ForgeRock CEO Fran Rosch On New Passwordless Platform And ‘End-To-End’ Identity
In the increasingly critical area of identity management and security, ‘having that end-to-end identity journey in one platform is something that really appeals to the customers,’ Rosch says in an interview with CRN.
Focus On Identity
For digital identity provider ForgeRock, offering an enterprise platform positioned at the intersection of identity, security and digital transformation “continues to be a strong driver of the business,” ForgeRock CEO Fran Rosch told CRN. The company is continuing to expand its platform, as well, in a bid to make it even more appealing to businesses seeking to consolidate their identity management and security tools, Rosch said.
[Related: The 20 Coolest Identity Access Management And Data Protection Companies Of 2023]
On Monday, ForgeRock announced product updates that aim to help bring passwordless authentication to a greater number of enterprises. The ForgeRock Enterprise Connect Passwordless offering aims to make it easier to implement passwordless log-ins and access, ultimately with the goal to “strongly encourage” customers that “the time is now to go passwordless,” Rosch said. Enterprise Connect Passwordless is expected to be available in the second quarter.
Meanwhile, the company has been rolling out its cloud-native identity governance offering, ForgeRock Identity Governance, that was unveiled in November as the vendor seeks to offer an even more comprehensive identity platform to customers. “I think having that end-to-end identity journey in one platform is something that really appeals to the customers, because it helps them create a seamless journey,” Rosch told CRN. “Cybercriminals can try to exploit the seams between the platforms, so we’re eliminating those.”
ForgeRock saw revenue climb 33 percent during the fourth quarter of 2022, ended Dec. 31, to $63.5 million. In October, ForgeRock announced an agreement to be acquired by private equity firm Thoma Bravo for $2.3 billion. The deal is undergoing an antitrust review by the U.S. Department of Justice.
During the recent interview, Rosch also discussed the major opportunities for channel partners in working with ForgeRock and plans for debuting a new partner program during the second quarter.
What follows is an edited portion of CRN’s interview with Rosch.
What’s been driving your expansion in identity governance and administration (IGA)?
What I think we’ve heard from our customers is, they don’t want to have to cobble together multiple point solutions across that identity journey. The more solutions they put in place, the more they have to connect and manage. So we made the decision several years ago to continue to add functionality to the ForgeRock platform, so they didn’t have to have as many point solutions.
We launched our identity governance administration a couple of years ago, and continue to make more investments in that. And this year, a lot [of the focus] is moving that to our cloud. So I think having that end-to-end identity journey in one platform is something that really appeals to the customers, because it helps them create a seamless journey. Cybercriminals can try to exploit the seams between the platforms, so we’re eliminating those. And so while primarily we land with CIAM [customer identity and access management], we think workforce is a great opportunity to disrupt and accelerate our growth — because of this unique platform capability that we built.
What are some of the major differentiators you’re bringing in IGA?
When we went out to build our IGA, we really built it for the needs of enterprise, which means I think we differentiate with a lot more functionality around entitlement management and certifications, than a standard SMB approach.
I think the other thing is right out of the gate, we really brought our AI capability — what we call our autonomous identity or self-driving identity — [which gives] the ability for our customers to look at roles and entitlements and then bring AI to that to look at these risky entitlements that they might already have out there. So they can go tackle those areas of over-provisioning of access, which really can reduce their risk as a company. That also helps going forward. We have one customer who’s got 250,000 employees and partners, and I think they said they have a couple thousand applications in that enterprise. So that’s millions of entitlement requests. And there are always people leaving, people joining, people changing jobs. So it’s not only about that one-time risk assessment, but it’s how you can leverage AI to say, “This request is very standard — let it go.” Let’s get the productivity wheel going so employees aren’t sitting around waiting for some manual approval for access. But it’s also [determining when] this is an outlier request, when there’s no reason [for the requested access] based on the profile of this user, what they do, how their peers are provisioned. Then we can block that.
And then we have our “identity trees” — that’s our ability to drag and drop these pre-configured identity modules. That’s the way we do everything in ForgeRock. And that’s already in our governance module as well.
Since consolidation is so important to customers now, are you seeing more customers feeling ready to adopt ForgeRock as you expand the range of capabilities on your identity platform?
We’ve got many customers who use SailPoint for governance, and they’re happy. And we partner really well with SailPoint, and I’m sure we’ll continue to do that going forward. We have other customers who may be using a legacy service that aren’t happy with it. They’ve been investing in it for a long time, they’re not seeing the value, and they are ready to move to something new and displace what they have. And then we have other customers that are more greenfield, who don’t have anything yet, and have been waiting to tackle this problem. And by integrating the service, we think we’re a good choice for many of those customers. We’re just very focused on going to our existing customers and saying, “You have a choice. You’re already using us for identity and access management, let’s simply extend over to the governance. No big new deployments — just value.” Or as we go talk to new prospects, we have a differentiation, because we’re uniquely positioned across that full lifecycle in the enterprise space.
