KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Many organizations are undergoing new modes of operation, which is enabling them to develop a "digital instinct" for their customer's needs. A correctly designed consumer identity management platform allows those organizations to excel, in an agile, secure, and business-enabling way. What does success look like in the CIAM world and how do identity fabrics enable it?
Many organizations are undergoing new modes of operation, which is enabling them to develop a "digital instinct" for their customer's needs. A correctly designed consumer identity management platform allows those organizations to excel, in an agile, secure, and business-enabling way. What does success look like in the CIAM world and how do identity fabrics enable it?
Good afternoon. Good morning. Good evening. Wherever you are in the world. I hope everyone is, is safe and well in this, in this pandemic that we're all facing 15, 20 minutes. I really want to dig into this concept of consumer identity or SI and how an identity fabric is a really essential part of any organization trying to deliver modern consumer based identity services.
And I want to really start off by let's just think of, think of ourselves as consumers, just for a second, not, not as identity professionals, and we've all probably got really great experiences and stories of how we've faced really poor and really bad consumer identity experiences, bad registration services, huge forms, where we have to fill in all of our name and address and our, our favorite foods and our, the pet that we had when we were three years of age and all of this knowledge based stuff to, to perform registrations all of the bad interactions we've had, you know, trying to enter a complex password on a, on a mobile phone.
And, and we've all we've already felt. You know, we've, we've already really felt how those experiences result in a bad experience for the application or the service or the purchase that you want to complete.
And, and my bank, I want name names. My bank is UK based bank. They they've come out with a fantastic mobile application. I can see all of my account information, I can make transfers and everything else. And then one day they, they added in the ability for me to see my, my loyalty points in the application. So my immediate experience by immediate thought was, this is fantastic.
This, this is fantastic. I've got loyalty points with my, with my bank, but soon as I clicked into the loyalty aspect, I was then vectored off, not from a mobile app, but into a mobile browser. I had to register to this loyalty system. I had to provide a huge chunk of information on my mobile needed to say, I, I didn't register for that loyalty scheme. The experience was, was such a bad experience that my, my interactions with that application obviously to do it is spectacular.
So we've all got stories of having to, to register bad systems, to, to perform signups on devices, which is not really careful for that. You lock yourself out, you have to speak to these all really inhibit this, this really bad set of, of interactions. And from an end user perspective, the interface is the application. The end user doesn't care about how this application is built. They don't care about the data sources. They don't care about whether it's microservices or monoliths or any of that stuff.
They simply see the user interfaces and they simply want to have a great experience, a seamless experience. So they can go ahead and perform their banking transaction, or make a purchase or whatever it can be. And the user experience really is vitally important, but the modern Siam delivery, the, the UI is only really the tip of the iceberg. What does that mean?
Well, the modern digital identity really pulls in a whole host of different components, different requirements. What about compliance? What about GDPR role? If in the United States things like CCPA, how does your identity platform really pull in and, and solve some of those key business objectives? Does the identity platform really focus on stakeholder engagement? What about future proofing and looking at modern multifactor authentication techniques or passwordless, what about data protection and things like data breaches.
And then we have things like consent, evolving threats, bot armies, the dark armies, all of that stuff, which is continually evolving. Soon as you start to deliver consumer facing identity, you then have the, the focus of planet size scale. You're no longer just looking at a very closed ecosystem of users within the enterprise. Suddenly you, your internet facing a public facing system. It could reach into the millions or hundreds of millions of users.
So organizations are suddenly faced with this dichotomy of, of instant delivering and external facing service, whether it's retail banking, insurance, eCommerce, public sector government, but they certainly have to have a host of, of these competitive pressures under the hood as well.
And that's really driving and elevating if you like the importance of identity, instead of it being a, an it led component, something owned by administration, focused on operational efficiency and in internal focused use cases, it's certainly becoming front and center of a whole host of new requirements, which cover a whole host of, of different parts of the business. So how do we drive towards success and what does success look like?
Well, the key thing I think with, with consumer identity is start with the end in mind. And that sounds, that sounds really a really simple thing to, to start off with. But by this, we're really focusing on, look at the objective. What is the, the thing that business is trying to achieve, whether that's public sector looking to improve citizen engage engagement, or perhaps it's a retail bank, or trying to try to move everyone to, to operate mobile, for example, but what is the real business objective and how does identity really pull into that business?
