Panel at the Consumer Identity World 2017 APAC in Singapore
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Panel at the Consumer Identity World 2017 APAC in Singapore
Panel at the Consumer Identity World 2017 APAC in Singapore
So thank you and welcome to the stage. Think it'd be probably best if we just start with a random introductions, Don gonna start us off. Sure. Don tepo I have two identities, actually more. I lead a standards development organization called the open ID foundation and we develop open ID connect and a variety of other profiles of that standard of choice for identity management in the open identity exchange or a sister organization. We look at issues of governance and trust identity systems at scale. There's two roles.
One I did very much I'm Analyst with director of Asia Pacific I'm from Deloitte advisory advisory. My focuses on cybersecurity. I did the access management team for, for this region partner with you guys implementing, designing I solutions, but I'm leading teaching in Paris for great. So our title is about getting the most out of your CIA strategy. And I know several of you, a couple of different roles are working directly with customers utilizing consumer management systems.
So what would you say, you know, looking at the agility and usability, we've started trying to build a case here today already for, you know, putting a lot of primacy on the user experience. What, what do you think are some of the most effective tactics that customers can use to achieve their usability aims? The people who are deploying consumer identity management solutions.
I actually had a question that might that together, which was to act, ask Eric a security expert about what you heard from previous presentation is very the desire to make that engagement with the consumer as easy as possible opens up. So it's okay. Just wanna hear the two experts come back and forth. Okay.
I think, yes, we do see over the last two to three, I think we spoke a little bit about it. Last yesterday.
Session, the push for transformation is very strong for the last two to three years. The stakeholders that has been initiating the transf people are not necessarily people understand cybersecurity of trends. They have a lot more strong impetus to push forward transformation rather than to think about regulations or, or the trends of bridges. It's one factor that we have in a conversation. We have sin terms of scalability that is not so much about capacity as much as is for scalability to reach out different populations of customers.
So just not previous customer presentation, talk about scaling to prospects, customers, scaling to business partners, basically scaling to the whole and a lot of the conversations around revolving around that. But I think increasingly the technology has also catching up in terms of authentication that at the same time provides a pattern user experience. So it is not completely co in terms of the strategy. So about biometric metrics does improve the overall security posture of the system at the same time.
So you look at iPhone X, we known that in terms not the strongest is not twin compatible, right? So there's enough videos, but then adoption is still very good.
So, so I think there is a kind of catch up between security experience. At some point to user experience support. I think we user experience currently not. We need to user security between business needs and security needs it. Some is not just risky to exposes strong. Some data is so some actions are actually worth doing some strong. We had the tools to do actually a good context identification. We will be yesterday was the case yesterday. Everything was password or not today.
I, we can be more, some better user experience still taking, okay, can I, can I add something on that? I think there's two things we need the first is to enable assets come across several presentations to good user experience. And the second thing is to provide the security that the customers don't need. Don't know they need, they expect Alexei and organizations like that. Come in there to enable that to happen on the first point, which is the user experience. I've got a horror story.
I wanted to go to my bank to open a credit card capability so that people I could take people's credit cards for business. And so I go to the website and there's nowhere there that there's any way I can contact the bank to say, can I please explain how this all works? I ended up going to the white pages and called their min group and said, how do I do this? And they said, well, you have to go to a business bank, not regular bank.
I said, fine. Give me an appointment at a business bank.
No, you can't do that. You have to go to the bank and take a ticket and sit down and wait, you know, I'm an old guy and I'll maybe do that. The millennials won't they'll tweet. And they'll say, I'll go to this bank because that's the person that's got the, the experience. So we need to start thinking through, and please anybody turning up a website today, do a focus group, get in some customers, put them in front of your website, have them experience it before you put that out to the great unwashed. Okay.
We need to be much, much better when it comes to CIM breaking out of the old months, the outside in, I mean, inside out, we've gotta get that outside. Yeah. You had an opportunity to go to one of the Amazon concept stores. So in the us, Amazon has bought several large brick and mortar grocery chains. So the question is why would Amazon buy an invest in brick and mortar retail establishment? So they were, they're a member of our organization. So they took me to their store in the future.
And the user experience in their store is you walk into the store and you swipe your Amazon app on your phone. And then you shop. And while you're shopping, Amazon is watching you pick up things. It's calibrating, how long you're looking at that object, putting it down. And so as you shop through the store, you're indicating which things you'll buy. And then you walk up next day. The items that you purchased are delivered zero friction.