There’s so much talk of consolidation in the security industry, but one thing I do tend to hear is that the major platform vendors aren’t eager to get into identity themselves. What do you think is behind that?
I do think identity is hard. It’s [not just] a username and password. It’s very complicated to be able to develop that whole identity journey, in a simple frictionless way, while also getting security and privacy and regulatory compliance. Our enterprise customers have very complex infrastructure. You’ve got to be able to integrate into 20- or 30-year-old mainframes, dozens or hundreds of legacy apps. Our customers don’t even know what code they were written in, they don’t want to touch them. And now they’re adding hundreds of cloud apps on top of that. Integrating all of that [is essential] because identity touches everything — it touches every user, it touches every application. It’s hard work. Where are the brand new challengers who are going to do this coming up? I don’t see those. Someone’s going to try to maybe just do behavioral biometrics, or just try to do a little orchestration. But building an identity platform is really hard. And there are those of us like Okta, and ForgeRock, and Ping [Identity], and Oracle, and CA SiteMinder, and Microsoft that have done that work. But it’s really hard to start from scratch.
What is your goal with the new passwordless authentication offering?
With passwordless, when we look at workforce, it’s harder [than consumer]. It just is harder because the numbers and types of applications that an employee is authenticating into is just a lot more complicated. And so what we’re announcing is, for the first time ForgeRock — with our workforce release — now has full passwordless capability for both consumers and employees.
A lot of this is change management. We feel like the technology is there now but it’s breaking a paradigm that people have been using for 40 or 50 years. And how do we do that? And that’s really what we’re announcing. And it’s going to be a big drive for us today. It’s just an evolution of the platform, to really now strongly encourage that the time is now to go passwordless.
How does your passwordless offering work for authenticating into workforce applications?
There are all different ways to integrate into the Microsoft ecosystem, but we know that companies have a lot more complex infrastructure beyond Microsoft. So we’ve taken a lot of time to understand all the different protocols and application types that companies use to authenticate into their complex infrastructure. And we made sure that we can cover all of those different types on the workforce side. So you can’t rely on WebAuthn open standards, like you do in consumer, in the workforce. You have to break down these workforce applications and build something for each one of these different types. And that’s really what we’ve built. And we built it to be very easy for customers to onboard through a visual interface, all the different types of applications that they’re looking for that single sign-on service for.
To give an example, we are working with a financial services organization, and they have a lot of tellers. And they’re not always tellers in the old days, where they’re behind the screen. And they literally have to access dozens of different applications on their screens, based on what the consumer is calling for — whether it’s a wire transfer, an account balance check, or it’s an overdraw. All these applications have different authentications. We examined that enterprise landscape and created a way to do the passwordlesss into all those different types of applications and services. It does, in the end, go down to that user using the biometric to authenticate, and leveraging the public-private key pair for that authentication.
So you’d say it’s pretty unique to undertake all of this work to make passwordless possible to enterprises in this way?
That’s right. I think passwordless is a lot easier to say than to do. It’s the corner cases that really make it hard. Enterprises can’t go 95-percent passwordless and then maintain the whole legacy approach to authentication for that 5 percent. You have to deal with very tricky lost device scenarios, because if you’re relying on the device for the authentication, and it gets lost, you have to be able to deal with those. So we’ve worked with our enterprise customers to identify those potential corner cases and make sure we have them all covered.
We actually believe that eliminating the password is really good for our economy. It’s good for our world to have an identity experience that’s that much more safe and secure. We just continue to see phishing scams be the root of so many identity breaches, and compromised credentials. And if we can remove those credentials from the equation, that’s going to make our whole society safer.
We also think it’s good for ForgeRock and our investors, because we think there’s a high demand for it. When you talk to executives, this is what they want. They want to solve the identity challenge, on both experience and security, once and for all.
What are some of the big opportunities you see right now for ForgeRock channel partners?
ForgeRock has always been a really partner-driven company. We have some amazing relationships with some of the large SIs like Accenture, Deloitte, PwC. But we also work with a ton of more boutique identity companies. Many of our customers do leverage these partners.
We work [with partners] to generate opportunities. Many of our partners are brought into our customers way before they even know they need an identity platform. They may be looking at a digital transformation initiative, or a “cloudification” initiative, or a security overhaul. So our partners are in there early and can say, “This is what you’re going to need.”
On deployment, our partners are actively integrating identity into the enterprise. We’re strengthening that program. We hired a new leader to help us mature our partner program, and we’re going to be launching a new partner program. It’s already on top of a foundation, but I think our partners’ success has been driven by relationships — which is great because they’re the most important. But as we scale and grow, we want to put a little bit more formality around that program and more structure. So we’ll be launching that new program next quarter. It’s going to bring a lot more clear benefits for our partners, to understand the benefit of working with ForgeRock and when they can get — more training, more enablement. We think by tightening our partner program, we can get a faster time-to-value for our customers. And by deeper enablement and deeper relationships with our partners, we think we can do that.