Analyst Chat

Analyst Chat #105: A Deeper Dive into GAIN

The announcement of the GAIN initiative for the secure distribution of verified and assured identity data has been made at EIC in September. While the core concepts of this initiative have been discussed in earlier episodes, Martin and Anni sit down with Matthias to do a deeper dive into further aspects of GAIN, including the use beyond customer-related IAM and the challenge of privacy in such a hyper-connected network for PII.

Welcome to the KuppingerCole Analyst Chat. I'm your host, My name is Matthias Reinwarth. I'm the lead advisor and senior analyst with KuppingerCole analysts. I have two guests today. First of all, I want to welcome Annie Bailey hailing from Salzburg. Hi Annie.
Hello. Thanks for having me back.
And we are joined by Martin Kuppinger. He is one of the founders and the principle analysts of KuppingerCole Analysts. Hi Martin. Good to see you.
Hi Annie. Hi Matthias.
Great to have you. And we want to continue our discussion that we started earlier at EIC and the initial episode that we talked about, that we want to have a deeper dive into the global assured identity network, which is abbreviate with GAIN. This isn't an initiative, a structure that aims at exchanging highly trustworthy identity information that is then used for additional purposes. So it's really a global network. A short identity is all in the name. And your organization's mainly focusing currently on banks are, are called to action to inter operate, to provide these identities directly to relying projects. This is the, the core idea, really nothing really new, but it seems to be as if it could be happening this time. Any, do you want to add to that as well?
Yeah, so it's a, it's an interesting proposal then, and it's finding itself somewhere in between a centralized approach and a decentralized approach to providing this verified identity. So it's at times, or could be considered centralized approach because it is being set out by an organization which does have some level of, of oversight and control over the processes. It's not completely decentralized where there's, there's no ability for one party to go in and implement any, any sort of measures or control you're guiding. But on the other hand, yeah,
I think what I like is this idea of combining the strengths of both. So, so you can reuse your identity, ideally everywhere. This is defined level of assurance, but you have to party that helps you in sort of, or you can use the identity you already have set up is a, is a party in a strong KYC. So know your customer based compliance process. And I think this isn't, this is an interesting, interesting, so making strong, well verified identities work beyond the silos of the banks or telcos or whoever has set up that entity.
Exactly. And it adds a level of trust. I read somewhere around the topic of game that Kim Cameron one set that the internet is missing this trust layer, and they are now aiming with game two to add this level of trust. And it could be decentralized identity. So self issues or issued, or identities issued by a commercial company, but it could also be identity is provided by a, a, a governmental organization it's spelled. So we add trust. So what's, what's the value of adding this trust when it comes to business, when it comes to global business? Annie.
Yeah, there's a huge value in, in increasing the assurance level of both the identity and the authentication processes that most of the time customers are going through, but we could envision this also for the workforce as well for employees, suppliers, partners, things like that. And so being able to boost that assurance level of incoming information about your customer helps, you know, that fraud isn't occurring, that this is somebody who is trustworthy and it also then saves time and resources in not needing to verify that information because it's already coming in with a high level of assurance because somebody else maybe here in this scenario, financial institutions have already done that. So you can inherit that trust and really know your customer bringing in that KYC principal.
And even while it's only included as a trust level for a trust layer four for you and identities. I think it's a very important one because, because for now we still have to onboard bank amp and C and teleco, and at that e-commerce site, et cetera. So we do it very frequently and it's in some ways it's repetitive, it's annoying. It's when you go outside of the regular space, it's usually also not very, very strong and very secure. So there's a to get in having, having something like that. And the interesting thing is that it doesn't really stand in conflict with other approaches. So it, it is just extending what you do internally, but it also is something which is about reusable identities, about having something you can reuse. It even can work with decentralized identity approaches because that identity a bank creates could also be a decentralized identity, sits in a wallet and even down, we also have a standards approach off the gain network, theoretically there's, there's some, some probably in the future practically there are some, some ability to mix these things. So I think we are a relatively looking at relatively interesting evolution here, giving trust more choice and more flexibility and more options to the business
Writing. And you just mentioned that in half a sentence, you mentioned enterprise use cases. We usually, when you talk about all about gain, we talking about enabling e-commerce enabling trust, enabling high profile, highly critical transactions. Is this something, and we as KuppingerCole, we are doing, I am for a very long time. Do you, do you Martin see this, this also providing benefits to enterprise use cases to onboarding employees, employing partners, employing external stuff, freelancers, could that be a use case there as well?
Yeah, so, so I think for partners, it's very obvious for Patras. It makes a lot of sense to have a verified identity of partners to simplify our onboarding process. But even if when you look at a global workforce, for instance, and gain has a global global focus, so it's approaches like gain or also decentralized identities. These approaches can help in simplifying and streamlining these processes. And at the end reducing process, length of bros it's cost,
Right? So if you look at it from it from a different angle, banks differ really drastically when it comes to the user experience that you have, and all of them have this issue and this challenge of, of providing trust and understanding their customers, as you've mentioned with KYC processes, but not every user experience is really good when game focuses on this banking identity, could that mean that this is also a drawback, could this backfire to the banks that are not providing this, this potentially a very nice and simple and streamlined user experience? Annie.
