KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Heather Flanagan talks about the confidence that is needed to accelerate the digital economy and now business and governments can work together toward that common goal of growing the economy. Digital ID is how we get the confidence as a platform to grow the economy.
Heather Flanagan talks about the confidence that is needed to accelerate the digital economy and now business and governments can work together toward that common goal of growing the economy. Digital ID is how we get the confidence as a platform to grow the economy.
So I'm, I'm not actually one of the folks that likes to wander back and forth. If I start doing that, I start going faster and faster than I'm just racing like a little Gerb. So I'm just gonna stay here. So we've already talked this morning about how expensive the theft of personal information is, how much it's, it's a harrowing experience. Digital identity is actually a form of wealth and having that strong, trusted infrastructure to support the creation and use of digital identity is just absolutely critical.
The challenge here is that no one sector organization, company, or person can develop and manage that infrastructure for that. You need a collaboration. As we talked about earlier this morning, and Phil's talk, you need a collaboration that includes both the public and private sectors and anyone else we can actually get involved. So that's great. But before we talk about just how ubiquitous digital identity is and what we're doing about it in Canada, to build the trusted infrastructure to support it, let's talk about electricity. So once upon a time there was gentleman named Alexandro.
He was the first so far as we know, there's actually some debate around this to actually harness electricity in 1,882 years later, New York city sported some of the first electric street lamps in the world. Thanks to Thomas Edison. The first part of the 20th century was about wasn't about the, you know, how efficient can, can this be?
It was, that's something that had to develop over time, but from there we move to today where you see people getting anxious is you all, don't have a place to plug in your laptops. Where's your electricity. You have to have it, and it's not immediately available to you.
You know, it's. So what you're looking at there is the progression of investment and invention over time to take an idea from something that was pretty clever, but very individually handled to something that requires significant infrastructure and cooperation between industry government and individuals to make it work the way we've come inspect. So think about, think about the power grid for north America, without it, and the time, money and energy that that went into developing it. We wouldn't have the technology revolution and economic opportunities that we have today.
So hopefully the comparisons between the electrification of north America and where we going, digital identity weren't were too subtle, but let's now get to what we're all here for, which is talking about digital identity and the economy. So one of the ways digital identity has poured money into the economy is through handling all the way it's broken from having to handle password changes, recovering from fraud. That's been very expensive.
I mean, think about the number of people higher, the research into automated reset capabilities, verification models, general account management, all of that has had to be developed and maintained just to get a user, to be able to use their account. That's not exactly the way anyone wants to spend their research dollars, but it is what's what's happening today.
Now, according to statistics, Canada companies spend on average 236 Canadian dollars per year per user, just on pass password issues, alone, identity fraud costs as much as each individual, as much as 600 hours a year to handle. Now, the math then works out. If you look at the, the adult population and all those other good things, that's about 4.3, 3 billion to deal with password issues and another 5.68 million to deal with just the data breaches. So Canada is really intent on the idea of investing and expanding their digital economy.
One of the examples of what they've done so far is the concierge service. This is a government Canada program that among other things enables verified federated identity to Canadian citizens that want to use government services. Concierge pulls together, banks, governments, and private sectors to have the right verified information in place, Canadian auditor, general report, cuz they made you study. This suggests that the government alone will save nearly 800 million just by leg leveraging this kind of digital identity with a verified digital identity.
That's far more protected through regulation and through a basic premise of not being under anyone entity's control. We're looking at the possibility of eliminating password and account management issues on a per service basis, which results in taking that 4.3, 3 billion as being spent on password resets and turning it to other uses what other uses well, that's kind of fun to think about, you know, what, if you had that much money pouring into an economy, what would you do with it? Probably some pretty fun things.
So now that's all background as to why, you know, digital identity is valuable, which you probably already believed that otherwise you wouldn't be here. So now we'll move on talking a little bit about one of the ways Canadian is Canada is developing that model by talking about the DIAC, which as I mentioned is the digital identity and authentication council of Canada. So y'all are probably old enough to remember that the hiccup in the global economy that was the 2008, 2009 recession. So one of the responses to the recession in Canada was the formation of the electronic payments taskforce.
In 2010, it was chartered to make a very specific and actionable recommendations to the minister of finance on how to strengthen Canada's economy. So the taskforce came up with three recommendations to implement an electronic invoicing and payment systems, which basically means transitioning to digital payments, to focus on a mobile flexible and agile ecosystem.
So the, the idea of building up the one solid trusted infrastructure that would then not move, they recognize right out, but that wasn't gonna work. So talk about that further and to develop a digital it identification and authentication framework, because while you can say, this is all good things, some guidance was necessary in order to make sure that people all did this in a way that would inter operate. So it's that last one that led to the DIAC.
