Fall is Consumer Identity Season at KuppingerCole, just in time for holiday shopping. Last week we kicked off our 2018 tour in Seattle. The number of attendees and sponsors was well up over last year, indicating the significant increase in interest in the Consumer Identity and Access Management (CIAM) subject. CIAM is one of the fastest growing market segments under IAM, and with good reason. Companies that deploy CIAM solutions find that they can connect with their consumers better, delivering a more positive experience, and generating additional revenue. CIAM can also aid with regulatory compliance, such as those for privacy (GDPR, CCPA, etc.) and finance (AML, KYC, PSD2, etc.).
Some of the big topics last week were authentication methods for CIAM, particularly biometrics, GDPR and privacy regulations around the world, consumer preferences for identity, and blockchain identity.
CIAM requires thinking “outside-in” about authentication. The FIDO Alliance held a workshop on Wednesday. FIDO was a particularly relevant topic for CIW, as there were many discussions on the latest authentication methods and techniques. The turnout was excellent, and attendees heard from some of the leaders and active members of the organization. I believe that FIDO will play a key role in modernizing authentication technology, especially for consumer-facing applications. FIDO specifications have been maturing rapidly. Version 2.0, and the W3C WebAuthN and CTAP protocols are exactly what has been needed to speed adoption. Expect to see FIDO deployments increasing as the major browsers fully support the standard. We can also expect to see higher consumer satisfaction as FIDO rolls out widely, due to ease of use, and better security and privacy. For an overview of how FIDO works, see Alex Takakuwa’s presentation.
Mobile biometric solutions are enjoying popularity, many companies want to find out how to reduce friction for consumers in the authentication process. We considered risk-adaptive and continuous authentication as means to right-size authentication to specific use cases, such as finance and health care.
I noted that the “C” in CIAM can also apply to “citizens” as well as customers and consumers. State and local government agencies are exploring Government-to-Citizen (G2C) identity paradigms, and in some cases CIAM solutions are a good fit.
Privacy is an ever-present concern for consumer-facing systems. GDPR is in effect in Europe, and companies around the world must now abide by it when processing personal data of European persons. Tim Maiorino gave an update on the state of GDPR. The subject of California’s upcoming privacy law arose in some panels. Will the California model be adopted across the US? Probably not at the federal level, at least not in the foreseeable future. However, other states are likely to enact similar privacy laws, leading to discrepancies and possible difficulties in complying with similar but different regulations. We learned from Marisa Rogers that there is a call for participation for an ISO group on privacy by design for consumer services.
There were several speakers and panels addressing consumer wants and preferences with regard to CIAM. We had a few sessions on blockchain and identity. Didier Collin de Causabon gave a good example of how blockchain may be able to aid with KYC. Sarah Squire, co-founder and vice-chair of IDPro, gave a great talk on role of identity professionals in business. Her keynote also contains a lot of practical advice on IAM/CIAM implementations and where we as an industry can go from here.
Our European CIW event will take place on October 29-31 in Amsterdam, followed by our Asia-Pacific CIW in Singapore on November 20-22.
We are already actively planning on CIW for 2019. Join us at the Motif Hotel in Seattle next September 25-27 for the next edition.
Thanks to all of our speakers and panelists for sharing their knowledge. Also thanks to our event sponsors Gigya – SAP Customer Data Cloud, WSO2, Radiant Logic, Nok Nok Labs, Trusted Key, iWelcome, Auth0 and Uniken.