So Amazon is watching you look at each potential purchase, calibrating how much time and attention you're spending and it store the future allows for this frictionless experience. It takes what retail folks are always mindful of, which is shrinkage or shoplifting down to a bare minimum and allows the consumer to simply walk out of the store without ever having to check out because you've checked out as you've gone through.
And each time you go through the Amazon store, Amazon learns more and more about how you shop in addition to this massive amount of data that they already about who you are. And so that seems to be a view of the eCommerce experience, the future from both the marriage and online and in person user experience. So I found that fascinating to walk to the store and then walk out. And yet all of my, all of the purchases that I've made are there waiting for me by the time I get home the next day.
So I think that gives to me a sense of the, the intersection between the agility and usability of what we talked about in these strategies and still mindful security. And someone will say privacy. It is a particularly American experience, which is I've given my permission to Amazon to Provide this experience. So I would say it's definitely a fascinating experience.
You obviously it's good for Amazon and being able to like lots and lots of information about other things to sell you, then there's also a precondition about user experience that we're assuming here that companies want to provide that. But someone who spent 18 hours on plane game a day that can say most airlines are not that interested in your customer experience. So how can you use the information that's gathered to force other companies, other types of companies to start thinking about the customer experience?
Are there ways to differentiate that is what's doing that considered both in terms of privacy of GDPR. Do you see that playing out and being perhaps adopted by other people in the online retail space, or are they going to be sort of leading edge for a while? That type of experience?
Well, I think it exemplifies some of the tensions that we've talked about already today, which is this trade off between user control or privacy with security and the experience users keep vote with their feet. And the millennials are willing to in online bank to sacrifice personally identify information for a better experience. So we see time and time again, where that trade off. I think John, as you began, today's session where you have to remember what that bargain is when you become product.
If you talk to the Facebook folks and I do so on a regular basis, a member of organization, their view is it's a fair trade. That data about us is being exchanged for a compelling, personal experience. So they're not at all shy or regretful about that notion of who's the product.
And I think we've seen that again in, in the us where in credit bureaus, like the recent Equifax breach is that the hundreds of millions of Americans who were affected directly indirectly by the Equifax breach preceded by the Yahoo billion breach, is that it's really hard to make the case that that personally identifying information can be protected. It's hard to bring the horse back to the barn after the barn's been burned down.
I wonder Richard could tell us a little bit about the utility and how they address this whole issue of what, what did they give the well, it's not, it's not much the same, the same situation as Facebook that that's getting all the information. It can actually on that Facebook or, or other companies that just get the most data. They from the user, there is a at the beginning, but it's, it's not, the balance is not, is not there. You want to access you just, I agree. You don't understand to what extent your data is gonna be used. To what extent what data is, is actually being corrected.
And I guess if you ask people a few months after and you show them actually their service data testing groups, you show the data that the company has actually, you and people are getting get scared. They just want to sugar account. So I think with Facebook, they might not be shy about the data they correct, but I'm sure they're, they're ready to, to show their users all the data they have.
It's actually coming from France where privacy is something strong for, for many years, we were with the first privacy that to be the eighties or actually in seventies, determin what we have strong feelings about this kind data collecting. And, and to, to question about utilities, things I've seen in retail companies, how things are managing.
We, we, we have, they try to collect a lot of data. So you have, I think that's the same in the us.
Actually, you, you have this fidelity programs and they actually can know what's what you buy in the stores, what you buy online. I'm not sure every, every retail company is able to link physical users to digital users. And you are actually two users to every companies. And this Amazon experience that you before from, from company company perspective, there's no need to get all the data we can get. I think we have to, to, to stay conservative and cautious the data. Do we actually need this data?
No, just don't correct. It just don't store. It. Don't take the risk to being reached and leave that data that we actually do get some value out of it prove that we and test for, for a small bunch of users, that if we actually collect this data, we can get some value out of this. If we can prove this then, okay.
Let's, let's extend that to order the, the customer application that unless we can prove that I think it's, it's better to be conservative, not correct. The I'm sorry. I'm not very strong on, on pushing innovation through no approach it, please don't understand. I'm not advocating that. I'm simply saying that if we look at the internet ecosystem on a global basis, the accumulation of power accumulation of data is tremendous. And that's both a us phenomenon as well as a Chinese Alibaba on the marketplace operates in similar ways.
So in a perfect world, we would have the conservative view that you're espousing, but the realities of consumer identity, the consumer identity world that we live in is such that there's this there's this balance that, that we discussed material with the question from, from, from you a material answer, you can be competitive, even if you are not, even if you privacy driven it's it's. I tend to agree with the it's a false assumption that you are not going to be competitive. If your privacy, I think we really need to push on this.
