Webinar Recording
Does Increased Security Still Mean Added Complexity?
We’re all accessing more goods and services online than we ever thought possible, which has presented a huge opportunity for cyber criminals. Rapid digital transformation has left some businesses exposed, and fraudsters are looking to exploit new weaknesses. Strong digital identity verification and authentication is essential, but has traditionally come with increased complexity at the expense of a good user experience. But is this still true?
Log in and watch the full video!
Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.
I have an account
Log inRegister your account to start 30 days of free trial access
RegisterSubscribe to become a client
Choose a package
Hello and welcome to today's webinar. I'm happy to introduce today's topic. It is a classic question, but always relevant. Does increased security still mean added complexity? And we're going to be looking at this from the angle of verified identity and identity verification. My name is Annie Bailey. I'm an analyst with KuppingerCole. And with me today, we have Oliver Krebs. He is VP of EMEA region with Onfido and yes, before we get started, I have a few information points to give to you. And one of those is if you enjoy today's webinar, I warmly welcome you to our KClive event, as well as the EIC, our flagship event, European identity and cloud conference. So all of these, you could join from home or in the office or in the case of the EIC you could join us in person in Munich.
Regarding today's webinar: There's not much for you to worry about you'll have access to the slides, as well as the slide deck here. Those will be made available to you this afternoon or tomorrow. You're also muted. So you don't need to worry about controlling that function at all. And last, but most importantly, we do welcome your questions. So if you locate your go-to webinar panel, there should be a field to enter questions. So please do so at any time and actually the earlier the better, and I'll be able to receive those and all, and I will take care of those questions at the end. So don't forget. Please send those answers.
Now today, Oliver and I are going to have a conversation style webinars. So we do have a agenda in the sense that we should stay somewhat on track and not chase too many rabbit trails, but this gives you a brief picture of where we're going today. We're going to look at the state of things today and how the past year has impacted security and user experience. And then how identity verification plays a role here on the security side, as well as the complexity side. And then by the end, we should circle back to our foundational question is if there is still a trade-off. So with that, let's jump in. We do know that the past year has, has been more than thrilling, but that for many organizations, their digital transformation was really kicked into high gear because of the pandemic. So let's tease out some of these outcomes. Oliver, what is your perspective here on, on some of the outcomes of this past year?
I mean, first of all, thanks for having me and good to talk to you again. So I think just for me personally, if I see it this way, what was the outcome was really nearly everything is digital today, right? That we have seminars like this. Everyone is hopefully waiting to do this in person again. So every time something like this, of course, as set as it is still a loss during the last year or years, nearly we have to say already, there's always also some, some when we think about business today is the digitalization of the whole thing, got boosted many, many years ahead and reset. That means that a lot of times that's coming up, but also when there are chances for business, that means also fraud comes up big time, right? So interestingly, when you see what happened is with the amount of business moved into the digital world, also the fraudsters let's call it this way, became home office people as well.
So they, they used this time though instead of nine to five over the week, they now working 24 by seven, seven days a week. So that's something where I think in the end of the day, it's always, this race will be always the same. And again, I'm trying to keep this a little bit in the whole security identity space area, health cost as much more to say about it. But as you said, we don't want to set you up for the next six hours discussing about the interesting things about the outcome. I personally believe that this whole thing changed our world. It changed the way how we see digital, and there's no way back that's for sure there is no going back to the old world. And again, I'm quite sure everyone here in this call, he has this phrase is many, many times at the moment for many, many people in the moment.
But for me personally, that means for me as well, I'm thinking, okay, what do I do? Which accounts do I have? All this kind of stuff. If you look how many different accounts you opened up over the last 12 months, it is 10 times more than what you did the years before. And that's very interesting when it comes to this point and many things you just read monster, then you forget about it. Or the teachers say, so that's something where we need to take Mary Kay off that the digital world is not much different than our old world or the real world, if we need to take care of our data and also how we do things. And therefore, I think there's still a lot to do, but for the personal outcome really is this it's alive. It's now the first option or not make it very clear, not an option anymore, right?
Yeah. Yeah. And that really lines up with what we've been seeing in our latest research projects and what we're hearing from customers as well, that were the conversations we're bringing up is there's really a changed customer expectation or an end user expectation that, you know, over the last year, any process that they might've done in person for the most part, no longer existed. And there was an instant expectation that, okay, of course, if, if we can't manage this process in person, then it exists online. Right? And so it was, it came as more of a surprise that these processes were not already digital. And so the expectations are, have been very clearly laid out that there needs to be this digital digitization, as you say, Ollie, and you also mentioned fraud, which is interesting that over the past year we've been keeping track of what's been happening on the fraud front.
And there was a very clear spike in cyber attacks and specifically phishing attacks, or the last year I could throw some numbers at you just to show that this really was a change in status. So according to the world economic forum in just February to April of 2020. So just this short amount of time as COVID was making its presence known in Europe, there was a 238% increase in cyber attacks. And so this is a global view, but if then if we drill down European companies in the same timeframe, 12.5% of European companies experienced a cyber attack. And so it's, it's always tricky to draw causations here, but if we drill down a little further and we take a look at just the phishing attacks, it becomes quite interesting to see that there is a link between COVID and many of these independent actors using this unified theme, using anything related to COVID to, to fish their, their, their information and to get a catch.
