, track time to resolution for security incidents.
I think that these kinda show the balance between usability and security while kinda highlighting the the real impact on the on the experience and on the security.
Okay. Yep. Great metrics there. Appreciate that.
Next one, they’re wondering for infosec teams that are stretched thin, what’s the biggest bang for your buck move when it comes to impacting customer identity management?
Yeah. So just picking up one thing.
One thing I would probably pick, like, adaptive MFA. I think it’s effective, scalable.
If you use the right solution that has a good adaptive MFA, you know, it will balance kind of the user experience with security, without requiring this constant monitoring and constant, adaptation to, you know, setting up these rules or kinda micromanaging the the system.
If you use a good solution, for adaptive MFA, that would probably bring most of the value with, with not a significant, kinda investment of of effort.
K. Alright. Excellent. Hey. And, and be before we go to to other questions, I just wanna flag, Sigi, your your colleague Remi has has posted something in in the questions area.
Just, you know, if, if there are any folks in the Bay Area, you guys are hosting an event at their office on on, Tuesday, February fourth, and he’s got the the registration link there. So, feel free to, to copy and paste that, that URL there if you’re if you’re in the Bay Area and interested in going on February fourth. Thanks, for posting that, Remy.
Sagi, next question here.
Zero trust security is such a hot topic right now. Can you talk a little bit more about how it can be applied to customer identity?
Yeah. So I think, you know, it’s all about kind of verifying every user every time, with kind of the least privilege approach, applied.
I think that applying zero trust to customer identity basically will ensure that you’re always protecting access without making any assumptions.
Right? So you can’t assume that if somebody comes from a certain organization, they will, act, a certain way.
You need to make sure that those guidelines that were set by the security people and by, you know, by the infosec teams are constantly, being enforced.
And and I think that, that’s, you know, it’s a it’s an interesting topic because we we kinda shifted from this era where everything was rule based, like, you know, strict rules, strict policies, and then modifying and playing with them, to, to an era where suddenly you know? So, like, zero trust. So, you know, so no rules to allow anybody do anything. Let’s start from scratch and then evaluate to a new era today where I think that those two can be, kinda joined, together into something that is much more dynamic.
So we learn on the fly what is happening within our application. We need to remember that each product is different. Right? Like, each product has different features, different level of risk.
So, you know, to just think that we can apply the same strategy to looks like we lost Sugi there for a second.
Let’s see if we can get him back.
Hopefully, he’s trying to reconnect.
And just while we’re waiting on that, just a a quick quick reminder about the handouts, that, this is a this is a great time to grab those. A lot of times, we run out of time, at the end, and, we’re talking about handouts and then suddenly, the event is over and you can’t grab them.
Those are all still available here, over in the handout section.
So please do, please do grab those and, also, of course, these these QR codes on the screen.
Just checking around to see what’s going on with, with Sagi’s connection.
Yep. Nothing at the moment.
Alright. Well, while we’re waiting, just gonna jump ahead, and and do a quick prize drawing for everybody.
And the, the Amazon gift card prize drawing today, the winner of that is, Kevin Andreassi from Indiana. So congratulations to Kevin. We’ll be in touch to get you your card.
And I’ll just go back to this, QR code here for a second.
Hopefully, we can get Sigi back because we had a couple of, good questions come in.
But, oh, I think I see it. Sagi.
Sorry about that. Hey. Welcome back. Because sorry. Technical ground once hit us today. No worries.
I just, I I did the prize drawing, so that’s all taken care of. We we did some business, so so we’re back.
Yeah. Yeah. Yeah. Zero trust was applied on me on the network layer, probably.
Oh, no.
Thanks for covering up.
Yeah. Yeah. Sure. One of the things that, that has come up, and and it’s interesting because we’re talking about CISOs, you know, versus infosec.
You know, how big a company do you have to have, you know, for Frontegg to make sense? Does it do you do you have to be, like, a multinational company, or, you know, can a can a mid market company, you know, get some value out of it? What’s what’s sort of the the sweet spot for you guys?
Yeah. So, you know, I think that, in terms of, like, heavy security, usually, you start to deal with those challenges, from, you know, anywhere from, kinda, one hundred employees and up. Right? Like, it’s usually kinda, you know, a ground rule.
Obviously, each company is different as I mentioned, and and, I’m not sure that employee count is the most important kind of parameter because we hear about companies that are launching without any employees that are agent only. Right? So so that’s definitely about to change. But I would say that once you kinda get this critical mass of usage within your application, within your product, that’s where you should worry about the posture and about the this ongoing protection, and standards, right, of your customer facing application.
Frontegg tech is a science solution. In general, obviously, you know, we’re, we basically work with small companies.
We have start ups that are, you know, have started with us and grown and got acquired and and are about to do IPOs and stuff like that. We have mid market. So a lot of the times, once an architect, either from the engineering team or the or security team will see that the existing solution is not enough anymore. It’s not secure enough. It doesn’t have, like, a great user experience.
They will basically switch to Frontegg.
We’ve made it so the switch would be very smooth. So, basically, you can do a gradual kinda, shift from your existing solution to front end. And, you know, and we have enterprises, you know, like, like Siemens, for example. Right? Like, or or Samsung or, you know, or CrowdStrike and and the others that use us as well. Right? So so I I will just say that, you know, any type, any size, basically applies when it’s considering user experience and security.
Gotcha. Okay.
Well, you know, any, any kind of closing thoughts just as as far as, you know, you know, recommendations for for c sales or infosec on, you know, on securing their enterprises and and, or their organizations in twenty twenty five?
Yeah. I think that, you know, the the one thing that I would probably suggest is work together collaboratively because understand that at the end of the day, we have a single goal in mind. Right? And it’s not about throwing the responsibility.
It’s about finding the right process and the right tools to work with that will enable this collaborative approach, where, you know, we can meet once every month, for this kind of steering, committee and, and make sure that, you know, that all of our apps are protected.
The user experience, is is great, and, and everything kinda, you know, is enforced and continues to, to tick. So, so that would be my my biggest advice here.
Great advice. Yeah.
Appreciate, the entire presentation. This was this was great, really informative, really nice demos as well, and, just appreciate your insights here in the q and a as well. Thanks a lot for coming on. Thank you so much.
Thank you, Scott.
Thanks.
Alright. Well, that’s gonna wrap it up for us today. Thanks everybody for attending. I wanna thank, Frontegg again for making this possible.
And, that concludes the event. Have a great rest of your day.
The Complete Guide to SaaS Multi-Tenant Architecture
