Kantara Workshop at the Consumer Identity World 2017 APAC
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Kantara Workshop at the Consumer Identity World 2017 APAC
Kantara Workshop at the Consumer Identity World 2017 APAC
Pleased to work. Do welcome Eric Lee from Deloitte. Who's gonna carry on that. We're Katrina the left off before lunch in terms of the challenges of consumer identity and access management from, from the Deloitte viewpoint, particularly around the risks associated with that. What we're gonna do after, after Eric is finished speaking, and you'll ask any specific questions we're gonna then have Eric and Katrina on little mini panel. We can ask them questions to compare and contrast their views to the challenges of science, so to technicals tos.
So, so today I've got, share that happy to share on the challenges that we at CI perspective. So I mean, Deloitte, we do, obviously I belong to part of Deloitte specials, cybersecurity. I go little assessments of testing cybersecurity. I do architecting solution for access management system. So today I think what we're presentation shows, but I think before we into the challenges, I's good to kind of be kept this morning session, the difference between the legacy item and the CIM.
So traditionally I've been supporting item projects for the last 10 years, and this is what we are very used to generally managing internal success, looking at corporate resources and applications, the systems stays within the organizational parameter. If's a cultural populations, right? So it's generally staff perhaps extending to business partners who operate within the organization. And the focus is generally efficiencies, right? Straight through processing, cutting of pause, cutting down desk and stuff like that. So it's about integration enterprise security, corporate identity.
And if there's any threats that's exposed in this kind of systems is generating internal. But this days we looked at cm is a complete different paradigm, huge shift from what we looked at in terms of identity and access. So there is a merging of bias between external identities, identities. So organizations are looking at managing this whole set identities within the whole systems or software. The demographics is evolving, potentially talk a that, that we manage. And the focus is a lot on marketing quality program, user experience.
Some of those things that we heard about this this morning and what we're exposing and the clients that are planning for such is also looking at planning forward, exponential is no longer a control and by or control the population where the population of identities process address daily. So it's something that is really spontaneous and also looking at self-service to cut down interaction between this identity, with the out desk, essentially, most of the businesses this days on CI may not even have help to talk about.
And in terms of track landscape, it's so diverse most of the time it's external trends and the whole concept of disturbance starts scripting. So if you look at this whole two core concepts of IM cm kind of based the foundation of the kind of challenges that we face are very different and this so forward. So there, there are many challenges that we kind can think of and we encountered as we clients, but today are just take the next 20 minutes to talk about key years challenges, business prior scalability, cyber story of obviously.
And then the last part is about the regulations that we need to. So in, in, in the area of identity assurance, one of the things that's very evident in this day and age, we found that the process, the mechanism of authenticating a person or an identity is getting more and more challenging because the profile of the identity that we are managing in the systems is getting more and more complex.
It used to be just a very flat profile name, unique identifiers, such as identity, number, social, social security numbers, credentials, such as password system, but the whole fabric of the whole, the whole fabric of the identity profiles involved. Now we're talking about unstructured information such as June locations, browser attributes, device identifiers, even down to personal interest and preferences, which are then used then to us to do a risk assessment of profile.
And before we decide what to do with the transactions, right, and obviously authentication methods such as biometric authentication method, such as using behavior economic outcomes for future course. So this, this whole mechanism of identifying, doing identity assurance is very complex. And how there, I think, framework that kind defines cause principles of reading identity assurance to mitigate some, the risk that we see in this area. Right?
So maybe just to highlight three, very essential to CIM, one core principles that we here repeated many times is the word choice choice we need to give the consumers or the customers a choice on how they choose to authenticate themselves. So multiple data sources you can choose to use this channel or the channel, right. Two is to minimize the data collection right at the beginning of the channel. Not so much because we want the data, but because we want to reduce the friction so that the conversion can happen, right? So the key message, the key is capture.
You gotta capture eyeballs and then convert them that profile convert them customers now of the last part this morning, right? How to then facilitate consent process that allows data to capture it and share in a more responsible way and running follow of the regulations and the rest of the principles. I think we're not unfamiliar with it, especially things like technology standards. And so this are the key key corporate see, in the part, the other challenge that we see is business parties.
This has nothing to do with technology per say, this is about what the, we want to position the CIO platforms, right? So CIO begin to truly see this definition. We evolved from information officer to an integration officer, right? What integrate, not the systems. You're actually integrating business technology. You're integrating people, strategic S and CFOs and CFOs and bringing them together to realize the potential of what they can do. But within the realities of the capabilities of the technology that we have today, right? And within the, we look at one of the surveys that we done.
This is a script of business, it organizations, right at the top there's customer. If you walk out the chin, you mobile payments, all the supply chain to block chains and all right, and this is the of investments. Obviously a lot of investment goes into this. You realize that consumer IM systems actually is needed as the foundation piece in all. So as a CIO, as a CEO, perhaps you have then decide as you embark on cm, where you start, which are the services do you start?
And, and I think this is a challenge because the business units are really trying to, to, to, to, to, to bring cm into every part of the organization. And it is done in very manner is not gonna benefit organization. So we see that this is a key challenge trying to make sure there is a proper priority of how to roll up, to add to the problem, to add to the challenge. There is the complexity of the technology landscape, right? So not only service providers, you have technology companies, you have government C, you have organizations, right?
So CRM is no longer just a company, a kind of initiative. It has to think about standards. It has to think about how to perhaps even integrate with national identity concept so that there is exchange of attributes so that there is the power, and this are not easy position to, this is not soft by initiating R IP and just choosing the best technology, not there, right. But it's really having a vision of what you wanna achieve in business. And this is not choice. Then we move on to scalability, right? So this is a challenge that perhaps it's not a new challenge in Nike.
