Webinar Recording

Customer Identity Management (CIAM) - Building the Foundations for a Next-Level User Experience

Log in and watch the full video!

Consumer identity and access management solutions have emerged in the recent years to meet evolving business requirements. CIAM is bringing value to the organizations regarding higher numbers of successful registrations, customer profiling, authentication variety, identity analytics, and marketing insights. Companies and public-sector organizations with deployed CIAM solutions can provide better digital experiences for and gather more information about the consumers who are using their services. If you want to be a leader in the digitally transformed business world, you need to know your customer very well. The difficulty is not to embarrass the consumer with how much you know about him/her, and to leave him/her the option to withdraw consent. CIAM can be seen as a vital element of marketing automation and as such requires us to rethink the way interaction between business and individual takes place. More consumer driven, very agile and privacy-aware by design.

This webcast gives a preview of the topics that will be presented at KuppingerCole’s upcoming Consumer Identity World tour. The CIW tour begins in Seattle on September 12-13, will visit Paris on November 28-29, and Singapore on December 14 -15.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Hello, and welcome to our customer identity management webinar in advance of our consumer identity world tour. Today, I'm John Tolbert lead Analyst at Cooper and Cole. We also have Katrina Dow, founder, and CEO of Meco to talk about some of the issues around customer identity management.
So a little bit of history, Cooper or Cole was founded in 2004. We're an international organization of Analyst. We provide advice, product reviews, advisory information, and do all sorts of reports related to identity management and cyber security. One of our goals is to support our clients, whether they be corporate users, governments, system integrators, software vendors, with good information that helps them make strategic and tactical decisions regarding their it investments. And we're specialized in information security. I did any access management, access governance, risk management, and everything really around the digital transformation. Our three main business areas are, again, research. We do different kinds of research. We publish different kinds of papers around product reports, product comparisons, research into the latest areas of information technology. Our reports are always vendor neutral and up to date. And we feel like we are able to provide independent advice to our clients. We also have events like our flagship European identity conference and the series that we're introducing this year around consumer identity world. These are events where we bring together end users, end user organizations and software vendors and experts in various fields for good networking opportunities and an opportunity to learn about some of the very important topics today. And then our advisory work is pertaining to both end user organizations and software vendors, helping them make strategic decisions, technicals and preparing for digital.
So the conference series that we're kicking off this year, we're calling it our consumer identity world tour. We're starting in Seattle in September and hope you can join us there. We have a couple of other dates, Paris and Singapore later in the year, we also have next year in Germany, the next generation marketing executive summit, which will be all about marketing, marketing automation technologies and how even consumer identity can play a role in marketing functions. And then later in February, next year, we will have our second digital finance world, which is really focused on the industry, particularly EU and the C.
So as it was said, you don't have to mute yourself. This is muted, we're recording, and we will have questions and answers at the end. You can answer the questions in the control panel at any time, and we will address those at the end of the hour here. So I'll start off talking about the differences between identity management and consumer identity, what some of the key features market trends and business drivers are. And then I'll turn it over to Katrina. So a little bit of background, most of you are probably familiar with identity management and what has come to pass in the last 20 years or so with regard to traditional identity, most organizations have deployed employee facing identity management systems. So they use protocols and, and authenticators such as curbs, smart cards or other kinds of hardware, tokens to gain access to their networks and resources.
Other networks. There are attributes that are collected about employees that are used for authorization decisions such as is this employee a member of this group, do they have a, a need to access financial data? And those are generally stored in L directories, sometimes SQL databases as well to enable single sign on. We've been using the very robust standard of SAML for the last 14 or 15 years. It enables one company or to authenticate users and then send an assertion that proves that user is authenticated to another domain. And one of the primary drivers for identity management within enterprises is access control. On the other side, we have consumer facing identity, which is quite a bit different. Many of the concepts are similar, but generally instead of things like Eros and smart cards, consumers are using things like username and password, social logins, mobile authenticators, generally a little bit less strong assurance comparatively.
And those attributes are used for things like being able to get better marketing information, to present targeted marketing campaigns and offer customers what they're looking for and also KYC or know your customer. There are many regulations around the world that require, know your customers information, to understand what they may be doing, particularly in finance with things like anti-money laundering laws. The information that we collect about consumers can be stored in LDAP or SQL databases, but increasingly we see the consumer focused identity management solutions also using Mongo database and other big data applications. And in order to achieve single sign on, it's less common to find SAML in these situations. And it's more common to find things like OAuth or open ID, open ID connect for single sign on, and a very important and emerging driver for using consumer identity is around privacy. And we'll dive into that quite a bit more in the slides ahead.
