Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With a combined 30+ years of IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry.
Do you know who has access to what?
You’re listening to the Identity at the Center podcast. This is a show that talks about identity and access management and making sure you know who has access to what. Let’s get started.
Welcome to the Identity at the Center podcast. I am Jeff, and that’s Jim. Why don’t we talk about Identity Management Day? That took place on April 13. I want to give congratulations to Tom Malta, who was awarded the Evangelist of the Year award from Navy Federal Credit Union, and the city of Boston, which is kind of cool, which was the winner for the Organization of the Year. Always interesting to see a government service win an Organization of the Year award for anything, because you don’t really typically associate efficiency with that, but it sounds like they’ve done a great job of getting the IAM space into a much better position than it has been — not that I have very much familiarity with Boston, but I think any recognition is probably good. What do you think?
Well, very big kudos to them. City of Boston, congratulations. Behind the scenes, when anything like that happens, you know there are individuals who worked, who burned the candle at both ends to make things happen, so that’s fantastic. I know Tom from my past and my career in identity management. He’s a great person. Mostly, my recent interactions with Tom have been through LinkedIn. He’s doing a great job of being an evangelist, so that was the award that he received, and I think it was well deserved. He’s getting out there and making sure that people are staying up-to-date with what’s happening in the industry, and I think he’s been doing a great job, and so very good picks, and big congratulations to both.
Thank you so much, Jim and Jeff. Thanks for having me today.
Yes, thanks so much for joining us. I think one of the things that we want to get into is how the market has been responding to a few different things, especially in the identity space: We’ve seen a lot of acquisitions. We’ve heard things about zero trust, so we’ll probably get into a bunch of different things like that, but seeing as how this is your first time on the show with us, our first question always lines up with, how did you get into the identity and access management space? Is that something that you chose, or did it choose you?
In my case, it was both, actually. When I started my career as a practice head for application security, during that time, identity and access management was pretty hot, so I chose that to start building up that practice. You may not know, but about 20 years back, when I was at Wipro, we had created our own product called Wipro Websecure, which got listed in Gartner’s Magic Quadrant, so there was a lot of buzz around that — the single sign-on access management enterprise — so all of that was so popular. But later on, I moved on to look at all different aspects of cybersecurity — including identity and access management, of course, but the focus was all across cybersecurity solutions.
Later, when I moved to Accenture as the managing director, there I built the cybersecurity managed services that were covering end-to-end cybersecurity solutions, and identity and access management was one of the core pillars there. Same was the story at EY, where I worked as a partner, and there we created a cybersecurity as a service offering and digital identity as a service, which was my favorite pillar, where we built that entire solution from scratch and acquired multiple customers. Very interestingly, in my current role, when I joined Ilantus as the CEO, Ilantus had been focused in the past two decades on identity and access management. This time, I’ll say IAM chose me to be able to come back home, so it was kind of a full circle coming back to IAM, and that’s my full-fledged focus right now.
That’s an interesting story. What we want to talk about today is this trend of the convergence of IAM. Jeff and I have both been in the IAM space for over 15 years and have seen the industry go from suites to best-of-breed and back to suites, and when you think back around 15 years, that’s when Oracle started buying best-of-breed solutions and pulling them together into a suite. In a way, you could call that a convergence of IAM, but I think the trend in convergence of IAM today is about making all these parts and pieces work together seamlessly. I really wanted to have you talk about how you see this. Your company kind of coined the term compact identity. Maybe you can talk a little bit about what that is and key off of what I was talking about there with the convergence of IAM being more than just a suite of different solutions for each of single sign-on identity governance and privileged access management, for example.
Yes, this is a very good question. In fact, we are so much focused on convergence, so let me start with your first question, why we call our product compact identity, and what is the meaning of compact identity. Basically, when we coined this term, compact identity, that time, our convergence story was not that very popular, but then Ilantus created this product, compact identity.
The idea was to bring all the components of identity into a single platform and compact them together to create a compact platform. That’s how we started our journey. If you look at why we chose to create this compact identity solution, our experience had been, as you rightly mentioned, that in the beginning, it was a very simple requirement for identity and access management — people are all looking for a single sign-on solution. Then, slowly, the provisioning/deprovisioning came into the picture, then the role engineering came, fine-grained access management, multiple different types of authentication, and authorization solutions which came up, like RBAC, context-based access and attribute-based access management.