Most it, we think about how to scale over a period time, but the traditional, it has the benefit of time and planning, right? So they plan the business according to what they want to, it's kind of target the segment of customers based on their business strategy. And then they kind of scale their business and it, but it's digital. This chart shows the buy patterns of transactions through over here.
In fact, this chart shows type of cyber trends that we see across the right. So there's spike in every critical jump is probably close to April cyber Monday, Friday, and you look at spike, it is not marginal, right. It factors of a few hundred percent. How do you then have CIO platform that skills in this manner that kind of drops down, you know, 400% of next month and how do you, how do you so scalability is a very key part.
And so looking from traditional, I, to number this under mention goes from tens of thousands to hundreds of thousands, billions, and hundreds of billions, the scalability of platform, not only has performance horizontal way or vertical way, depending on the strategy, more often, not a very horizontal way and kind of skill and appropriate. And there is a prioritization or mission critical services versus services that are less. So this is the problem. And this a challenge that many of the systems are trying to, many of the clients are looking at how to scale responsibility.
Often we saw a strategy, a hybrid strategy of topic plot and on premise. So that allows them to kind stitch through their process. The next slide is cybersecurity. I think this one I stole the digital cyber security frontier in a sense is protected by knowing what, who, who we know the person is how well we, we think the person we know the person is, and all this are invaded actually. And in this cybersecurity world, there is a point balance between security and user experience, 10 years back, or maybe even five years back.
When we talk about the IM systems, our audience are almost in general it or infrastructure, right? This days we are selling CIM to bucketing people, quality program teams, folks who have no power in the sense in terms of cybersecurity, they do not understand cybersecurity nor they're responsible yet their responsibility to think through cyber and bringing on the regulations. For example, in this region, regulators will mandate two factor authentications mandate. Certain kinda a strength of ation factors kind of goes against what the marketing folks and business wants to do.
And often when we come together and design the system, we have strike good balance between security and, and I think this is one of the most challenging part of our work this point of time. And this yesterday, this yesterday, we were talking to a client, I talked about facial recognition and speed and accuracy of a facial recognition mechanism to protect the bank banking service. And obviously we have recommended one that is fairly accurate high, fairly certified kind standards, but is something that will go well with the business.
Cause of the user experience, amount of seconds took to recognize and things like that. And the one they liked is the one that doesn't make our security standards.
So, so there we're what would we do as consultants, right, right. The solution there, different levels and the security concepts, something. So the last part of the challenge that I think we see a lot is regulatory is complex. It's not just guidelines. It's not just in country, in this global and of a lot of GDP markets now and specific to GDPR. Very interestingly, one of the most important topic that we've been talking to clients about this is about this topic on consent, right? And GDPR is pretty prescriptive in some task of the consent guidelines, regulations, right?
It goes down to, for example, obtaining a child's consent, if you are actually collecting children's data and it goes down topic up a little bit about implicit consent or explicit consent.
And it's something that an operating model, it's not difficult to understand, appreciate the motivation, but when it comes to implementing it, when it comes down to operationalizing it, industry something very, very challenging, especially with the technology that we currently have right there, the market, how do you facilitate implicit or explicit consent in a way that doesn't compromises both agree and user experience, right. And businesses are recognizing the impact of right. Someone was just asking what was, what is the implication of GDP?
It is a presentation of your right small sum and no small closer to this region. So we are not EU. We are not right. We are multiple countries, countries. We have our own pertaining to. So this are again a challenge. And this is just so area. And we look at the number of just to protect data, right? You can forget about user experience, forget about technology, just going through. This is a huge challenge itself. So in the nutshell, I've gone through and shared a little bit on findings and challenges.
And in our view, I think against the backdrop of all the technology, API economy, marketing of IOT landscape software define everything really at core and Tru believe that central of all this, you do need a central digital, robust identity service. And right now service, the CIM part is the part that we see growing and the strongest momentum experience. And we are investing a lot in company in this area, right? And the whole conversation has shifted to cloud management, social identity integration, private cloud access applications.
And this is, this is very in mind, most of organizations talking about digital transformation, right? So we are working lot with the digital team and the transformation team pertaining to customer platforms. And all this requires a sudden robust framework, which currently we see the market. We have technologies, we have concepts, we have motivations to drive transformations, but there is a laptop cohesive framework to bring all this together.
And I think what we see in the market is still evolving and how to strike the balance between cloud strike the balance between user humans and bring together strong to it. Very, so this is my last slide. So happy to take some questions, any, any, any questions for Eric? Very interesting. You describe the C implementation that you guys were part of, which was really unique in certain aspects.
So, so like confidentiality. So can clients, I think that you part, one part we can think of is clients looking at how to allow the integration of social identities, Facebook, Instagram, Google, plus ID, how to allow consumers to use their social identity to, into their systems, perform of application. But at the same time, allow organization to map this relationship, to identify whether this other group, the same people using different identities to identify the relationships among the set.
So for example, like the airlines, different members of the family logging into a CIO platform, and the airline would want to point out the relationship of who is traveling. And when you travel together, what is the traveling that right?
So when, when, when, when, when that travels for distance, this business class, when travels for family, this is a family unit and this is their preferences, right? And this are, this are they're closed. And they are clue in the data that needs to be harvested in order to make relationship. This is very new to this because I'm cyber. So I'm not, not used to customer journey, not used to, you know, stuff like that. But when you got into the conversation often, you know, security, which ISED settled, right? This is encrypt. This is stronger dedication. What can you do with the.