Identity in the C-Suite? The Role of the Chief Identity Officer

The topic of this panel's identity in the C-suite, the role of the chief identity officer. So the interesting question, Shirley, is, is there, should there be a chief identity officer or not?

If so, what would be the role, et cetera. So I think in a topic where, where we hopefully find a lot of disagreement, because I like panels with disagreement. So the the people on on stage are, so everyone is looking at Ellen here. So you've built a reputation over years, Alan, for, anyway, we have here Yako Cedars, we have Alan Foster, we have candles, Worley, we have Danny Bri, and we have Ian Glazer here. Yes. So I wanna start, the way I, I always start when moderating panel that is can be asking you to, to give a sort of a surge at maximum statement about what is your, sort of, who you are.

So very quick introduction, all of you're well known, and then maybe an initial thought on this topic. Ian, you can go first. Thank you for the, thank you for the honor. Ian Glazer. I am a co-founder of ID Pro. I used to wear a couple of other hats, including SVP of product management at Salesforce. My take on this is, and, and I used to be an ex Analyst, and so the reason why I say that is because every Analyst first word outta their mouth is always, it depends.

So I think the role of the chief identity officer depends on some, some of the boundaries, how much we would include in this person's remit versus not, I think is going to be the governing factor, whether it becomes a C-suite role. And I'll follow up with that as we take questions. Okay.

Denny, Denny, Peru from the road bike of Canada. The interesting part for me is I come from the vendor space and now I'm in the financial sector. So I've got to work with chief identity officers and work with organizations that, like Ian said, just don't need them. They don't fit in the, in the model of the organization or the mindset.

Candace, Candace, Worley, ping identity. And maybe I'm the first to, to take a rogue position here, but I don't, I don't think there is a need for a chief identity officer as I contemplate what that role would be and who would be held accountable for identity in the end. With the ciso kind of responsible for the security of the organization with a chief potentially digital officer responsible for driving revenue and the customer experience, the buck has to stop somewhere. Put The microphone a bit closer to me.

Oh, The buck has to stop somewhere. Yeah. With the chief identity officer in a role who ultimately is held accountable for identity, is it the ciso, the Chief Digital Officer of the Chief Identity Officer. Okay.

Alan, Is it, is this thing On? It's it's working, Yes.

It's, it's on, well, yes, I'm Alan and I've been around an identity for a long, long, long time now, back in days when Netscapes L d A was gonna solve all of the identity problems, we're still working on that at, at the risk. So, so I'm not gonna fully agree that it's not required in the C-Suite, but I think the argument about it is, it's the, it's the wrong answer to the right question.

And the, the, I think that identity and the things that we are looking at associated with identity definitely needs to have visibility within the C-suite. But making, making every problem the business faces to be someone in the C-suite is probably overkill. Okay. Well, my experience, there's always in large corporates or in banks, someone called head of iam, which always makes it a technical role within it. And if you're lucky, it could be an executive role with higher than just operational IT responsibilities or accountabilities.

And if you're really lucky, you're reporting to the CSO who reports into the C-suite. But the definition of IAM is, in my opinion, needs redefinition. And the role could, if you have the head of I, the head of identity somewhere head of digital identity on a higher level, it could help to raise better definitions of what the role is. So reversely put it there and it will leverage the, the way you can act, Ellen, it looks like you wanna respond directly. Sure. Because we're all agreeing and I don't like agreeing.

So I think when, when I first started listening, when I first thought about this, the, the topic, the, the sort of question that came into my mind was, what is the C-suite trying to achieve? And in my mind, the C-suite are the direct reports of the CEO who are responsible for generating revenue. And so there are certain situations, if your business generates revenue and you, your, your revenue generation is identity, and I'm sort of thinking banks or healthcare and things like that, where identity actually adds specifically to the bottom line as a revenue generator.

Then there's an argument that maybe identity does have a role at that point, but if it's not something that is specifically revenue generating, IM, You're wrong. So I agree. So here's why.

So sorry, you're taking too narrow of a view because if I am in the public sector and my agency is about delivering service to citizens, increasingly, and in some cases only that delivery is through digital, that is brokered exclusively from say I am, which means that that is not revenue generating, it's not how the mission is measured. And that person, whether they're in the C-suite or not, we'll get to the sac, is key to the success of digital engagement. I don't think that's something we're gonna argue about.

