KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Success in digital business depends largely on meeting customers’ ever-increasing expectations of convenience and security at every touchpoint. Finding the best strategy to achieve the optimal balance between security and convenience without compromising on either is crucial, but can be challenging.
Success in digital business depends largely on meeting customers’ ever-increasing expectations of convenience and security at every touchpoint. Finding the best strategy to achieve the optimal balance between security and convenience without compromising on either is crucial, but can be challenging.
Hi, welcome to our webinar today. I'm John Tolbert, Lead Analyst here at CO and Cole. And today's topic is a winning strategy for consumer identity and access management. And I'm joined today by Rob Otto, principal architect at Ping Identity. So a little logistics information before we begin. Everyone's muted centrally. There's no need to mute or unmute yourself, but we will be taking questions and doing answers at the end of our period today.
And you'll find a questions blank in the go to webinar control panel, and you can type questions into that blank at any time during our presentations, and we'll take them at the end. We're also gonna do a couple of polls near the end of my time today, and then we will look at those results right before we start the q and a. And we're recording this, and both the recording and the slides should be available in a day or so. So about the agenda, again, I'm John Tolbert, Lead Analyst here at kuer Goal.
I'm gonna start off by talking about the challenges in cm and then how the identity fabric approach makes the most sense for cim. And talk about some trends that I uncovered in recent research, especially around the need for identity proofing and fraud reduction. And then I'll turn it over to Rob. So the challenges, What are some of the obstacles that we hear about in so far as organizations being able to successfully roll out cim, You know, the way it really needs to be.
First up, we often hear about insufficient API exposure, which means it's can be hard to support some legacy applications. You know, early generation CIM solutions. Were not necessarily focused on exposing APIs and interconnecting with other applications, but fortunately that's changed in the last few years. We also used to see identity and marketing analytics that were strongly tied to the CM platform.
You know, one of the main motivations for deploying CM is to be able to collect information about the consumers so that you can, you know, with consent, you know, do marketing and hopefully increase sales revenue. But if all that information's locked up inside the CM platform itself, then it is not as useful as it could be. It effectively in that case, kind of becomes a silo with on-prem solutions, you know, early generation CIM solutions in some cases we're just kind of extensions to B to E or workforce I am solutions.
And, you know, in order to scale something like that, it would require, you know, procuring new servers, provisioning the applications to run on that. And you know, that could become problematic. You might wind up building for a large scale of it and then have a, a lot of leftover capacity most of the time.
So, you know, scalability with on-prem solutions could have been a problem. Also, early on we saw mostly weak authentication methods. Unfortunately, we still see a lot of username password authentication today, but the options are there for better authentication services. Consent collection and management is the challenge always has been, you know, especially since the advent of gdpr. But now we've got different privacy regulations all around the world and, you know, making sure that your CIM solution can handle and, and work in those various environments is very important.
And lastly, we've also seen evolution in the licensing or subscription costs. Were, you know, again, kind of in a client server model we'll talk about in a minute, that was always server based, but now we're, we're seeing more emphasis on licensing per user, you know, per time period, which seems to help quite a bit with planning escalating. Cyber crime is also a driver in this market, something that's, you know, becoming increasingly problematic.
We have both account takeover, fraud account opening, fraud account takeover fraud as you know, using breached passwords or guest passwords from brute force or attacks, sometimes credential stuffing attacks where information has been gathered from previous breaches and then, and then used against multiple websites. You know, accounts that are taken over can be used to drain those accounts of money or whatever value they have in them. On the other side, we have account opening. This is where, you know, fraudsters use PII from real individuals to assemble fake accounts.
You know, maybe they get this information from school work or health records that are exposed, and then they can be used for major financial fraud, mule accounts, moving money around, you know, for illegal purposes. The two best mitigations for this multifactor authentication and risk based authentication for ATO fraud and strong identity proofing and registration. And then other periodic times too for account opening fraud. So let's talk a bit about identity fabrics and how it relates to consumer identity and access management.
A little history I think is, is good to kind of put this in in context. You know, back in the client server days, think the 1990s, these systems were monolithic.
You had, you know, this deeply intertwined data, business logic, access control mechanisms, and even the user interface itself were all sort of tightly bound in an application. Then, you know, moving forward into the two thousands, we, we used to talk a lot about service oriented architecture here.
You know, we began to decouple things such as the user interface because of the rise of web and mobile. This app still need access to data, but then various services within that were sort of splintered out. They could be run on different servers, they could still address the same data sources, but this was, you know, the beginning of sort of fragmenting the architecture to make it more modular. Here in the last few years, microservices have become, you know, the predominant way of delivering identity and security solutions.
