KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
It is an exciting – and challenging – time in the identity management space for the Financial Services industry. Digital disruptors like IoT, Digital Transformation, the Cloud, Hybrid, Blockchain, Shadow IT, DevOps and more suggest a significant change in identity management. But what does this challenge mean for Financial Institutions? Join our session as we work through the alternate truths to find a way forward.
It is an exciting – and challenging – time in the identity management space for the Financial Services industry. Digital disruptors like IoT, Digital Transformation, the Cloud, Hybrid, Blockchain, Shadow IT, DevOps and more suggest a significant change in identity management. But what does this challenge mean for Financial Institutions? Join our session as we work through the alternate truths to find a way forward.
Okay. Alternate truths. Yes. So if you're familiar with any of the foolishness, that's going on south of the border of where I live, there's a lot of talk about alternate truths, right? Meaning that they're telling you things that are supposed to be true, but actually, so it's kind of a joke in terms of, you know, what is going on in the identity space right now, cuz there are lots of market forces that are kind of taking place. We're talking a lot of quickly here yesterday and even into this morning.
So I just kind of want to talk a little bit about what those forces are and things that you should be considering from your identity infrastructure to support that. Right. Right. Because a lot of the talk is around. We have to think about the way we do identity and do identity differently. Right.
But what, what does that mean? Right. There's 50 years of identity management that we can all learn from that we're talking about throwing away and starting over again to some degree. Right. So I'm pretty sure we probably don't want to do that. Right. And that would be an ultimate truth. Right? So disruptive forces. So this is kind of where we started. Right. We had like mainframes and we locked people in rooms and it was very easy to manage from an it perspective. Right? So we're looking at an internal infrastructure here to the right here.
It becomes a whole lot more complicated to manage that than when you look at where we started. Right? Not only is it more difficult to manage, you have to provide an experience that we talked a little bit about over the last little bit to customers that are wanting to use a lot of these devices. Who's wearing some sort of wearable device who wore one like four years ago, four years guy, really a doctor. But you know, I expect to be able to use this now when I go to places, like when I go to board a plane, I want to be able to use my watch.
When I go into the hotel, I want to be able to use my watch to open the door. Right. But you have to be able to manage all of that. Right? So when you look at it from an it infrastructure standpoint, the number of identities, because identity, isn't just a person, right? It's a device or thing or whatever. It's infinite.
The, the exponential number of identities that you have to manage compared to what you are managing from an internal standpoint does mean you do have to change, but it doesn't mean you have to start from scratch. Cuz there's a lot of things that we've learned over the last number of years that, that we could leverage to help make the management of those users' devices and things a little bit more easy.
So again, you know, the landscape's changing. So, you know, digital disruption or whatever, whatever that is, you likely have some sort of initiative at your organization that you're doing around that. We talked a lot about the blockchain, there's the privacy and security aspect of things. Right? Do we hand that over to customers as a marketing guy? Do I want customers to be able to choose whether or not I can send them an email or reach out to them or know who they are?
No, no, no. I don't. I want to know all of you. I'm gonna get all of your names when you leave.
It's good, but it's not necessarily the way people want to interact with organizations. Right. And you want to be able to do it in a way that's smart. So I keep getting I'm an apple guy. Everything I use is apple, except for unfortunately the laptop that I got when I started here at Microfocus. But I digress. I keep getting emails from my cell phone provider for new Android devices. Why I've never bought an, I don't have anything that's Android. I've never bought an Android phone. All I bought seven iPhones. Right. And they know that, so why would they send me?
They obviously don't know who I am. Right, right. And they're wasting their time containerization. Right. So that's the best way I could illustrate that.
So DevOps, right. Microservices, that's, that's changing the way that we're going to deliver services. Right. The hybrid it. So I talked just a couple seconds ago about the idea of cloud.
