Keynote at the Consumer Identity World 2017 EU in Paris, France
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the Consumer Identity World 2017 EU in Paris, France
Keynote at the Consumer Identity World 2017 EU in Paris, France
Good afternoon, everybody. I know it's getting late in the day. So I've got about 20 minutes to whi us through the very simple combination of harnessing Siam regulation, privacy, and customer inclusion. And I'm gonna try and do two things at once because I broke my glasses earlier today. So I'm gonna try and balance them on my nose and be less animated, or they will fall off. So I'm Katrina Dow, I'm the founder and CEO of Miko.
Miko is personal data platform that enables you and I to bring our identity and verified attributes and data via the API of me to share or exchange with people and organizations we trust. And what I wanna do is, is very quickly summarize some things that, that I think everyone in the room knows or expert in to sort of build this landscape around. What's changing in the Siam space.
And then I want to just at the end, go through a use case and stuff that we're doing with Microsoft and a good example of how we can start to build a bridge back in from individuals back into the enterprise, back into government, back into the organizations they trust. But first of all, three key ideas that, that I'd like to explore that relate back to the agenda. How do we start to develop new products and services that are customer centered and data compliant and privacy by design? Okay. So this is the, this is the whole framing around these regulatory changes.
So how could they actually create new value? Are there new business models that are enabled by this and, and from what we've seen in the last year or so testing use cases? The answer is absolutely yes, if nothing else just moving cost and fat from existing value chains and optimizing those. And most importantly, what I'd like to focus on is how we can actually partner with customers. And when I use the word customers, think patient, student, citizen, directly to create an advantage through these changes. So many of you are already aware of this study that was done in 2012.
It'd be really great. If before GDPR, this was done by Boston consulting, we see an update on this number in terms of the potential value to the personal data economy in Europe alone, 1 trillion Euro, six 70 flowing back to individuals. If we can get this trust and transparency, right? And then the other interesting side of it, which is the hidden opportunity from a business model point of view is bad data just in the us alone is costing about 3 trillion a year. So regulations, obviously driving this shift and with that comes new opportunities and new challenges.
And many of those things are being discussed. Everyone in the room is aware of what of these drivers are from a European point of view. I spoke very briefly yesterday. I've been spending a lot of time in the United States, and it's interesting the number of senior executives in fortune 100, 200 companies that are completely unaware that their global operations in Europe will be impacted by GDPR. So it's a very interesting time in terms of people just calibrating the potential impact of their immediate business, let alone the new new. So this leads us to this data paradox.
We have trust declining from a consumer point of view, whether or not it's because of the ride share company you use, or who's doing our credit reporting. And at the same time we want this kind of personalization. We want to be known. We want to be recognized back into a digital channel. I've had the experience this week through booking.com, which has really driven me crazy, but I signed into the platform. I booked Paris. I gave the dates. I signed out, I used credit card. And then for the last, I don't know, four days every day, two emails a day from booking.com.
Hey, why don't you book in Paris? So it's kind of like I've given trust and identity to be known in a particular channel. And then you aren't actually treating me as if I'm known. And now you're now you're actually trying to market to me in a way where the benefit of having signed in and trusted that information actually is to no advantage. So I think we have this, this tension that we have to sort out between these two extremes, which speaks to the trust and transparency. If I have trusted and provided that transparency, I want to know that there is something in return.
We also know that we've got some problems that just existing business problems right now, whether or not it's the privacy issue or data in silos. We're hearing every day from organizations that are doing the data mapping for GDPR every day, they're finding data in new places. And it's like, who would've thought we had customer information here or who would've thought that we had patient information here and you know, how do we get on top of just even understanding where these data flows are? We have this issue of diminishing trust, and then we have the cost of KYC and AML.
And obviously the regulatory changes, which create this new normal, and obviously access management is changing. We talked about this a little bit this morning on one of the panels. When you start to think about identity, being everything about our physical selves, the car we drive the smartness of our home or the thing we're wearing on our wrist. And we as professionals have known that we've been able to contain these things because we've been able to contextualize it. So we're doing this for an employee, we're doing it for a citizen. We're doing it for a patient.
We're doing it for a passenger. We're doing it for a customer. And in fact, we may find ourselves doing it for a person. This was in the news a couple of weeks ago, the Qatar aircraft that was forced to land.
You know, this story, a gentleman fell asleep, his wife unlocked his iPhone with his finger while he was sleeping and discovered that he was having an affair, there was quite a domestic altercation, which forced the flight to land. And so we have, we have these new perimeters that we need to be thinking about, okay, what happens when you fall asleep to this B metric and you know, can it get you into a lot of trouble? So the idea of where we put these access gates is really starting to change because all of those roles are blending into one.