The question that I have is if this role hypothetically owned both workforce I am and Siam, I think you end up with a, that may end up breaking deadlocks between the chief digital officer and the CISO and the CIO or actually cause them, and that person will go insane through the enormous number of inconsistencies they have to resolve in their own world. But I think that's one of the decision points to me is would this role actually own workforce and Siam and maybe even partner? I don't know my opinion that should be all identities because it's a holistic universe that has to be managed.

Yeah. Otherwise we have a, so to speak, not a cease, but a CSIO chief, some identity officer in, I think that can't be the resolution. I think the, if I may, the flaw in that is that that identity person is likely not the person that gets fired when the something goes belly up with workforce like the CISO does. I mean the ciso, he's gonna be held accountable for the security or the organization, the security of holding customers and employees identity secure.

And in, unless the answer is chief identity officer goes belly up when something goes wrong and ciso, sorry, CISO is saved. Usually people tell me I don't actually need a mic.

So, you know, unless, unless they're gonna be held accountable. For me, it's the accountability issue where I struggle with this particular role because it's gonna be very unclear who gets held accountable when something goes wrong. Okay. then maybe Denny also and then Ian, and then for Alan again, because Alan then truly has to say something again later then Well the accountabilities, I think there is an executor or leadership part to being what is called head of IAM today.

And that top level types of strategic strategy setting, being accountable for making roadmap for the next five years to support as they want it, the company, that's really an executive role and it will not be recognized if it's not on the right level. So defining the accountabilities is the first thing, and then it then you, you can't end up anywhere else then somewhere in the executive suite.

Maybe to throw in something ahead is isn't the point that we say it is sort of, we have to head of, I am, we have the cso, we have the chief officer, we have the business students all dealing with identities. The point is identities so ubiquitous that we can't say this is someone's responsibility.

It's, it's so much at the heart of everything we do in an organization, maybe a digital identity in contrast to traditional administrative. Im that that, that it's hard to say, okay, there's someone who's responsible for the digital identity because every digital business starts with digitality. So which way, way would lead a bit more to the C again, isn't it?

So Denny, Initially I started off on the fence, the, it depends scenario, but now I'm starting, I hate to say I'm flip flopping to the idea of if there was someone that was ultimately accountable but not more for the what, not for the how. I dunno if, if that's even possible for a type of role. So at the capability level, this is, this is what we need done. And then the person who gets fired is the person who does the how.

That's, that's who we should blame. Well, No, the accountable person not responsible. Oh boy. Delegate accountable.

No, Stop. No, stop.

So, so, so, so, so Martin actually, you just, you resolved this force. We, we can end the panel now because what you just actually resolved for us is that the CEO is the chief identity officer. And because that's the only person who sits in a position with that accountability and responsibility, maybe I'm slightly kidding, but the, the what and how I think is a really interesting way to separate this.

Let me throw another angle in, which is, if you would say that your chief revenue officer owns all of the data around the sales opportunities that you have and all of the state of that, and your chief financial officer owns the state of the accounting system in the books for identity. Where do we draw the line? Do we include HR data in it because workforces runs on it? Do we include the customer profile because, well digital knows the experience. They get weird about owning the data.

So I wonder if we take a data defined way organizationally, does that help answer this question Before we continue? I think there are some interesting, probably more comments than questions here.

So, so one, one on Ian, which is contradicting Ian, which I read first for that reason. What, what Ian's at that government isn't revenue, the government agency revenue is citizen satisfaction. Interesting point here. The sec second one, A comment rather than questions question perhaps we are not exploring the full potential scope of a chief identity officer. I'd argue there are elements of identity, many layers of business data management, ux, et cetera, that could benefit from a holistic approach through a cio.

And then another one is, wouldn't you agree or would you agree to the statement that it depends on the transformation level and enterprise has reached whether it needs a chief identity or chief identity digital officer or whatever example, old school car manufacturer versus a mobility provider servicing its drivers. So I think some some interesting sorts here.

Ellen, looks like you wanna start? No, I was just Picking part self-defense. Self-defense. I'm not sure that, I mean going back to your areas of responsibility, right there, there are a lot of things that we have in it in information systems and processes, which are all required for us to deliver on the business.

It is the, the, this goes all the way down when you're talking about where the data is, it's on a hard drive somewhere. Who's responsible for making sure that that keeps running or maybe it's in the cloud, I don't know. But you know, there, there's, there's a lot involved in the it we have a cio and in some organizations the CTO fits into that same sort of role depending on the kind of person that's in there. There's a requirement that all of the information technology work and and identities is part of that piece, right?