So again, looking at enterprise I, and it was all about, you know, taking care of the employees who were on the inside. Customers were always on the outside and given some of the constraints around interfaces and what your LDAP directory might be able to contain. It was often difficult to capture rich profile data. We also have salespeople who were manually entering data into CRM systems that may not actually reflect what customers want. And the types of authentication that have been offered have been a bit less flexible. Like we were saying, they can often be designed for either just simple username or password or strong authentication mechanisms that don't always make sense in every business environment, say for instance, retail or media, the misled to marketing processes that were more inefficient than they needed to be, being able to get the information as a combination from CRM and what may have been contained within L D enterprise.
I am also scales well to, you know, thousands to maybe a few hundred thousand employees and the types of transactions are often different. So when companies are looking to deploy an identity management solution that needs to scale to millions or billions enterprise IM is not always up to the task for the, on the other side may have consumer I am, and it has a totally different approach. It begins with the self-registration users go to a site that's often seamlessly branded with their own logos. Even though if they're using a, a consumer identity management solution, it allows them to choose their favorite social log on as a way to get started, rather than collecting all that information up about the user most go through what they call progressive profiling, which allows the user to slowly answer questions over time, or to build a profile based on their activity, their purchases, their likes, this leads to a much better 360 degree view of the consumer and, and the consent these systems, as we'll see in more detail later, allow consumers to authorize the use of their information for very specific purposes.
In this way, we see consumer identity playing directly into the customer relationship management, which gives also a better take on marketing, being able to target specific users for the things, for which they've shown an interest and also consented to use their information. Another important feature is most of these consumer identity solutions are omnichannel, meaning they give you the same experience, whether it's on a computer, a mobile device, a set top box. And again, scaling is very important. Many of the solutions are cloud based or can be run inside infrastructure as a service. And therefore it's a little bit easier for them to scale to the millions and billions of consumers that their companies may be working with.
Some of the key features we find again, are the self-registration social network use of open IDs, some solutions use bulk provisioning. And if they do, it's usually an L D an L D or the use of a skim interface to rapidly get lots of users into a new system. We also, like I said, see a username and password is a common authenticator, but we increasingly are seeing interest in social logins using Facebook, Twitter, LinkedIn, Google, those kinds of identity providers to get into sites as well as mobile applications that some are, are native for iOS and Android. And then also coming into the four are mobile biometrics, the use of things like fingerprint, facial recognition, voice recognition. These seem to be much easier to use in many cases, and it doesn't involve the use of passwords. So most customers tend to prefer that. And on the customer experience side, these solutions allow white labeling or, you know, integrated directly into the brand so that, you know, has a, a nice, consistent experience. If a company has multiple web properties, then single sign on is enabled and then consent management as well on the security and privacy side, since many of the consumer systems are involved with eCommerce retail, finance fraud detection is very important. Many solutions provide user behavior profiling, you know, to get a baseline for what the user normally does. And you can compare current and future transactions against that as well as there are many services, third party services that do fraud and threat intelligence gathering, which then can be factored into authentication and authorization decisions.
Privacy management is growing in importance, particularly in the EU or for companies who do business in the EU with the general data protection regulation. This is driving a need for very fine grain consent mechanisms. And then also having the ability to export or edit and even delete customer profile data when they request it and thinking about security within the consumer identity management solution is pretty important. Also there's various administrative models. What does it require for an administrative login and management system? The systems should be integrated with security intelligence, security incident and event management systems. And then also provide that strong authentication and authorization for customers where needed on the marketing side. There are a couple of key areas here, identity analytics. And by that we're defining it as looking at actual login events, locations, where the logins happen, password reset requests and edits to the profile on the marketing analytics side that can get very, very granular and detailed about the types of data that are collected and the types of reports that may be built into some of the solutions.
And as you can see, there's a lot of different information that could be made available. It could be related to age, gender income, their social media activities, likes purchases, and many of the solutions provide direct access and provide canned reports into aggregated data there. And if not, most of them do offer APIs or some sort of out of the box integration with third party marketing solutions or sometimes big data solutions as well. And on the automation side, being able to transform that marketing data and work directly with some of the leading marketing automation packages. Again, there's API and often out of the box integration with many of the marketing automation solutions out there today.
