Keynote at the Consumer Identity World 2017 EU in Paris, France
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the Consumer Identity World 2017 EU in Paris, France
Keynote at the Consumer Identity World 2017 EU in Paris, France
I will talk about what does take for a complete consumer identity management solution or, or do you need more than one to anyway, it's an interesting topic because we see this shift towards consumer identity. We see this as a big, seeing a big friend moving. So I started many, many years ago in the enterprise space. In fact that my roots and identity management go back to the late 1980s, where I started with things like land manager early versus of land manager and early versions of network and things like that, or bang and wines.
So the odor amongst us might remember banging wines, not that many, which are that it helped this experience as well. So I have a long history, so it was always for long time, it was MQ century. But cause also remember that more than 10 years ago, I had this discussion with organizations where they said, okay, we want to implement a new identity systems said yes. Okay. But don't look only at your employees because there are partners. There are customers. If you might say, I start with BL supporting them first, at some point you will need this access for customers as well.
And then, so the last couple of years we saw this shift towards consumer identity management solutions, which, where we sort a large uptake. And that's where I want talk about a little. So let's start with, with what are the sort of the top use cases for doing consumer identity as measure or consumer identity management, customer identity measure effort attempt to use the term consumer identity management because it's the sort of the bigger term and the consumer then sometimes becomes a customer or not, but you also need to manage these identities.
So yes, there's one use case which is target marketing for increased revenue. Obviously you want to know your customer in that case and it's about revenue better. And you want to surfing well with targets to know more about him, to better do better marketing, etcetera. There's the use case of many come from the authentication. So how do I identify, how do I sign on my customer? It's not a very important use case where many of the projects start. So coming away from this, oh, I need an ID for my customers. I need to sign on them.
Which also leads into this interesting question we touched, is it my ID? Or is it something where I can use different IDs, which are then that to my internal customer records, regulatory compliance, another important thing. So having a correct onboarding process, that's what we already have. So need to bring into terms and conditioning cetera, but it goes beyond that right now. What is happening is GDPR handling consent centrally becomes very poor issue.
And I think there's no way to get rid of handling consent centrally because if you do it per app and per application, it'll be hard to ensure that you always know, oh, this consent already has been revoked. And if the one app doesn't get that information, then you have an issue. So I think there's a absolutely absolute need for handling consent information centrally and consistent and avoid that there are different sort of different states of that information you have and different systems, a better use experience. Yes. At the end, consumers want to have a simple experience.
I sign on, I have a simple registration process and I particularly don't need to register multiple times. I have this experience over the years and you know, sometimes you, I even say, okay, I don't do that business. I don't do that deal cause I don't have like to register again. So if you're whatever have car manufacturer, you need to the first with the car manufacturer and then you need to resist the finance company for, for leasing. And you do need to do it twice then or already might be a show stopper cuz say, okay, there should be easier ways. Yeah.
Not my users tricky area, but at the end, really we want to understand who it is, move the people to. I know the customer I can serve.
Well, I suppose GDPR will be also a little bit more about finding a good balance between the customer and address for privacy and the business address of more business was so we, couple of weeks ago, months, not that long ago, we published a report which was titled the consumer and anti and access management buyer guide where we bring up criteria. So the most important functional criteria, the most important nonfunctional criteria, etcetera, for selecting such a solution. So in the interest of time, I will not go through every single of these.
Obviously there are couple of very important things. So user said for registration and also import of data from users is really one to support for consent mechanisms. The dashboards will become very important because with all the consent stuff, it also means we need to show the data. We have third P storage needs to show a lot of information here, delete and or export customer profiles.
Yes, data rights and GDPR mandates, ency notifications, scalability wide labeling, etcetera. There are a lot of these criteria. And I have another slide on that where we see several other sources, areas like fraud, intelligence, marketing, analytics, marketing automation, IOT integration will clearly become a more and more important one. So there's really a variety of capabilities we need when we want to manage consumer identities, not just saying I have a sign on it's far more than a sign on and more details on that.
As I've said, you can find the report, but it shows there's a lot of things such as solution might require, but it depends also on the use case. And so probably I know it's good enough to read. So what we did here is we matched these functional selection criteria, functional requirement areas to this top five use cases I've mentioned before. And if so, if it's a full colored circle, then it means it's a high priority. If it's the light one, then it's a low priority. And so it makes it very clear, not every functional criteria is, has an equal relevance for each use case.
So it depends on your use case or your use cases. You have your consumer identity management, so what you really want to achieve and what you need to achieve, which are the really irrelevant criteria. And that also means there might be some solutions which are benefit and solutions, which are not as good fit or it might also. So if you look at, for instance, Q so the case line and the, the targeted marketing line, there's not that much overlap. So there might be even a scenario where you say, okay, I have one tool which is really more on the marketing automation end.
And I have another one, which is more just sign on out because I have high requirements for both. I need those areas and I could better solve it by using boredom one tool. And I think it's very hard to understand what are your use cases and which requirements you have for use use cases to identify the, the ideal solution that also then I think correlates with the fact that it's not, that we have a totally homogenous and mature market for consumer identity management solutions. So that market is not that old. So started a couple of years ago.