And, and this is I think a, a really great architectural decision to go in because you can develop multiple user interfaces. All the various constituent services can then be run, you know, containerized orchestrated. It's not really dependent on the hardware and it can draw multiple of different types of data that could be kept in sync in various ways.
So, you know, over the last 30 years we've seen a move from client server to cloud computing, which increases scalability as well. So what do we mean by microservice?
You know, we move from, you know, hardware at the lowest level using virtualization technology on top of the hardware hypervisor. This is kind of the basis of cloud architecture. There's communication between the various components, you know, multiple instances. This is where we run the applications and we have orchestration technologies that allow, you know, the increased scalability, load balancing and connection of disparate services.
And we're really transitioning from, you know, looking at just the hardware layer for scalability all the way up to using different kinds of hardware, different VMs and orchestrating application interactions and even different and, you know, complex types of data flows. So how do we do this? Kinda keeping in line with the identity fabric, What we mean by identity fabric is, you know, those various microservices, but they need to be able to connect and talk to other microservices and different, you know, data sources as well.
So a CIM solution, we'll often come with, you know, various connectors to third party services. You know, this will include scripts code api, API authentication, and generally transport layer security too. What are some of these connectors or, you know, some vendors call them integrations. There could be connectors for public IDPs.
You know, most companies that are using CIM solutions don't necessarily want to be an identity provider themselves. So they leverage other identity providers in the marketplace. Depending on the type of use case, even though you may have, you know, decentralized or other identities you use, you may need to collect additional attribute information. So there may need to be call outs to authoritative attribute databases. There are identity proofing services and fraud reduction intelligence platforms that CIM solutions can offer connectivity to.
And again, depending on the use case, you may need to connect your business to employee IM system with your CIM system as well. Consent and privacy management often, you know, the basics are sometimes very good consent and privacy management solutions exist within cim, but if not their third party consent and privacy management solutions and your organization might need a connector for that.
Then there are other apps, you know, common SAS applications, crm, customer data platforms, and then those analytics, you know, to be able to get the data out of the CIM solution and into the data analytics platforms that your organizations use or prefer. So this is what I mean by connectors. Another reason why the identity fabric sort of exemplifies, you know, what's good about being able to connect various and disparate services to your, your CIM platform. This is another way to visualize the identity fabric.
What we're showing here on the left is sort of the, the different types of identities that can be encompassed, which, which has grown too. You know, in the olden days we might have mostly thought about people user IDs, but you know, now it's, it's, it's a much bigger picture. There are the consumers, business customers, business partners, administrators, and then we have to think about the devices that they originate requests from as well.
And then i o t, you know, connected cars, smart home automation, different kinds of devices have identities that need to be associated with the consumer customer identity often and even software itself, applications, bots, you know, there are good bots, not all bots are bad, a lot of them are. And, and over on the right, you know, what are we trying to connect them to, you know, SAS applications, partner applications on premises applications and other kinds of devices. So for this, we need standards. We use identity federation, APIs, APIs and SDKs.
And in the middle we see, you know, broadly speaking, you know, capabilities that need to be present to do this connection between the user and the resources that they need to get to capabilities, you know, cover everything from registration and identity proofing and fraud reduction, intel to, you know, granular authentication, authorization, passwordless au authentication, identity and marketing analytics. Lots of different actual capabilities that then need to be instantiated as specific services or microservices.
And here we see things like, you know, the user self-service, Porwal authentication, a risk engine that takes into account lots of different attributes, the ability to export that data, and then how does that actually get turned into something real. This the technical architecture, here's the way, you know, microservices, running in containers with orchestration, using various communication standards and, and really trying to run the gamut from, you know, handheld mobile devices, applications in the cloud and i t devices.
All these things need to connect with oftentimes, you know, legacy IAM session, IAM systems and, and other kinds of line of business applications. And again, this is where support for standards is really key. So not in any particular order, but kind of summing up, you know, what I think is important about the identity fabric for cim, what the benefits are.
First up, you know, modular upgrades, you know, you can upgrade a identity fabric based CIM platform. Let's say you need to upgrade authentication services, maybe you wanna offer a new type of authenticator. It's easier to add that capability if it's microservices identity fabric based, cuz you don't necessarily have to wait for, you know, a massive system upgrade that requires a lot of downtime. It's something that can be added, you know, almost on the fly kind of following the, you know, the agile methodology.
