[MUSIC PLAYING] I'm Larry Chinski, vice president of Global Strategy here. And I got to tell you, I love coming to Unite because I love going and looking at all the different products and services that we offer and looking at all the sessions and that sort of thing.
My favorite ones, though, are just like the ones we saw at GWU a little bit ago. I love listening to the customers. I think that some of the stories they have on their journeys and how they selected one identity, the challenges they have and that sort of thing, is really, really interesting. I love hearing them. And I'm sure if I was a customer, that's what I'd want to hear.
Well, today, I've got the pleasure of sitting down. And I prepared a series of questions for one of our really great customers out of Atlanta, Aflac, which I'm sure everybody's heard of. And so we're going to talk through-- I got a whole bunch of tough questions, a couple of really interesting ones in there that I think you're going to like.
And we're going to sit there. We're just going to have a conversation. We're not going to bore you with a huge presentation or anything like that, because we're just going to do a one-off a conversation there.
So with that said, let's have a good One Identity, Unite welcome for the honorable Mr. Jay Coull from Aflac, everybody.
[CHEERING]
Good to see you.
Hi, Jay. Have a seat.
[APPLAUSE]
All right. Here we go. Only one slide, guys.
Well, Jay, I'll tell you what. It's great to have you here. Thanks for coming. And you probably don't you probably remember this, but I first met you five years ago, roughly five years ago, down in your offices in Atlanta.
Correct.
By the way, your beard was a lot shorter, and my hair was a lot less gray. So hopefully that's not because of your IAM project.
A little bit.
Yeah, maybe a little bit. But for those of you that don't know, like I say, I've known you for five years. And we've had a lot of conversations over that time and things like that. But for those that don't know who Jay Coull is, tell everybody a little bit about yourself.
So I'm Jay Coull. I'm a senior manager of Identity and Access Management at Aflac. I've been with Aflac for about 10 years. I was actually supporting Aflac from a vendor perspective for about a dozen years before that in the voice, video, and networking world. So about 20 to 23 years, I've been working with Aflac. That shows what a great company it is, obviously.
Outside of Aflac, I've been married for 30 years to a wonderful woman. We have two adult children, and I have two wonderful grandbabies.
Yes. And by the way, you know, it's kind of funny. Because somebody will say, well, how old were you when you learned about this? How old were you when you learned about that? I was yesterday-year-old when I learned you had two grandkids.
Yes.
I did not know that. I can't believe as long as I've known you, I didn't know you had two grandkids.
Yeah. Well, they're only a year and a half old, so--
Yeah. OK. All right. That's good. Right.
So now I'm sure most people have probably heard of Aflac. I mean, we've seen the commercials. One of the things that I learn a lot about companies, I think I know everything, but there always seems like there's other lines of business and other things that companies are involved in that I had no idea. So I'm sure, probably, Aflac is in that same category. So tell us a little bit about Aflac and what you do and some of your lines of business.
Absolutely so everyone knows Aflac. So for that, in my moment of cheesiness--
Ah, the Aflac duck!
Aflac.
It doesn't quite pick up.
[LAUGHS] Ah, looky there.
A duck for you.
The Aflac duck.
Because I'm sure--
That might be one of the first times the customer has given me a present, so thank you very much.
[LAUGHS] Everybody wants an Aflac duck.
Yeah.
Yeah. So Aflac's been around since 1955. It was created by three brothers in Columbus, Georgia. Today, our CEO is the son of one of them, so it remains a really family business.
So since 1955, Aflac has grown quite a bit. Today, we have 50 million insured policyholders.
Wow.
But a big part of that is out of Japan. Not a lot of you realize that more than half of Aflac is based in Japan. In fact, one in four families in Japan have an Aflac policy. The policies that we have are cancer. We were one of the original companies doing cancer policies, accident, hospital indemnity, the whole gamut of supplemental insurances.
And we've really just recently got into vision, dental, and traditional life insurance. So we've got it all out there, and we just keep on growing.
Yeah, well, it's interesting you mentioned Japan. Because I know we've talked about that before. But when I-- funny story. I sent Jay an email about three weeks ago asking if you'd like to come to Unite and present and that sort of thing. And I got an out-of-office reply from you that said you were in Japan. And I thought, well, I don't think he's on vacation there. Maybe he is, because he probably wouldn't disclose where he was at, necessarily.
