Join Robert MacDonald, Javed Shah, and Sheetal Elangovan for an IBA Friday session! For this episode, they discuss the importance of usage dashboards.

Video Transcript
Robert:
All right, we're live-streaming. Means we're ready to roll. Hi, everybody. Welcome to our IBA Friday. It is May 5th, Cinco de Mayo.




Javed:
Already.




Robert:
Already. The year's flying by it seems. Welcome again, to this week, Javed, we've got another special guest.




Javed:
You're not so special, now. Come on.




Robert:
Yeah, she's been on a couple times.




Javed:
A time already, whatever.




Robert:
She's been on a couple times.




Javed:
Hey, Sheetal, I'm just kidding. You are special. I'm just happy to say exactly the opposite of what Robert says. That's all.




Robert:
Exactly. So today, Sheetal, hi, how are you? You've been on here before, so everybody knows who you are. We're going to talk about usage reports, right?




Sheetal:
Yep. That's what we're going to talk about.




Robert:
Absolutely. So if you deploy a passwordless solution like 1Kosmos, it's important to know that you're getting value for your money to some degree, right? The ROI on what you've just deployed. So when you look at a successful deployment, you want to look at things like how is everybody doing with it? Is it working the way it should? Are people logging in the way they're supposed to? Are they adopting it? All things like that. And I know that you've been working super hard on getting reporting capabilities built into our platform, and you wanted to come on today and talk a little bit about those. So why don't you tell us a little bit about what you're going to show and what it means, and then let's jump in and take a look.




Sheetal:
Absolutely. So we've been on conversations with many of our customers and one of the biggest questions they're always trying to answer is, am I getting the bang for my buck, right? Whatever I'm investing, whatever money I'm putting into going passwordless is really giving me the returns I'm expecting. Am I getting more secure? What does adoption look like across an entire enterprise?




And with many conversations across all of these customers, we're trying to build out an extremely intuitive dashboard that you can put in front of a stakeholder or any administrator, gather very quickly, how is my enterprise doing in the path of going passwordless? For many customers, we've seen that it is a journey. They're either going from a OTP journey to a passwordless journey. So you want to see that progression. How am I doing when I'm going passwordless?




But once you are there, you also want to see a lot of information like; are people having failed logins? Are they trying to enroll without really having a phone in place? What kind of devices are they enrolling? Which applications are they logging into? So very meaningful insights along the way that can help stakeholders understand what is the ROI on their entire investment, as well as how can I promote adoption? How can I help my users go passwordless in this journey?




Robert:
So we've been working, me, Javed, the entire project management team here, in partnership with our customers, have been working to put together some reports that can tell us, help us answer these questions. So today, we're going to take a look quickly at that usage dashboard to see what kind of information we can derive from these metrics. Anything that you wanted to add, Javed?




Javed:
I think you, obviously, nailed it, but I feel like the job of project management is to drive better positive business outcomes for our customers. Most of our customers are still in the adoption phase. Robert, you and I have spoken about this how many times, now, about a passwordless adoption and the different stages to passwordless adoption. It's just because you can call it passwordless doesn't mean you just went passwordless.




Robert:
That's right.




Javed:
It just means you took the first step. Have you spoken about coexistence strategies? We've spoken about, well, okay, not all applications can go passwordless on day one, but that doesn't mean you didn't get a win. You did get a little win, you just have stay persistent and keep bringing on those applications.




So in one sense, the usage reports and, of course, the dashboards that use those reports to render meaningful business specific outcomes for administrators and this C level folks, it not only tells them how much they've been adopted already, but also tells them what the gaps are, what's not been adopted. If it doesn't show up on the dashboard, it's something to work on. It's not just about what's on the dashboard, but also what's not on the dashboard.




And therefore, I think, to Sheetal's point earlier, this is a roadmap driven activity. It is not a spot activity, it's not a checkbox for us. It's something that she will be back here in a month talking about the same thing, but with more things on that dashboard.