Then, very recently, this identity governance, identity administration and PAM — all of that came into the picture. Now, when you look from any customer perspective, on an average, any client needs to choose a minimum of five to seven different IAM products and then stitch them together to be able to meet the control requirement of identity and access management. Now, this approach doesn’t just bring a lot of complexity from an integration perspective, but also managing so many different vendors, it’s a highly cumbersome activity.
So, when we were looking at this market and what are the gaps, could we talk about this problem to create a platform from the ground up where we can converge the full suite of access management requirement, the full suite of identity governance administration requirement, and then create a platform where the clients don’t have to buy multiple tools and they can buy one platform, and using that, you can address your IAM requirement.
There is another element I’d like to highlight here: If you look at application onboarding onto IAM platforms, traditional approaches that were first to deploy in an access management solution, whether it’s Okta, Microsoft, any solution you pick up, and then you onboard your thousands of applications onto that access management platform, then you need to repeat the same story with the IGA solution. In the IGA tool, you deploy, and then after, you do the same thing. Then, the third is when you deploy the PAM solution, you lose the access management solution; again, the same story needs to be repeated. It’s not just time-consuming, but it’s also cost-intensive, and that’s the problem which we are solving with the help of convergence of IAM solutions onto a single platform — what we call compact identity.
You know, it’s really interesting because it’s almost like the definition of insanity—doing the same thing over and over? It’s like, “OK, we just went through our integration of x number of systems through our access management platform. Now, we’ve got to do the same thing for IGA, and now, we’ve got to do the same thing for PAM.” Maybe there are things that you’re doing through SIM integration for analytics, etc. I think it’s an interesting point you bring up.
One of the things you mentioned before was this as-a-service model, and I think we’ve seen a lot of organizations that have expressed a desire to move away from on-premise-type solutions, and even if that on-premise really means virtualization, they want to go to something as a service, so maybe we can talk about what you have seen from your perspective when it comes to an as-a-service model.
The as-a-service model started catching a lot of momentum in the past five, six years. When I was working at Ernst & Young as a partner, we decided to build the entire cybersecurity-as-a-service model, and the reason for building up the as-a-service model was because it cuts down the time to deploy the solution. The time to value is one of the core drivers. The traditional model will require you to buy the tool. You need to buy the infrastructure, deploy that, and the amount of time it takes it for any large organization, like the procurement cycle, etc., to be able to deploy, test and then roll it out, all of that can be cut short because you have the base solution available in the SaaS model.
But apart from that, there are two other reasons I’ll mention, which are very prominent, which are driving this as-a-service model. First of all is very easy upgrade and maintenance. In identity and access management, you might remember that deploying a particular version of the product is just the starting point of your journey. Very soon, you’ll find the product vendor will come up with the next version. Then, upgrading from the old version to the new version is a full-blown project. It’s changing not just the product, but also all the integrated application we need to take through this entire journey, and where you need to retest all of that. This had been a constant pain in the industry.
The SaaS model, or as-a-service model, actually takes away this major pain where as a vendor, we can upgrade and put in the new version and new feature functionality without breaking the entire continuum of integrated application onto the system. So, it lowers not just the operational cost, but also some of those implementation failure you can avoid — and the team and the talent which is required to upgrade the system, all that you can get rid of.
Then, the second most important factor which is driving as-a-service model adoption is the operation-from-anywhere, or you can call it as driven by the pandemic, the cloud-first or mobility-first kind of initiative, where there is a clearly defined business need, where we need to enable our employees, the contractors and business associates to be able to access the system from anywhere. From the cloud-adoption perspective, having this as-a-service model brings a lot of facilities, because you can bring the IAM discipline to all the SaaS applications. The identity and access management controls can be applied to all those SaaS applications seamlessly, and that’s the main advantage why people are adopting an as-a-service model approach.
I think one of the challenges that I’ve seen with the as-a-service technologies that are out there, especially if they were not originally designed for as-a-service, is that the feature parity is not exactly there between an on-premise solution that might have been there historically versus the SaaS version of that product. A lot of times, we see organizations that have customized a lot of their on-premise solutions to meet particular business needs, and when you start to shift into the as-a-service model, you have to figure out how you can adjust your business processes to meet the capabilities that are available in the new versions of those products, because it may not be as customizable as you might be used to.