Again, increasingly important with the rise of IOT, particularly consumer IOT devices, wearables smart home. It's important to find ways to link customers identity and allow them to at least synchronize passwords between devices and associate those devices with their consumer identity as well. Some of the cm solutions have the ability to at least associate the, the device information, perhaps in an LDAP or SQL database. This provides limited technical capabilities, a more robust way of doing it is the I ETF standard for oof two device flow, which allows users to more directly link their devices to their accounts and provides more control over the devices. And, and of course it could also be a, a one to many or many to many relationship between the consumers and the devices that they own.
We're seeing that, you know, customer attitudes towards consumer identity management solutions have been changing. Three quarters are really, really tired of having to deal with passwords more than half will abandon a registration. If it requires using a username and password or creating a new username and password just to sign up two thirds are very interested in biometrics. Again, probably to not have to deal with yet. Another password almost half are using social logins today and practically everyone has data privacy concerns, and it would be hard not to considering the, the daily headlines about breaches. We see the CIN market as the fastest growing segment in identity management. Overall, we have been watching both specialized CIN vendors who have been growing tremendously over the last few years, as well as traditional IIN vendors who also see the growth opportunities in the consumer facing side and are now beginning to move in that direction. And really every aspect of digital transformation demands more robust consumer identity and access management capabilities.
Even though this market's probably less than a decade old altogether, we're starting to see a lot of divergence in the market. And by that we mean there are segments of the market that are being driven by different industries, the needs within those industries regulations in particular use cases that have kind of bubbled to the top. And that really drives the features that we see within the products as well. The vendors that are focused and media generally have less of a need for, let's say strong authentication, maybe a little bit less in terms of audit that's necessary, but for companies that are doing business in the financial sector, particularly there really is a need for things like strong authentication user behavioral analytics. And we see that the companies that are are targeting those markets generally build the features to satisfy the use cases within those subunits of the market. And GDPR is gonna become a real market driver for consumer identity, with the need to opt in by default and opt, not opt out. We need to be able to show that users have consented and you know, what the history of their consent is.
Consumer identity solutions have to provide notifications when terms and conditions change and get users to re-sent provide that clear and unambiguous consent. And then again, these systems have to be able to export customer data so that the customer can take it with them or delete it if I asked. So before I turn it over to Katrina, we'll just look at the key takeaways here. Customer focused identity can really help turn your anonymous users into known customers. There's definite marketing advantages, as well as being able to help comply with regulations such as GDPR. And we'll give you a real quick look here for our first stop on Seattle for their consumer identity world tour. You can see we're developing a series of panels. We'll have quite a few keynotes that all pertain to various aspects of consumer identity, how it can be used for marketing and then meeting the regulatory challenges that are out there as well and different regions around the globe have different regulatory challenges. And it will be very interesting to talk with all the participants about how consumer identity is working for them. So with that, I would like to pass it over to Katrina. And
Thank you, John. Hi everybody. I'm joining you today from Berlin and it's a very beautiful hot summer evening, which is very nice. What I would like to do in the next 15 to 20 minutes is actually give you some practical examples and some insights as to some of the things that we are seeing shaping out of the customer identity and access management marketplace. But also some of the challenges that we see that are really front in mind for organizations as they navigate towards some of these changing regulations, or indeed start to think about identity platforms for digital transformation projects and where we're seeing convergence and divergence. So what I would like to do also is give you some practical examples of what we are seeing, where customers actually want to become known customers and pick up on some of John's points around progressive processing and onboarding obviously consent and where, what some of the trends that we're starting to see in terms of customers actually pulling content towards them rather than feeling as if they are, are being marketed to, without something being personalized.
So the balance between those two things very quickly, an introduction, myself and Miko I'm the founder and CEO and Miko is a personal data platform. Dual sided. We see that there is enormous value by enabling individuals to share their data attributes and identity with the people and organizations they trust. And we also see that there is an ever growing need for organizations, governments, schools, hospitals, to get closer to the people they serve and create more personalized services. And we do that in a number of ways. We provision for individuals, the API of me that allows them to bring their data identity and attributes to consumer product and service. And for organizations, we enable the provision of an attribute wallet with identity management that allows the customer to build up attributes over time. And with consent, share those
Katrina. I'm sorry to interrupt you, but we still cannot see your screen.