We, we, we're all freaking out about cloud. Everything's gonna move to the cloud cloud, cloud, cloud cloud. I'm pretty sure that we've all decided maybe not everything. Right. So because we're not gonna send everything to the cloud. Well now we need to manage a hybrid infrastructure and we need to be able to make sure that the, the, all of the identities that we put under management are in the places they need to be in. Right. And if any changes take place that those changes are then passed through to the, the, all of the identity stores that we have, right?
Whether that be in the cloud or, or, or, or on-prem. And then we have all of the standards that we have to adhere to as well. Right? Telling us the way we have to do stuff. The issue with these things is that some people will come into our organization say, well, you don't comply. Or there's a, a new item that comes out in the PS, D two, for example, now I have to change the way I authenticate users. And then we start running around, oh, we gotta do something. We gotta do multifactor adaptive authentication.
And I have 18 months to do it, but I'm gonna wait till the 17th month on the 29th day to do it. And if we've learned anything from all of our time in managing it, infrastructure is that we probably shouldn't do it that way because that's when you get in trouble. Right. So that is the one thing that we should probably take away from this today is that we don't want to fall on the past issues we've made with our infrastructure because we didn't do it from a business standpoint. Right. We did it because we failed something. Or we waited to the last minute to put something in.
And mark just talked about a couple of seconds ago that we don't look at it from a business perspective. And we, we rush to get things done and we don't get the right solution or, or product. And we pay too much for it. There's all kinds of things that happen. Then you end up with this duct tape infrastructure that you're struggling to try to keep together.
So, you know, that's one thing that we can learn from maybe from some of these alternate truths is that we don't want to wait until it's here. We want to be able to look at what we're currently doing and then build it into our business practice. Right.
And, and, and what it means for customers. So everybody's moving to something, you know, you're not the only one when, when we look at all of the things that are affecting identity and the way identities are managed, every market across every industry is, is, is looking at going or doing something. When we look at, you know, the financial marketplace, you know, what we want to do is provide that seamless customer engagement, right? Across any device or thing, right.
Anywhere in the world to, you know, 365 days a year, 24 7, we want to be able to provide that similar experience or same experience across all of the different ways customers can interact with us, whether that be in the branch, whether it be on their mobile device, whether it be on their laptop, whatever that might be. Right. And then we also want to be able to monetize on that as well. So if we know customers, because typically these are all silos, right? So within your organization, you know, you got a identity store here.
You've got one here and you've got one here and you got one here and you may have people that have multiple accounts. Right? I see this in the insurance industry a lot where I have a home insurance policy and I have a car insurance policy, and I have two separate logins to get access to that information, which when we sit around and look at one another, we think that that's completely absurd, but it still happens. Right. And you have, oh, to that, you have to have separate email addresses to get access to those accounts.
So I need two email addresses with two user names and passwords with the same company to get information on the different account policies I have. Right. Which is dumb. Right. But you know, if you have an idea in terms of, you know, who your customers are, right. You can start offering additional services, right. And that's where the monetization of the, of the customer experience comes into play. If you do it right, customers will want to stay with you. And then you could offer up services as they grow with you within, within, within the organization.
So, you know, I started with Scotia bank in Canada. I just recently tried to go back and renew my mortgage. And I had some investments with them. I had a bunch of bank accounts with them. I had the mortgage, I had the car loan. I tried to renegotiate the mortgage and they wanted nothing to do with me. So I left and I took absolutely everything I had with me. And I gave it to another bank because the experience, the other bank provided me when trying to renew that mortgage was much more positive. Right. So it happens. I'm in prime example of that.
And when I go somewhere, I take everything with me. Right.
You, you, they get nothing. Right. So now they have to replace me because of everything that I had with them, with four new customers to try to make up for them. Right. So that's maybe a business model that they might want to go after, but it eventually that well will run dry. Right. They didn't make the services sticky enough for me to want to stay. And then on top of that, they didn't treat me very well after being there for 15 years, right. To want to stay. Right. So that's the stuff that we have to think about when we're, we're doing this. All right.
