Analyst Chat

Analyst Chat #95: Deconstructing the User Journey (EIC 2021 Special)

KuppingerCole's flagship event EIC 2021 took place very successfully in Munich and online in September. Of course, Matthias took the opportunity to sit down with his fellow analysts in person for some EIC Special Analyst Chat episodes. Building on the themes of his Opening Keynote, Martin Kuppinger explains the concepts behind "Deconstructing the User Journey".

Welcome to the Kuppinger called Analyst Chat. I'm your host. My name is Mathias Reinwarth. This is again a very special episode of the KuppingerCole Analyst Chat. We are here at the EIC conference in Munich. We are halfway through or two thirds through the event, and we want to catch up with some of the interesting topics that we learned here. My guest today is Martin Kuppinger. He is the principal analyst and one founder of KuppingerCole. Hi Martin. Good to see you.
Hi. Yes. Great to have an Analyst Chat sort of face to face in person virtually.
Yeah, that's that's really good. And we want to catch up with some of the topics that we learned are important for EIC today and for our audience in the future. We hope so. And we want to start with a topic that you called and that we call deconstructing the user journey. What do you understand by coining this term? Yeah,
I think this came up in my mind at least a couple of years ago. Honestly, it first came up at a workshop I did for a vendor in London, and there were a couple of people in and at some point, so it wasn't a discussion about how can you sort of solve certain challenges and then the discussion started. But if I use a Facebook login, then I lose control about that on that. And I learned there seems to be a misconception about which out of things you lose control of the bot, which are the things you don't lose control about what are the elements of the entire user journey, or if you are correct better use a churn is because we at least need to look at two of them. The one is the onboarding training and the other is the authentication journey. So the onboarding ideally happens.
Swamps. The authentication happens again and again and again. So these were the two types of journeys we need to look at. And when you look at these journeys, you learn that they consist of a quite significant number of elements. And if you understand the elements, you also see there's a lot of flexibility in changing, in modernizing, in enhancing what you do by adding other identity providers by supporting other authenticators. But you also learn where to put your focus on what is where you need to keep control about what is what you can give away. And I believe this becomes even more important when we see new seems emerging. And I think this is why we start about talk about this seem also today. So we have, on one hand, we have decentralized identities coming in or SSI sets the right identity, whichever term you want to use. We have seen the announcement of gain the global assured identify on network driven by more than 150 people, many banks, and both many technology providers involved for a really a network of delivering assured identities. And the question is, how does this all relate to the user journey and how can you make use of that? How can you benefit from from new opportunities? And that is why I think it's important to look at user charters and to understand these more in detailed, because then you understand how, where for bringing usings
Okay. So if I understand that correctly, we have to distinguish between the actual onboarding first onboarding process. So really understanding who somebody is me as Mathias, being a person. Then the second is the quality of this onboarding process. And that goes with the level of assurance that my identity comes with. And then on top of that, the, the authentication process sees, which could be more than one while connecting different types of authenticators with this already vetted well understood identity. Am I right? Yeah.
And then the authentication, which happens again on the gap. So, so at the end, it is when you look at such a journey, so you go to a website depending on, on whether it's more, more, e-commerce where it probably starts with you fill the shopping cart and then things kick off or is more, I register for something first. And then I can do certain things. So this already might vary, but it is about elements of that are for instance, who are you? So entering certain data, that data might be something you enter manually, which isn't really fun. And we do it way too frequent, but it might be also something which is consumed because you say, I already have an identity here. I have my de-centralized identity. And I shared that information with you and then it's trust sharing. So it's two different ways to deliver that information.
That might be more, it will be probably more if you rely on whatever LinkedIn account you also decide on was a lesser control in detail, then you have this a decent, less identity. You decide on sharing certain information instead of reentering the information, then you have this identity wetting or proofing process. That can be very simple because trust doesn't exist. So someone trusts, trusts you to put information is correct. It can be trust by checking some off the attributes, going to, to certain public data and saying, okay, it's under that address. Really a Martin Kuppinger. It could be that you have to go through a video or other type of identity identification, identity, wetting, identity, proofing scheme. So now really many different ways to do that, that they can, this is another step. And so we have really a number of steps. And for all of these steps, we might have different varieties and we might see new technologies emerging, which say, okay, there's a new way to do it. And iffy was created. And the way we set it up, technically this way in the, the, the small steps, the small individual steps, then we can make changes very easily. If we have trust one Melissa thing here, it's way harder to deal with that.
Absolutely. And I think that that is also a great, a great offer that the, the game network comes with saying, okay, there are institutions that have to do a strong onboarding process because they have to, in the, in the presentation that we had here at EIC, they said the banks have to do it because that's where the money is. And I think that is really of importance. They, they do this, they do it for themselves for their own business or a bank, make sure that they understand that this person is really their customer. It's well understood. And it's a digital identity related to all the business processes in the bank, but then they are open to share that with a kind of community with this gain network. And so this identity becomes much more important because it becomes reusable in many other contexts. And then the second step, once you are vetted in that, at that level of assurance at that level of quality, I'm still me being the owner of that identity is able to decide what to share with which relying party with which service provider that actually says, okay, I just need a certain amount of information that I want to share with, with, with this service.