It can be more scalable, like I was saying, you know, the cloud style architecture for, you know, auto scaling up and down in response to load, you know, can represent a big cost savings as well. You know, if you're not building, buying and maintaining dozens and dozens of servers, you know, for let's say one time events where you have, you know, giant, giant web traffic for sales or something, you know, annually, but you can scale up as as needed. You can certainly save money by moving to an identity fabric type of architecture standards.
You know, standards are, are very important to ensure interoperability between your CIM system, Im if needed and all these other lines of business applications. You know, there are things such as saml, o idc, open, Id connect, oau, you know, and then, you know, sys log for connecting to security systems.
You know, making sure your CIM solution supports all the relevant standards is, is definitely important as well. It can be distributed, you know, you can have different, if let's say your organization is a, is a large multinational and you've got multiple brands, you know, with different IT teams supporting each of those, then you know, having a CIM solution that's modular and fabric based allows you to set up delegated administration between, you know, the different parts of your organizations.
Cyber crime prevention, having connectors for identity proofing and fraud reduction intel platforms. Being able to add those and then factor that into the risk evaluations, you know, that meets your organization's requirements is something I think is really best served by this identity fabric approach. I mentioned agility, you know, this does align with the, you know, the overall DevSecOps, DevOps kind of methodologies that are out there and extensible.
You know, organizations often need to add specific functions, you know, things that you might not wanna wait for an upgrade to a big monolithic system if you just need to add capabilities, you know, using standards and, and the microservices approach. You can do that with many modern CIM solutions today. So what are we going here for happy customers, first of all, that will hopefully lead to increased revenue, increased cost savings, more effective use of the data that's collected and also compliant with regulations.
You know, again, with different privacy regulations and also financial regulations that organizations are responsible for complying with. Again, a optimal CIM solution should take the identity fabric approach and be able to provide these kinds of benefits. So wrapping up here with a little information about what we've recently discovered in our research around cim, you know, a lot of the CIM solutions have lots of good multifactor authentications, strong authentication capabilities that are not really being widely used by customer organizations.
Instead, we still see lots of password use, which, you know, generates additional insecurity. We see an increased focus not just on the consumer side, but you know, the customer, the business customer side. Government agencies use CIM to interact with citizens, taxpayers, you know, and kind of going along with the, the fabric approach, you know, most organizations today really do wanna leverage APIs to get information out of CIM into their own data analytics tools that they prefer to use.
We have seen an increase to the number of CIM platforms that link with identity proofing solution providers because the demand is there outside of just AML anti-money laundering and know your customer regulations and examples, hospitality where like short term rentals, they want more information about the, the prospective renter increased use of remote onboarding applications.
This is, you know, to get a bit of higher identity assurance at the time of registration generally uses, you know, a mobile app that takes a selfie and can match it with driver's license or passport or other authoritative documents. IOT device identity management is, is really proliferating. There are so many use cases and this is a very important and, and will continue to grow in importance. Use case for CIM consent management kind of varies by the vendor API availability.
CIM vendors are, are really now not only marketing to like say the, the CMOs or CISOs of organizations, but directly to the developers. And that's because of the, the capabilities around API integration. But unfortunately, you know, like thinking about the password situation and lack of use of mfa, there's still lots of cases out there where customer organizations are not really making the most of what's available in CIM today. So let's finish up my part here with a couple of poll questions.
The first question will be, so which of the following are the main motivations that your organization has for implementing cim? Is it mostly to improve the consumer experience or is it about improving security? And we'll give you a few seconds here to fill that in.
Okay, thank you. And the next question is, what's the biggest obstacle you face in deploying or upgrading cm? Is it budget? Has it been, you know, not agreeing on the goals between the business side and it, is it difficult to integrate applications, legacy apps in particular? Scalability in managing the CM solution or lack of customizability that you may have found or lack of API integration? Great. Okay.
Yeah, we'll take a look at those results at the end before we start the q and a period. And just a reminder, if you have any questions, feel free to put them in the, the questions box in the control panel here. And with that I would like to turn this over to Rob.
Cheers, thanks so much, John. Hello everyone, my name is Rob ato, I'm a principal architect and also m CTO at Ping Identity coming to you from our London office on a sunny but rather chilly day here in the, in the uk.
So what I really want to do today is, is just to pick up on, on some of the themes really that, that John has shared and, and really just talk about how, you know, we are, we are seeing a lot of the same things that at Ping identity and I just wanted to talk about some approaches and sort of, you know, product offerings that, that we have that that could potentially help help customers to, to move forward with what they're trying to achieve with, with SI programs or projects.