But what were you doing out there? Yeah, so you help manage that--
Absolutely.
--part of the business, too?
So Aflac, because we're really, truly split between the United States and Japan, we have a really strong relationship, and we do our best to maintain a really strong relationship with our global security partners in Japan.
So global security leadership tries to at least annually get together for meetings. So we spent about a week in Tokyo, in Osaka, really just getting to spend good quality time both in meetings with-- the word slipped my mind.
Colleagues.
Our colleagues! Thank you.
[LAUGHS]
With our colleagues in Japan.
Yeah.
But a big part of it was really getting to spend quality time with them outside of the office, going to the cities that they live in, going out to the restaurants with them and really getting to know them on a more personal basis. Because when you are working with different cultures, it's so important-- to build up that relationship, especially different cultures with such a big language barrier.
Fortunately, they speak Japanese-- or they speak English fairly well. I don't speak any Japanese.
Yeah. Right. Well, and like I said, I've known you for a long time and known what your role is. And we've only, really, interacted together on some of the IAM things like that. But the fact that you're over in Japan, I mean, what do you do at Aflac? I mean, I know you're a senior manager. What kind of things are you involved in there at Aflac?
So by title, my main jobs are, I'm responsible for all the IAM technologies at Aflac. So that would include everything from identity governance to SSO, federation, privilege access, certificates. But really, that's only about a third of it. So much of my time is the all other duties, as assigned.
Yeah.
We're fighting fires. I mean, that's what so many of us are doing. We spend a lot of time going through the new applications that are coming in, vetting them, making sure that they're meeting our policies.
Another big thing is, everyone knows that security is everyone's responsibility. But it often seems that the application developers forget that as they're working through things. So we spend a lot of time in the lower environments, looking at the problems that are out there and really trying to build things up so that when we do roll it out, it is up to standard.
Right. And when you and I first met, you had just made a purchase of our identity manager solution. And again, this is five years ago. I think it'd be really interesting to hear-- this is one of the things I really like. Well, how did you get going on an IAM project? Like, did you have a solution already? Were you looking at a new solution? How did you go through the evaluation process? What kind of steps did you take to, first of all, look at an IAM program and then ultimately select one identity for that?
Fortunately, we have a fairly mature IAM program, and we have for a while. Our tools were getting a little bit old. So we had an old attestation tool that did a good job. However, like I said, it was aging. For us to keep it up, it was going to be an entire rip and replacement.
We had an identity governance tool that never made it to the maturity level that we hoped for or expected out of it. We had a lot of password sync tools. So we knew we needed something.
So like I said, in about 2018, we started that process. We started looking at what it was, who was out there. We looked at all the major vendors. And we came to Unite in 2019, and that's when we really made the decision. We got to meet a lot of great people here, whether it was Valon?
Valoon?
Well--
I wouldn't consider him a great person, but anyway.
Oh, he's a great--
I don't know if Valoon is out there, but he happens to be a good friend of mine. So no--
John Lenny. A lot of people did--
Oh, John Lenny? Yeah, I definitely wouldn't have mentioned him, but--
A lot of those people here did a great job of convincing us that it was really the right tool for us to go with, based on the needs that we had, the maturity level that we had. And then, really, that's when we also got introduced to our integration partner.
Yes.
Dan Draper, who I believe in the room here somewhere. He owes me $5 for bringing up his name. He was one of the big people who brought us into immersion and our integration partner and really gave us the comfort level to move forward with One Identity and get it implemented.
Yeah. Well, I'm glad you mentioned you came to Unite and that helped make your decision, because, I mean, we love to hear stories that.
I also have the Unite socks.
Oh, looky there.
So I can prove I was here that year.
Yeah. Maybe I'll get my $5 back on something like that. But yeah, I love hearing about customers coming in now. Because we've heard a similar type of story like that, many times, where customers-- maybe they've just heard about who One Identity is, or they're on the fence and we invite them out. And they can learn about all the different things that we do, because there's a lot of things--
I was just talking to a customer today who didn't know we had a PAM solution. And so there's a lot of things I think you can learn by coming to conferences, just the one-off conversations and things like that.
