Recently I read a blog post by Nick Crown, Director of Product Marketing at UnboundID. He talked about “Bring Your Own Identity” which he thinks is more groundbreaking and disruptive than BYOD (Bring Your Own Device). I would say yes, there is a value in BYOI, but:
- this is definitely not as groundbreaking and disruptive as BYOD
- this is only a small piece in a much larger puzzle and it definitely will not end with a two-tiered identity infrastructure as proposed in Nick Crown’s blog post
- there’s definitely no need to introduce yet another marketing buzzword and acronym like BYOI
Certainly, just like every other vendor’s blog, posts like the one by Nick Crown are driven by the wish to position the company as “the primary vendor” in the specific area. But the question from a customer perspective (and from an analyst perspective) is: Does it really make sense?
So I want to focus on the three points above:
BYOD is one of the trends which are fundamentally changing the way we need to do IT, as well from the system management as from the information security perspective. It is about moving away from device-centric security to information-centric security approaches. That is a massive change, much bigger than any around identities. BYOD is directly related to the big changes we commonly call Mobile Computing and Consumerization of IT. And it relates also to the “Deperimeterization of IT”. BYOI (when defined as the user bringing its own identity) is, of course, related to big trends such as Social Computing. But it isn’t as new as some people claim. Federation as one approach to deal with this has been out for quite a while and is still evolving – look at OpenID Connect, recently awarded a European Identity Award by KuppingerCole for being the best new standard.
BYOI is much smaller than BYOD in its impact because of the second point mentioned above, something we at KuppingerCole have been talking and writing about for a pretty long time now. The reality is that there will be multiple identity providers. This is about things like trust frameworks, about concepts like claims, and about the need to become flexible enough in the days of Identity Explosion. It is about gaining the ability to deal with multiple pieces of information provided by different providers, instead of one provider or two tiers of providers. There will be many different types of Identity Providers – and they are already here, in fact. What changes is the ability to deal with these providers. That is about federation, about claims, about concepts like IDMAAS (Identity Management as a Service) the way Kim Cameron has presented it in his keynote at EIC 2012. However, it is not that much about directory services or technical synchronization. The fact that someone brings his own identity is just a little piece. And more important than accepting a BYOI ID is the ability to accept many different providers and to convert them into other IDs once the type of transaction and interaction with the individual requires such a conversion.
I’d also recommend you have a look at our report “Life Management Platforms”, which is available for free. This report explains a concept which will fundamentally influence the way we deal with “own identities”, which then really could be something you’d like to call BYOI, even while it is not only about bringing but also about controlling.
So even with Life Management Platforms, there is no need for the BYOI buzzword. It is not mainly about bringing your own identity (and, by the way, a Facebook ID is anything but an “own identity” when looking at the Facebook terms and conditions), but about enabling the flexible use of different identities. So BYOI is far too narrow to describe the changes we see these days. And thus we really should avoid using that buzzword and focus on what really is changing around identities.