So when we look at all those market forces and all of those disrupt technologies, we've talked a lot about, you know, different authentications and, and other things that are coming down the road, you know, how do we do this? How do we implement this when we go back to our desk? Right. Do we start over again? Do we just wipe everything out and say, okay, we're just gonna start from scratch. Probably not. Right.
I don't think that's probably the best way to do it, but you know, we do need to do identity a little bit differently because of all of the different identities that we now have to manage. Right. So when we get into the user's devices and things, and we talk about security and improving our security posture, it's about building the relationship between those as well. Right? So we talked a little bit about that yesterday. So Rob McDonald, normally he uses an iPhone six plus, and we already know, he always uses an apple device of some sort, right.
And he usually, you know, transfers money from his account to pay his car loan on the last day of the month, cuz that's kind of when he gets paid. But all of a sudden he's logging in from Frankfurt, Germany by the airport on a, on a, on an Android device. Well the relationship there doesn't fit. Right. And we talked a little bit about that yesterday. So we may wanna look at doing additional means of authentication to make sure that Robert is who we thought he was, because right now it doesn't, he doesn't seem to be right.
And again, it's about leveraging that experience in doing that. Right. And we don't necessarily want to throw out the old, so Martin just talked quickly about mainframes and mainframes in reside within maybe some of this, this infrastructure. I see that a lot in north America. I don't know what it's like necessarily over here in, in EMEA, but there are lots of financial institutions, telcos that are still using mainframe systems because they're, they still work. Right. So there's no reason to rip 'em out because they still work.
But there's lots of data, lots of customer data on that, on that mainframe. So you still have to be able to interact with it and provide it in a modern way, right.
To, to the end user. So when you look at identity powering security, this is kind of what we used to do, right? So it's you got your castle, you got all the trusted identities in it. You got this perimeter and then everything outside of that was, was not trusted. Right? So you focused your efforts on trying to keep everything in the perimeter and outside of it. Right. That's what we've been doing from an identity perspective for the last number of years.
But the idea of this identity kind of relationship based model, where there is no more perimeter and that's been a discussion point over the last number of years as well, you have to be able to build trusted relationships, right. With your customers, through the cloud, through devices, through the actual individual itself and maybe through some sort of other device as well. Right. We talked about, I think during the panel the other day saying, Hey Siri, can you buy whatever for me? Or what's the Amazon one Alexei, thank you. Yeah. See apple guy. Right.
I don't, I don't know that stuff, but you know, we need to figure out, we need to figure out kind of what, what the bridge is. Right. So what do we need to take from the old that we've learned into the new, right? Because there's lots of things that we've learned that we want to leverage when we get into this type of environment. The other part, the trick to all of this as well is where's the driver. Right? So traditionally what I've seen is that we have these new people, these digital officers, or heaven forbid a marketing officer, that's trying to deliver this stuff. Right.
And they really don't care what these guys say, because this was the house of no. Right. So anytime you try to go ask these guys for anything, they're like, Nope, not doing that. What do you mean? You wanna bring your own device? Absolutely not. We're not doing that. Right. So it was always that house of nothing. Right. So because ours it's got his box.
Yeah, exactly. Right. Do so. So the idea that, you know, you would want this methodology running, this is seemingly crazy, but there's a lot of stuff that we can learn from here to make this work. Right. Right. And really it's about that business driver. Right. So depending upon where it's coming from is likely going to be dependent upon how it's built. Right. But there needs to be kind of a, an ebb and flow and how that's gonna work. And Martin talked about that just a couple minutes as well.
He stole all my thunder, but you know, it's looking at the different areas within the organization that are responsible for a lot of these things, right? So there might be some sort of digital transformation team. There's an identity and access management team. There's a security team. There's all kinds of teams that, you know, we're late to how we're gonna interact with customers. Right?
