Upgrade to Ping's Cloud: Save Time & Money,
Improve Security

Three business challenges likely drive your migration decision and upgrade to Ping's cloud:

1. Hiring, Training, and Retaining Identity Expertise When 30% of Your Team Will Quit This Year

   • The brain drain is real, meaning IT professionals and leaders like you need to focus your top talent and resources on the most value-added and rewarding activities for your business. Spoiler alert: Infrastructure and product operations are NOT the best use of your limited resources—your team should focus on adding value in experience management.

      

2. Strategic Focus on Speed, Vendor Consolidation, & Cost Optimization

   • Organizations spend between $50K and $300K annually on data center storage, maintenance, and upgrades. Leveraging managed hosting of any digital services, wherever possible, helps achieve operational efficiency and allows you to do more with less. 

      

3. Keep Up with the Increasing Threat Landscape; 26,448 Software Security Flaws and Counting

   • The number and type of identity attacks grow daily. Since IAM is the front door to your business, when these vulnerabilities come out, you need to quickly analyze the threat, run an impact analysis, and mitigate the danger. Keeping up with the threat landscape generally halts your other business operations.

Managing and hosting your Ping software requires three general areas of responsibility, as illustrated below.

An overview of three general areas of software management responsibility indicates that product and infrastructure operations are 95-100% identical across companies.

You need somebody to do your administration configuration, which we call “Experience Management.” These folks design the user flows, manage users, applications, secrets, certificates, and policies, and validate testing. 

You also need somebody to ensure “Product Operations” run smoothly by promoting across environments, managing custom integrations, understanding base configurations, and managing installation/upgrades. 

Finally, you need somebody to manage your “Infrastructure Operations,” including backups, CPU monitoring, and networking. This person is especially critical when you have a production alarm in the middle of the night.

Because we work across the spectrum of global enterprises, we have noticed that this top layer of “Experience Management” is unique to each business. But in the bottom two layers of “Product Operations” and “Infrastructure Operations,” 95-100% of your organization’s steps are identical to those of any Ping customer running that capability. Most of Ping’s customers say these bottom two maintenance and operations layers consume about 40-60% of their resource bandwidth.

A description of the three general areas of software management responsibility, showing that Ping takes over management of Product and Infrastructure operations

Taking advantage of Ping’s cloud translates into three key benefits for you:

1. Reclaim Your Time—Free up to 40-60% of your team's time to support your business by tackling other value-added projects. When you move to Ping’s cloud, we take over the responsibility and accountability for those “Product Operations” and “Infrastructure Operations” areas. Your team can focus on strategic efforts that improve the experience of your workforce and customers.

    

2. Reduce Your Total Cost of Ownership—Save significant IT operational costs without compromising support for your challenging use cases. Your cost of operation is much lower when you consume it as a cloud service from us compared to somebody having to build and maintain everything from scratch.

    

3. Improve Your Security Posture—We ensure you’re protected effectively with the latest automatic bug fixes and upgrades and optimal cloud security postures managed. Based on thousands of existing customers in our cloud, we build in best practices for cloud security and software configuration. Automatic upgrades also mean that, without any effort from your team, you’re taking advantage of the latest versions with bug fixes and new security features.

    

We can help put together a more detailed analysis of how much cost savings you’ll experience by moving to Ping’s cloud. Talk to your account executive for a business value calculation.

Deep dive into the case for moving to Ping’s cloud in this webinar I hosted recently.

We offer two cloud options for you: our multi-tenant SaaS platform, PingOne, and our dedicated tenant SaaS platform, PingOne Advanced. 

• PingOne: This multi-tenant SaaS offering allows you to deploy fast, get rapid value, and use it extremely simply and easily. It's great because you onboard quickly, start using the multi-tenant service, and get up and running fast.

   

• PingOne Advanced: This dedicated tenant SaaS platform offers all the benefits of hosting but also grants enterprises much more control in the cloud, whether that control is central to security compliance, data residency, or networking. These controls are often required for enterprises in regulated industries like financial services and health care.

Still trying to decide which is right for you? Check out this blog post to help you decide.

Both PingOne and PingOne Advanced provide you with the same benefits as detailed above. And all of our core platforms are integrated with our universal services, which you see at the top of this graphic.

An overview of Ping’s Cloud Solutions where Multi-tenant Saas and PingOne are in one box and Dedicated Tenant SaaS and PingOne Advanced are in another box. Across the top are universal services icons with labels that say MFA, Authorize, Protect, Verify, Credentials, Orchestration, Identity Management, and Governance.

The universal services bring you best-of-breed capabilities in the cloud and encompass MFA, authorization, threat protection, identity verification, digital verifiable credentials, orchestration, identity management, and identity governance.

These capabilities augment your existing IAM core services, and we offer this entire suite of services to help you create enriching and secure experiences for your customers, workforce, and beyond. Click here for a summary and full list of capabilities available in each of Ping’s cloud offerings. 