So I think the first thing that, that we really see, and and this for us is quite key, is the, so we say the connection between great experience and being truly successful with digital propositions, with, with digital transformation. Now we've, we've seen some, some studies which have suggested in ROI of, you know, even up to sort of a a hundred to one, you know, a hundred dollars back for every dollar that you invest in improving your, your customer experience.
But even if you go beyond, you know, sort of a pure financial analysis of, of why you, you might want to do this, you know, I think it's very clear that there's, there's definite benefit in terms of making your customers, making your consumers enjoy the process of interacting with your business through your digital and also your, your physical channels.
So, you know, while obviously we are very keen to ensure that we're focusing on security and ultimately providing the right security is part of a good experience, we want to make sure that, you know, we, we really are offering that best in class experience to, to consumers as well. Obviously, you know, again, as as, as John has, as John has pointed out, there's a, you know, there's, there's quite a, there's, there's definitely a benefit in better understanding and better insight into your customers and into their behavior that that, that you get through implementation of, of Siam.
And for, for us, it's really all about, you know, how we build digital journeys and how those digital journeys help us to get to that better insight, better understanding about our customers and about their behavior.
So, you know, if we look at the, the sort of the initial steps within that journey, starting from very early on in the life cycle, you know, where you have a prospect who comes in to start out interacting with a digital site, digital property, and then goes on to creating an account and updating their profile, This is really all about getting to know who your customers are, starting to starting to understand what they like, what they don't like, what it is that they they're trying to get from, from your business.
And then obviously as they interact with your, with your services on an ongoing basis, it, it's really about building that stickiness, building that loyalty, you know, understanding who they are, what they can do, and making sure that they, that they keep coming back to, you know, to interact with, with your business more. And, and obviously there's a, there's a very fundamental link here between those journeys and those experiences that you are presenting to, to your customers and the underlying concept of customer, customer identity or the underlying concept of digital identity.
So you can't obviously provide a good experience if you don't know who you are providing it to. And, and there's obviously a lot of different capabilities or a lot of different, let's call them identity processes that play a role as we move through the various stages of, of that journey.
So, you know, and, and we tend to classify these things as as follows, when you have an anonymous party who is interacting, just browsing a website detection capabilities are very important. This is starting to understand who it might be. Is it a bot? Is it potentially a malicious actor? Could it be a legitimate new customer or is it maybe somebody that you think you know already but they just haven't authenticated themselves yet? And it's really important to gain that insight into who it might be so that you can do various things.
You can improve security, you can improve performance by getting rid of bad traffic. You can start to maybe tailor things and customize things if you, if you know that it's, you know, it's potentially good traffic. We move then into the, when this individual decides that they want to actually become a customer, what are the verification steps that we might need to go through?
There's a point that John made earlier around the sort of rise of, you know, e k yc identity verification solutions and how they're starting to really become relevant outside of, you know, financial services, particularly with the need to remotely on board, remotely register the majority of of people needing to have those verification capabilities there is very important.
Once of course they've registered, they, you know, they will create a profile, a set of preferences, a set of consents, pretty much everything that you need to know that you need to collect about that individual that you need to share with downstream systems. Occasionally with partners, of course, always governed by their consent. And it's really important to, you know, to have those profile capabilities there talking about, you know, logging in, coming back time and again to, to use your services. And there again, you know, a wide variety of different mechanisms that can be supported there.
You know, again, John has shared what what is a bit of a frustration for us here at Ping identity of just how, just how much reliance this still is on, on antiquated authentication mechanisms like usernames and passwords when we have far better passwordless alternatives available today. But, but really it's about having that broad range of authentication options so that you can meet your customers where they are and provide each one with with, with what they're familiar with using. And then obviously once you move on from that, another really key set of capabilities relates to authorization.
How do you run those policies just in time, you know, using just enough information to give each user access to the things that they should be able to access both from a functional and from a, a data perspective as well. So again, lots of need for customer identity and various different customer identity processes or services underpinning these journeys. But of course, if you can, if you can sort of get this right and, you know, sort of mention this a little bit at the beginning, the the impacts or the implications for your business can be, yeah, can be quite tangible.
So the initial stages around I identifying those customers and, and bringing them on board, it's really all about making a good first impression about, you know, wowing them with the digital experience that they, they really like using and they want to continue using. And, and the benefits to the business there are, are, are twofold in terms of in the first place boosting customer acquisition.
