Welcome everybody, so don't run away. Okay. So we are talking about a B2B two x.
Now, it's kind of a, a difficult term, so it is both for consumers, but it's also for suppliers, for businesses in general. So if you want to, to communicate with your ecosystem around you, then there's a presentation you you need to watch.
Now, first of all, we introduced a, a maturity model for how are you digitally interacting with your ecosystem. Hmm.
With, with five maturity levels. Now, in fact, we did a, a studied to together with another Analyst, and not to be named today, and we came to the conclusion that, and we did a survey in, in, in the banking sector, the 65% were still in the lower area. So some maturity level in terms of digitally interacting with our ecosystem at maturity level one and two. Now in a second I will, I will talk about what it actually means, and I'm 90% up and, and nobody of the banks we interviewed reached level five.
And what does level five actually mean?
Yeah, these are the disruptors. So these are the, the Ubers, the Airbnbs, and, and the like, that really disrupt an entire sector. And so here in in the banking sector, we will talk about banking apps, apps that talk to different banks and can, and allow you to do investments and, and, and, and all kinds of payments across different banks without using the, the, the banking app.
So, but we are not talking about that, that that's a different animal altogether. But let's first talk about the maturity level one. So here we are talking about Kuppinger call 10 years ago, people were worried about, yeah, how can I make my services digitally available to, to others? Others meaning it can be the, the, the, the customers, the consumers typical, but also your employees. How can I make, for example, expense note issuance?
How can I make the digital, rather than having an Excel as being filled in and, and, and, and set how can people look at their pay slip, for example, this type of things. But so, but are these people at, at that time worried about, about, yeah.
How, how to, to deal with APIs that all and a sudden get exposed to, to the internet. And then things like social federation and I need to be able to, to log in with Facebook. Okay. And then traditional type of identity and access management using typical directories. Okay.
But, so we passed that stage. Unfortunately, many of the banks are still in that stage, eh, but okay, so the next stage is stage number two, where people begin to realize, yeah, all, all this logging in it is kind of painful. And if you need a different password for every application, it's kind of irritating.
So let's introduce a single sign. Okay. So we need to think about the customer experience.
Okay, fine. So people then focused, so these were the keywords done five years ago, single sign, but also passwordless.
Why, why not get rid of passwords? But yeah, in order to make it secure, we need to have multifactor and needs to be frictionless.
So, but these were the, the keywords at that time. And so really talking in terms of customer experience, we assume, but of course it's, it's wrong assumption, but that many companies already passed that stage. Now what we have seen is that, yeah, there are still people struggling with that. How can I do password less authentication to my employees? Still a question that many companies are, are worrying about, but okay, so that's level two.
Level three is about how can I introduce or, or acknowledge the fact that I'm not the only one on this planet providing services, but I need to provide my service potentially through channels, so through distributors, maybe resellers, maybe also, I'm also working with, with suppliers.
So in the banking world then we are talking about open banking. Open banking was a big deal for, for the banks, they didn't like it, of course, but from the European Commission they were forced to to implement it. And so they, they were strangling about new things.
Like, okay, we need to think in terms of API first security, but also things like, how can I transfer trust from one domain to another, eh, with techniques like token exchange and like, and of course, yeah, the, the, the code word, the last two years, there wasn't zero trust architecture. So we can no longer trust what is out there. And so we need to, to, to, to build a trust ourselves.
Okay, fine. So that's level three still in our opinion, a little bit com commodity. But what is level four here? You are talking about your ecosystem as, as players that are working together with you in order to, to make you successful and also them successful.
So you are really partnering with others, but in a more intimate way.
So that means, for example, you are working with your suppliers in a more intimate way where the suppliers know that Yeah, they know their employees and they can allow their employees to automatically enroll into your systems and use the applications that they, they should use. But I still people think, yeah, but that is kind of federation, so that that's also commodity.
Well, no, it is really calling also the APIs of your partners and your partners calling your APIs in order to enrich their services and, and the way they, they go to market and then all of a sudden, yeah, you, you need to acknowledge that there are different populations working with your services, whatever they, they may be. So you may have the, your employees, but then your employees may be complimented with people from outsourcing companies or there may be suppliers.
On the other hand, you have the, the, the consumers of course, but consumers of are often being served by platforms, by marketplaces, by resales, by distributors, by installers, by, by dealerships. So you have this, this entire ecosystem of other types of partners that help you increase your, your business. But we are talking about different populations. So a supplier for example, is typically today being managed by some kind of an active directory, maybe some guest accounts. And so yeah. And that especially for suppliers.
Oh yeah, for distributors, we have a completely different directory. Yeah. They will use ibm.
Oh, and for internally, yeah, of course. Yeah. They use active directory and for the consumers. Yeah.
Well, either we don't do that or yeah, we have a CM and, and we, we, we manage it that way. And so populations are being seen as being completely different islands and, and it's very strange.
That is still the case. And then you ask these, these, these people.
Yeah, but what if a consumer ha also happens to your employee? Or what if a supplier is also being outsourced and Well, yeah, no, that then they get different accounts in different systems. Yeah. And then they need to, to re-log in and this concept of seeing on, but yeah, it shouldn't work that.