And so this is what three threat researchers are saying is, is really new. And I'm present president and that fishers are using some sort of collective theme here to, to get their win. So to say, so that's, so there's some interesting takeaways from the last year, but this, this jump to digitization, but also the, the increased focus on individuals and capturing oftentimes their, their login to their account information. So this is, it's been a big year. We could say it that way, but let's bring it back to our topic. And so what impact does all of this have then on secure onboarding or secure authentication?
Yeah, I mean, we are speaking to many, many customers partners out there and also to, to regulate us in the moment because a jump like this needs, of course there's, as I said, there's always two sides by one is of course there's this amazing possibility to Lightspeed fast claims, getting things done, new processes, but always then this is, I mean, the main reason why we're having this conversation today is on the other hand, you want to make it secure or you have to make it secure, especially when it comes to, to the most important good we have, which is hopefully I want data nowadays, right? If you see, for example, in Germany, data protection is the last standing thing, which wasn't changed by the government to, to secure the COVID stuff. So that's a very important thing. And I think to have the balance right, to see, okay, what is, what, how much can I do the, take the opportunity to digitalize now, speed, fast, everything else to walk the security, you can see this very clearly.
And this is maybe especially where you see companies who were prepared for this could go much faster into this next gear of digitalization. Then do you see others? Whereas that now security products, which is fine, I'm still lacking a little bit of getting the speed up. And I think we're getting that now, for sure many companies out there were just hit by surprise that the stitches, they went like this, and we're seeing that many, many times right now where, where the customers trying to get the right balance, right? Do I close the door? Do I have your phone of that? And then keep the back door open though. There are many ways how you can see how this can happen. And to be really honest again, I, and you said it right, the frost does, the criminality is digitalized now as well. And boy, these guys are fast, right? So bay innovation, as we all know, are the two most the biggest innovation drivers in the world since man history or mankind history is this wall and criminality. So that's the problem. What we're seeing right now, this guys are like, can't go on the street to, to get our money when I need to go into the digital world. And that's, that's the moment what you're speaking.
Yeah. And onboarding and authentication these, these two pathways for the, for the end user, into these digital services, which they are expecting, you know, those two pathways ended up being great attack vectors. So it's, it's a, it's always been important to pay attention, to, to onboarding and authentication these, these pathways in, but we're seeing at least proof from the pandemic that it, this has attracted so much more attention than previously. So it is really has to be at the center of any security discussion. Let's jump in a little closer to, to our topic and get into identity verification itself. So what, what role do you see all of identity verification for increasing security?
I mean, the first thing is always trust. So when it comes to this point, when it comes to identity verification, you need to know, or we need to make sure and guarantee, which is a very strong word, to be honest, that the identity is safe and secure and five in the right way. That's number one, because if we want to do anything with our identity in our gut, moving forward, the onboarding and the checking of which one needs to be as good as possible, and maybe also as flawless as possible as way, which sometimes can be a very interesting. And the point here really is it is the first line of defense for both sides. It's for both for the company who wants to sell something to me or offer me services. And for me personally, that if that's a weak onboarding, maybe someone else can use my identity later on as well. So again, this always this race and the beauty here is again, when it comes to identity, I think the identity is, is the key to unlock our digital life. And they are new, completely new digital markets out there. And there's the race to win the new customers and the companies out there finding the best way to onboard and also verified the fastest flawless and secure way we'll win this race. And we definitely will see the outcome of this within the next two to three years. I'm quite sure.
Yeah. And I think that's a really interesting point that you brought out. And what I think is, is key here is that there has to be an ability to, to link this digital identity, whatever an end user is using to interact with their service provider, they should be able to, to connect this back to their real world identity. Cause if we, if we look at what this, what these fishers are going after, and one of their methods is of course, to go after login data and account data. And if we can start to separate accounts from very stealable information like username or password or basic identity data, which could be used for, for knowledge-based questions and the more we can connect that to something which cannot be stolen so easily, then we're removing that, that basic way of somebody to impersonate a, an actual user. So this, this connection, this verification aspect, I see us having some, some great potential to boost the security when it's done well, maybe to make sure that we have everybody with us, all it, can you walk us through what the identity verification process could look like?
Yeah. I mean the, the, the classical way to play up the verification process today is really that however you want to do it, you use an app, you use the web, however you want to do it, that you made sure that the person wants to verify is identified by a metrics. So we are asking, for example, here on feed, we asking for selfie, we asking for a little video as well, or you were, for example, also speaking out loud, if you digits a few words, whatever, that's number one. So business where we have the mind biometrics, where we can say, okay, we know this person, we know DNA is maybe too much, but the other point also is that to make sure what's behind the smile and we can save this. So that's number one. Number two thing is to use a official document, whatever that could be.
