Companies that manage consumer identities and personal profiles have a bit more than one year left to comply with the new European General Data Protection Regulation (EU-GDPR).
A core requirement coming up with GDPR is that parties processing personally identifiable information need to ask the user for his/her consent to do so and let the user revoke that consent any time. Keeping an audit able trail of consent and revocation during the whole customer identity life cycle is a significant requirement not covered by traditional Identity & Access Management (IAM) solutions.
In this talk, we will have a look at what makes the difference between employee focused IAM and Customer focused IAM (CIAM) and what a CIAM solution needs to provide in order to help your organization mastering the GDPR (and PSD2) challenges. Some of the key takeaways will be:
Whether we deal with consumer, partner or employees within Identity Management: It all comes down to the relations the digital identity has. Most current IDM solutions are still driven by attributes and roles: If a matching role or attribute is assigned, access is granted (or a specific process is triggered). This works fine with a reasonable number of attributes and roles, but will fail in a mesh of connections to smart devices, things or other entities related whose might need to be enabled to act on behalf of the digital identity.
Attribute or role-based management of identities is like cinema in 2D: it lacks depth (and profundity). A more complete picture is available as soon as we embrace all the related and connected entities (people, jobs, roles, departments, timezone, things, current context), maybe even in a transitional manner.
A relationship can carry much more information than an attribute or a role, and combined with a semantic definition of the entities we would be able to build a truly 'smart' system, which can handle 'Things' rather than 'Strings'.
The case study
Our case study will describe an early IDM system driven by relations, which was already implemented 2008 at a large customer side. During the current re-design phase we are evaluating new processes, paradigm and technologies to build a smarter IDM.
Key Takeaways:
Data, People and Software security: how does them relate to the GDPR security principles? Our easy-to-use solutions provide transparent controls that can assist for implementing many of the security principles mandated by the GDPR. Security Operations Centers (SOCs) are feeling stretched as modern cyber-attacks are becoming more frequent, latent, and hidden. In this new attack landscape, network-centric security is no longer enough because threats come from inside and outside the network. Oracle Identity SOC is an identity-centric, context-aware intelligence and automation framework for security operations centers, backed by advanced user behavior analytics and machine learning to spot compelling events that require automated remediation.