I don't know that unless it is actually generating revenue for the business and we are out, how do we collect more identities and how are we going to protect those? I don't know that it's something that takes up 20%, 15% of the C level, the c-suites time on a weekly basis. So what if, so let, let's, I'm, I'm not, what people need to know is that I am deeply conflicted about this. Like I don't have my own position fully formed yet. What's a shock?

But maybe flip this around, there are reasons why there are executive roles because it is only at that level you can get resources you need to achieve a certain outcome. So let's flip this around. If the chief identity officer existed, what would that as an executive role give that individual that they could not otherwise get? Whether they are a VP title of the SISO organization or the digital. So is there a thing cuz if we can find that, then it might tell us if there's an executive ness of this role or not.

And so, I don't know, let me throw that back to people. What full Cooperation of all the HR departments around the globe that now they have to bag for data and change the process and get quicker onboarding for IT services for instance, it would speed up a lot of onboarding processes. And that's a simple one. Yeah. Data quality management in these systems that should be done holistic. I dunno if I wanna be responsible for that Or between a siloed domains between countries, whatever.

I think I can mention a lot of executive level problems you can't solve bottom up, Danny, The only concern I'd have there is the, the different lines of business have their own consumer aspects. So wealth management and, well, I'm speaking financially, each lines of business has their own type of consumer data and globally different responsibilities. I don't know if they could handle that.

Yeah, on the other hand, I, I think there are some charming things. So take, take the, take the automotive vendor.

So yes, there are people that are looking at the connected vehicle, but then there's the garage, which is in a totally different unit for instance, and the financial services are in a different unit. But when you look at the we, everything comes together. So there's the leasing company, the people in the leasing company, the workers in the garage, endless more people.

And I, I think the risk is also when you build digital services that you take, may take a too narrow, narrow perspective sometimes when you don't sort of have a, a central responsibility for everything which has an identity, which is not only humans, which is also all the silicon identities. And then it's, maybe it's even a bit, so, so the question is, is it a subset or of, of a chief digital officer or is it a CDO on steroids? Well so could it be rather than it being a chief identity officer?

Because I think you hit on something kind of interesting, you didn't actually say it, but it's what I heard and that is we actually need someone in the company that's thinking strategically about identity across the entire ecosystem of the company. Sounds like a C-suite, but it could also be a strategy individual under the CTO office. Yeah. But these are usually not so powerful. You Execution power.

I, I think the most powerful people I've seen in that strategy role ever is, has been Kim Cameron. Well, my question is, would the chief identity officer be able to tell wealth management, you're gonna give me budget so that I can tell you what you're gonna do with identity microphone. How would that Okay, so would in in RBC would the chief identity officer be able to go to the wealth management people? And it's really, Holy god.

Okay, let try this one more time. Would the chief identity officer be able to go to the wealth management group and say, you're gonna gimme some of your budget? So I can tell you how you're gonna do identity?

Oh, oh, not even closer. Oh yeah, I know.

I mean, I knew the answer by the way, but so like I think the, the power struggle will be between the lines of business who generate significant revenue for the organization and having a chief identity officer now trying to tell them how they're gonna do stuff. I I I wasn't just a second.

No, I was, I wasn't a, I was monitoring yesterday and there was some talk of from Hutch about architecture. I, I think the point is, if you just say this, Okay, is, is it already there? If if this is trust, a strategy role, then that might be like the architecture gate at the end. So the identity gate, so to speak.

And, and everyone is trying to, to climb over the fence instead of passing the gate, so to speak. And so I I, my fear would be that the depu strategy role would be not powerful enough to, to do things. I I personally, my, my gut feeling currently would be a c must be a chief identity officer as well. It must be. So CEOs must to speak sync identity first because it starts with the identity. That would be my current state of thinking. But it may change also like some of the hours over the next 10 minutes we have.

So Alan, I think you're next and then No, I've got one, I've got one here. I'm gonna go back to the comment that I made earlier on about it's the wrong answer to the right question. Right? I think in every organization it's going to have different sets of problems. And the solution is not to say the problem of the day with this organization deserves somebody in the C-suite because fundamentally the C-suite has one job and that's to deliver value to the shareholders and that's their job. And the people working in the C-suite need to deliver that to the ceo.

The CEO gets to determine what his or her C-suite is to help him or her deliver that job. And if an identity officer is important enough to the business to deliver it, he should have one. He or she should have one Only he doesn't know yet and he doesn't want to know because it's IT ceo.