It could be that your personality is biased in Germany, your passport, and even your driving license. If you want to book a ride or something like this by you, whereas in going a little bit further and then to check a, the documents are correct, which is a very interesting field on its own. To be really honest with that. It's not as easy as it sounds on life. And then also make sure to predict this both. So you can say, okay, there's a living human connected to this document. So this is in the moment, the most secure way to identify a person towards the identity and the next steps for like, so, and then check on this long. And then the another interesting thing is even if I get to this photo, the next point can be to authenticate and also check. This is person validates to get to the next level here in my process or not.
Right. Because the idea is to say, yes, onboarding verification is the first step, the first line of defense. If I pass this one, then maybe two or three more doors to close or to open and to say, okay, I allowed to do whatever you want to do here. Are you the right person for this or not? So there are different ways on this whole journey. And then of course, coming back with the, with the clear message saying, yes, Oliver Krebs is the person standing in front of this camera of the mobile phone or in this case, the, the browser. And I would let him through, that's the, that's the general process with some nice, different, of course, famous behind it for different use cases as
Well. Yeah. Yeah. Interesting. So then let's jump to the next aspect of this. We've covered briefly the security aspect, how we can, we can increase the security there, but what about the complexity side? And to be honest, I have to step into my analyst shoes for a moment. And just frankly, ask, because to me adding in a, an identity verification step is indeed adding a step to a process, which doesn't always include identity verification, at least at that moment when an end user is onboarding. So we're adding an additional step and yet could that still reduce complexity? What do you say?
I beat it again. I would say of course, yes, but business because I have my own PTO hat on, but nevertheless in general I would say yes, fine is if I, if we do this right. So it is maybe in the first, in the onboarding one step more, but think about today, about insurances. Think about you, you have bank transactions. You want to, to let, to get through. This are things that I always need to have a tan. I need to pin. I need something else. Now thinking about everything I want to do, I can do with my face. Not always a smile because you know, we in Germany, we don't like smiles when it comes to verification. Nevertheless, that is the point is I can go rabbi ones and I can identify myself and towards businesses and services, I want to unlock. And we were just starting with this and we're just starting also the services you have out there.
But again, then the interesting thing comes when the identity is very thought, everything after that think about password reset. Think about, I lost my account. I lost my all. I need to reset my password and I don't have to credential it with me. I have a, I look at my app or I look in the eyes of the customer and say, okay, this is my face. Can you please unlock myself? And this is where this whole thing becomes interesting. And the ratio for how many steps we can can save for this is quite high. Even in the beginning, we are right now with, as I said, we are just at the beginning, how this whole digital experience can, will be changed over the next years. For sure. Even months, I would say.
Yeah, that's, that's interesting. And it, it, it makes me think of a, a personal pain point that I have with a lot of onboarding processes, which is simply filling out the registration form with all the information, you know, it's the same information for every account, basically, you know, your, your name, your contact information at a minimum, perhaps more, but it's, it's interesting to me to see how, despite adding an extra step that can also reduce the work or the pain point in another step. And so by going through an identity verification process where you do scan in an identity document, that, that process, while it's being verified and checked against any authoritative source, that can also auto-populate that registration form, which nobody likes to fill out anyway. So I think there are areas for synchronization here or, or alignment, which could help out the user experience.
I have a few more questions, kind of with the analyst hat on thinking back over the past year, there've been quite a lot of solutions coming out dependent on a smartphone. So, you know, getting a, a QR code to while you're in a restaurant, to make sure that there were no cases while you were in the vicinity, things like that portion of the population, one doesn't have smart phones or two has a smartphone, and isn't comfortable using all of the functionality. So Ali, from your standpoint, do you see identity verification, primarily relying on smartphones? Where can we create some independence there?
I think we need the small phone, the internet, or the web that, that that's for sure. I would be an interesting marketing arms to say it's different today. Nevertheless, I'm quite sure in the near future, you will see, think about the app faults, right? They have all the facilities, they have all the technologies they need to where even people who have a phone can still use kiosk systems or that the cameras out there, whatever to unlock the stuff or they're. So I'm quite sure what will happen is that it will see using different input, terminal different technologies to get to the information and also do the verification will be provided in many different shape of form. If you think about, we were working with, with one vendor at the moment, for example, where they want to unlock pass, and just because of the verification of the face.
So that's an interesting thing where the camera's in the car. Now, that's interesting to you, to the fact the camera is not allowed to switch on when you drive while driving. So, as I said, they're amazing possibilities, but you always have to keep in mind, what does that mean to the personal safe zone and data policies towards the personal individual? And so that's why I'm saying, I think that must, I'm quite sure many very intelligent people out there with just working as we speak right now on new functionalities, on new products, on new technology to make this happen. Right. And it is digital means you need to be somehow connected to the digital world. So there must be, there is always a little bit of a caveat when, when you want to use the digital world, you need to window to it. And this today it's the phone. Yeah. And then we take it from there, but I'm, I'm quite sure what we will see in the future, different ways, how to enter the digital world, let's say this way.