And the value change that we find ourselves in right now are rapidly involving they are people, they are things, and they change with context. For those of you that are either members of Canta or, or, or familiar with this, we, we know that we are going from something that was quite simple around, say one context, like an employee, creating a perimeter to employees and partners, which meant that that perimeter is expanding to customers. Now we're losing that perimeter. We're now starting to look at solutions outside of that.
Now we're bringing in things and mobility, and then finally, here's where we're at right now, relationships we're in this really complex part of what relationships are about. So it's attributes context, and it's a stateless, Omni present ever happening environment. And that's, before we even connect in with AI, we also have this issue of friction and fraud. I want to be known by booking.com when I've signed in. I don't want to be known by them when I happen. So how do we find this balance between those two? And so what is actually required to make sure that we can unlock the value?
So when we think of Siam, when we think of customer or citizen identity, access management, there are three things that guide everything we design. We want to be person-centric. We want to make sure that the context is appreciated. And we wanna understand that the context, the content is framed around the context.
And so what we are trying to do collectively in this room is move from this value chain, where we had the customer, the patient, the student, the citizen, right at the end to this, which is much more complex, where we're in the middle, where we want to be involved in maybe many aspects of the supply chain, whether or not starting with a digital experience where we physically interact with something.
And then we complete that through a digital channel or whether or not we wanna understand the employment conditions where something is manufactured, or we want to, we wanna self create, or co-create part of the product, whether or not we're customizing it. And then deciding on any given day where we want that thing shipped. And so we have, we have much more complexity in terms of our involvement in that value as well.
And so when we think of the whole challenge from a Zion perspective, and, and this, this has been completely inspired by the work that KuppingerCole have been doing for the last couple of years with the Siam report is how do we find this balance between regulation and compliance identity and access management, the transformation of digital services and marketing and personalization, because the context changes around where we are putting the focus between those, those competing capabilities. And as that context changes, we need to understand what's appropriate.
And we really cannot see a way forward in the future to do this without involving the individual. Sure. So when we look to the future and, and we experience that as being now, we really think that the individual is the platform. So one of the things that we have a responsibility to do as vendors, entrepreneurs, technologists, engineers, ethicists, is to try and find this way of putting this perimeter or access management around an individual that creates the security and privacy trust that can then allow them to start unlocking value in their digital life.
And particularly when you think of a child born today that are gonna live an analog life, most of the things they're going to do will be digital, whether or not it's enrolling in school or their medical records, they'll never have a relationship in the way that I certainly have signing up for something and physically receiving things in the post. And so if we can find a way to do this, then what we believe is it creates this whole other market of opportunity where we can take verified attributes or trusted identity into a marketplace of value.
And this is what we're testing, and I'm gonna share one of those use cases with you around the value that can be created from this approach. The other thing is, you know, big data has helped with getting things either accurate or real time when you start to look at the surveillance model, but we know the kind of magic ingredient that a marketer wants or that a doctor needs is context and intention. And the problem we have right now is we haven't worked out how to get between this creepy, cool line.
If you are not doing it with me, I wake up in the morning and you've assumed all these things, and it's on my device. That's kind of creepy, but if you've involved me and I wake up in the morning and I'm part of that process, then maybe I'm experiencing that as a really cool service. And that's really where our focus has been in terms of starting to develop some Siam solutions that can work into connected enterprise. The other thing that we look at obviously is privacy by design is important and it's part of GDPR, but we also look at this idea of minimum collection for maximum value.
Can I ask a question instead of asking for data and the classic one, we all know is, am I over 18 or am I eligible for a service, but how can, can we start to think from an engineering point of view around asking the question that gives us the ability to provide a service without over collecting the data. So I wanna share with you a bank onboarding use case that we've, that we first developed independently.
And then we started to look at, okay, this is fantastic from an individual point of view, this requires you to decide if you want to use Miko as a platform, go out, download it, become a customer. We understand the friction associated with that. And so what we've started to look at is how can we build our technology back into trusted Zam platforms and actually enable this handshake from an API, which means there's great work. That's coming out from the enterprise through those technologies, and we're starting to lean back in.
And, and I'm also very proud to say that we are, we are looking at how we can support and contribute to the latest standard. And also the consent receipt work that's being done. So shout out Colin, if you're in the room. So the reason we decided to do this with the Microsoft identity experience engine is it's relatively new. It's just coming into general release. There is still a huge opportunity to contribute to the way that product is shaping. And so here is the use case. This might start as a call to action. It could be on Facebook, it could be on a bank's website.