Objective is it's no longer just focusing on operational efficiency system, integration, governance, and compliance, led initiatives. It's potentially all about increasing earnings, increasing business adoption, increasing the ability for that business to essentially attack more customers, drive revenue and allow themselves to be much more agile.
And, and to do that, you really need to start talking to different stakeholders within the organization. It isn't just an it or a systems led focus. It's a typically a people-centric or a user-centric focus, chief marketing officer, chief digital officer.
You know, these people are gonna be very, very much interested in how the organization interacts with their user community. How do you get users to sign up to your service? How can you do that in a seamless way? How can you customize your user experiences to that external user community? So C's very much focused on the outside in looking to bring customers and users closer to your service offering where clearly employee based identities is very much an inside out style approach focused on that operational efficiency and so on. So we certainly need to engage different stakeholders.
We need to focus on the high level business objectives, not just starting with the, the technology, which I think Martin needed to at the beginning of the, of the, the conference, don't start with technology, start with the objectives and then flow downstream to look, to bring in technology as you see fit. And typically in the Siam space, it isn't just about operational efficiency.
It it's much, much more about increasing consumption of an application, increasing the adoption, increasing registration, increasing the breadth of coverage across different user communities, because different groups of, of people and of stakeholders in really, really specific on how that is very, very different. And that brings together a whole host to different requirements. It's no longer just a single technical or systems led. It function it's much broader. It's much more sort of embedded and ingrained across different parts of the business.
And each of those stakeholders be it, the, the CSAW, you know, the chief of information security guy, right through to the digital marketing teams. They all have very, very different requirements, but the consistent part is this identity fabric and the identity is the ability to link those different parts of the business together to essentially allow this outside in approach to identity, to succeed. So I wanna switch gears a second and, and, and really talk about what, what the fabric actually allows the organization to do from a, from a C perspective.
And if we think of, of employee based identity, it's been quite a linear process. It's quite a structured top down set of use cases and pieces of functionality often tied to an authoritative human resources system. You have this join, move lever linearity around access control, and you have access certification. You remove access, you add access. And at the end of the employee lifecycle, the access is removed and archives away in its entirety. It's very linear, very straight line. The SI lifecycle is not, it's very cyclical.
Even the infinity symbol here, if you're like, well, it's, it's a continual progression from onboarding through to profiling device binding giving the right access at the right time, maybe using continual adaptive access controls, maybe a bit of zero trust stuff in there as well, right through to that continual consent management data management piece.
And when you get to the end of, of that cycle, you, you typically start again, you know, you look into perhaps you deliver different services, deliver different services on different devices, perhaps offer different applications or different benefits to that end user community. And they may then go through that onboarding process.
Again, maybe capturing more information, increasing their access levels, buying more purchases, doing more interactions with that, that service provider. So you end it with a much more cyclical end to end set of interactions.
And the identity fabric is then suddenly looking, providing that whole host of different actions, whether it's that initial onboarding way or empowering know customer style, use cases, identity proofing, fraud, production, interacting with, with third parties to, to prove identities and creating a level of assurance there from that initial onboarding right through to, to the whole personalization aspect. You know, making, making me as a person feel like this, this service knows me.
They know my nuances, they know my preferences, my specialties, they provide the ability for me to, to view my data when I want it, this whole paradigm of, of data on demand and, and being able to, to provide consent to the service provider as part of very basic sort of GDPR interactions right through to third party consent. So how my information is potentially being used and shared with, with trusted third parties and essentially the identity fabric again, is required across all of those different, very broad sets of use cases.
And they're nice they're standards like this that can help with the enrolling process and the authentication process, but you really need to start thinking of, of identity as being a key part of the entire organization's set of interactions. It's no longer just a very small individual piece of technology. It's a very much a component which impacts the entire business. And that lifecycle part is really where that, that comes to, to the fruition. Really interesting part of fabrics. I think certainly under the SI side is success. How do you measure success?
How do you, how do you actually measure that this, this thing is working and this brings a whole set of new use cases around putting measures, metrics, timers at different parts of that C life cycle. I was just talking about, right from authentication, you know, can you apply metrics, timers analytics through the authentication journeys, which devices are people using? What gives happiness to your end user community?
You know, it, it probably isn't being locked out and having to reset their credentials or having to receive authorization fairly. Is there anything like that? It's about giving happiness, can the end user perform the tasks that they want to perform? Can they do that effectively?