And that's a great point that you, that you bring up that even though it may be possible to expand past the smartphone, that there needs to be boundaries of privacy too, to make sure that, okay, this is used in the, in the car example, as you said, that this is only used while unlocking the car, but not at any other unauthorized point in that, in that use of the car, but really only for locking, unlocking or walking through the airport. Yeah. That it's a much more guided. Yeah. Then that, that brings me to the consideration of, of out of band and offline. Do you see these capabilities as more coming in the future? Or could we find, find this capability now in today,
This is part of play, especially this offline thing is always dumping. So as soon as we go offline, which means we can do something and then we, because digital meets online. So again, this is a, exactly this middleware in the Midwest. And when you do something offline, that means you can do something while no one is watching. And then you come up online and do something with it. So that's a huge, in my personal opinion, a huge security area we need to have to look for. Nevertheless, we need to find a way. So I, I personally think, yeah, there will be this one thing, but this will be a very small percentage of our people will go into shops, into standup things to pop up things where you can do this as a service, right? And then you can take it from there. But, but again, if, if we allow with this is for me the back to what I, what I said earlier, if I, I can have the best team of security guards in front of my front gate, if I keep the back door open, which means allowing things like offline stuff or sending pictures, instead of doing it live, all this kind of stuff, this is the backdoor people will use.
For sure. And these are normally not the people we want to have in our house with other, the ones we don't want to have enough homes. And this is, this is a little bit of a trade off. This is exactly what we're talking about, right? Yes. It won't be alive would be a dream to say, there's not fate off in the digital world because you need to be part of the digital world to make, make the most off.
And that leads perfectly into my next question actually, of, of reconsidering this trade off. And so if we, if we take for granted that going through an identity verification process remotely, if we take for granted that that process is secure, is it possible that we're also teaching end users to normalize that process of taking out a document with their private information and holding it up to a webcam or their smartphone whenever somebody asks and what, what should we do there to protect end users from that?
Yeah, the only, I mean, this is I, I had this conversation earlier this week with a good friend of my west had the best way of learning is finding out. Right? If you think about the hot Ayron, you will touch with one, one time in the lifetime, a kid or a person touching a hot iron. I did this myself. So, which is not good, especially when it comes to official documents, what you just said. So I think the way how we can do this is really to, to make the, the use of clothes and the user experience in a way where we try to get as much of the possible security breaches. And so on documented in the right ways to the end user can see this, or we say, okay, we find out, okay, the answers we getting, for example, interesting. So maybe this person is not really experienced enough to do this, right?
This is sometimes the case as well, where you tell, for example, you can stop the process and say, why don't you go to X? Y is that let him or her help you again, security wise, an interesting question, but nonetheless, and the next step as well is all this documents stuff we are having today will become digitalized in the future as well. So I think I personally believe as well is that this whole thing will be in a, in a, and then encapsulates a secure environment where you don't need this to put a document in a screen anymore on the camera, but for now exactly. That's I think the part where we all need to work together, what is the best way to secure it, make it flawless and make it a good user experience. And sometimes you have to, maybe you have to do two, three things, which are not that digital, right? If you're thinking about things, as soon as the printers involved automation is, has the breakup itself already.
Yeah. That's, that's really quite true. Maybe if we can shift gears just a bit and come over to the biometric side of all of this, we can maybe consider the, the need for accuracy across all different types of faces. So considering ethnicity, considering age, how, how is this handled?
It's I mean, the technology itself, they are very mature already today, right? So it's all about this. When you think about what you need to do is, and this is always the first thing I try to discuss with customers. It is that you need to look behind the skin, right? And that's the point doesn't matter. It does matter how the shape of the face is and all this kind of stuff. And that's something that biometric some biometric solutions out there can do this to pay the estate. I don't care if you are a woman, a man, a it's, you are black, white, green, yellow, you name it, right. I just see the structure of the face. And I built the, the, let's say the, the cortex of your face in a digital map. So no bias towards race, no bias towards gender and this kind of stuff.
And, and business beauty nowadays with the biometrics functionalities we have is that we don't care. We just care that you are the person or the human being you are saying you are, and this is, this will work anytime if I have to be at or not. If you see my passport, for example, I don't have a read on this one. I was scared when I, okay. So these are things which are done. They don't matter. It doesn't, it doesn't matter if I, if I changed things on my face or I have lipstick on a lot, it is purely looking behind the skin, underneath the skin and see what's really going on. And that's exactly when it comes also to voice, seeing the lips, turning thing, that you are, the, the things going in your face and the muscles stop working, all this kind of stuff.
This is something you can't fake or of cost. People will find a way to do this, but today it's very hard to do this. So that's race and the race meets every time, an uphill better. Again, the people who want to hear from us, if it is identity of it is something I saw. Yes, biometrics nowadays can help us to the box and getting things done. However, and that's one thing where for some, you know, for some Microsoft stopped doing this whole big project around face recognition, that was a big thing two, three years ago, because the idea was great to see, okay, if something goes on, if you see panic in the eyes or something like this, we want to make sure we can get the right rescue positive. And so on, on the other hand, you're not seeing in young about possibilities and security and private data that would mean we need to screen, and we need to video the whole time human individuals and of course, a one month. So it's always the case here. And with biometrics quite simple, they can help a lot and in the right way to identify and authenticate us as well.