So, so what we might be pointing to here is that we acknowledge because of workforce and Siam needs, the individual needs the ability to influence the entirety of the C-suite and to affect the direction of budget and programs. The question becomes, I my, sorry, my concern is if you traditionally pigeonhole identity in security, then you diminish that influence capacity, especially on the digital side. And so putting it in a CTO in that kind of influencer role of architecture plus plus if you will, I get the spirit of it, but I don't think that's the person who can actually drive the outcome.

And it's only the ceo Yeah. Who can really do that. So you need to be hand in glove with that person, which means be in all the drex meetings, be in that room. Yeah.

So, so there, there's one comment. So an advisor to the CEO might be well-placed to oversee all places identity topics, need support, HR, revenue, et cetera. So it would be a bit, you know, we have a lot of office of the CTO things that would be probably more Yeah. Identity office of the CEO, so to speak, as a very, very strategic place. And then anchor at that level where you can really can impact things.

So that, that in that case the strategic advisor. So I'm back to the other position again. So flipping here again, that might be an idea. So it looks like we don't have the, haven't found the, the, the, the perfect solution yet, but we have have still seven minutes left, so maybe we or 5 23. So maybe you find it, You can all grab the microphone. Yeah.

Kuba you, you're next or you trust No, You're trust holding the microphone for the sake of folding the microphone. Okay. So I I think we, we we haven't a perfect solution yet. I think there's one thing which, which also goes into that if a CD C I D identity and digital officer could bring together all CU or chief identity officer, I'm not sure what abbreviation mission this context means in this context bring together all customer identities across different businesses. It would be very revenue generating.

So that would be, it's accountability, but we still have the other, other identities to deal with, which I think we could squeeze into that bucket as well. So I think there are ways to think about us, Ellen, I was gonna bring up the chief privacy officer. Where does he or she fit within that identity picture, especially as we're in the eu, but It's just a legal guy reading law and being in the compliance office somewhere and not understanding what identity at all is. And I have this Experience.

No, that's my personal experience. That's my personal experience. I was working in a, in a global bank and I went to the corporate office for the exactly, I was collecting data for the employees from 60 countries around the globe. And I had sort of made a simple story that, okay, but it should be data privacy compliant. And that was in the year 2000.

You know, that was not on anyone's map, but on mine I went there, I went to these corporate lawyers and I asked them, I'm thinking about doing it this way and making data agreements and blah, blah, blah. And they data specifications and usage specifications. I dread the, the previous gdpr let's say, and can you tell me if this is right? And he said, well, it depends. We don't know. And then I, should I tell you what my infrastructure and my plan looks like in practice?

Well, I don't know. So I wrote my own corporate binding rules, which didn't exist yet. And later on that was at least 10 years later, they were launched as a concept. And then my then boss tried to get his bonus over my extra work and, but the data people or the, the private and then no answer, just legal ifs and butts After that ni nice story of yaba, all the others had time to make up their minds to come up with their final recommendation of how to deal with the chief identity officer.

And we have two and a half minutes left, which gives 30 seconds for everyone to come up with the recommendation. And Ian is the one to start here because he already said shit.

So Ian, you start, I think I've convinced myself no, that there shouldn't be a chief identity officer or an office identity officer in the C level. However, what this points to me is saying as executive identity practitioners, the skill we have to work on is influence selling. Full stop. Okay. Denny?

Yeah, I I flip back. I'm sorry. I I think I, I'm going back to, I think they should own the, the feature, the function, the capabilities. They can own budget, but they don't own the rights to the data in my opinion.

That, that there are other people that are responsible for it. And yeah. Influencing that you guys described, I, I don't think we can, we can force that down from that level.

So I'm, I'm gonna say no. Okay. So I'm still no, so no from the beginning, although I will say I love the idea potentially of a office of identity that reports into the ceo because those people, although they don't have formal authority, they have incredible informal authority to influence and get people to do what they want them to do in order to do the right thing for the overall business. Okay. Alan?

Yeah, what they said, I think we've got, we've got to an agreement point I think, I'm not exactly sure if they all said the same thing. Okay. Maybe temporarily just to, to get things right, to get moving forward in these organizations, but it should be some executive level, not necessary C-suite, but it touches every user, every process, and every system.

So it, there's deserves a lot more attention than just operational IT views. Okay, great. So Show the hands. Should we have one?

Yes, I'll Raise your hand. Okay. Should we have none? Hold on. Those people who said yes, keep your hand up if you think you would want that job, Somebody else should have that interview. Great. Yeah.

So if, if you believe we have it and no one wants to become chief identity officers and we, we, we are here amongst identity people. So the arians maybe, let's see what happens next year if we do the same votes.

Yeah, maybe we are final there. So thank you very much for this panel.