Oh, sorry. So while, while we're trying to, to get the slides up, obviously the big driver at the moment is regulation. It's driving this shift. And as we see with all new changes, there are opportunities, but we also see that we're facing a lot of challenges and whether or not, and I'm not sure what the representation is of the audience today in terms of whether you are Europe based ocean or the United States. But one of the, one of the things that we're finding with talking to partners around the world is just getting their heads around the different jurisdictions and how they may actually have to be able to implement or comply on a jurisdictional basis and whether or not that's because of GDPR in Europe, because there are European customers or the changing EPRI or the payment services directly directive across the banking and finance market, or the open, open banking.
These are all driving multi, multinational or global organizations to sit back and say, do we have a jurisdictional strategy for the way we manage identity? The way we manage our customers, the way we personalize services, or do we start to look at best practice? And so what we are seeing is that there is a real opportunity to be able to do both of those things. What we also see in the United States by comparison to the changes in Europe is the, is that data is, and privacy is, is being hotly contested. At the moment. We know that there was the previous administration, some things put in place for customers to protect their privacy, particularly around web services. And we know those are being debated right now. And there may actually be a repeal on some of those privacy provisions that will put in place. So for organizations, what that creates is this data paradox.
And again, as John said, you know, there are issues in terms of fraud, there are issues in terms of privacy and the data paradox is how do you start to personalize customers, personalized services, and the way you deliver things to customers, if indeed you aren't able to collect the data or you aren't sure either from a fraud point of view or from a, a personalization point of view that you're dealing with the right customer. So the two, two trends that we see consistently emerging right now as this regulatory environment is getting very close for May, 2018 is two patterns and their best described as kind of silo thinking. We're seeing tens of millions of dollars being spent in and euros being spent either around privacy and compliance requirements, data mapping, and starting to prepare. And then in other parts of the business, we're looking at some of the things that, that we've been talking about in the first part around identity access management, personalizing services, digital transformation.
And what we are finding is that actually organizations are, are not necessarily talking to each other and treating these two requirements quite separately. And so what that is leading to is it is in our observation, a potential divide that once the regulation is in place and some of the compliance aspects have been embedded, there'll actually be significant constraints to marketing and touch points for customers. So what we see is going to make a huge difference. And one of the key takeaways from today is to start thinking about a portfolio approach. And that is how quickly can we start to bring a more holistic view of the different touch points to a customer. And, and that's obviously the identity management, it's marketing and marketing automation, it's the regulation and compliance around privacy and it's the digital transformation. And one of the ways that we see that that is possible is actually by bringing the customer directly into the value chain. Do we have the slides up yet?
We do, but you have to tell me when to switch. Okay.
All right. All right. Okay. So very quickly, if we, when, if, if we see if we are at the portfolio approach. Okay. And then with the pencils, have you got that
Fantastic. All right. If we jump to the next slide. So one of the things that we are seeing is important from this portfolio perspective is that there are networks that are starting to develop around customer identity management. What we are seeing is the opportunity for organizations to act as an anchor and then start to build out services for customers in an adjacent way. And they fall largely into three different groups, enterprise networks that are linking their customers across a portfolio of their own products and services, and starting to orchestrate better adjacent experiences. And that, that was, was something that John touched on in terms of being able to market more effectively across maybe a family of brands. Obviously the world gardens like apple, Google Tesla that will create enormous value within their respective service offerings, but customers tend to be locked into that silo. And so the portability of maybe identity and attributes may be unique to that silo.
And then what we're starting to see at open networks that are being driven horizontally by some of the changes around the regulation and providing opportunities for individuals to either get access to their data as customers or the portability of that data. If we jump to the next slide, what that's doing is having a big impact on value chains and how they're rapidly evolving to include people and things. But what we also see is that, that there are obviously issues associated with fraud and friction for customers. So jumping to the next two slides very quickly, one of the issues and challenges for organizations in terms of wanting to be able to rely on an identity and create that stickiness with the customer is that in 2015, 6.3 billion advertisers lost 6.3 billion was lost to advertisers in pay per click fees directly to bots. And what we are seeing harking back to the minority report, the idea that in the future with the rise of ad blocking, if we're gonna see ad blocking, we're soon gonna start to see I blocking.