In fact, you could also argue that some of the enterprise identity management products had some capabilities, but in fact, consumer identity management, so appear only few years ago and all of us, when we are yeah. Industry, we know it takes a while until market's mature. And then the offerings become more and more homogenous because all the, the more important features are added. So the one lacks, whatever, what the marketing part, the other likes log in on authentication part. And then they try to, to close these gaps and over time products get more and more similar.
So if you look at very mature markets, whatever take enterprise single are on, then we stay in that management or identity provisioning. Or if you go out of that for whatever endpoint security solutions, they are far, far, far more similar when it comes to the, the core features. And so here we have not that mature market, which is also based on the fact that consumer identity management products has have very different roots. So we have the ones which are derived from enterprise identity management, where the vendors say, okay, we can scale enough.
We add the other features we grow in that area. We have the grassroot consumer energy management startups. So the companies and with every popular market segment, we always have the startups. We have these new companies appearing in that market. And we also have some that space. And we have the ones who enter the market more from marketing automation end from an IDAs end.
So saying, okay, we are very good at doing identity as a service. And because we do it as a service scale, blah, blah, blah. Some of the layers more from web security Federation are entering the market from CRM. And potentially we might even see others from other angles, which are entering this market, which means, in fact, it's not that there's one approach where they comes from. And it also means depending on where, when comes from, he obviously has some different strengths.
So if you are, if you started in enterprise IM you're most likely pretty good in doing workflows because that's one of the key things in enterprise I am for, it means scalability and some other things, but your workflows might be not as good as the ones of the vendors, which come from the enterprise IM angle. And so it really differs. And that also means, as I said, there's not the one single perfect solution maybe. And we also need to be clear about consumer identities more than for instance, just consent. And when we do consumer identity rights, I just picked one point.
And this, in fact, it's the third line. There's a lot of other stuff you do. And GDPs one part of it is implementation of appropriate technical and organizational security measures. This shows up in various articles of the TPR GDPR. What it means is yeah, sun handling is one thing all are currently very focused on consent handling. But in fact it is, you also need to have all the other measures.
So standard security things, strong education, web access, web application, firewall, whatever else in place, because they are privileged management because they are the sort of the state of the art technical measures. And so it means other that there are different angles on consumer intervention from that perspective. It's not only that part, but if you want to, to implement a complete solution for your consumer management is more than the consent piece. It's more than just that. So this slide I brought up, I think last year at, during one of my speeches of the consumer at Berg.
So it's a little bit more content on that by trying to focus very rapidly on, on what, what it is about. So when you look at consumer T management, the point is there are many parties involved, there are many ways potentially to do it. And the one thing is when you look at the business departments, the one, one question is, do you end up with multiple consumer, right?
NC management implementations, because different departments of different brands or different branches of your business started S or do you try to centralize it centralizing means you have some challenges because there might be different requirements branding. And so the corporate identity, but also support different regulations and different regions, etcetera.
Anyway, I'm a big believer in saying there should be one approach on that, which is consistent, which might be sort of a service in that case and business. And it, I think it's very obvious consumer identity management is not an it thing. Not in the sense of it can do it. It is the one who should provide a service operated themselves or used as a service of procured from the cloud. But it's this way you have to split at the end, it's a business thing. The consumer, that's where the business connects to the world that the revenue comes from.
And on the other hand, I think it's very dangerous to, to, to run consumer identity management, sort of as a shadow it thing, because there are so many dependencies to the rest of the things you're doing in it that you need to operate it well. And then you have this enterprise IM so E I am I called in consumer identity management. And I think it's hard to run one identity management that fits all because you have complex workflows, different workflows for your employees than for your consumers.
On the other hand, you have a totally different capability requirement for your consumers, that you, for your employees in most organizations. So it's not that one size, it's all on the other hand just saying, okay, I have my consumer identity management here and my enterprise identity management here, no one talks with each other, from my perspective also does for variety of reasons. And one of the reasons is also consumer ride management and all related systems need, for instance, some access governance. You need to understand who has access to what that doesn't go away for that part.
And you need to control access to the consumer right management system and all related systems themselves because some of your employees will access it. You need to do it that way. So you need to understand where these overlap and where the border lines are. So my perspective is you need to understand how this works running as an it operate service driven by the business central I CIM strategy in your business. And I integrated well understand where does it overlap? How does it integrate with your existing identity management?
And so what does it take right now for, for moving to consumer identity management? I think the first step really is understanding your requirements. So what are your use cases? Where do you come from? What do you want to achieve? What do you have? Don't under estimate the security compliance and governance requirements for consumer identity management. They don't go away.
And by the way, the same with cloud services, if you move from your, from a non-profit system into cloud service, your access governance requirements and the compliance requirements, don't go away, they just become more complex. Define your sort of one management strategy. In the sense of, I know I have one big view on how I handle the different types of identities, and I understand what it needs, what are the required capabilities.
And I understand which building blocks, which technical building blocks, which tools, liberties capabilities, and also, I understand how it fits in the bigger information security picture. So define also how your consumer identity management integrates a differentiate from what you have in CRM. For instance, in marketing automation, etcetera, then you've got your Consumer identity strategy. Okay. Takes a little, but I think it's important to understand how this works with all the other elements to understand which tool you need or which set of tools do you need.
So this is trust my input for today.