Robert:
Yeah, listen, this is cool stuff and it's something that, Javed, you hit on there. It's like, just because you decided to go password list, it doesn't mean you are passwordless, right? So that's a great way to look at it. So Sheetal, why don't you show us a little bit about what we can do here?




Sheetal:
Absolutely. So what we're going to do today is we're going to look at some data from one of our customers. We've obfuscated all of the customer specific information, but this is data from one of our largest customers, just so that we can see what kind of insights they're able to drive from a usage dashboard. So this is something we've launched in the last 30 to 60 days. It basically tells them what their usage across the entire enterprise is. You are able to sort the information based on today, last seven days, last 30 days, and even over a particular period of time.




If you quickly look at it gives you some very specific information, 22,000 unique users, and that basically means that there are 22,000 unique users in this particular community who are logging in the last 30 days. And very quickly you were able to say, I have 22,000 users who are performing 516,000 logins across this. So that quickly gives you a metric as to how many people are using 1Kosmos as their IDP, how many logins are happening using 1Kosmos, right?




Robert:
Yeah.




Sheetal:
You definitely want to dig a little deeper. You want to understand where are these logins coming from, what kind of authentication methods are they using to actually log in? This particular data is from a customer who's on the path of going passwordless, so they are currently OTP trying to edge their user base to go passwordless. So that's where they are in their journey. So you can see that they have a few Passwordless logins, they also have a large amount of OTP logins, they have a few people who are using Fido authenticators and a few people who are using Push. So four main methods of logins, but we're trying to increase the adoption through campaigns, through emails, through additional education within the enterprise to make sure they're going passwordless.




But very quickly, you're able to tell the trend as to how it is performing, how many authentications are happening day on day.




Robert:
Cool, yeah.




Sheetal:
So that's the first piece of information. I think something very quickly you're able to tell the breakdown as what are the main methods of login. Another beautiful metric that I, personally, really love is how many failed logins have happened within this particular enterprise. So 139,000 failed login attempts. It's not logins per user, but attempts, which means this equates to how many minutes people within your enterprise are spending on a failed login. So that gives you, and if you're on a C level exec, you immediately turning that into money. You're turning that into, you're seeing dollar signs right there, I have people who are being unproductive right there.




And the beauty of that is that you will see how many people have had a failed password verification. This just makes me feel good about being a passwordless company. Passwords suck. There are about 69% of the population who've done terrible at remembering their password, so that's really what it says.




Javed:
It's interesting, Robert, you and I have spoken at Gartner and as well as in the webinar that we did follow up, we spoke about this coexistence. If you didn't have coexistence, if you didn't train the users to get used to this new scheme, passwordless, QR code, whatever, what have you, you would not be able to harvest this data. So it's not a bad thing to slow stage this thing, to slowly, in stages and steps, go passwordless, because you can also collect data along the way. And I think that's the point that Sheetal's also driving at is you can see the opportunity of retiring existing password based schemes.
And even it's a very large infrastructure cost to set up OTP gateways, Robert, I think we need to do a session just on that. And I'm not going to say, oh, you'll be cost neutral with 1Kosmos. I think our value proposition is far beyond a pure cost play, but I'm just saying that it is a pillar that could be useful to measure things.




Robert:
Yeah, absolutely. Listen, a lot of organizations spend a lot of time, a lot of effort to get one of these things off the ground, and it should never be an all or nothing solution. So this will, some of the data that you're showing here supports the progress that they're making in moving the organization or moving the users or moving the department to a passwordless environment, and you can see the real benefit of it with some of these charts, which is super cool.




Sheetal:
Yep, absolutely. So that's a quick start around failed logins, what's happening. You also get some information about how many people are trying to just, 1Kosmos basically has a QR code, which helps you go passwordless. So you're scanning a QR code and you're logging in. Sometimes there are people who are scanning a QR code without really onboarding their authenticator. So how many people are doing that? That's a true measure of adoption. Am I doing enough to educate my audience that hey, you need an authenticator to go passwordless? So that's a great metric for somebody to know from an adoption perspective, as well.