And one of the other big things that really did bring things together for us with-- you have native Japanese language support. A lot of companies don't. So when that comes up with Aflac, considering we're in just two countries, man, that's just a really big check mark for us. So when that was part of it-- and then our Japanese counterparts also selected One Identity at the same time-- it really made it a great project for us.
Oh, yeah. That's perfect.
Well, as a matter of fact, I'm glad you mentioned that Dan brought in Immersion as a partner, because that's my next thing I was going to ask you is, when you-- so you went through the process. You came to Unite and you said, One Identity is it. Now, we got to deploy this thing. Right? We got to get it out there.
Before that, had you planned on deploying it yourself, or were you thinking about using a partner? How did that-- what was your thought process there?
Fortunately, we never planned to do it ourselves.
OK, good. Good.
I mean, One Identity is complex. Anyone who sits here and tells you that, oh, it's this easy tool to put in-- it's complex, but it's supposed to be. The Aflac ecosystem is super complex. So we knew that we needed somebody who was going to be really mature in the identity manager space to be able to help us.
And we also knew that we needed software that worked. We needed a team that worked internally, and we need a great implementation partner. We got all of that with this.
I forgot one thing I was going to say. Oh. So a big part of it, also-- it was brought up by Immersion this morning, that we need user stories. We started with user stories. Before we even started looking at who we needed to get for a partner, we had user stories. So once we brought our implementation partner in, it was very easy to quickly get moving and get started. We didn't spend months trying to figure out what it was that we wanted.
Ah, yes. Yes. We
Knew what we wanted.
So you have predefined use cases--
Absolutely.
--and things like that all ready to go. Yeah.
And that was a huge, huge thing that made the project that much faster. So when you look at how long it takes to get an IAM project implemented, it takes that much longer if you're not prepared.
Yes. Well, and that's one of the things we talk about often. Matter of fact, you can read about this all over. And the top reasons why IAM projects fail and that sort of thing, it's really not never about the-- well, I mean, sometimes we're on the technology, but it's really around understanding that it's a mission critical application. You buy off from the different departments, having an executive sponsor, and those sorts of things. Yeah.
Yeah. We found that really, there's three big pieces. It's having the good quality software. It's having the internal team. And a shout-out to Wes Coker and Baron Buckheister in the room, who just really ran with ours. And then having a great business partner. That's why it was successful. If we were missing any of those three, it would have never happened.
Yeah. Well, and you had-- so basically, when you started off the project, you've got Immersion as your partner. We got One Identity there. You got your team from Aflac. And so how did you feel that the synergy was between all three? Because one of the things we like to make sure is that our partner ecosystem is an extension of One Identity, that it's basically us out there. And so how did you feel that that all went?
Absolutely. We had a great relationship from the beginning. So the handoff that we got from our sales team to Immersion really made us comfortable with how that was all going to work out.
Then, for the next six or nine months, really, our only interactions with One Identity pretty much were through our integration partner. So our relationship was led by Immersion, which worked out really good early on.
And then we started making changes to that so that we had more direct relationship with you. Because really, at the end of the day, we want to be responsible for our system. We absolutely want an integration partner to do the big things. But from the day-to-day maintenance, from keeping it alive and healthy, we absolutely wanted to be able to do that ourselves. So for that, it required the direct relationship with One Identity.
Right. Well, and you were-- and we'll talk about this, I'm sure, as we go on here. But you were very deeply involved the whole time. I mean, we've talked many times throughout the course of the project. And you and Scotty and all the team out there were always really involved and in tune with that. And so it makes sense that you guys wanted to be the ones-- you didn't want to just hand it to somebody and not understand any of it. You wanted to actually learn as that project was being deployed. Yeah.
Absolutely.
Yeah. Well, once the project started going-- so I remember, we kicked off the project and it goes on for a couple of months. And then eventually, along the way, you started adding more functionality. Like, you made a few additional purchases.
You added a few things that-- was that a part of the plan? Or what types of things did you add along the way, and how did you get to a decision where it's like, yeah, I need that, or I need this? Was it in the plan? Was it a phase two? Or what was the process there?
So we knew it was building blocks. From the get-go, we knew that there were pieces that were going to slowly build up until we had fuller and fuller functionality. The first thing is, connect to your main systems. We got that done. Once we could connect to our main systems, we looked at attestation. We were able to get attestation done.