So the process of, or the journey from prospect to registered user, as we call it, from unknown to known is, is obviously something that that can have a real impact on the, on the bottom line, particularly if you have processes that are causing, you know, potential new account holders, potential new customers to, to not complete the process.
And, and I think that, you know, when we look at certain segments like retail for instance, or e-commerce or any of those kinds of things where there's a, there's a real possibility of a, an unauthenticated or an anonymous customer deciding to abandon a transaction because of a poor identity experience, because of a, a checkout or registration experience that is too onerous or that that introduces too much friction. And again, you know, abandon shopping carts, abandon transactions obviously have a, a very real negative impact on the bottom line for organizations.
Hence, you know, wanting to, wanting to lessen that. The, the benefits. Then on the, on the other side, obviously once you, you have your users signed up and they've, you know, they've, they've registered for an account, you want to provide them that really good ongoing experience and experience where you have simple and convenient login options, you know, where you have, you know, easy to use self-service, where you have good integration across applications and services, single sign-on integration with chat bots and help desks and, you know, all of those kinds of things.
That's all rarely just about, you know, increasing that, that loyalty with the customer, increasing that stickiness, which ultimately over time is, is going to help growing revenue, you know, additional share of wallet from each of those customers as they, as they keep coming back.
So how do we then sort of look at this from an, from an identity perspective, I guess, and in in terms of, you know, what is the, what is the balance that we need to strike between this great experience that we've, we've talked about versus obviously keeping things secure, obviously protecting not only our customers, but but also ourselves. And, and again, you know, this, this sort of maps back to a, a set of underlying identity capabilities.
And I think if we look at the, if we look at the way that we view these, these capabilities and we look at the way that each is used to, to support the customer journey, a couple of things stand out to me and a couple of things sort of tie back to, you know, what John was talking about earlier relating to the identity fabric concept and related to the, the sort of the microservices based architecture that we're, that we're looking at. What is really key here is firstly to have a mechanism that allows us to incorporate the different services that we need at various points in the journey, right?
So fraud detection, risk management, identity verification, these are three examples of, of what we might want to integrate into our, our process. But there, there are two sort of important characteristics I would say about, about doing this. And the first is that we need to or maintain flexibility in terms of exactly how we carry out these checks, right? Not everybody is going to want to use the same fraud detection capabilities and not everybody is going to want to use the same identity verification techniques or, or vendors or solutions or, or, or anything else like that.
What's more organizations want to maintain agility in terms of which vendors they do use so that they can do things like, you know, in an agile fashion exchanging one identity verification vendor for another, or perhaps using a, a cost-based routing mechanism to use a, you know, let's say a cheap identity verification user for lower value customers or, you know, perhaps change the, the vendor that you use in, in certain geographies, right?
So a lot of need for flexibility and the ability to build a, a best of breed architecture that could leverage, could leverage these capabilities from any number of third parties with, with, in such a way that you remain agile and you remain free to sort of pick and choose and move around without tying yourself into any particular provider.
And, and this I think really does go very much hand in hand with the, the identity fabric idea, the identity fabric architecture that John has spoken about, the idea that you need to have essentially a capability that that brings together these capa these, you know, these these different identity services, but does so in a way that gives you that flexibility, gives you that agility and doesn't tie you into any sort of monolithic platform more or monolithic implementation of these things.
The second thing that, that is really important here and, and particularly when we look at things like authentication and multifactor and, and all of these kinds of processes, going back to a point again that, that John made around how a lot of the earlier attempts at sign platforms really were just using existing BTE identity platforms and trying to repurpose them for si And the thing for me that that really stands out there is that you need to be very careful, particularly in the consumer space, to let your identity and access management capabilities underpin and power your user experience without becoming the user experience.
And I, and I think that this is not necessarily always the case within the B2 e world. I think in the B2 e world, we are a lot more comfortable with and a lot more accustomed to more friction in the user experience to user experiences that, you know, sort of forcibly take control away from the application, you know, force redirections to other places, present UX that is, that is clearly not always on brand with the app is not always consistent in terms of the look and feel in the customer space in order to, or the consumer space in order to provide that really good experience.
You, you can't afford to do that. You need to be putting control of the digital experience fully in the hands of those digital experience teams who own that end to end customer experience. And you need a way through an identity fabric, through orchestration of backend services to bring various different identity and access management capabilities to bear to support that flow. And I think that that, that really does become, does become very important in the, in the Siam world.