Maybe it is wishful thinking, but I prefer that to, to just abandoning the idea of situation coming from a security perspective. I think this, when we kind of, I integrated security solutions, which in some sense, CIM solutions, this security solutions, right? Because the legacy is I traditionally solutions then to a business platform this day and age, we, we have two concepts terms of design. There is the action survey controls that provide assurance that data identity something secure. And there is a sense of security that we provide to the consumers, the customers, right?
So, so in organizations that deploy solutions that are so similar, transparent to, to the consumers whereby this at the technical level, where then there is almost very good level assurance, but at the consumer level, it gives them four sense, have no sense of spirit, right? So the consumers can push back sometimes and say that this is too, too frictionless. And not to the point where I'm not too sure whether you are handling the data responsible or internal to organizations. We have strategies that are failing. I think you can keep the data, massive amount of data.
You can deploy strategies to be, identify the data, to use it for a, without carry the risk of, of keeping personal identifying data for, for the long and that this, I think various strategies to move to that. But I think there's planned of giving the consumer sense of efficiency without adversely impacting all user experience. I think talking about GDPR, any consent, that which topic at the stage of wondering how to, to, to facilitate that consent, you know, giving a list of that checkbox, you may not pass the capture stage, not to talk about the company, right?
The consent form, kind of the pushbacks, the capturing of your prospects or the customers, then the regulation compliance versus business analysis, hot. Any questions for the audience? One question, ask this panel Analyst, most strategy we've been talking about some present about privacy of transparency, keep all that it's okay. That's really ground for processing the data.
Can, can you use such, just move privacy? So how other examples for, for innovation and agility, for example, for a, for the utility company, cause any other company where this information could really be used on that ground on, on a legal basis for creating change products, new products, change services. Is there something that, that our can take away from that aspect? I think is privacy product is highly important, but once this can be taken for granted, then other examples for one really matters to better for the, for the, for the company.
Examples, just if you throw the data, the data on a new basis, I comment on it was a very good point. The, the whole issue here is we want to drive new business and I know the utility that's doing just that, where they electrical distribution system and within the cm, they're providing the customer information that allows them to control what they're doing and significantly reduce their energy usage. So we need to start thinking now what new business does this information enable? Totally definition of privacy. I think we'll do both.
Yeah, actually I was gonna mention one very similar case from an energy company. They can share with the consent of the user, the, the, the, the energy builds the energy consumptions and share that with starters, that, that, that develop algorithm to try to optimize, to try to compare with similar, similar houses, with the same number of people, same number of rooms.
And they, again, they can scale you on against similar in the, in the bank sector. We also see lot feedbacks interesting in, in customer data and try to, to give actually, I, I love aggregators that bank regulators, that they can provide me comprehensive view of all assets within different banks, all upon base that can provide me advice on, on one to pay which bill cetera.
So, so, and this is, there is the two regulation coming into effect in Europe that forces some, some good practices, good behavior from both banks and certain around that. So, yes, there's definitely value. I think the value and the examples are very sectorized and it's, it's kind of hard to tell any company that, of course they have to, they have to understand what data they have, whether they can get out that or what data they can share with the consent of the user, to startups, that we have some ways, and maybe they can monetize these partnership with startups and they can get very early.
I think this is very industry dependent. Well, we're, we're time to us add on utilities where Graham may be aware of this. There are utilities, power companies that are trying to are beginning looking using cm for slightly different purpose.
You know, let's get your consumer information together. And then in this time of the year, you know, farther north in this, ATSE give those consumers more information about the fact that, you know, you're using more, more heating than you did this time last year. And your, your bill at mid month is predicted to be this amount by the end of the month, do you really want to continue using this space?
You know, it's about getting utilities, getting the information to consumers and they make the right choices about their own heating usage. So you can strap that or whatever, but, you know, giving people the more information helps them make better decisions that impact them financial too. It's interesting story in that regarded with some panel with Tony, Feldy the founder and CEO of nest a few years ago happened to be not too far from the announcement of Google at Google's acquisition from this.
And he was saying it was, was a remarkable ride because the acquisition happened and he was very happy, was very rich. But then within weeks of the acquisitions, all of his partners began to sever relationships with him, the GE and the utility companies, the refrigerator makers, the they also go, we're not working with them anymore. And he said, he said, well, why not?
He said, well, you're at Google now. And you're gonna be aggregating the data from all of our appliances. And that's hard. So we have this, this tension occurring across industries.
Now, when it becomes a matter of identity and thanks to this panel and.