The DIAC is a nonprofit coalition of public and private sector leaders that are committed to developing a Canadian digital iden identification and authentication framework will enable Canada's whole insecure participation in global digital economy. So di members include representatives from both federal and provincial levels of government, as well as private sector leaders from a variety of sectors. It's not just the technology companies or the bank or the telcos it's it's all of the above.
So the mission of the DIAC is built with three goals in mind to continually foster that public private partnership. Because again, no, no one group or one sector can accomplish what we need done to identify where standards are needed in the digital identity space and to work with its members and other interested parties to create them and to drive innovation and adoption in the digital economy.
This is one of those slides that as soon as you put it together, it's outta date, but it does at least give you a sense of who is involved in this at this point, you know, what kind of entities are attracted to working with the DIAC on digital economy ideas? So combining the strength of banking, credentials, telco capabilities, credit agencies, and government identification enables a framework that increases concern privacy, security and convenience.
The framework will support the increase of Canada's GDP through the creation of billions of dollars each year in saving from, you know, not having handled the fraud issues and just overall efficiency gains. Each sector is bringing its own strengths in innovation, in privacy demands and expectation of public good, that results in a digital identity framework that has privacy security and convenience just built in from the ground up. So standards, which is one part of, of what DIAC does they're necessary to ensure interoperability from both technology and policy points of view.
As the DIAC works to develop standards in the digital identity space, we plan on creating a verified trust. Mark indicating that a service complies with the basic premise of security, privacy and interoperability specified in the pan Canadian trust framework, privacy security and convenience, fundamental parts of this design. And the goal is to have that trust mark that conveys that, that, that sense of utility to an individual, a business rep representative, or a government agency that a digital identity has been sensibly created, verified and managed.
And so that whoever's using it knows they can trust it without necessarily having to know all the gory details of exactly. How was this put together. Now a key element of the Pan-Canadian trust framework is that identity is not a standalone thing.
It's, it's not like the key to your front door. It's a, it's a combination of things. It's a combination of a person, the relationships they consent to have and the organizations involved in supporting or using that information. So the way they've broken up the framework is into very discreet components. Some examples include the verified person component that ensures that an individual is real identifiable and has truthfully claimed to be who they say they are.
The verified login component provides for trusted processes that result in assurance that the same user is present for each login attempt. The verified organization component defines a set of processes that allows organizations to exchange trustworthy information themselves or others with external parties. And the verified relationship component defines a set of processes that are used to verify that a relationship is real and identifiable.
A relationship can exist between an individual and an organization between two organizations between two individuals, verified relationship process ensures that the relationship information relating to the two parties exclusively resolved to those two parties is confirmed as accurate and is up to date. So a lot of moving parts that we need to work together.
Now, Barbara mentioned, I wear a lot of hats and I work in a standard space, not just in identity, but in internet standards in general. And I can tell you that standards are indeed critical for interoperability and transparency, but having a standard doesn't mean that anyone actually uses it or understand it, or, or even knows that it exists. So the DIAC is, it does more than just the standards part.
We're working to explore the digital identity space and reduce uncertainty in what's possible, but also doing things like supporting proof of concept efforts, which may be white papers, actual technical demonstration of ideas that may benefit the digital economy in the future, or, or what, what do our members need to feel comfortable enough in this space? When the standards are presented, they're like, okay, I get, I get this.
I understand why we're trying to do this and what, what this means for us going forward and how it might apply to the different technologies that I will use in my, in my business. So one example of a recent DIAC group concept was to explore blockchain when used to develop a registry system.
Now, blockchain is not just a drinking game though. I admit it's an awful, awful fun drinking game. Still. It's too early for that. So save that for afternoon break, but let's talk through why we're, why we're using this and what made us want to use blockchain to begin with. So let's say we have a small business owner named Maggie in order for Maggie to establish a business bank account, cuz she's, she's a small business owner. She needs a whole lot of paper to provide proof that her business is a legitimate registered entity.
If Maggie represents more than a single person business, then Maggie along with the other signature authorities for her business and all of that paper need to go to the bank to start the process of getting an account on the banking side, we have Raj, Raj has a lot going on at the bank and he needs to put all of that aside to deal with Maggie in person, rod wants to make his potential customer happy, but he also needs to be on the lookout for possible fraud and other criminal schemes. He needs to make sure this bank is compliant with all appropriate regulations.
And this is a lot of time and effort on all on the part of all parties. So based on the input from people who are actually Manning the phones, making these calls back and forth because heavens defend the day that we're talking about a business that's registered in one conference and not another there's a lot of time spent on the telephones, whether or not computers are there. Computers are actually just an advanced form of file cabinet. What we wanted to try with blockchain is blockchain offers some really interesting features that might make this a little bit easier.