So, and, and of course this, you know, this has been, been mentioned before as well and I think from the, the previous slide sort of hinted at at this two is that there really are a lot of different integration points that are, that are needed. We've spoken about potentially integrating into third party providers for things like fraud and risk and verification and, you know, even authentication and mfa you really want to be able to pull together a, a best of breed journey that gives you agility and flexibility in terms of which partners and which providers you, you work with.
And, and there again, you know, you you, there's, especially if you're working with modern platforms and modern vendors, you're, you're likely to have good coverage in terms of, you know, API integration in terms of, of microservice based solutions where you can use, you know, just enough of it just when you need to. But there's also a whole variety of, you know, what we call business and marketing services or what we might call IAM adjacent types of services platforms, applications and APIs that, that you'll need to integrate your, integrate into your, your fabric.
And this is obviously those customer facing applications and channels that need to consume services from the identity fabric and those can be other supporting functions or capabilities such as analytics, you know, such as, you know, even managing customer communications, email campaigns, all of those kinds of things. All of which again, really do need to, to be integrated with the, with the identity fabric. So a and again, you know, there's, there's quite a broad integration landscape here and the, the possibility in a lot of ways to almost get bogged down by that, by that integration.
And so if we then look at again, some of what, what we've heard and what we've learned over the last few years from, from our customers in terms of some of the, some of the blockers or some of the inhibitors towards being able to be truly effective in Siam, truly agile in terms of building a great customer experience. These, these are some of the themes that that that often come up.
So, you know, in terms of integrations, in terms of the complexity that those integrations can introduce, you know, particularly if you are trying to do point to point integrations of different providers into a a legacy IM platform, you know, you can end up supporting, you know, vast amounts of custom code, which of course reduce your agility and make it harder to upgrade. You obviously looking at, you know, time to, you know, time to deliver value through how much it costs to develop, how long it takes to develop.
And sometimes of course you end up with, you know, sort of very hard constraints or blockers in terms of not being able to even connect to those legacy systems because of a lack of modern integration tooling across those systems and across the the IM platform. I think that the, the other thing that we, that we tend to hear, of course, is that a lot of the time we can encounter internal friction within the organization that that holds innovation.
And this is often due to, you know, not really knowing exactly what the optimal experience could be for customers not having the tooling or the capabilities to be able to analyze and optimize those experiences as you go. You know, lots of people arguing internally based on opinions rather than based on data, you know, getting stuck in endless design meetings around how we should change things and not really knowing how, you know, what the best outcome should be.
Knowing that every change that we make results in, you know, yet another three month sprint before we see any, any results, you know, so ultimately that lack of agility, that lack of ability to, to use modern tooling, to work collaboratively, to solve problems and to move quickly can be, can be a real blocker. And, and again, you know, I think the, the next thing there is, you know, in roadblocks to being, to being able to add new capabilities that could boost engagement, right?
And this, this really is almost a, you know, a net effect of the, of the previous two problems in that the machine kind of gets gummed up, if you like, with all of the, the sort of the low level technical things that need to be done in terms of integrations, in terms of how hard it is to change UX in terms of how hard it is to integrate applications and services, how hard it is to analyze behavior of customers, understand what they like and what they don't like and, and what is, what is ultimately driving them to abandon, you know, or to, to stop coming back.
And so this is where, you know, we, we really believe in an approach that's, that's based on orchestration, that's based on a, on a no code platform with a, you know, with a really scalable microservice based integration framework underneath it.
And again, these are, you know, sort of really the benefits that we see in terms of driving innovation, in terms of reducing a lot of those blockers to making progress obviously in terms of reducing total cost of ownership through better efficiency through lower infrastructure costs, needing fewer development resources to deliver these experiences, a preference for SAS delivery, obviously, which lowers costs further.
And then of again, using the concept of the secure digital journeys to really, you know, get that great balance between security and experience that that, that we're all trying to, to achieve. And, and if we then sort of take a zoom out a little bit and, and talk more at the, the sort of the level of, of what it is that we are, we are trying to achieve in, in Siam these days, you know, around the need to, to do fraud detection, the need to do identity verification, and then obviously the sort of the traditional, the traditional access management or traditional SIAM types of capabilities.
We rarely do have a need to be able to weave those capabilities together in order to build these seamless experiences. And again, for us at Ping, we see orchestration as the key capability that allows you to do that, that allows you to, you know, use fraud and identity verification capabilities, either delivered natively out of our platform or delivered from any third party together with access management to, to really to really, you know, build those, those experiences.