I’m curious as to what your thoughts are on that kind of feature parity that we’ve seen between different vendors that are out there, and maybe they’re not quite exactly the same, but maybe good enough is good enough for now, and what your experience has been in that specific area around features.
I think this is a very strong observation which you have. The way I would like to define it is that there are two kinds of products which are there in the market. Some of the legacy products, when they found that the cloud-first strategy is being adopted by the majority of clients, they upgraded the new feature functionality to support the cloud, and then there is second category of products, which are cloud-native — those are the products that are born in cloud — and there is a very clear-cut difference you will see as you implement those cloud-native solutions.
They adapt to various different feature functionalities and the cloud services seamlessly, but there, you are trying to patch on those additional features just to make it compatible with the cloud. There, the implementation and integration pose several challenges. I would strongly recommend that organizations looking for the as-a-service solution should look at whether the product vendor is cloud-native or whether they are trying to get onto the cloud as an aftermath.
Yes, that’s a really good point. If it’s OK, I’d like to pull the discussion back to the industry vision, or where the industry is heading. You talked about that in terms of the convergence of IAM, and where I was introducing from was taking that view of how the industry has gone through consolidation phases, and then that created opportunities for startups to fill niches and specialize and become a best-of-breed solution. I think that’s a good backdrop for this question, which is what we just saw recently was this major purchase by Okta of the Auth0 platform and building out their capabilities. Plus, we see Okta building out capabilities around identity governance and privileged access management. We see that with other vendors as well. I’m picking out Okta primarily because of the recent acquisition.
I’d like to get your feedback on that, but another trend that I’m seeing is a lot of platforms, like the Microsoft platform, building out identity management as a component of that. Salesforce, ServiceNow is doing the same thing, where they’re building out their IAM capabilities and saying, “Hey, you can just come onto this platform and use all of our IAM tools as well.” Arun, what are your thoughts on the Okta Auth0 acquisition, and then where do you see the industry going as a whole? Is it more toward that? Are we going to see the cycle again where we see a consolidation, but it creates opportunities for other vendors?
Yes. These recent market dynamics are actually proving our point, which we had been actually trying to bring up since many years ago — that converged IAM is the future of identity and access management. If you look at the recent report published by Gartner in December 2020, they actually published this IGA market guide. There, they have very clearly given the market prediction that in the next 24 months, by the year 2023, more than 45% of new IAM deployment will be asking for a converged IAM solution. That’s a very big statement, because in the market, people are now realizing there is a fatigue. They don’t want to buy those niche products separately. They want a single platform where all the solutions are baked in.
The recent acquisition by Okta, it actually confirms this market trend that traditionally, they had been very strong in the market on the access management side, but now they are seeing that the IGA and PAM, if they bring both of that into their portfolio, they can address the new set of requirements which are coming in. If you look at the approach of CyberArk and many of the other IAM players, they are also trying to expand from their current domain. Like PAM product vendors, they are trying to move into IGA and access management.
Likewise, the IGA vendors, very soon you will find they will also start moving left and right, hoping to start getting into access management and the privileged access management space. One of the core points which we feel a little bit positive about is, there are two ways by which you can actually build this converged IAM story: One, what Okta is doing, like acquiring the different products, and then either you do the preintegrated solution, which you present to your client, or maybe you sell each of these solutions separately to the client, so from a customer perspective, it will be a single vendor from whom you can buy all these products.
However, the way we look at it, the true convergence is where you have created a product right from the beginning; the entire codebase is a single codebase which is addressing the access management, IGA and PAM requirements together. There are several advantages in doing so, because you are not looking at it as three different products, but it’s tightly integrated right from the beginning, and some of that risk analytics data or identity analytics data which you require to pass on from one tool to another tool, that all can happen seamlessly. So, we still feel that clients will look at the difference between the stitched converged IAM solution versus the true converged IAM solution, where we are right now positioned as a market leader, and we created this entire solution from the ground up.
Talking about Microsoft coming onto the platform, or the other players like Salesforce, I think those are also corroborating to the same point that convergence is a big trend in the market, number one. Number two, the entire space of identity and access management is so very hard that many of these large packaged-solution vendors, they are realizing the client demand and adding more features and functionalities to be able to cater to those customer needs.