So all those people need to be in the room when this happens, because what we typically, or what I've typically seen is that if this is happening without this, then at some point, this gets blown up because these guys say, Nope, that's not happening. Right. Or these guys don't want inter interact with these guys because they're gonna start trying to build it on maybe the existing infrastructure that can't scale to meet the needs. Right. So there needs to be some sort of, of, of cooperation for this to work. Right. And the areas where I've seen it work best. That's exactly what's happened.
So even though, you know, these guys might have been the one starting it, they were smart enough to bring these guys in, to make sure that the platform is scalable is secure and is leveraging the right technology at the right times. Right. And again, you know, by changing right. And letting one or the other run it, you have this kind of balancing act, right. If it is managing it, customers are gonna have to change their password every three months. Right. If it's marketing, run it, running it, then everybody's gonna opt into everything and it's gonna be free love.
And you know, there'll be no registration. Things will just happen. Right. And that's gonna obviously cause other problems. Right.
So, yeah. But it's all about the context of everything. Right. So when we looked at that perimeter based scenario, it was giving, you know, the right access to the right person at the, at the right time.
And, and now it's not necessarily about that, but providing the right experience. Right.
So again, it's that, it's that balance, right? How do you, how do you do that?
But still, I mean, the, the, the basic principles are, are the same, right? Regardless of whether or not you're doing an internal identity infrastructure or external, you want to determine who or what is at the door. Right. Is it normal, right. The activity that they're trying to, to do, and then based on whatever that activity and, you know, maybe where they're based, can I have access to what they're trying to get access to it? And is that, is that cool? Right. And if not, then you, you make checks and balances accordingly.
From an it perspective though, that's a Canada goose, by the way, it's my, it's my Canada reference today. So we need to kind of look like the Canada goose or a duck. Right. So everything needs to look super calm up top, but, you know, we got all kinds of stuff happening underneath to make this thing work. Right. And from a customer's perspective, that's the way we expect it.
The funny thing, even from a marketing perspective is I get it in the office all the time is we try to justify things because that's the only way we potentially could do it internally, even though we know we're on the other side of whatever that communication is going to be, we wouldn't appreciate it necessarily. So for example, our marketing organization tends to send a lot of emails to customers. Right. And I have people internally trying to justify why that's okay.
I'm like, okay, that's great, Tim, if you're sitting at your desk and you get 30 emails from micro focus in one day, are you gonna be happy with that? No. Well then why is it okay, now that you're standing on this side of the fence, right. That's not the way we want that to happen. Right. So when we look at it from a customer perspective, we want to make sure that we're thinking as a customer, as we're doing this stuff. Right. But the trick is to make sure that you're still providing the right level of security in the back end while all that stuff is kind of taking place. Right.
And that's the idea behind that goose, but here's the thing. So how many options do you have to make it work? Right? How many ways can you, how many moves does it actually take to solve one of these things? That's how many moves you could potentially take to solve it? If you ask Google, there's actually only 20, right? Every time, regardless from where it is, 20 moves, solve the rub excuse. Or like when I was a kid, I took it apart and put it back together again with all the red colors on it. But I mean, that's, that's kind of the, that's kind of the thing, right?
Like, like when we start looking at all of these things that we have coming and all of the ways in which we can solve it, right. We have to, we have to be smarter. Right.
So, yeah, there's a big number of ways that we can solve that, but there's also 20, right. So it's finding the 20. Right. And making sure that that twenties right for your business is really the trick. This is just a picture of all of the different ways that you could solve your problems. Right. I'm also up there. Okay. So it's not easy. Right.
But yeah, that's from momentum partners. It's I always laugh when I see that, because it's like, oh yeah, you could just, it's easy anyway. But it really, what it's about is, you know, it's about leveraging identity to power your security posture. Right. Because once you know who that identity is, everything becomes a little bit easier. Right. But you know, when you're thinking about, you know, building the platform and then operating that and securing that, you know, you wanna make sure that there's consistencies throughout doing that, that process. Right. All right. So I'll turn it through.