How we do this, again, through orchestration with the ability to integrate multiple tools, you know, pre-built library of hundreds of integrations into all of the, all of the services that you might want to use within your journeys. No code editor, visual journey designer that you can use to drag and drop your flows to visualize them, to test them.
And, and then obviously a collaborative environment that you can use to allow different teams, different stakeholders to build a common understanding of the flows, to see how they work to sort of make changes together to optimize them with, with built in AB testing, built in analytics or the experience to the opportunity to use external analytics as well.
Again, from an identity verification point of view, you know, we have, within our platform we have native identity verification capabilities that can be used, but again, because of the open nature of the platform, you know, you can incorporate third party identity verification vendors as well in a way that is transparent and seamless to, to your customers. And then obviously the last, the last sort of area just to, just to dive into there, or second last area actually is, is of course fraud detection.
And, and here fraud detection is really around understanding behavior, understanding endpoint behavior, understanding user behavior, using it as a way to filter out or identify potentially malicious behavior. And then use that as a way to, on the one hand, ratchet up the friction when you determine that the, the, the traffic is likely to be fraudulent or likely to be risky, but even more importantly, allowing you to reduce the friction when there is no risk.
Well, when there is a very low chance of fraud. And I think what a lot of customers have told us is that, you know, it's, it's quite easy to take a very broad brush approach to fraud and end up really putting off legitimate cut customers in the process. And I think one of the, you know, one of the most common examples of this is using something like capture too frequently within registration and and login processes.
And then again, that's not to say that all of the traditional c i m capabilities such as registration, you know, authentication and signon MFA and user management aren't, aren't important. Obviously those need to be there, but your orchestration platform, your identity fabric again needs to allow you to or incorporate and orchestrate those access management services as it as it makes sense. So the last thing I'll say before handing back back over to John to go through the results of, of those polls, I'm very interested in the results.
I'm quite glad I didn't have to submit my own answer to those, those polls cuz I found myself wanting to, you know, wanting to click every option on both of them. But, but, but really just to, just to sort of summarize again how we at Ping, you know, really do see the benefit of the identity fabric architecture, the idea that in order to provide a truly great experience for your customers, you need to have a set of capabilities powered by user experience orchestration that allows you to bring in, you know, all of the both IAM and non IAM capabilities and services that you need.
You know, whether it's the the best of ping that you want to use our own built-in services to enable these various different capabilities or whether you want to use the orchestration capability and the underlying integration framework to build a best of read architecture using, you know, whichever set off third party providers you prefer. So I think that's just about my time up, so I'm gonna stop at that point. Thank everybody for listening and, and hand back over to, to John at this point.
Yeah, a lot of good insights there. I had a lot of things I was thinking about adding, but we've, we've got a lot of good questions here. So let's first dive in and take a look at our poll results. That's interesting. That's very interesting. Yeah. Main motivation.
Yeah, that's, that's kind of where I would put it. I mean I would, I guess I'm glad to see an emphasis on consumer experience, definitely, but, you know, improving security, I think improving security and improving the consumer experience can kind of go hand in hand too.
You know, there's, there's value that consumers perceive when they believe that the site they're interacting with is both doing their best to secure the transaction and provide the right level of privacy. So next one, here's the obstacle, There we go. Hmm. Business versus IT alignment. Hmm.
That's, that's interesting too. It's good to know that budget is not a problem as, as often we might have surmised any thoughts on this Rob?
Yeah, I I I, I do actually, I'm, I, when I saw this poll, I've, you know, if I, if I'd had a hope as to which one might come up with the, with the highest percentage it, it actually would have, it would have been that one because I think we've all, we've all seen it. I mean certainly, you know, if you've, if you've spent any time in and around these kinds of implementations, you, you do tend to see this coming up a lot where the business, well I would say the business has very clear goals about what they want to achieve.
The business does have clear goals about what they want to achieve, but they don't always know how they want to achieve it. And they are often not very good at explaining what it is that they want, but they are very good at telling you if what you've built them is what they don't want.
So, you know, having the ability to, to find a way to involve them a little bit more during that process, work together and then hopefully avoid the, you know, come back three months later and you've built the wrong thing kind of, kind of scenario is always gonna be good. Yeah, definitely.
Okay, so let's look at these questions. I got a lot of questions and oh, and thanks everyone for participating in the polls.
First one, well there are two that are kinda similar. What are some of the better authentication methods and what are the better passwordless methods?
You know, I'll say yeah, I definitely prefer anything passwordless. I mean for a lot of reasons, usability, security, you know, Fido is a good standard. It's been around for quite a while now. Has quite a bit of support.