Yeah. And then if we take that a, well, I guess first thing I should say, what came to mind is actually that being able to look past gender, ethnicity, and age, things like that towards the structure of faces, this is a huge point of accessibility for perhaps transgender people who otherwise in their identity. It may look as though they've just sprang into being in the middle of their life or at age 20 or at age 40, which really isn't the case. And so if there can be continuity, despite a difference in gender, you know what their first identity document to one which has been renewed later, that's a, that's a huge step. What, what I would love to ask is what, what is the risk of biometric data then becoming the next target of, of identity theft and what, how is that protected and how could that be addressed if biometric data is able to be stolen?
And this, this is again, something that I'm quite sure there's a huge risk, if not already ongoing that people want to go after biometric data, if that is the next key to unlock services and the big things. And, and again, so that means for us, we need to make sure that if someone wants to unlock something with his case, then it needs to be live. It needs to be in the moment. And we need to make sure that this is the real thing. And then that works, keep others the way to try to steal, because you can't deal with this. You can try to rebuild it. You can make 3d masks and they are awesome out there, right? So they didn't receive the mass. I'm seeing in the moment spectacular. Nevertheless, you can't, you can't just replicate this and saying, I'm taking a picture and do something.
So that's why I'm saying it is always important for half the human being involved in the process of unlocking and authenticate every time you again. And yes, that sometimes feels a little bit annoying, but to be honest, I'd rather be a little bit annoyed than using all my money or someone is stealing my identity or something like this. It's always this again, this trade-off of saying, okay, what do I really want? Is it okay to smile five times in my phone? I'm quite sure many people smiling much more on the phone just to see how good they look. So two to three times more and you can unlock your digital life.
Yeah, that's a, that's a good point there. And my last question here, while I've got you on the hot seat is pretty future-oriented. And so at the moment, we're looking at identity verification, having benefits for both the end user and, and a customer and anybody who is providing that service. And so it's, it's a benefit for the end user because it's protecting them from being impersonated. And it's also protecting the company because they're, it's reducing fraudulent attacks and, and, and authorized logins. And it also allows them to fulfill compliance requirements for know your customer, anti monitoring, money laundering. So these things are clear, but I wonder if you could envision in the future that same benefit being offered to the end user to verify that their company or the service provider that they're trying to access is indeed who they want to be interacting with. And isn't an impersonation. This was another result of the past year is that there were so many fraudulent domain names. If we take Netflix, for example, I think there was a 600% increase in the number of fraudulent domain domain names, which targeted Netflix in order to fool end users, just trying to log in. So could identity verification go the other way around for the end user to verify whoever they're interacting with?
I that's, that's the tricky question, I think. Yes, but I'm still with guys. So I do need to deduct 20% from what I'm saying, but I I'm seeing it. Yes. I think it must be this can't be a one way street. Why? Because of me as an end user, I want to be secure the other way around as well. I'm quite sure it will be hard to confirm that the employee I'm talking to at a let's call it a bitch German bank or something like this is the person he, or she says to me, well, what has to happen? Is that a secure key somewhere? Making sure if I open up a channel to my bank, that this channel is secure and whoever's on the other side will be verified by the company, the bank, the insurance or whatever. So it has to be on that side as well.
I'm, I'm fine. I feel very good. And the whole thing opening up the, the secure channels, all this kind of stuff. So men in the middle or men in the browser, it's going away more and more because we are getting the right technologies again, I'm fighting to on Mr. And Mrs. We'll find new ideas to get this done, but yeah, you're absolutely right. I think we need to find a way that both sides are secure and just can meet in a secure environment. If we get to this, I'm quite sure we have big steps forward towards the secure and flawless digital world to be really honest.
Well, it comes back to what you said earlier is that the, the next months and years are going to be really interesting and probably show a lot of change when it's coming to, to redesigning these digital processes. So yeah, we have a lot to look forward to, I think, but let's start to wrap this up and come back to our original question. So kind of at the end of this, this discussion, what can we take away here? You know, what, what is this trade-off and, and can we add security to these onboarding and authentication processes without adding too much complexity?
Yeah. I, I think the answer is twofold. I think yes. If you increase security, that normally means more complexity in general, the question is on which level does that hit the end customer, the end user? So the complexity will be there either way, but the point is, where can we consolidate this and how do we present the spec to the end user? So for me, example for me, I just grade, if I can, and again, a little bit of headway here. I do apologize, but if I can combine all security checks behind one verification, check from my side, with the biometrics and the document, for example, and the company who's asking me to do this, does all this security checks and the niece, this whole process. There's no complexity for me as an end user behind it. The point is where it becomes really interesting is when we always say, okay, or we need to add another door, we need another, another door and do this on the customer journey or the user drug.
It's not always the customers, also the user journey, right? And you, for example, need to lock in your computer every morning and you have to type in six different passwords and you need to re authenticate. Okay, I see you as the same problem with an eye that is complex. And I don't like this. If someone says to me, listen early in the morning, authenticate yourself for the day, for example, which smiling, independent, happy to do this, and then your group. And if you don't use your system for 20 minutes, you have to do this again. That's right. I would say, and that's the point? It is. Where do we add the, the, the complexity, because it is that this, no one can tell me that if I add more security texts or checking or whatever, this raises the complexity, for sure. But do I want this on the customer side and user side, or do I do this on my side?