We don't need to start over, but we need to be smart. Right. So look at it from a business perspective, what is the end game? What's the goal, right. Does it add business value to what we're doing? Don't just do it for the sake of doing it because you waited too long to do it. And then all of a sudden, now you've got this duct tape bar infrastructure put together again, make sure you're smart about it. Think about what the customers need or needs are. Right. And then I talked with that earlier. We're all customers, right?
So this really shouldn't be hard, but every time you go to a website, you're like, really do I have to do that right. To get that information or to register for this thing, you know, again, balancing that risk with expectations. Right. So do you want to allow people to log in with our Facebook account to transfer a million dollars? Probably not. Right. But do you want to let them register for Facebook just to download maybe an asset? Sure. Right. Because the risk there isn't very high, but we wanna leverage our past experiences. Right.
So, you know, we wanna make sure that we know who privileged accounts are managing all of this customer data and stuff like that. Right.
I mean, all the basics, the basics still apply. And a lot of the talk that I hear when, you know, we talk about managing identity differently, and there's a lot of new organizations out there that are telling you how to do that. They don't focus on those things. Right. They don't focus on the basics. Then you need to focus on those basics. Because if you don't, then you're putting it on a foundation that will crumble, right. Because an auditor's gonna come in at some point and go, Hey, show me what you're doing with us. You know?
Well, we don't actually have that built into our customer or customer identity infrastructure. Well, you probably should, from a financial standpoint, it's not as big a deal. Or I don't see it happening as often because you have so many rules and regulations you have to adhere to, but there are lots of places where this stuff gets stood up, where they don't follow those things. Right. I know it sounds crazy. But unfortunately that's a downside with working in finances times, I guess. Right. But yeah.
I mean, you know, you're looking for insider attacks, you know, how too many users with too much, like all that stuff still applies. Right. So when we look at what, what we're doing, we still have to remember what those basics are. Right. And when we talk about the last one and we talked with that on the very first slide, complexity increases risk, right? Because you have so much stuff you have under management, you have to do it in a way that makes sense to the business, right. While still being that Canada goose. Right. All right.
So, but now lots of great solutions out there. Microfocus sells a bunch of them too, just saying, but there's lots to come as well. Right.
I mean, we can see what's kind of coming on the horizon. We talked a lot about biometrics. It's obviously not quite there yet because the technology isn't necessarily there yet, but it's coming, right. If you read what's coming in a lot of the news smart devices that is being included into that device. So those are ways that in which you can leverage that technology, how many people turn around when they leave home without their cell phone, nobody turns around, come on, everybody turns around, right. There's only two things I'll turn around for my cell phone and my lip on.
So just so you know, a little bit about me, I'm addicted to lip on, I will also turn around for that. Can't leave home without it anyway. But you know, when we used RSA tokens, you would absolutely leave home without that. Right. It's fine.
I just, I won't connect to that, but you won't leave without your device. And if you put that stuff and you leverage it on the device, you know that that's always with them, right. So when we start leveraging additional hardware to make stuff work, that may not be the best approach because we know that customers, when they go on vacation, wherever that is, they're not gonna take their fingerprint reader or their Iris scanner or something along that lines. Right. But they still want to have access to that stuff.
So how do you do that in a way that still provides the experience that they're looking for? Right. Don't follow the light. So all I meant by that is yes, there's all kinds of cool stuff coming don't necessarily run right. To it. Figure out how it fits within your organization and your business. Right. Just because something's coming, it doesn't necessarily mean you have to jump on board. Right. Make sure it fits the business that you're trying to accomplish. Right. So make sure that whatever your, your strategic priorities are, that you know, that new technology fits internal champions.