You know, there's lots of different authenticator types that can be used with Fido. That's certainly a preference I believe out there. So yeah.
Better, better equals passwordless in my book. Thoughts Rob?
Yeah, abs, absolutely. I mean, you know, knowledge, I i I do way too many talks on, on, on the failures of, of using knowledge as an authentication factor. Knowledge is not absolute right?
It's, it's something that you may have known at a particular point in time, it's not something that you're guaranteed to know forever, right? And it's also not something that, that somebody else can't know is, is kind of the problem there. So the thing that I love about Fido, particularly when it comes to platform biometrics is that it's a, you tend to get a, a good combined bundle of possession and inheritance that that is, you know, accessed via single gesture from, from the user and is very intuitive.
So for me, that's gonna be what you want to do pretty much all the time. I mean, look, if you're logging in from a mobile device, that mobile device is highly likely to support, you know, I built in platform authenticated, to me there's no reason to ever do anything else. And you know, there there are, there are other things that you can, that that you can do.
You know, push based is still, is still there. It gets bit of a bad rap because of some of the, the recent, recent attacks that we've seen, but again, still massively better than just using a, using them at password.
Yeah, yeah, I agree All the way. Yeah. Pla use the platform authenticators don't send me texts, I get, Don't send me texts. Absolutely.
Yeah, that has a lot of problems associated with it too. Let's see, statistics between good impression, consumer loyalty and another one very similar statistics on friction and the impact on customer experience.
You know, I think that's a great question. I don't have the stats myself. I think that's probably something that would be better collected on the CIM solution provider side, but I'll I'll let you address that if you want, Rob.
Yeah, absolutely. I mean we, we do, we do have, we do have some, I might actually, while I'm, while I'm talking, just quickly see if there's some, if there's a, a couple of notes that I could, that I could pull up somewhere that, that that kind of tells me, tells me what they are.
Yeah, I mean, so, you know, and again, we, we obviously commission a lot of, a lot of studies ourselves at, at Ping Identity and we, we, you know, rely on on what, you know, others such as, you know, Analyst firms such as Scoop and Jaco come up with user experience 53% we, we see feel better when using MFA to sign in. That's actually lower than I would've thought. 60% of consumers have abandoned a service because of concerns about how their data is used. And this one is really interesting. Up to 56% of us have ditched an account when they become frustrated trying to log in.
So there's definitely, you know, there's definitely a lot of statistics there in terms of, of, you know, sort of not only, you know, not not only security or perception of security, but, but customer experience as well. We will have a lot more material on, on our website with these, with these kind of statistics as well. More than the ones I've just been able to put my finger on in the last two you, Let's see, maybe time for one or two more. What's a practical use case and scope of fraud management in third party user management?
You know, I think I, I guess I would point to that's identity verification. Identity proofing is one of the, the six pillars that I identify for fraud reduction. And I think for a third party user management, that's, that's where it sort of plugs in here.
You know, being able to get the right level of identity assurance upfront and then, you know, as needed, you know, maybe by regulation periodically. And any thoughts on that one, Rob?
Yeah, you know, I think that, well when, when we look at, at at third party, third party user management, obviously that is one of the, typically one of the tougher things to, to get right within, within the high am and you definitely do want to combine it with a, with a sort of a risk and fraud strategy that, that sort of protects your business, right?
Because on the one hand, there's definitely a, a tendency and a temptation to offload the management of, of, of third party identities, particularly if they're, you know, something like business customers or business partners to the organizations that, that they work for or to the IDPs that have, that have authenticated them, but you don't have any security controls over those IDPs yourself, right? So, you know, the idea of I guess sort of trust but trust but verify there adding, layering as many sort of raw fraud and risk signals as you can into that journey.
Just to, just to try and decide if, you know, even though a third party has, has authenticated the identity, you still want to do something different, additional idv, you know, your own MFA challenge or something like that. Yep. Completely agree there.
Well, that brings us up to the top of the hour. Thanks everyone for joining today, for taking our polls. The recording and the slides should be out in the next day or so. Thank you to Rob for your content today.
Any, any parting words Again, just from my side, big thank you to everybody for taking the time to join. Thank you to yourself and KuppingerCole John for hosting. It's been an absolute pleasure.
And yeah, look forward to further discussions with, you know, any of the, the participants if they, if they'd like to reach out, Definitely just let us know. Thank you. Thanks everyone. Have a good rest of your day. Cheers. Thanks so much. Bye-Bye.