And making sure that the layer in between is as flawless and as user experience friendly as possible. And I think that's, that's the next big, big game changer as to say, if you find the, the vendors, the vendors, or the solution bring us, or whatever, giving you that same, this is the platform, this is the, the user flow. And that competitor complexity will be underneath the hood. You don't need to think about that. I think it's okay. Otherwise in general, the onsite, yes. Increased security means at the complexity is the question is who has to deal with it.
Yeah. And an interesting point to take, as well, as of course, we want to reduce complexity in the sense that we, we want a simple and straightforward workflow, but in the sense of, of thinking about real individuals and their digital identities and, and, you know, a digital identity is not just a username, but this is, this is the real individual represented in a digital form. And so there should be complexity there. And so if we separate this word from, from the question here, do we want to direct and simple workflow, or do we, do we want individuals with complexity so that we can really be sure of who we're dealing with and deal with individuals with complexity also with respect with, with respect to the fact that they're not just a username floating around in cyberspace, but really a human being who does deserve to be protected. And so kind of in, in this aspect of, of bringing in identity verification, it's bringing in a level of humanity to our digital selves, which perhaps hasn't existed in, in as real, a way as before. So I would argue that complexity here is really not a bad thing when we're talking about the depth of the, of the human self, when we're talking about processes, yeah, please, please. No more complexity, but the, there is a case to be made for the complexity of the human self.
Absolutely. And you're absolutely right. And I also think, especially also, as I said, the user flow or the user experience, whatever, as a, as you want to unlock, sometimes you want to have two, three steps just feel okay, best time security going. Right. Absolutely. Right. And this is, this is where we have, I think, amazing experts out there who are building these flows, checking with customers on what do I need? So for example, my, my, my, my mother would need a different flow than I, and I'm telling you, my son once got a completely different flow than me. So basically we need to make sure that yes, we all want to be one great family. Nevertheless have differences in age, faith and everything. That's nothing we should, we should on others for the individual, as you said, but then make it as flawless as possible. So everyone can have this auto audit experience in the right way.
Yeah. Nicely summed up Ali. I'd love to, to call out to the audience and ask if any of you have a question to ask now, it'd be a great time to enter it in, in that question field, on the go-to webinar panel. And I can kill some time while you're typing those in kind of goes through some announcements again, that again, if you're interested in any of the topics coming up, I'd love to welcome you at the KC live event or at the EIC. So those could be interesting places for you to get some more information, or if you happen to be interested in gaining more expertise on a specific topic like identity, access management, or incident response management, we do offer some masterclasses in these. So that could be a great way to boost the resume if you're interested and what's new and fresh is our tools choice offering, which is a self service advisory.
And so what that means if you and your organization are interested in procuring a new tool, for example, something with soar or ITSMs, you can access these on-demand videos. And they've been made by our analysts and our advisers who then walk you through that process of getting to really know the market segment, those vendors in it, and the process of, of holding down a short list and, and building up POC and going through the RFI process. So if you're there, that could be a really interesting resource for you. We have a whole host of other advisory. So if something here on the list, tickles your fancy, feel free to get in touch as well as our research. And this is what consumes most of my time. I write quite a free reports, which are here, give insight on, on the market and on interesting topics like these. So knock yourself out. There's plenty to read. And with that, thank you so much for attending at the moment. There are no questions from the audience. So if there is one, send it in. Now this is your last chance, but otherwise, thank you so much to you all. It was a great conversation and for all of you who attended today, thank you. Bye.
Regarding today's webinar: There's not much for you to worry about you'll have access to the slides, as well as the slide deck here. Those will be made available to you this afternoon or tomorrow. You're also muted. So you don't need to worry about controlling that function at all. And last, but most importantly, we do welcome your questions. So if you locate your go-to webinar panel, there should be a field to enter questions. So please do so at any time and actually the earlier the better, and I'll be able to receive those and all, and I will take care of those questions at the end. So don't forget. Please send those answers.
Now today, Oliver and I are going to have a conversation style webinars. So we do have a agenda in the sense that we should stay somewhat on track and not chase too many rabbit trails, but this gives you a brief picture of where we're going today. We're going to look at the state of things today and how the past year has impacted security and user experience. And then how identity verification plays a role here on the security side, as well as the complexity side. And then by the end, we should circle back to our foundational question is if there is still a trade-off. So with that, let's jump in. We do know that the past year has, has been more than thrilling, but that for many organizations, their digital transformation was really kicked into high gear because of the pandemic. So let's tease out some of these outcomes. Oliver, what is your perspective here on, on some of the outcomes of this past year?