Robert:
Yeah, for sure.




Sheetal:
And on the left, here, you'll see the applications. And today, in this particular customer environment, they have some of their critical applications running on using One 1Kosmos as the IDP. And you are able to see exactly what the usage across each of these applications is, which is my most heavily used application. Is it Cisco VPN or is it a DFS of Outlook? What is it? So you get that kind of information, as well. And the real benefit here is if you have a specific application, like a privileged application, you're also able to get that information. How many people are logging into that particular privileged application or they're only authorized to log into. So that kind of information is available.




And the last kind of chart that we produce is new devices. So this is an organization that is on the journey of going passwordless. So the metric they really care about is how many people are onboarding their authenticators, how many of them are enrolled for passwordless? And then if you're running a campaign, you want to see how effective that campaign is. So immediately, you're able to see, as soon as I run the campaign, how many people onboarded their device to go passwordless? You are able to see what kind of devices that they entered. Was it an Android? What is a? What kind of versions were they running? That kind of detailed insights are also available as you drill down into this data.




So this is a quick snapshot of collecting the most important information across an enterprise that we put together. And our vision is that we want to make this so much more meaningful. How many OTPs are getting generated per day? How many verifications? If you have a verification, then how many of those are happening? How many passwordlesses are happening? So you're going to see this dashboard grow over time. It's going to be great for any C-level executive to just look at it and immediately say, hey, you know what? I get all the metrics. I can draw insights from it just from one snapshot. So that's-




Robert:
Go ahead. Sorry, I cut you off. Finish that off.




Sheetal:
Yeah, so that's our intent here.




Robert:
Yeah, absolutely. Those C-level executives signed the check to bring this on board. It could have been some sort of executive sponsored movement where they wanted to move the company away from passwords because security wasn't quite right, and they want to be able to make sure they made the right decision. Is it working, now? Now you have metrics to be able to show that it is, which is cool.




Sheetal:
Yep, absolutely.




Javed:
This is just the beginning. What you're seeing here, obviously, is more of an authentication view, so to speak. It's a passwordless gauge, but because we are obviously an event based architecture, all of the different interactions that you have transactionally with the 1Kosmos platform, they all emit events, and we collect metrics on those. So we are not far away from displaying risk-based dashboard views. Things, for example, what is the proliferation of a particular type of mobile platform within the user base? If it's a BYOB kind of a use case, even for workforce use cases, it's very useful to restrict certain platforms, let's say, for mobile usage, and then to be able to report in them, and also to be able to see live, what are the trends of different types of authentication failures just because of the location of the device, so to speak.




So those kinds of things obviously make our control plane more context aware, but that's not enough. You also have to show efficiency around, well what was the enforcement? What were the decisions taken? And can I see a trend of what's the overall status of my overall health of the authentication policies that I have implemented within the org? So all of those things are on the roadmap. So we have very decent, quite a powerful vision, actually, for usage dashboards.




Robert:
Well, we'll be sure [inaudible 00:15:22]. We'll be sure to bring you back to show us more of that, Sheetal, once those are ready for prime time. Thanks for coming. Thanks for joining us for IBA Friday, again. It's always a pleasure having you on. Javed and I do really appreciate you joining us.
Just as a side note for everybody, if anybody happens to be going to EIC next week, I will be there. We'll have a booth, I'll be there with our COO, Hazeffa. We'd love to talk to you, swing by. We have a couple other events coming up this month, as well. You can always check it out on our website. But if you happen to be going to Finovate or you're going to Enterverse, we would love to talk to you and show you all the great things that one 1Kosmos can do.
But on that note, Sheetal, again, thanks. Javed, as always, it's a pleasure.




Javed:
Thank you.




Robert:
Have a great weekend, everybody.




Sheetal:
Thank you, bye.




Javed:
Bye.