Yeah, no, well, we don't know. And but it goes even further that if people are using the services of, of a partner, they're logging in and, and, and do whatever they do with your partner, but you still need to know, yeah, but who was that person? Maybe for regulatory reasons, a bank needs to know that. But even if you are renting space, you, you may need, from a reg regulatory perspective, you may need to know who is this person really the physical person, not just an account that he's used for, for using, for, for logging.
In the same, in in HR service services, same in medical services.
So all on a sudden a set of different questions come up, which we call, well, not only we, it's generally called there for example, delegated administration. So people are coming from different populations, from different areas through partners, and people that are using your services are going to TCDs partners, but administration of these people, onboarding them, registering them and supporting them needs to be done in a delegated way. Yeah. So federation is, is, is one mechanism, but federation may work in, in, in, in, in certain cases, but it's certainly not a, a general solution.
So here you need to delegate the administration, the onboarding of people to the partner that that is actually managing that population. You also get identity verification. So who is this person really? And maybe some bank has already done some the due diligence and K y C on, on that person because they, they, they are obliged to.
Maybe you can build on that, or conversely, maybe you are verifying the identity of somebody and you, you can pass on, but how can you do that digitally? Can you verify somebody's identity in the digital world?
And well, we are talking about different populations, so people with different types of roles relative to, to, to your service. Yeah. Then maybe also different policies apply. Maybe employers need to need to use MFA while other people don't need to use it, or maybe they need to to also fulfill certain other, other details such as they need to supply much more identity information while visitors don't need to. And so how do you manage differential policies? How do you manage delegate administration and how do you manage this, this, this level of k yc and know your customer identity verification?
And so that, that's where we introduced the, the concept of persona.
Persona in itself is, is is a term that everybody knows a persona that means, yeah, you, you play a certain role in a certain community and then you assume a certain persona.
Well, it's exactly that what we built in our platform. So as soon as you try to log in, you use a user profile, but that in itself is less, less irrelevant. So you get a user profile and you may have registered using Facebook or whatever.
It, it doesn't matter. It may come from your, your own employer. It may have been federated with something else. That in itself is not important. The user profile that we manage doesn't give you any access. It only identifies you, it allows you to, to do the initial onboarding, but then as soon as you, okay, so that's zero minute now.
And, and as soon as you, you are logged in, then you select a persona.
So how do you want to interact with me? Then you say, now I'm a supplier, or I select, now I'm an employee. And so depending on, on the, the, the personas that have been given to you, you can select one or more of them. Typically 95% of the people only get one persona.
But there, there are people that are working in different populations, and like I said, the employer employee is also a consumer. And then you get to two personas, one as an employee, and then he can switch to being consumer, and then he can do some e shopping with, with his own employer. And so by selecting personas and, and by assigning personas, the personas themselves get a life cycle. So you get, you get them assigned, you get them approved, they, they get a start date and an end date potentially.
And, and you get policies that are differential in the sense that they are driven by those personas. Employee personas get completely different policies or are subject to different policies than when you select the persona of an employee. That's an example.
And of course, yeah, by, by using personas, you can easily do delegation, eh, for example, one of our customers, thatnot, so they, they provide services and, and vols for notaries. And a notary is, is of course a legal person with the legal capacity to sign a certain deeds.
But of course, the notary is also managing his own company as an, as a me of course, eh, his own practice. And of course then you have the people, the citizens that are actually doing something with the notary and now I need to stop, right?
Yeah, yeah. No.
So very, very quickly, shall we here where you have a customer and a customer, for example here of, of, of a bank may be acting as a, as a person, as as a consumer, but may also be acting as a professional. When, when that person here is also running an sme, of course she will also have a professional account and banks struggle with that.
Yeah. How to deal with that, where we say, well, yeah, you have two different personas, you can act on your own behalf, and then you, you have a personal account, or you are acting on behalf of your company, and then you're a professional.
And then of course you get different things that, that you can do. And so we say you have a profile and there is one single profile that, that you get, but that in itself doesn't do a lot. But you get personas as, as you interact with the services. And it's the personas that have a life cycle. It's a personas that actually gives you access. And it looks a little bit like role based access, but it's completely different model because we are talking about the, the, the things that people understand. Now I'm acting as a professional or, or I'm acting as a consumer. People understand that. Alright.
Right.
Thank you Carlo for this very nice presentation. Before everybody heads out to the well earned coffee break, I want to give room for one question out of the audience.
Can I ask one?
Yes.
Yeah. Hi. Do you have any like, solution for dual citizenship, for example?
Or, or like, do you see the problem even while using the persona approach?
Yeah, so, but, but, but it's a very good question because I can use it as, as an illustration.
So you, you can say, okay, I want to, to act as a Belgian citizen and now I want to act as a American citizen. Okay? You can have two personas and they can have a different lifecycle. For example, one of your citizenship can be revoked. That can be easily done with a, with a, with a persona. Now the question is, yeah, do I continuously need to switch? But between those two, well, where we say, well, two different personas can maybe have the same access rights to a certain extent.
But if you want to declare your taxes in one country, of course at that moment, you need to explicitly choose that persona. The, the verification for onboarding that persona may also be different. Obviously in Belgium you may need completely different things. And if you want to do the Morocco, for example, yes,
Thank you very much.
So,
So, so I, I would like to invite you to our stand, of course, eh, the, the, the trust builder stand so that we, we can further discussions because of this a your domain. And it is a very fascinating domain in dealing with access that way.