I mean, first of all, thanks for having me and good to talk to you again. So I think just for me personally, if I see it this way, what was the outcome was really nearly everything is digital today, right? That we have seminars like this. Everyone is hopefully waiting to do this in person again. So every time something like this, of course, as set as it is still a loss during the last year or years, nearly we have to say already, there's always also some, some
So they, they used this time though instead of nine to five over the week, they now working 24 by seven, seven days a week. So that's something where I think in the end of the day, it's always, this race will be always the same. And again, I'm trying to keep this a little bit in the whole security identity space area, health cost as much more to say about it. But as you said, we don't want to set you up for the next six hours discussing about the interesting things about the outcome. I personally believe that this whole thing changed our world. It changed the way how we see digital, and there's no way back that's for sure there is no going back to the old world. And again, I'm quite sure everyone here in this call, he has this phrase is many, many times at the moment for many, many people in the moment.
But for me personally, that means for me as well, I'm thinking, okay, what do I do? Which accounts do I have? All this kind of stuff. If you look how many different accounts you opened up over the last 12 months, it is 10 times more than what you did the years before. And that's very interesting when it comes to this point and many things you just read monster, then you forget about it. Or the teachers say, so that's something where we need to take Mary Kay off that the digital world is not much different than our old world or the real world, if we need to take care of our data and also how we do things. And therefore, I think there's still a lot to do, but for the personal outcome really is this it's alive. It's now the first option or not make it very clear, not an option anymore, right?
Yeah. Yeah. And that really lines up with what we've been seeing in our latest research projects and what we're hearing from customers as well, that were the conversations we're bringing up is there's really a changed customer expectation or an end user expectation that, you know, over the last year, any process that they might've done in person for the most part, no longer existed. And there was an instant expectation that, okay, of course, if, if we can't manage this process in person, then it exists online. Right? And so it was, it came as more of a surprise that these processes were not already digital. And so the expectations are, have been very clearly laid out that there needs to be this digital digitization, as you say, Ollie, and you also mentioned fraud, which is interesting that over the past year we've been keeping track of what's been happening on the fraud front.
And there was a very clear spike in cyber attacks and specifically phishing attacks, or the last year I could throw some numbers at you just to show that this really was a change in status. So according to the world economic forum in just February to April of 2020. So just this short amount of time as COVID was making its presence known in Europe, there was a 238% increase in cyber attacks. And so this is a global view, but if then if we drill down European companies in the same timeframe, 12.5% of European companies experienced a cyber attack. And so it's, it's always tricky to draw causations here, but if we drill down a little further and we take a look at just the phishing attacks, it becomes quite interesting to see that there is a link between COVID and many of these independent actors using this unified theme, using anything related to COVID to, to fish their, their, their information and to get a catch.
And so this is what three threat researchers are saying is, is really new. And I'm present president and that fishers are using some sort of collective theme here to, to get their win. So to say, so that's, so there's some interesting takeaways from the last year, but this, this jump to digitization, but also the, the increased focus on individuals and capturing oftentimes their, their login to their account information. So this is, it's been a big year. We could say it that way, but let's bring it back to our topic. And so what impact does all of this have then on secure onboarding or secure authentication?
Yeah, I mean, we are speaking to many, many customers partners out there and also to, to regulate us in the moment because a jump like this needs, of course there's, as I said, there's always two sides by one is of course there's this amazing possibility to Lightspeed fast claims, getting things done, new processes, but always then this is, I mean, the main reason why we're having this conversation today is on the other hand, you want to make it secure or you have to make it secure, especially when it comes to, to the most important good we have, which is hopefully I want data nowadays, right? If you see, for example, in Germany, data protection is the last standing thing, which wasn't changed by the government to, to secure the COVID stuff. So that's a very important thing. And I think to have the balance right, to see, okay, what is, what, how much can I do the, take the opportunity to digitalize now, speed, fast, everything else to walk the security, you can see this very clearly.
And this is maybe especially where you see companies who were prepared for this could go much faster into this next gear of digitalization. Then do you see others? Whereas that now security products, which is fine, I'm still lacking a little bit of getting the speed up. And I think we're getting that now, for sure many companies out there were just hit by surprise that the stitches, they went like this, and we're seeing that many, many times right now where, where the customers trying to get the right balance, right? Do I close the door? Do I have your phone of that? And then keep the back door open though. There are many ways how you can see how this can happen. And to be really honest again, I, and you said it right, the frost does, the criminality is digitalized now as well. And boy, these guys are fast, right? So bay innovation, as we all know, are the two most the biggest innovation drivers in the world since man history or mankind history is this wall and criminality. So that's the problem. What we're seeing right now, this guys are like, can't go on the street to, to get our money when I need to go into the digital world. And that's, that's the moment what you're speaking.
Yeah. And onboarding and authentication these, these two pathways for the, for the end user, into these digital services, which they are expecting, you know, those two pathways ended up being great attack vectors. So it's, it's a, it's always been important to pay attention, to, to onboarding and authentication these, these pathways in, but we're seeing at least proof from the pandemic that it, this has attracted so much more attention than previously. So it is really has to be at the center of any security discussion. Let's jump in a little closer to, to our topic and get into identity verification itself. So what, what role do you see all of identity verification for increasing security?