So this happens a lot, maybe not within, in, in your area, but there are activities happening without your knowledge potentially. Right. So I've been in on many meetings where there has been some sort of customer identity management initiative taking place. And people didn't know about it, right? Because it was led by the marketing guy, for example, right. They needed to get in touch with their customers. So they stood up another identity store and it didn't know about it. And now they needed to integrate with systems and services that are inside the firewall. So now how do we do that?
So really, you know, look at what's going on in the organization. And again, as, as, as Martin said earlier, make sure there's that marriage of, of, of leaders on those different teams, sitting around a table together, making sure that the next initiative is, is done in a way where everybody is bought in.
And it's, it adds value to, to business. Again, you wanna look at, at vendors that, you know, can help you build the foundation, right? They have a vision, right. They know where things are going. They have stuff on the roadmap that is going to adhere or get you to the place where you need to be from a, from an industry perspective, from a customer perspective, from a regulation perspective, you know, don't just buy the next thing because you have a tight deadline or you just failed an audit or something happened and you just had to go get something, right.
Look for organizations that you can grow with. Right. And then add accordingly. Right. So when you get into the point vendors and stuff like that, that's sometimes that's great. But sometimes it doesn't add value long term to the organization either. So you have to again, get those people around the table to figure Out what's right for you. That's it. Any questions I've finished the coffee. So I'm good to go. Yeah. So I understand this is in terms of banking. And I understand this is in terms of how banks are going to manage identity.
And yesterday we talked about how actually banks are trying to keep the identity for themselves, and there will be identity owners, but in terms of what you said in the context of PSD two, if I do, if I'm a wallet and I'm third party provider, and I just use, for example, junior, and I just scan my eyes to do the payment and to identify myself. Yep. And then I come to my bank account and I need to identify, and I need to scan my eyes again. There's a friction. You Gotta go apply, Go apply.
So, and if you, if you include other stuff in adaptive education, you will end up having on the third party providers, many different ways of, of authenticating and on the bank side as well. So it'll add a lot of friction as a marketing guy. How do you see this?
Maybe, maybe third party providers collaborating with banks and sharing the insights of the identity. And how do you see this rolling out in context of PSD two? Yeah. So I'll give an example, American express back in north America, for example, they own the credit card, but it's third parties that actually have their name on the card. Right. Or like my visa, for example, it's an arrow plan visa. So it's a third party visa. How does visa get the identity? Right.
So there, there are ways in which that can happen. Right? So you have, you know, federated access into the database to share that information. It's a matter of whether or not they want to do that though. Right. So can it be done? Yes. Right. Same thing with apple pay when apple pay first, come out in north America as well, banks wanted nothing to do with it. Cause they didn't know who was gonna get paid. Right. But to a customer, it doesn't matter. I don't care if it gets paid. I just want to be able to use my phone to tap, to pay for the service. Right.
So that's when it comes down to the business objective. Right. And the business driver. So if you can lower that friction for customers, then you should do that. Right. And not necessarily worry about not having the identity, but that's, that's gonna be the tricky part. Right. Who owns the identity because when you look at organizations that are going public, like Snapchat, for example, they're gonna go for like stupid money because they have, they're not a business model. Yeah. But they have all kinds of identities I think, and talk to. Right.
So those identities in some cases are probably worth more than the accounts that they actually manage. So that's, that'll be the interesting friction point over the next couple of years in terms of who's gonna own that identity. I don't have an answer for you because it's not, we're not there yet. Yeah. The whole goal of T two is to make FinTech collaborate with the banks and the competitive landscape.
But you, in terms of banks need to provide this. Yeah. Third party providers don't need to do this, so it could be, you know? Yeah. Yeah. Which means again, probably the best thing for banks to do is to fill a role where they are, where their customers don't need to serve provider, so to speak. So try to play that role as well, to some extent. So clearly if you don't offer your customer, what a customer wants your trouble. Okay. So thank you. Thank you, Robert. We continue.