I’d also like to add to your list ServiceNow and the new features, capabilities — what they are bringing onto the market. They are also conforming to the same trend that even though it has started as an ITSM tool, since clients are putting in the request for access management, etc., why not service that request directly. And from that perspective, they are bringing the IGA capabilities into their ITSM tool. So, many of these overlapping capabilities which will be coming up in the market simply define two trends: One is the convergence; another is that IAM is pretty hot. It’s a huge investment people are making into this area to address this issue, and both of them are really good from the IAM professional’s perspective.
Yes, I think it’s really interesting when you talk about the platform, how many organizations that have ServiceNow don’t also have Microsoft or also have Salesforce, and so if you’re making the pitch that, “Hey, pull it all together,” you still have this heterogeneous environment. Unless you’re a very small organization, you still have this heterogeneous environment that you need to connect, so it is somewhat challenging, but I want to bring you back, and I’ll throw this up to you, Arun but also to Jeff, around the Okta and Auth0 acquisition, because I just find it fascinating.
I think we’re going to see the impact play out over the next few years. Jeff and I are in the consulting space, so we get involved with a lot of product evaluations with our clients and product bake-offs, and it’s just surprising how — or maybe not surprising, but it was just happening so much that Okta and Auth0 would be finalists facing off with one another in product evaluations. They have a different story to tell: Okta is — my perspective was it was a tool built from the UI, a system administrator tool for doing identity access management, whereas Auth0 was the developer tool, where you needed to be able to go in and look at the code, and there are a lot of code samples that you could play with and things like that.
Turning all that into a question, what does Okta need to do, now that it’s made the Auth0 acquisition, to make it successful? It’s got to be more than just they run as two separate products forever. Otherwise, they would’ve been better running off on their own. What do they need to do? Do you have a perspective on that, or is it just sit back and wait and see? Arun, why don’t you take that one first?
My feeling is, Jim, that I would say that we should wait and watch, because Okta has actually acquired multiple different tools with some overlap in their capabilities, so how they are going to create a homogenous solution and integrate all of them together to bring the capabilities for their end customer will be something which will be really interesting for us to watch. Also, treating each of these products separately and bringing the benefits, if you add licensing cost, it goes very, very high, so it would be really interesting. I prefer to reserve my comments and see how it shapes up in coming days, because it’s not just Auth0 but also the other very recent acquisitions — what they did for IGA and PAM. OK, let’s see how all of that plays together.
That’s a great CEO answer, for sure. You know, the way that I would approach it is, I’m not a CEO, but my two cents would be, I think you have to take a look at the different markets that they’ve traditionally served. So, Auth0, like you said, Jim, has been more developer focused, and I think Okta has been seen more as an enterprise inside-the-firewall-type tool for employees, but they have been making inroads to the customer side of things — or maybe it’s outroads. I’m not sure if it’s inroads if you’re talking about customers in that case. But what I would probably look at is, in the short term, nothing changes, right? They’re two big companies. They’re going to have to navigate the different technologies and integration where it makes sense so that they don’t disrupt customers of their own, but long term, it strengthens Okta’s API situation and gives them a more developer-focused capability within that regard. And then at some point, there’s going to be a lot of overlap, because they do a lot of the same things.
So, a year from now, or maybe it’s two years from now, which API are you actually using? Is it an original Okta one, or is it an Auth0 one? At the end of the day, it doesn’t matter as long as it’s leveraging whatever it is you’re trying to do. I think it will be interesting to see how it works out, because they’re certainly not the only ones making waves in that space. We’re coming out of Oktane, which was their yearly conference. They announced PAM capabilities in the privileged access management space, they announced IGA, identity governance capabilities — but a lot of those stuff isn’t really coming until next year, so they made a lot of waves with announcements, but this isn’t anything that’s real until it hits the market, and that’s not slated until, I think, Q1 of 2022, so we’re still a ways away. And, as always, the devil is in the details.
What does that actually mean when you’re saying you’re doing IGA? What does it actually mean when you’re doing privileged access management? Is it going to be as full featured as something like a CyberArk, which is kind of the dominant player in the space? So, I think it will be interesting to see how it works out, and I think this drives toward where I wanted to take the next question, which was around investments in the IAM space, because as we see organizations start to look at different platforms, sometimes that means making an investment in that platform and divesting from existing infrastructure or tools that they might already have.