So for the purpose of this bank, safe is an imaginary bank. And the actual use case was how do we start to, to do a really fast onboarding for a low risk product, like a, like a debit card specifically for millennials and the banks that we talked to that we, we tested this use case with both were interested in looking if there was value in partnering with telcos, particularly using the mobile connect API. So one of the things that Miko does is imagine where kind of the middleware theories, if you like.
So all of the little joining bits that happen between an, a connected enterprise journey where you may have say a bank and a telco decide that they're happy to invest in that handshake together, but they might not be interested in investing in connecting another part of the customer's life. What we focus in through the API of me is being able to enable as many of those connections as possible so that you can have this orchestrated seamless experience. So these aren't all of the screens, but this will give you an idea of some of the key parts.
The things that are missing in here that are absolutely critical is the value proposition framing and the consent. And so you have the call to action. And then rather than, and we tested this in ju two jurisdictions where it was possible to use a digital identity service, as opposed to physically having to go into a bank branch. I know in some countries in Europe, that's not possible, but basically we, we focused on the idea of how quickly could you onboard to a debit product by providing consent to use your postpaid SIM card, your mobile connect data passed across to the bank.
First of all, to authenticate. Then the next thing is framing the debit product. Then it's creating the account seamlessly very quickly. We've also experimented with setting the pin, which also creates greater value in the value chain and, and also a significant saving and also providing a digital representation of the physical card that will come out in, in some time. But here's kind of the magic from the, from the regulatory change.
At the end of that typical onboarding, what we do is our API then enables the customer to see all the attributes that have been generated, created, shared, or exchanged. And then with a simple swipe decide whether or not they actually want to save those attributes and create an attribute wallet for those of you that are interested in the technical orchestration.
I'm, I'm happy to talk to anyone after, but this is specifically what's going on. There is the Microsoft Siam platform, the identity platform, there is our API working underneath there is mobile connect. And what we're doing is integrate, pardon me, integrating that as a, as a holistic experience. So for the customer, what they experience is a simple onboarding without realizing that there's actually a lot of plumbing that's going on under the surface.
And then at the end of it, if they want, they can decide at that point, when they see all their data, they're not interested, but if they want, they can then choose to turn that into an attribute wallet. And I'm just gonna show you some of the things very quickly that we're enabling through that wallet.
So, first of all, from a design point of view, we're really focused on this being customizable, the ability for an individual to make it something that is really about their life and themselves in the same way. When you think of my bank or my insurance company, posting something with their logo into my post box, when I open it up and put it on the kitchen table, it all of a sudden it's in my world.
You know, if my kitchen table is messy or whatever the case may be, it's kind of ceased to really belong to that other entity. And we've been doing a lot of testing in this space, and we realize that with this sense of ownership around personal data, the ability to have quite a customized experience is really important for individuals. Then what we we do is we generate a data wallet and all of those attributes, along with any verification slips into the wallet, we then sit on top of that a consent engine.
And that consent engine allows per attribute for that data to be permissioned either perpetually during the customer relationship or for hours and minutes, we can also set custom terms. And we always remind people, of course, that we provide this connection capability.
We never, the data is legally protected and we never read it, mine sell it. We then provide a permission dashboard. So people can start to track the data that they've actually shared with organizations and the context that they've shared that in. And they can obviously change those permissions at any time. And then most importantly, what we generate for an individual is this immutable event chain.
And we're getting some interesting feedback, particularly in the fraud area, that that chain actually becomes an extraordinary, powerful digital footprint when it comes to one's identity, because actually it's quite simple to steal somebody's license or passport, or we all know how easy it is to hack someone's identity, but actually to, you would need to be following somebody and signing in and out of all of the same devices and providing the same consent and connecting with the same people in order to have that same footprint. And so what are we trying to do with this?
If I, if I bring this all back into the theme of what we wanted to try and communicate in this very short period of time is we have these regulatory drivers. We, we see this huge opportunity from a Siam point of view. We have this issue of privacy and customer control, but really what we want to do is we wanna create loyalty and engagement. So what we want to be able to do is offer services that actually remove friction and create value, but we've got to be able to enable trust first, to get the permission to do that.
And then we need to be able to manage the risk and compliance of this new regulatory environment so that we can personalize services. And what we are finding every day in our labs, working with organizations is this is driving new economic models, new value models, new opportunities. And then ultimately as we increase loyalty or increased engagement, we come back around to this loop of being able to share more information. We've built out these widgets, the APIs and the capability for iOS, Android, and web.
And we'll, we'll do a release of that early in 2018. And we're working with organizations now to have access to those, to embed in their own digital assets, portals, products, and services. So that's a little bit about what we are doing in terms of trying to bring these disparate, but important perspectives together, and more importantly, to start to bring the individual into the value chain in this cooperative way so that we can together create much more value. Thank you.