So for example, my age, or at least the statement that I am of legal age for taking part in an election or buying alcohol, which is the standard example in that case, without them giving the information, how old I am, in fact, just that I'm at legal age and without sharing any other information. So this, this self sovereign, this, this, this ability to decide what to disclose is also something that is very important. And that makes onboarding, which is the, of yeah, new generating a new identity. It makes this process for that service provider
Easier. And, and, and that is where I think it is interesting from a business perspective from when we look at your onboarding, as it is about the drop off rates, it is about the rate of people who started onboarding. And don't, em, the process, this becomes easier if you can reuse an identity. And it, this is especially true when, when, when you need a higher level of assurance, because the higher, the level of assurance, the more complex and the more cumbersome and at the end, the registration is. So if we make this reusable, we have a benefit and decentralized identities are one approach, make it reusable. We see Otter things like gain, which also come up with this and you do it once you do it with trusted party. And it might also be that the bank say, okay, we have this onboarding to us based on a decentralized identity.
So these things might work hand in hand. They might work with for using Eid here. So you can done ride, you can combine many of these things, or you can say as a whatever, as a co course or essay, you could say, okay, I accept the gain. And I accept certain types of decentralized entities, maybe the ones which work well with them. Yeah. ID where we see also integration efforts like driven by the European union, which is pushing this combination of AI, does the decentralized identities. And so we haven't had really many options, but we need to understand how they, so at which part of this process, which concept fits in so that we know where to blaze and you approach a new technology and evolve our process because we constant saloon digital age, we need to, to provide a strong experience, very positive experience.
And that starts with this, to our customers, consumer citizens that starts with this onboarding journey. And that continues with the authentication journey, which must be secure and convenient. So it doesn't send the auto part. And on the other hand, you must understand which data is ours, which data comes in from someone else. How can we share data? How can we gather data from others? This is all part of this deconstructing single gain. For instance, I think it's an interesting approach to add another, a strong, reliable way of bringing people in of Catherine to data of simplifying the process, because people have undergone gun the process once and they trust, reuse it, it makes it more efficient and it will reduce, drop off rates while still having a stronger identity than with most Otter approaches you have. And this is the interesting thing I see where, where, where new technology has come in, but you only will, will benefit from it when you understand the bigger picture and how this complex, and it didn't end. It's really a multi-stage process of onboarding, which steps and elements it consists.
And the good thing is actually that there are not necessarily new technologies, new protocols are involved. It's just putting all these pieces together. We have these levels of assurance. We have onboarding processes. We have ideas. We have banking processes in place for many years. And combining this into a bigger framework into one organizational concept into this spider in the middle, which is the game network, which does not store any information. It just hints at where the actual information is available, making this work together at a global scale. And that is there. That is what they really want to achieve. I think that is really something that shows the benefit of what has happened in the recent years, by designing and defining and approving standards that are interoperable and work well with each other. And that's a side note. I really liked the idea that they are also looking into communities that are not necessarily on our mind.
When we think of banking. When we think of doing business, they are also looking at underbanked communities, which are mainly working with their, with their, with their mobile phones, which is their digital identity. It's, it's, it's a phone number. It's not a digital identity towards the bank, but in many communities, this is the central way of doing business of transferring money. Yeah. Of, of really making their digital life work and implementing that with the appropriate level of assurance. Also into the game network. I think this is really something that we did not have on our radar,
Many cases. And if you understand a level of assurance, you understand what you can do with read is authentication, does reoccurring a thing on there. It's super important. That would be a great scene for another talk clearly, too, to understand, I would say this dry angle between convenience and security and trust. So security is what VC as the provider, so to speak. Could we use this? What a user feels and trust is also what the user has in our security. So we need to make this work well, this is then the auto part, but if people come in with a strong, a reusable identity, there, they use frequently very feel they have control about. Then this might be something which orange fits quite well into this peak trend. This is what we need to do, because then we drive down to churn rates, the churn rates, because, oh, I forgotten my password again. So I go to the other vendor, which happens. So, so you say, okay, I'd like to do my purchase here by that small vendor and say, oh, what is my password? Then you say, okay, then I go to this big one. Again, this is which you kind of wide, if you do it right. So there are so many technologies and openness in the way you implemented an openness in the way you think about the options, getting broader, this is what you need to do for success in the digital age.
Right? And this is a quite great summary for, for this episode because it really shows the bigger picture, how things work well together while improving the digital experience, the DX for every user, and also the participants on the other side of the, of the equation. So the service providers, information, identity providers, it really makes things work better together. So thank you Martin, for sharing your thoughts here at EIC event continues, and maybe there are more insights to gain today and tomorrow. And for the time being, thank you for being my guest here. Thank you.

Video Links

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Evolving Identity and Access Management for the Digital Era

Join Identity & Access Management experts from KuppingerCole Analysts and Broadcom as they discuss how business IT is changing, and the implications for IAM. They will define modern IAM and explain why and how IAM needs to change to support modern app development, regulatory compliance,…

Analyst Chat

Analyst Chat #154: 2022 Wrapped Up - Major Trends in IAM and Cybersecurity

Another year gone already! It's time to take a look back at 2022. Martin Kuppinger and Matthias talk about what happened in the past year and identify top trends in IAM and Cybersecurity. They go beyond technology but also look at processes and business models. By this, they also…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00