Yeah. That's something which we'll have to wait and see, you know, so we, we, as of yet, we're still working with a theoretical proposal and working towards a technical proof of concept. So it will be interesting to see how banks are then presenting this, how gain is, is presenting this as a user interface. But yeah, from personal experiences, some banks have a really great user experiences and some banks don't. And so if gain is kind of funneling all authentication processes through the bank, then there's going to be a huge variety in, in experiences that users have and may or may not associate with gain. It's going to be interesting to see also the branding, if, if gain is really going to be a, a known entity here, or if it's, you know, if, if all of the associations that user was, would have are directed towards their bank. So there's there's questions. Yeah. This is an open question.
Yeah. But I think there, there should be a tendency in banks also improving their, their charters. I think that's a, that's a tendency to anybody on server. You don't want to look at banks that the most banks are, are making progress sometimes faster, sometimes slower, but at the end, they are making brokers. And on the other hand, as I said, the big advantages you don't need. So you have a strong, reliable identity, and you don't need to go through multiple KYC processes. And we all know that KYC processes always are in some way, cumbersome, sometimes more, sometimes less, but then never, never really smooth. And so from that perspective, it's definitely see an advantage in this approach. And I, I definitely liked the idea behind it. I think at the end of time will tell which approach us. It will be probably multiple approaches are, are mostly used for which use cases, but, but I definitely have to hope that we can use a strong, proven identity across more places in, in a, not to distant future done. We can today, yesterday
I would fully agree. Yeah, absolutely. And they are, they have a strong timeline, so they are moving towards a test that a POC installation early next year. So, so if things really work out, if game gets to the traction and to the influence we all expected to have, then there would be a business imperative for banks to join because it will be then an enabler for business. On the other hand with the customer having probably some choice, they would maybe even change banks towards a bank that provides a better user experience when it comes to reusing it again and again,
You know, you know, what we've asked that underestimate is for a bank that is about the customer interface, the customer touch point. So, so if I use with my bank, they also the occasion for many, many use cases, the likeliness that I will stay with my bank will intendancy increase. So I think there's a clear benefit for banks and to be part of the network and to be really, really good in what they offer to me as a customer. So that I say, okay, I'm happy with this. And, and even, even when I might consider switching my bank, I might say, Hey, at the end, I liked it. Or I was an occasion. I better leave it. This is
Right. And as we want to look into aspects that have not yet been so thoroughly covered in, in, in, in the press and in podcasts and anything, we want to look, have a quick look at privacy. When I think of organizations that deal with customer data, they usually get these privacy requests, so that companies need to lay open where their information is used and for what, and even have the request to have it deleted in this decentralized world with game being the broker or the yeah, the, the, the information, the information, the organization that makes sure that everybody knows where the right information is stored and available, where can privacy then be fulfilled when the customer says, where do you keep my information? Where do you use it? Where does it travel? Something like privacy portal or something like that. And
Absolutely. So again, we don't know fully what this is going to look like. There's mentioned in a brief description of it and the initial white paper from gain, which is describing a privacy portal, which is a really interesting offering and an opportunity for end users to use. And, and what this is, is a centralized place where the user can see where they have shared their private information with which entity at which time for how long they are going to have access to that information. You know, what their, what their, the, the legal timeframe for that access is, if they should agree with that, they can recall it back. And, and this is something which we haven't really had an opportunity to have before, because this is then the centralized aspect of this as well, where there is a place centered around the user where they can see the full list and have control. But yeah, it brings up other questions and potentially positives for banks as well, because if then this privacy portal is then associated with, with the bank, because of course the user is going through their bank for onboarding, for authentication, for all of these interactions, with other service providers. If they have to go through the bank to have that privacy portal, then that's, yeah. One more way that that brand association becomes even stronger.
That would be an argument for, are we going for the de-centralized and that's to, to extend this talk too long, but going fully decentralized where, where the user has to control, so to speak around his wallet and the broader sense, but I think at least having a place where you can manage it as a, would be a huge step forward. So yeah, let's, let's look where gain is heading
Final. Absolutely. Absolutely. As a final word, I understand any that you just provided a leadership brief document for keeping our call analysts and that this is in the process of being published very soon. So the audience interested in learning more about that could have a look at KuppingerCole very soon. When will it be out?
Yeah. Next week or the week after? I believe.
Yeah. It's a nice explainer. So it's an introduction to gain and diving in a little deeper into some of these topics we've talked,
Right. And there's much more to talk about and we will continue that discussion. Thank you very much to Annie and Martin for joining me today for having a deeper look into gain, but there's even more deeper to go in future episodes. Thank you very much for joining me today.
Thank you.