And that was really like the big piece. Because once you're at that point and you're connected to all your systems, then you can start looking at the automation. Because now, you already know where you're getting information from and the pieces. So then we start automation. Then we move to API. Then we've moved on to self-service password reset. And really, it's just working quite well.
Right. And then you had SAP as well, right?
SAP. We're in the process right now. So going back to our relationship with Immersion, everything went so well with that implementation and the support that they've given us. We've also brought them on again to continue with our SAP implementation, which we have really high hopes for.
Anyone who works with SAP knows it's its own super complex IM ecosystem. So we're very hopeful that we're going to get this set up and it's really going to take a lot of load off of our small handful of people who are dedicated to nothing but SAP.
Yeah. Well, and I think your approach you're taking is exactly right on. Because one of the things we always talk about is these Big Bang implementations or whatever. Typically, they're not going to work. It's small sprints, small wins. This evolving process which is very cyclical for an identity project-- yeah, you try and take on too much and it'll just crumble.
So I think that that process right there is probably the quintessential-- if I was going to run my own IAM project, that's what I would definitely want to do. And I think that approach is probably one of the reasons why you're so successful.
I totally believe that. I think the Big Bang sounds wonderful.
Yeah. If you could roll out everything at once and have it working--
Yeah. Hit that easy button, right?
Man, what a lot of things to troubleshoot.
Yeah. [LAUGHS]
So working into it in a few years, it really worked out well for us. And it is what I'd recommend.
Yeah. Well. and so along the way-- so we're going along, and we had talked quite often during this process. But one of the very interesting questions, which I'm sure I'd want to hear, too, is-- we all love to hear about how great everything's going, but you had a few challenges along the way with our technology and with different things.
I think people would probably like to hear, what were some of the challenges you faced, whether it was technology related or program related or whatever, what kind of challenges did you face? And then how did you get to resolve those?
So I mean, it was a big project. I sound like I got quiet. It was a big project. It was very-- there were bumps. Most of the bumps were very easily handled by our integration partner. They handled things just amazingly.
It was really always wonderful to call in to support and be like, Sam's the one that's helping us. And they're like, oh, you're in great hands with Sam. You're already taking care of. Everything is good from that perspective.
We ran into deeper issues. The database for One Identity Manager is a stout database. It needs quite a bit. And getting that tuned and refined, there was some pain in that process. So as we went through that, that was maybe the point that we used the most, a combination of integration partner and One Identity support at once.
Right. Well, and I specifically remember some of those challenges along the way, related to that, and some of the performance degradation we saw and things like that.
And just so everybody knows, Jay up here, he's a very nice guy, as you guys can see. But I'll tell you what, in a few of the emails, I thought, I better call Jay right away. Because I can see that you might be getting frustrated. But no, it was all good.
But we got the issues that came up. You worked mostly through Immersion, which was great. You had to reach out to our support organization a lot. And one of the things we take pride in One Identity is our very high customer satisfaction rate with our support.
So when you had these issues come up, you talked to Immersion. Maybe that got rudder support. What were your general experiences with our support teams and, at that time, our customer success teams and things like that?
When we had big problems, support was top notch, without a doubt. When we put things in as low priority, there was a little bit more of a lag than we might like to get things accomplished, but it always did get done.
Customer success-- we really had a good relationship with the customer success team. They've been great for all of escalations. There are times that we think we have a big problem. And once you bring it up and we work our way through it, it's really not that big of a deal. Often, you need that customer success team to really help talk you down. Things are good. You're getting your expectations. Your workflows are working. OK, let's get this problem resolved.
Yeah. Well, and so now that you've-- so we've come along through there. You understand the whole, what I'll call program now. Things go wrong. You know what to do. You know what different types of solutions you want to connect to, downstream applications and all that kind of stuff. Right?
So now, as we move forward, what does the future hold for Aflac? Like, what other types of projects and things do you think-- whether it's related to IGA like you have now, are there any other technologies that you'd like to snap into that? Or what type of other things are you looking for?
So buzzword zero trust.
Yes.
So we're definitely seeing a lot of movement towards zero trust. We're in the middle of a big zero trust networking deployment that we really hope to get done in the next year, which, granted, is just one piece of zero trust. But it's an important stepping stone to get where we need to go.