So as customers become more empowered to make these decisions and decide what they're going to screen in and out, the importance of establishing that trust and transparency is what actually leads to starting to receive direct, informed consent from the customer. So we jump to the next slide. One of the challenges, particularly between what we're seeing between the United States and Europe is as Europe is with GDPR and some of these regulations starting to focus on the value of data and information being in the hands of customers and citizens. We know that there is a, a strong model towards monetizing personal information. And so back to that para privacy paradox on the next slide, how that, how that comes to bear in terms of designing an identity solution for customers is taking into account privacy, the data that's in silos, the onboarding frictions that customers have the diminishing trust in terms of the way that data is used, as well as the regulatory drivers that already exist in banking, financial services, telecommunications around know your customer or anti-money laundering.
And so one of the things that we see as possible if this trust and transparency can be established is that we're actually on a pathway to a new marketplace. And this is one of the things that we'll talk about in much more detail at, on in Seattle and Paris and Singapore later this year, and, and specifically give some very strong use cases and examples of how the above the line, real data accurate up to date, big data processing, and the ability to collect that information and use that information, which to a customer may feel quite creepy, can actually be transformed into quite a cool service by, by crossing. What we call is this trust barrier, where the context and the consent comes directly from the customer. Now, what that opens up is the ability to start personalizing services and actually have the custom customer self declare and be known.
So what's involved with unlocking this, as I said, we are starting to see from a regulatory point of view, the power shifting to individual customers, certainly within the European context, the right for a customer to be able to access their information. And why is that important? One of the things that we see with customer centricity is more and more customers actually wanna be involved in a product or service lifecycle. They, they may want a digital experience that is they may want a physical experience to shop or browse or experience a product or service, but then they may actually go online to procure that service. They may wanna understand more around the supply chain or the diversity of the, of the provider. They may wanna be interested. They may be interested in the working conditions of the manufacturing life cycle, or they may wanna be involved in the design of the product.
Certainly watch it as it's tracked, decide where it's going to be delivered and have some options in terms of the, the logistics. And so what we are seeing is that this is an opportunity to involve the customers in this progressive onboarding of attributes providing there is a direct value exchange. And where we see this heading is if we, if we jump to the next slide is the idea that actually the customer is becoming the platform. And if there is a strong customer identity access management capability in place where there is control security, the privacy management is there, and the trust is established. What we are seeing in very practical examples, a customers being willing to open up the left side of their life, the data attributes and information that they control, whether or not that's their smart devices, O T their wearables, their social data and information, and certainly their identity and attributes into the right side of a data marketplace, which is often requiring the same identity, the same information.
So when a customer is actually directly part of that value chain, some of that friction is immediately removed, but more importantly, there is an opportunity to not only personalize the service, but also to be able to work with the customer to move that identity and those attributes into an adjacent environment for more end to end concierge services. So think of what that might look like across travel insurance, banking health, and, and during the road show, we'll share some again, practical examples of where we've been able to show that starting in a particular industry sector, and then moving across into adjacent areas to create more concierge type services. One of the challenges though is how we in how we move to collecting data, to collecting either a token or an attribute or a verified or, or authenticated attribute, as opposed to all the data. So, one, one of the things that we focus on is what's the minimal viable collection that's required in a customer journey for maximum viable access.
So a really simple example of this is, do you need to collect a data birth, or do you just need to be satisfied that the customer is over an eligible age for a particular product and service? Do you need to hold an address for a delivery, or do you need to just make sure that that's collected until that outcome has been achieved? And why is this important? Is that we are seeing higher engagement where customers see that the information is used in the moment specifically for the outcome that they've agreed to. And that then that, that information is only held. If there is a reason to reuse that, or indeed they're able to customize it. If, for instance, the next time they order something, the delivery environment is different. One of the things that we are seeing the whole Siam space is enabling in terms of this next layer of personalization is for services to be much more customer centric, the compliance aspect to be actually not just context driven, but consent based.
And so the consent is contextual to the service that's being provisioned. And what that starts to do is if we jump to, and, and many of you'll be familiar with this, with this diagram, that's featured or versions of this, it's featured in the Ko Cole C IAM reports is by putting the customer in the middle of the value chain. Then what we can start to build out around the customer is obviously better identity and access management. We can start to look directly at including the governance, the policy, and the, the, the privacy management and, and regulation requirements directly. We can start to look at how that maps to marketing automation, and more importantly, how this connects to digital transformation. So just in closing, how does this actually, how are we starting to see that this participation is transforming business models? So, as I mentioned earlier, during the road show, we'll, we'll actually show some specific examples across different industry sectors.