I’m curious, Arun, from your perspective, a couple of questions: What are you seeing from that perspective of investing in new platforms and new tools and trying to build that converged IAM capability where it makes sense. And then, from a market perspective, do you see any differences in the way that the US has been approaching those types of scenarios versus maybe what’s been taking place internationally?
Yes, so this is a standard question, and the way I would like to answer that is, there are a couple of standard drivers for investment in the IAM space that are universal all across the globe, like regulatory compliance, and the audit and compliance needs are standard across the globe, whether you look at America’s industry-specific regulations, and the same way in Europe: the GDPR, the government regulation. Each country has their own regulations, so that’s one of the primary drivers for IAM investment.
Apart from that, some of the new drivers which have come up are like digital transformation, and especially in the American market, many of the organizations, they are going through digital transformation, and this has created a very different need for looking at identity and access management, primarily because they want to handle the user experience and the user-consent management and all those associated single-user IDs, and a whole lot of that experiential input, which they want to handle differently, that’s actually driving, in a big way, the adoption of identity and access management.
The other area is risk mitigation, and the overall maturity of the security cannot be achieved by keeping things manual or semiautomatic, so without having an identity and access management solution deployed or without making this investment, you cannot get to the modern cybersecurity architecture. IAM solutions are driving identity-centric analytics like behavior analytics and those kind of things which you can bring into the picture, and using those identity-centric or behavior analytics, you can identify the indicators of compromise early on, and you can feed in more enriched information to your security operation center. And, based on the risk associated with the transaction, there are different levels of authentication which you can provide. So, risk mitigation is a big, big driver for IAM investment.
Now, looking at the geographical differences, I would say in the US market, digital transformation is one of the core drivers apart from regulatory compliance or operational efficiency, but in the EMEA market, it’s the bring-your-own-device, or mobility, trend. That’s also creating a major push toward adoption. In the APAC market — primarily because of security concerns, because there have been so many different breaches which happened, so, just to prevent cybertheft — that’s the core reason, and the government regulation, as I mentioned earlier, those are the drivers for investment in IAM.
That’s interesting that you finished off with the security driver. We hear from clients now that they’re looking at a zero-trust model. So, it used to be that we would ask, “Have you looked at zero trust? Is zero trust on your plate?” I’m wondering, is that a driver that you’re seeing as well, where clients are actually saying, “We are tracking toward a zero-trust framework,” and I’m wondering, are you designing your solutions or your messaging around the zero-trust framework and using converged IAM as a way to achieve zero trust?
Of course, yes, zero trust is definitely pretty hot in the market, and I’ll quote the recent survey done by Okta: It self-indicates that more than 60% of enterprises are working toward introducing zero trust into their environment. In our experience, Ilantus being a global company, when we interact with clients in Southeast Asia or Europe or in the US, we find that zero trust is one of the common elements which people are asking about. If you look at zero trust, primarily, it is pushing the entire requirement. We are a never-trust-always-verify model toward continuous authentication.
So, I would say that gone are the days where clients are happy with onetime authentication. Now they are looking for continuous authentication to be able to boost their overall maturity of cybersecurity, and if you look at the core requirements of a zero-trust framework, where people start with creating separate zones and then identifying their high-value assets into the most secured zones, you require them to continuously monitor their traffic, which is going in and out, and who are the people who are accessing those high-value critical assets? The traditional approach of having this login ID/password, and every time you pop up and people need to log in, enter those passwords, or if you have taken the authen credentials the first time and then you are playing it again and again, is not going to help at all.
One of the roadblocks for zero-trust adoption is the password. That’s where we are actually noticing that there is a new trend which is catching up in a big way — the passwordless authentication — and this is primarily bringing cryptographical techniques to be able to pass on the credential and handle it in a manner where without involving the user at the back end, you can do it in a more secure manner and then enable the organizations and the businesses to be able to deploy the zero-trust solution.
We here at the Identity at the Center podcast have a strong disdain for the password, and so you’re hitting on a lot of good points. So, let me put it to you like this: Finish this sentence: “The password is dead, dot-dot-dot.”