But I see a much stronger person view of identity coming up. I think that you're going to be able to see the who, what, where, why, and when of an identity at all times, as opposed to right now, like, in the person view in Identity Manager, you get to see the who, what, and why. I really want to get to the point that I'm quickly able to see the where they're doing it and when they're doing it in a single picture.
Sure.
OneLogin is bringing up a lot different kinds of things, not that we're a OneLogin shop at this point, but having that big picture but having it really holistic-- if you look at DSPM right now, another really big thing that's going on, Digital Security Posture Management, I picture IAM moving in similar direction.
Instead of just having the idea of what access somebody has, you're going to know what they've done, where they did it, and even be able to have that live picture of, ooh, Larry's here, here, and here right now. We cut him off here. We can move him over here. So I think that it's going to get more complex and more interesting, especially as we go into password lists and some other things. But I really picture the being able to see that user-centric view of people as coming up.
Yeah, so basically leveraging your IAM platform as a part of that ecosystem, I'll call it, for everything.
Absolutely.
Yeah. Well, that's great. We're always looking for-- that's one of the reasons we love having these conferences, too, is because customers like you bring us ideas on what would be helpful for your business. When you look at the insurance and reinsurance business, a massive, massive industry vertical out there. And so that's always something that we love to hear. Because we're not experts in insurance or health care, but we want to be able to learn and be able to provide solutions like that.
So now, one of the other things is that we were talking about the project as it was going on. When we first started-- and I really remember this vividly, because I remember when we first kicked it off-- it's amazing I can remember five years ago, when no one knew what a COVID was or anything like that.
But what we did-- I'm sure you remember this. But we decided to have-- as a matter of fact, myself and one of my strategists, Rob [INAUDIBLE], we were-- every week, we had calls. And we had Immersion on there. So every week, we had about an hour long call. How's the project going? Things like that.
And then pretty soon, after maybe a month, it turned into, well, we don't need to do these every week because they were getting shorter and shorter. Let's do them every two weeks. After a while, it was like, every month. Then you were like, well, Larry just give me a call. Let's just sync. I'll call you if something goes wrong.
So do you think that that tapering off like that-- first of all, hopefully that whole thing was helpful. But do you feel that tapering off was just because you started learning more and more about the program and about the technology or just the success? Or how do you think of that?
So those calls really did start getting us a comfort level. And it was about--
Good point. Good point.
--making sure that we had the ability to call the right people, that our issues were getting seen quickly, and it wasn't just emails going back and forth with support and that sort of thing. And we do-- we had some really good calls for the first month or so, and then they got boring.
Yes. [LAUGHS]
Things were good.
Well, I was on the call. So clearly, it was going to be boring. Yeah.
[LAUGHTER]
We needed somebody, an NMC on those calls.
Yeah.
Absolutely. But yeah, they got a little bit boring. And the really nice part about it is, we got super comfortable with our relationship with our One Identity team. It got to the point that we didn't need to have that regular touch, because we knew it was very easy to reach out to the right people and that they'd respond.
So that's why they dwindled and got slower, but it was all part of the maturity process. And it was a positive change, as opposed to going--
Well, that's been great.
So I guess this one final one, kind of the high level keys to success. What do you think? I mean, you've had an extremely successful program here. I mean, like I said, I mean, the few emails I got which might have been two, where, hey, something's going wrong here, I mean, it's just a really great implementation, highly successful. What are the couple of factors you think attributed to that?
User stories. Know what you want, or you're not going to have a guidepost. I think that's very important.
Yes.
Choose your implementation partner well. You have to have a good relationship with them. Just because they're the number one out there or somebody suggests it doesn't mean you should use them. Interview your implementation partner. Make sure that you like them and that you work well with them.
And then have huge team representation internally. If you don't have people who really know what needs to be done in the company, you're going to fail. An implementation partner is never going to understand your complexities.
Yeah. Well, and you didn't even mention the technology in there at all. I think those are exactly right. Those are the critical--
Sorry. I missed the-- [INAUDIBLE].
No, no, no.
[LAUGHS]
That's good. I think you did it right.
It's important, too. [LAUGHS]
All right. Thank you, sir.
Excellent.
Good to--
Thank you.
See you tonight.
Thank you.
[MUSIC PLAYING]