But what I wanted to share with you today was just, just one example, that is a collaboration between bank telco and identity provider, and then Meco enabling the customer to bring their data attributes and identity. So a typical use case may start off at, in this case, this is a bank branded site. The, the call to action may be on a website. It may come through social media. And this particular use case was tested in a number parts of the world in Australasia and in Europe. And obviously it, the, some of the things around onboarding are, are more permissible in some areas, depending on whether or not you need to physically cite the customer or documents, or whether that's possible in a, in, from a digital point of view. But the hypothesis here between the bank and the telco in these jurisdictions was that for a, for a low risk debit account, digital only aimed at a millennial audience, that the customer could be onboarded very, very quickly with a call to action, specifically on how simple it could be to open the account.
And if we jump to the next slide, what I've done is I've picked some of the key kind of moments that where the friction is minimized and an example of how the customer is directly involved with not just the onboarding, but it allowing some of those attributes to pass between both organizations. So we start with a call to action, which is opening up this account. There there's a few attributes that are asked for along with consent to use a postpaid mobile connect SIM account, where the customer is authorizing their telco to share some of the data around their identity directly back to the bank. Then there is obviously a product disclosure script screen that is, that is served up with some specific consent to explain to the customer what is, what is involved with the onboarding. And once that consent screen has been agreed and the customer understands, then we show very, very quickly a digital representation of the account that has been opened.
There's also an opportunity to set a pin at this point, which obviously reduces the cost of the overall value chain for the issuing the card issuer, and then show to the customer, the data that's that that's actually been collected or shared through this onboarding experience, which in this case included the information that was first given to the bank, the, the digital identity that was shared by the telco, the data that was required in terms of name, address, some data that was associated with the mobile device, the new bank account. So each of those attributes are shown with the opportunity for the customer to simply swipe, to save those back into an attribute wallet for those attributes to be reused. And as I said, we've been working with government financial services and telecommunications over the last year, looking at specific pain points in customer personalization, to see where we can start to lower that friction, meet the compliance, but bring the customer into helping develop that, that value.
So what are the results? What we're seeing consistently is higher engagement. The paradox is when, when customers are aware of what data is being collected and how it's being used, and actually part of the consent mechanism, what we're seeing is engagement increases. And actually customers are willing to share more information which leads to greater personalization and obviously greater confidence in terms of trusting that I identity. So what we, what we are advocating in designing these solutions is to be thinking of either pain points in the digital transformation of your organization right now, or how you can break down silos or how being able to engage the customer by sharing information that they might request under GDPR directly for their own purposes, or to, to port that data somewhere else. What we are showing, what we're we're seeing evidence of is that by being on the front foot and actually engaging the customer and allowing them to collaborate on that data, it actually is creating deeper engagement, which leads me, which leads me to this next quote, in terms of what we're starting to see out of designing this way.
The opportunities for new business models, increased revenue, obviously reduced costs by being able to be rely on the quality of the data or the attributes and how they, how they're coming from the ecosystem. Obviously the management of risk and compliance, and more importantly, starting to deepen loyalty with customers. And, and what we see as we moved through this regulatory environment, we think the hallmark of Futureproof organizations will be the willingness to start sharing the data that's collected about its customers directly with customers for mutual value. So in closing three, if you aren't able to make it to the, to the series and, and I'm sure we'll be able to get the, the full slides to you to the, to post the webinar. And so, I'm sorry if we missed those at the top of the presentation, but the three things that I would encourage you to be thinking about right now is obviously starting out on this journey to be thinking about a portfolio approach.
If right, if you are focusing on the data governance, the regulation and the compliance right now, to be reaching across the aisle, to see what is happening around marketing around digital transformation, around pain points that exist in the business. Conversely, if you are a CMO or you are trying to understand what a new landscape is going to look like post some of these regulatory changes, or what are the opportunities in terms of identity management, then I think it's really critical to be working with the teams right now that are focused on, on compliance, and then last but not least really importantly, to start planning for this new end state I'm I'm reminded of all the effort that went into Y2K. I remember working on that in the 18 months or so leading up, and there was so much focus on this one moment of time.