While Ping’s cloud requires a financial investment greater than your current software-only licenses, the return on investment comes from business value captured in three areas:

• Hardware infrastructure savings

• Maintenance & operations savings

• Business agility from accelerating the launch of new IAM services to more applications

Most customers break even on their initial investment in PingOne Advanced within 6-10 months—in other words, the investment should pay for itself within ten months. And when you look out at three years, we typically see a 200-300% return on investment.

Below is a typical project resource map. Assume the black line refers to your average IAM bandwidth on a day-to-day basis for operating your existing Ping software.

To make you the IAM hero of your cloud migration, Ping has three essential acceleration toolsets that streamline the migration process, minimize downtime, and maximize efficiency, ensuring a seamless transition to the cloud.

Configuration Accelerator

Speed. Discover. Drive. The Configuration Accelerator includes a library of standardized best practice configurations tailored for cloud environments. By leveraging pre-configured settings and templates, you can expedite the deployment, eliminating the need for manual configuration and reducing the risk of errors. This makes cloud deployment more rapid while ensuring adherence to industry best practices and compliance standards and discovering new capability offerings.

Deployment Accelerator

Automate. Validate. Heal. The Deployment Accelerator involves frameworks and tools designed to automate the deployment process with capabilities such as Terraform and Continuous Integration/Continuous Deployment (CI/CD). Automate environment promotions, audit changes, understand your state management, remedy inadvertent changes, and leverage drift correction through this accelerator toolset.

Migration Accelerator

Discover. Assess. Migrate. The Migration Accelerator helps run a discovery, connects to and analyzes your self-managed software, and then gives you confirmation translations to automate deployment. It supports phased migration approaches and includes a library of just-in-time migration flows that make the change over incrementally while minimizing disruption to business operations. Track the progress of migration activities and ensure compliance with migration objectives and timelines.

See Ping’s Cloud Acceleration toolset datasheet.

Navigating the complexities of migration necessitates expert guidance and support. Ping's experts offer invaluable insights and assistance throughout the migration journey, from initial assessment to post-migration validation. We will develop tailored migration strategies aligned with your unique business objectives, ensuring a seamless transition and maximizing ROI. Our commitment to your success extends beyond migration, encompassing ongoing support, optimization, and innovation, fostering a collaborative partnership centered around your mission-critical Ping tech stack.

Honeywell, a Fortune 100 company, had a successful experience upgrading to PingOne Advanced, according to Davis Arora, Senior Director of Cybersecurity on the Honeywell global security team. In a webinar called Increase Efficiency: Migrate Your Ping Software to Our Cloud, Arora describes himself as the “one throat to choke for identity” and shares how Honeywell leverages Ping Identity for authentication/authorization for both their workforce and customer revenue-generating apps. As of 2022, they had ~1,000 applications integrated with PingOne Advanced.

The company had several drivers for moving its Ping software to Ping’s cloud. The biggest C-level and business stakeholder concern was to improve resilience and redundancy and to support customer revenue-generating applications and services with 99.99% availability. Although it was not impossible, the security team previously found it challenging to avoid outages for upgrades and patches and sometimes experienced outages due to dependencies on other on-premises services. Additionally, they wanted to solve the problem of resource constraints on the SSO team by forgoing bug fixes, patches, upgrades, and in-depth knowledge needed to keep the on-premise software live, available, and meeting business stakeholder demands. Another major driver was that they simply wanted to get out of the business of hosting such a critical service in their on-premises global data centers.

One of the biggest challenges was overall change management across the business. Honeywell has four distinct business groups in aerospace, building technologies, performance materials, and safety solutions. This means that the global security team caters to the diverse needs of each business group, each with its own specific set of products, services, and customer base to ensure that global identity services are scalable and flexible enough to meet their specific requirements. In preparation for this migration, the Honeywell global security team partnered with all their application teams within each of the different businesses and enterprise IT to understand their needs. They used those requirements to streamline their standard code patterns and intake forms for application owners to easily onboard apps and enroll their apps in centralized, adaptive risk-based MFA services. They delivered these instructions with significant training that helped application owners understand how they could have modern IAM services and higher availability, redundancy, availability, and security with MFA everywhere.

Honeywell took a phased approach, spinning up and down different levels of support with migration for different application teams, depending on their expertise or support model. In just 90 days, they got the environment up and ready for production. Starting in January 2022, they stopped allowing any new applications to be onboarded to the on-premises PingFederate environment, and instead, all new applications were onboarded to PingFederate in the PingOne Advanced environment. Since then, they have migrated 700-750 applications previously leveraging the on-premises service. They also put in place an enterprise-wide request for application owners to integrate with the SSO service every time they roll out a new app to the enterprise or customers, making it easy for applications to deliver seamless authentication services using integrations like Windows Hello for business.

Honeywell completed their journey in 2022 by deprecating the on-premises PingFederate instances. The next evolution for Honeywell is currently around cross-connecting specific technologies to build a Zero Trust ecosystem, leveraging PingOne DaVinci as that orchestration layer to effectively deal with device, network, and user validation continuously.