Keynote at the Consumer Identity World 2017 EU in Paris, France
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the Consumer Identity World 2017 EU in Paris, France
Keynote at the Consumer Identity World 2017 EU in Paris, France
Hello, ladies and gentleman, my name is angel. ER, also, this is still the, for There we go. It's all yours. That's all mine. And I'm with IBM. I'm leading the identity success management competency in Europe for IBM. And as I'm the one standing with you and the closing words of our host from cooking a cold, I will make it short. And I promise I will not talk too much about IBM solutions. Also we have great ones, of course, and several of my colleagues have done very good presentations on that. And I have put some links about these into the last slide of my presentation.
So you will get all these information, but, and I have my sheet sheet here because I have taken some notes from the very interesting presentations in the last two days today, I will give you only some food for thought on your way home and perhaps something for the future to do. As I said, you have seen in the last two days you had said it was looking, I press the green button for me. One the big one, that one. Very good. Okay.
So you have seen in the last days, a lot of interesting presentations, and as I said, I've taken a couple of notes, which I thought at one or the other point are really fitting into the thoughts I want to present to you. And you have heard about the conflicting interests into requirements for consumer identity and success management. You have from lines of business and from security, from regulations, existing regulations. But also we have heard a lot in, in the previous call about the regulations. I would say, working in the bashes like GDPR.
So you have heard a lot of that and what we are doing or what I would say. We are talking about the consumer, but what, with the consumer themselves, we are all consumers. We are all consumers. So we are talking about ourselves. What are with the consumers? I thought one interesting presentation was this morning from she had said that they are working together with consumer organizations to learn from the one and the other to get more direct representation of the users.
So what do you do as a company, as an organization to communicate with your users about your effort to have a secure and trustful trust. Ellen, you have said that a trustful, consumer regulation, not regulation, consumer identity and access management. How do your consumers know that you are doing something for them? How can they decide on the quality of what we are doing, what you are doing for them, but you have not only heard about the requirements, sorry, oh, that's the right one. You have not only heard about the requirements and the challenges, but also about solutions solutions.
For example, for user experience like risk based authentication and multifactor authentication, by the way, multifactor authentication is compared by a very good friend of mine with a scarf and the Woody. You have to prevent you from the clemency of the weather in the cyber space, in the cyber weather as well. You have heard about solutions for privacy by design consent, lifecycle management, security and fraud.
And Martin Kuppinger has said this morning in the first session he had said that still security with, I would say classical security functions is still something which has to be done there. And do we have a 360 degree view on consumer identity and access management now? Or is there something missing? And you know, if I'm asking this question, I will answer, yes, there is something missing. And what do I think is missing there? Transparency. We have a lot heard about transparency, transparency, but it has different, I would say different meanings, slightly different views into this topic.
For example, as, as we have heard this morning, one to get the customer view as has mentioned, but also others. You have mentioned Alan, just before transparency to have the user involved in the decision. And I would like another few on transparency here. Let me start with an example. I came across just last week. There is an organization in Germany, it is named bar test and it has a magazine which is called test, just test.
And this magazine, the, they are testing a lot of consumer relevant things like for example, washing machines, but also something like contracts with company, for example, telco contracts, they are testing these and they are giving these things marks between one and five, one the best and five, the worst. And they have criteria how they assess these things and they comprehensively describe their criteria in an understandable way.
So every consumer can decide if these criteria are relevant for them or not for a decision for a buying decision and in the latest issue, which has come last week in December for December, 2017, variables were tested and here we get into the blurring area between consumer IM and IOT. So in this space and in this test, the testers have decreased, which really means devalued all, but one variable by one crate by one crate. So from perhaps two to a three, then two to the lacking transparency of the conditions for the consumer and the lacking transparency of what is done with their personal data.
So this example from real life, I would say, and this is just an example for lack of transparency, transparency. There are others, of course, like for example, in consumer not having any insight into organization's security features or not an understandable insight into that. So how would we get to more transparency? Then Tom has talked yesterday about speaking the right language yesterday morning, which I think is a start into that, which would be one of the points and some regulations like GDP.
They, they ask for transparency, for example, article 22, article 22 with the right of explanation. You have mentioned that too, but, and there, isn't very interesting article in the New York times magazine from cliff Quang. And I really highly recommend to read this article about this, this GDPR article. And that is this article is mainly only for data handled by machines algorithms.
And this doesn't help you if a person handles your data and it consent as we have heard needs to be given freely informed and expressively as Tim has the yesterday, but how can a consumer, how can we decide that we are far informed and detailed information doesn't mean understandable information And clarity and comprehensibility. I think main factors for transparency, how we get to that. Let me start with the citation on that. A citation from chapter five of a book data for the people by Andrea SP you have all these limbs in the last slide.
So, and Andrea request transparency, what from he calls data refineries with that. He means each and every company which makes use and refines consumer data like an oil or sugar refinery are refining oil or sugar. And I think in that sense, all companies working on consumer data are data refineries and employer requests, transparency, parents see through rights, which he calls riots, right to access data and right to inspect data refineries, to inspect that, Which I believe is another important factor for transparency.
So how do, how to deal with the demand for clarity and comprehensibility and the other factors and what to do now, what to do. I do not have a final answer answer yet, but who has that at that point, but at least I would like to bring up some points for consideration. What is needed is some sort of dashboard.
I think based on a rating scheme, similar to the one from the test magazine I had mentioned before, and this would make it easier to understand and compare companies and their products for the consumer and their consumer identity and success management and how they handle the data, how they handle the data, what do they do to deal with, for example, security attacks.
So which criteria should be measured in a dashboard of course, criteria from the regulations we had been discussing before, and which are relevant for the company's products, as well as the contract and the cooperation with the consumer, of course, these criteria should be included in the dashboard and how a company deals with that. And as in the citation, I had shown in the slide before some criteria regarding resilience against security attacks, or I should, would extend it to protect how a company protects, how a company detects and how a company responds to security attacks.
So we have some certifications and, and performance to, for example, ISO 27,000 something on that this might be options, but I would say not for everyone, the results are understandable. So they have to be translated into something which I, as a consumer can understand. And compare another point I would see is privacy efficiency. This means how, and if personal data is used necessarily or unnecessarily how it is used necessarily or unnecessarily. And how would you measure that?
There are some interesting approaches to that, for example, an approach on differential privacy, how the authors call it. And I would say the article itself or the content is really interesting, but I would say not many people will, will be able to understand this article, but anyway, it's worth into looking into looking approaches like that one.
And another criteria should be return on data, what the consumer gets back if, and when her personal data is used and this request, or this requirement, this right, you have heard about that yesterday in Katrinas presentation and what she said about minimum collection for maximum value. This is exactly what it has meant. Most probably there are other criteria. This list cannot be comprehensive at the moment. And also all these points, which I have mentioned now look like that.
Creating such a dashboard would be a task done through an independent instance, like for example, the shifting round test in Germany for this consumer things might be the case. But anyway, I would encourage you to think about which of these topics you can get into your organization. You can get into your company forward with that, because I think each of these points will be a step further to more transparency for the consumer and for you to get to a successful and secure relationship with your customer. If that's it, I will close here.
And if you are interested in further information, and of course in our IBM solutions, you will find some in the final slide. So thank you very much. And I will take the opportunity now to, and thank you for your attention at the nearly very last presentation of the day. And I would like to wish you a safe trip home and hopefully you movement. Thank you. Any questions Is IBM doing anything for transparency? Is there leading any initiatives in this regard? There are a lot of initiatives around CIM and transparency in I, as I have said, has various Fs on it.
And in several F there are initiatives in IBM. Yes, That's great.