And then it's sometimes hard to forget that once that once that deadline or that event is in place, the world goes on. And so what is it beyond May, 2018 for GDPR or beyond PSD two or E privacy or some of the changes that have been recommended in Australia through the productivity commissioners, recent report, as these things be, become the new normal, then what is the end state that these changes allow you to be thinking about and designed for? And then last slide we, we recently commissioned with contribution from KuppingerCole a paper called the rise of the attribute economy. I think there are nine or 10 different authors that, that started to look at exploring identity regulation, compliance, customer experience. There are some practical examples in there. We'd be more than happy to give you a link to that paper, as a means of starting the conversation towards this portfolio approach and starting to think about how customer identity and, and verified attributes and involving the customer directly can start to unlock new value and new business models. Thank you, John. I I'm happy if you, if we'd like to take some questions.
So yeah, one question and, and I've heard this before I work for a us based company. I keep hearing about GDPR. What does it mean to me? So I think I'll, I'll just start with that in. You can add in, so GDPR general data, privacy regulation, the new privacy regulation that takes effect, as we've alluded to next may really covers any company who may be doing business in the EU or may have data about EU citizens. And PII is defined by the GDPR, includes things as innocuous as email addresses. So if you have a, a retail site or, you know, just a site where you are collecting people's information for newsletters, if you've got the email address of an EU person, then you're technically subject to GDPR Katrina, would you like to add to
That? Yeah, definitely. So I was, I was presenting in the us a few months ago and it's very interesting because somebody in the audience put their hand up and said, look, really this whole European thing is a waste of time. Why are you talking about this? And I think there were, there was an Analyst from Forrester on the panel. There were some compliance, GDPR specialist lawyers, myself. And the question was, why are you wasting our time with this? You know, we're here in the us. This doesn't really apply. And the moderator asked whether or not the person was working for a multinational company or, or whether or not they indeed had customers in Europe. And the answer was yes. And they were very, very surprised to see that this was going to apply to them as a us company. And so I think there is, there's still a lot of education to take place between now and may particularly I think in, for senior marketing executives to be aware of the potential fines for American companies, 4% of global revenue, 20 million Euro, and indeed their responsibilities of offices of organizations, which leads back.
I think to this portfolio approach, what we are hearing a lot of large organizations say is, should we be trying to design for jurisdictions or from a digital and identity point of view, should we be looking at best practice that has the compliance built in? And then should we look about, should we look at whether or not that's applicable in all our markets, rather than trying to design specifically for one market now that might work for some organizations, there may be reasons why it doesn't work for others. And obviously it de it depends on the industry sector, but I, I think the key takeaway here is that there is there's a lot of education still to be had for countries and, and companies that are outside of the EU with respect to how they may need to comply.
Great. And one more here, can C I a M work for G two C I think that means government to citizen. You know, I think that's, I think that's a really good question, you know, in the us, it's probably not something that's gonna happen at the federal level, but I am aware of some state level initiatives that some of the cm solution providers are fulfilling those use cases for right now. Katrina, could you give a global perspective on that?
Yeah, absolutely. And in fact, it's a resounding yes. The interesting thing from government to citizen is that one of the big friction and cost points for government, and one of the, the challenges of breaking down their internal silos is some of those silos are there for protection. So a good example might be, it may be services associated with social services entitlements, and then, then you have taxation. Then you have a situation. This is a use case that we actually were involved with working on where you have a family that may be subject to something like domestic violence. You want to be able to help members of that family access entitlements and keep their identity as safe and secure as possible. But you may find that partner has access to records that would lead them back to maybe being able to identify where, where that family member is.
And so part of what I think is very important and possible with these solutions being well designed is that a persona can be created. The identity of strong identity can move across those silos with an authenticated identity, with the attributes that are relevant for the use case, but with at the same time, minimizing the ability for another family member that may not have either power of attorney or guardianship or rights, or there may be a domestic situation where their identity could be compromised. And so I think what we are starting to see is there are some very strong and important use cases where government is trying to remove costs by, by lowering those barriers. But at the same time, they need to make sure that they aren't mixing state or federal identities in a way that could compromise the citizen.
Excellent. Well, thank you Katrina. I don't have any more questions on the board right now, and we're almost at the top of the hour. So again, thanks Katrina. And thanks for everyone for joining today. I'd like to remind you, we are having the consumer identity world tour starting here in Seattle on September 12th and 13th. I'd like to invite you to come to that. We will get into these topics and many, many more around specific industries and other regulations and how these types of solutions are being used today. We'd like to present case studies. So if you need more information, feel free to contact us. Look it up on the website. And we look forward to speaking with you again soon. Thanks everyone.
Thanks everyone. Bye.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00