Might have create record trails of information that can be trusted in and among themselves can overlay the existing infrastructure in each of the provinces or banks or whatnot. And therefore makes make this a thing that people can just go to a web app, actually look at the details and say, okay, yeah, I know this was registered, who touched it when, when anything was changed and be able to move forward with that.
So if that registration then becomes easily viewed with a full and immutable audit trail, that's captured any and all changes, this is, this is highly desirable and it's gonna save the folks a whole lot of time. So that's why they said, we are nervous about blockchain. We have this problem is this, is this a space where we can learn more about how to use this? As it turns out that particular proof of concept was wildly successful. It followed along that whole mobile and agile model that the task force sort of mandated for this kind of space.
And that it was a two day workshop from the people who were handling the registry businesses, government representatives. And in those two days, they came up with a requirements two weeks, they had a code sprint, and then they had a working proof of concept that's now actually gonna be deployed in the province of bridge Columbia go D so, so far we've looked at standards, development and actual prototyping of ideas and that's all great, but there's, there's still another life for this bench that we need to explore. And that's where the international applied research program comes in.
In that the DIAC works to connect Canadian innovators with funding agencies to develop just interesting ideas in the digital identity space. So far, we've had two awardee in this program, secure key, as they further explore the idea of using blockchain, hold your dreams as a component of consumer identity and dig identity. As they explore the alternatives to KBA KB, which we've discussed throughout this conference are, are no longer ideal methods of trying to verify person or changing their passwords.
So in both cases, the funding agency is actually the us department of Homeland, securities science and technology department. So very much international, a lot of research going on to figure out what are the next steps in this space. Let's see. So one of the things that I was asked to do is actually talk a little bit more about, about the blockchain component and what does that mean for consumer identity in a way, I think that's part of why we were invited to come talk here this week.
So the premise that secure key has is that an individual has many pieces of information that they want to share coming in from specific but different asset providers. The individual is in is, and should be at the center of this concept as they're the ones that should be controlling the flow of information, but in controlling the flow, that shouldn't mean that they're like actually clicking buttons to make all of this work.
So when you're in a situation where the, the individual wants to open an account or they have the university, they want to enroll in and so on, we need to transition the information that the user owns, but which may be housed at different asset providers, two, the places where they wanna share, where they wanna open that account, where they want to start taking a course.
So blockchain in this case, isn't the answer to life of the universe and everything, but it does offer some highly desirable features in this scenario, including establishing prevalence, IM mutability finality, which is that one place to go to get all of the different pieces of information needed and consensus that all the parties agree that this is the valid information that exists. So a lot of, a lot of desirable features there personally, I think blockchain and Hyperledger are an interesting solution.
That's been searching for problems to solve, and it's gonna take a while for the it's slow. So it's very, you, you can't necessarily just deploy it broadly and expect it to work for all things. You really need to think of what use case are you trying to solve for to see if this, if the features that it could bring you are appropriate in your situation. So there is so much happening in space of digital identity and how that impacts the digital economy that, you know, there's a whole conferences happening about it. It's digital identity is the prime mover of the digital economy.
It's becoming just the fundamental fact of our existence. And in Canada, we're on our way to developing the infrastructure equivalent to the electric power grid to make this happen. Power grid itself has a long way to go, but it's come so far. And I think we can see a similar directory for digital identity going forward. So with that, thank you for your time. I look forward to chatting with you at coffee, because I know I'm standing between you and the coffee break and however many drinks you wanna have at first and blockchain, like six, Thank you so much, Heather.
But I have one remark, which I don't understand. I started my career in, in computer science, outside of academia at Nortel. And the most important thing were the standards. You have to know them by heart. Why did that, why did you use that? I don't understand that answer to that. I don't. You Do. I have answer the correct answer, I should say on stage that's that's another question. Just a question. I'm sorry.
So I, I would have to say that as a publisher, an editor of internet standards along the lines of HTTP BI and the SMTP standards and the BTP standards, I'm the ones that are fundamental making internet go. You ever tried to read those things? Yes. I love them. Yeah. I love them.
Barbara, you are a special snowflake I'm. So with all due respect about to contradict you, I think you may have a skewed view of the standard you dealt with in the telco days. And you said Nortel. Yeah. How many times did Nortel put out new equipment that had proprietary interfaces as a competitive advantage? Of Course, but I have to sell to drone telecom at which what's Not in there, but it was only when there was an economic value or regulatory pressure.
Did you switch to the standardized interfaces and you went to the places like I U T to make damn sure they didn't produce a spec that would undermine your business value. Right. So we worked With them. Yes. So you adopt them when they're fiscally practical, Especially with right. And they're really hard to read. Is di working with the sovereign foundation at all? I don't think so. Okay. They are. I don't know about it.
We, we should talk about that. Okay. So the sovereign foundation is doing identity governance for blockchain based companies. That's interesting. We should work together. We should work together. So fortunately I know where she lives and okay.
So, so should we do the right now.