You know, how do you measure success from a security perspective? How do you measure success from a, a user conversion perspective? So we need to try and apply coverage performance and effectiveness statistics across your entire Siam life cycle from authorization to authentication, to registration and, and consent management. And so on being able to have consistent metrics allows you to, to report success.
And I think being able to report success is a really key part to, to expanding your identity coverage, start small, the very small set of use cases, very small set of value driven use cases, measure success, build that business case and allow that set of use cases to expand to other parts of that life cycle. In other parts of the organizational deployment, what does success look like? This is a really interesting thing from a asylum landscape success from a asylum perspective is probably invisible. And what do I mean by that?
Well, talk briefly at the beginning around we've all got experiences and talk tracks of bad experiences, things which make you feel terrible, bad registration, bad, passive reset, can't log in can't register, can't sign up poor experiences. You, you remember that stuff, ironically, you typically don't remember the good experiences, the ones which are seamless user driven, user-centric full of user experience, happiness, that that stuff typically is transparent and classical on Amazon biggest retailer on the planet.
Again, not, not, not, not a for customer at all, but a real good example of perhaps of how huge scale user-centric design. And you don't typically remember the last time you logged in to Amazon. Do you remember how you registered? Probably not. You're simply there to go make a purchase and, and do something in an eCommerce environment.
So it's really important to essentially make Siam from a, the end user visibility perspective is to probably make it invisible, make it as transparent as possible from that UI perspective where under the hoods you have that entire life cycle of interactions, which allow that invisibility, if you like to, to actually be seen and allow the end user to go ahead with their service interaction, making a purchase online banking, handing in their tax return or whatever it could be. It's very important to apply friction at the correct time.
And success typically may mean that your services from an authentication and authorization perspective may well seem quite invisible from the end user bit of a paradox, a bit of a change in machinery mechanics from an internal identity management perspective. So how can you make this happen?
Well, you need to have a platform set of capabilities. I think that that's something which is definitely matured over the last five or six years. It's no longer a case of buying a single product, which does one thing and building a best of breed set of integrations. There it's very much a case of looking to drive a platform, led set of capabilities, right from identity management, where we're looking to do the identity proofing the registration services right through to, to the sort of zero trust access management authentication authorization passwordless sets of use cases.
And then looking at the more, I guess, more traditional services like governance and directory, which are now being modernized for, for the cloud. You know, being, looking to have governance and access certification services, looking to have planet scale directory, to store identities, devices, and interactions. And I guess there's two main components to this central AI engine is, is one is the inputs. You need inputs. You need to be able to integrate from an API first approach to internal data signals.
Third party signals, whether that's things, identity, proofing, threat intelligence systems, relationship systems, and so on, you need to be able to pull in identity signaling data very simply very rapidly. You need to be able to change those signals pretty much monthly, I guess, is new inputs come online and then clearly where's that information going.
You need to be able to synchronize and pass that identity information down into APIs, microservices, legacy applications, cloud-based applications, you know, providing persistent data and runtime data into a whole host of different data types, application types, and so on. And, and clearly in, in, into day's day and age, you need to be able to deliver this stuff from a cloud ready perspective, SDKs APIs, cloud, ready, all of the, all of those key integration factors to allow this platform to get deeply embedded into those business objectives.
So I guess the key takeaways here is success may well be invisible. You know, success does really require a broad platform set of capabilities. The life cycle for cm is very long. It's very continual. It touches many, many parts of the business. So you need to be able to provide integration options, multiple different device types, multiple different signaling and data types, and then clearly downstream where that information going again, needs to be very, very flexible with a whole host of different options. So very quick, very we, the top two are there.
We knows is subtly different to identity, and it brings a whole host of, of different challenges and use cases. And I was very fortunate in, in 2020 to, to spend a bit of time researching the space in a lot more detail and came out the book, the consumer identity and access management design fundamentals. I think we're gonna be giving away a copy of this, of this, this book in the, in the networking lounge later on today.
So if you are quick and thinks gonna be the first person I think to, to grab me in the networking lounge, we'll get, we'll get sign copy of the book, but this really sort of digs into some of those use cases I was referring to there, the whole sort of SI life cycle and how a, how an identity fabric really is essential to make those cm use cases a success. So thank you for listening. And I would love to love to hear your, your questions and stories later on throughout the.
