GEICO the third-largest private passenger auto insurer, serving more that 12 million private passenger customers, have selected the Open Identity Stack from ForgeRock to help them take IAM to the next level. The ForgeRock Open Identity Stack is a 100 percent open source identity stack to secure applications and services across clouds, SaaS, mobile, and enterprise systems. GEICO intends to use the stack to support the building of an online customer portal while providing a secure and modern experience for their customers.

So what is the important thing to notice in this? Well firstly the message that we kept repeating the the EIC this year was about having to consider the extended enterprise when planning IAM. This is clear that when the number of users we need to support starts growing exponentially, as we no longer can take in to account our employees and business partners. We have an even bigger community we need to serve, namely the end-users and we need to keep them happy.

  • If the users don't have a good and performant user experience they will go to the competitor offering a better service - today that move is only a click away.
  • As said several times during EIC "If your customers don't feel secure, they will leave you" - in this day of daily hacking incidents this has never been more true.
One of the major issues relevant to IAM is that the numbers of secure authentication will increase exponentially to the increase in customers. This is due to the fact that users will access services anywhere and anytime. From home, at the office and on the go through smart phones and other mobile devices. Users also want the freedom to use social logins and organisations today need to be attentive to this demand. If we continue down the path of forcing users to create a new set of credentials for our services, a set of credentials that can only be used with our service then I believe that one of two things will happen
  1. Customers will chose a different place for their business because they are tried of managing several sets of credentials and more importantly customers are becoming increasingly intelligent about both the ease and security of having only one or a few sets of credentials.
  2. Customers default to the same password used for all their other services - this will lead to a higher degree of unsecure and weak password making your service an easy target for hackers to breach which will lead back to the first bullet point.
Obviously the combination of a vast increase in authentications per second and the implementation social logins on a large scale puts even more requirements on the backend systems that are used to facilitate this. Using the Open Identity Stack can enable GEICO to establish secure access controls for mission-critical applications at scale across any population, whether they’re consumers or employees, as they deploy their online customer portal.
"Initially, we considered traditional, closed source enterprise IAM vendors to help us drive our vision forward, but it quickly became evident that they would not be able to offer a solution that would be able to integrate or scale as quickly as we needed," said Greg Kalinsky, senior vice president and chief information officer, GEICO. "We selected ForgeRock as our IAM technology partner because of their success in delivering the Open Identity Stack in an easy-to-deploy, highly scalable approach to enterprise, cloud and mobile environments. To us, ForgeRock understood what it meant to create a modern, best-in-class Web experience for our large and exceedingly diverse customer base."
The second thing to notice is the clear ambition that seems visible here, that is that IAM is no longer a small corner of IT Security, but is infact its own domain.
“With GEICO choosing ForgeRock, they further validate the fact that IAM is not just a tool for security, but also for business agility,” said Mike Ellis, CEO, ForgeRock. “Our unique approach to identity and access management provides GEICO with the flexibility and scalability necessary to tightly control their systems as they globally expand their reach to consumers and agents through their new online customer portal.”
IAM implemented in the right way it will be leading to improved security with increased business performance and agility all of this resulting in increased customer satisfaction. This is the way that IAM for the future, in the internet of things, has to be used in order to support the extended enterprise. We will follow the progress at GEICO closely to see the end result.