I would say the password is dead, and it’s time for you to upgrade your identity and access management solution. I’d strongly recommend people try out passwordless authentication, and try it out for a pilot set of users first to see how delighted they are in terms of their experience, and then you can roll it out for the rest of the users in your organization.
That’s a great answer. Passwordless is one of the few technologies where you can improve the customer experience and improve security at the same time. So, let me pass this one to Jeff: Jeff, “The password is dead, dot-dot-dot.”
Again? I’ve been hearing the password is dead for the last — it seems like five, six, seven years. I don’t know anybody who doesn’t want to kill the password, but we’re still stuck in this mode of organizations having not made the investment in their IAM platforms to be able to support that, or they’re just starting to get into it. Hardware cycles can be very long In an organization — you may have a three- or five-year laptop refresh, or hardware refresh, and maybe people are just now getting into things like Windows Hello or the Touch ID on a MacBook. There’s always the mobile option, but there’s always been hesitancy to allow people to use a noncorporate device to do corporate-type things. I know BYD is out there, but sometimes maybe there isn’t a good mobile device management plan in place, so I’ll believe it when I see it.
I hope it comes sooner rather than later. It’s a fantastic feature when you’ve got it enabled for your organization, but yes, let me know when it actually is real in the majority of organizations, and not just the folks who are trying to be cutting-edge.
I know we’re coming up toward our time for this conversation, but before we go, I wanted to one, thank you so much for joining us, Arun. Are there any final pearls of wisdom that you can drop on the folks that are listening here, or for Jim and me?
That would be great. If we can get a link, we can certainly include it in the show notes so people can check it out. I’m always interested to hear what the thoughts are around it because it is a no-brainer until someone has to spend some money to make it happen, and hopefully, that will take place sooner rather than later. Jim, any final words of wisdom for us?
Yes, two things for me: First, my answer on “The password is dead”: The password is dead — no, it’s not, but the problem is that a lot of the core information security issues that we face will not go away until it actually is dead, so is it going to be five years from now, we’re still laughing at the statement “The password is dead,” or is there going to be a great movement toward — and it’s really on the B2C side where it’s the biggest problem. It’s the things that face the internet even more than it is on the corporate side.
So, that’s my number one comment on this. My number two comment is, we talked a little bit about the space, and we talked about evaluating IAM solutions, and we have the CEO from one of the companies — and I’m not saying this just as a service to him, but overall, I think the approach that most organizations take when they’re evaluating IAM solutions is to look at like the Magic Quadrant, for example, and say, “We’re just going to look at vendors in the upper right.” My perspective has always been that that is a guideline so you can survey the space and know who’s in it and who has the most complete solution.
All that information is valuable, but all the organizations that are within that realm, even if they’re in the lower-left quadrant, it doesn’t mean that they’re not good solutions and that they don’t fit a certain use case that you have, right? All those solutions are in business because they fit a need for some organizations, and so I would encourage folks that if they’re going into the product-evaluation phase, they set their field of vision as widely as possible to evaluate organizations or evaluate IAM products that are maybe not in the upper-right-hand quadrant. That’s the only thought, because if you open that field of vision, you may find something that is actually the perfect fit for your particular circumstances.
That’s a really good point, and I think a lot of times, organizations get their blinders on and they follow Gartner’s gospel. They’re a great research firm, but they’re not the be-all, end-all. There are really, really good products that are in the Gartner Magic Quadrant in any of them. There are also really good products that aren’t rated because there are certain thresholds to even be considered in that kind of analysis. So, take the time to do the research. Take a look at what’s actually important to your organization — what are the capabilities and services that you need — and make the right choice for your organization based on that kind of knowledge. I think that’s a really good advice, Jim, so I appreciate that.
With that, we’re going to go ahead and close it out for this week. Arun, we appreciate you being a part of this. Jim as well. You can visit us again at the show at www.identityatthecenter.com or on Twitter @IDACPodcast. We’re always open to LinkedIn connections and messages that way if you’ve got ideas for the show. Feel free to connect with Jim and me. Arun, I’m going to assume that you’re open to connections as well on LinkedIn. Is that right?
Great. I’ll include your information as well in our show notes that people can check out. Then with that, I hope everyone is staying happy and healthy, and we’ll talk with you all in the next one. Thanks.
Thank you. Thanks, Jim and Jeff.