I mean, the first thing is always trust. So when it comes to this point, when it comes to identity verification, you need to know, or we need to make sure and guarantee, which is a very strong word, to be honest, that the identity is safe and secure and five in the right way. That's number one, because if we want to do anything with our identity in our gut, moving forward, the onboarding and the checking of which one needs to be as good as possible, and maybe also as flawless as possible as way, which sometimes can be a very interesting. And the point here really is it is the first line of defense for both sides. It's for both for the company who wants to sell something to me or offer me services. And for me personally, that if that's a weak onboarding, maybe someone else can use my identity later on as well. So again, this always this race and the beauty here is again, when it comes to identity, I think the identity is, is the key to unlock our digital life. And they are new, completely new digital markets out there. And there's the race to win the new customers and the companies out there finding the best way to onboard and also verified the fastest flawless and secure way we'll win this race. And we definitely will see the outcome of this within the next two to three years. I'm quite sure.
Yeah. And I think that's a really interesting point that you brought out. And what I think is, is key here is that there has to be an ability to, to link this digital identity, whatever an end user is using to interact with their service provider, they should be able to, to connect this back to their real world identity. Cause if we, if we look at what this, what these fishers are going after, and one of their methods is of course, to go after login data and account data. And if we can start to separate accounts from very stealable information like username or password or basic identity data, which could be used for, for knowledge-based questions and the more we can connect that to something which cannot be stolen so easily, then we're removing that, that basic way of somebody to impersonate a, an actual user. So this, this connection, this verification aspect, I see us having some, some great potential to boost the security when it's done well, maybe to make sure that we have everybody with us, all it, can you walk us through what the identity verification process could look like?
Yeah. I mean the, the, the classical way to play up the verification process today is really that however you want to do it, you use an app, you use the web, however you want to do it, that you made sure that the person wants to verify is identified by a metrics. So we are asking, for example, here on feed, we asking for selfie, we asking for a little video as well, or you were, for example, also speaking out loud, if you digits a few words, whatever, that's number one. So business where we have the mind biometrics, where we can say, okay, we know this person, we know DNA is maybe too much, but the other point also is that to make sure what's behind the smile and we can save this. So that's number one. Number two thing is to use a official document, whatever that could be.
It could be that your personality is biased in Germany, your passport, and even your driving license. If you want to book a ride or something like this by you, whereas in going a little bit further and then to check a, the documents are correct, which is a very interesting field on its own. To be really honest with that. It's not as easy as it sounds on life. And then also make sure to predict this both. So you can say, okay, there's a living human connected to this document. So this is in the moment, the most secure way to identify a person towards the identity and the next steps for like, so, and then check on this long. And then the another interesting thing is even if I get to this photo, the next point can be to authenticate and also check. This is person validates to get to the next level here in my process or not.
Right. Because the idea is to say, yes, onboarding verification is the first step, the first line of defense. If I pass this one, then maybe two or three more doors to close or to open and to say, okay, I allowed to do whatever you want to do here. Are you the right person for this or not? So there are different ways on this whole journey. And then of course, coming back with the, with the clear message saying, yes, Oliver Krebs is the person standing in front of this camera of the mobile phone or in this case, the, the browser. And I would let him through, that's the, that's the general process with some nice, different, of course, famous behind it for different use cases as
Well. Yeah. Yeah. Interesting. So then let's jump to the next aspect of this. We've covered briefly the security aspect, how we can, we can increase the security there, but what about the complexity side? And to be honest, I have to step into my analyst shoes for a moment. And just frankly, ask, because to me adding in a, an identity verification step is indeed adding a step to a process, which doesn't always include identity verification, at least at that moment when an end user is onboarding. So we're adding an additional step and yet could that still reduce complexity? What do you say?
I beat it again. I would say of course, yes, but business because I have my own PTO hat on, but nevertheless in general I would say yes, fine is if I, if we do this right. So it is maybe in the first, in the onboarding one step more, but think about today, about insurances. Think about you, you have bank transactions. You want to, to let, to get through. This are things that I always need to have a tan. I need to pin. I need something else. Now thinking about everything I want to do, I can do with my face. Not always a smile because you know, we in Germany, we don't like smiles when it comes to verification. Nevertheless, that is the point is I can go rabbi ones and I can identify myself and towards businesses and services, I want to unlock. And we were just starting with this and we're just starting also the services you have out there.
But again, then the interesting thing comes when the identity is very thought, everything after that think about password reset. Think about, I lost my account. I lost my all. I need to reset my password and I don't have to credential it with me. I have a, I look at my app or I look in the eyes of the customer and say, okay, this is my face. Can you please unlock myself? And this is where this whole thing becomes interesting. And the ratio for how many steps we can can save for this is quite high. Even in the beginning, we are right now with, as I said, we are just at the beginning, how this whole digital experience can, will be changed over the next years. For sure. Even months, I would say.
Yeah, that's, that's interesting. And it, it, it makes me think of a, a personal pain point that I have with a lot of onboarding processes, which is simply filling out the registration form with all the information, you know, it's the same information for every account, basically, you know, your, your name, your contact information at a minimum, perhaps more, but it's, it's interesting to me to see how, despite adding an extra step that can also reduce the work or the pain point in another step. And so by going through an identity verification process where you do scan in an identity document, that, that process, while it's being verified and checked against any authoritative source, that can also auto-populate that registration form, which nobody likes to fill out anyway. So I think there are areas for synchronization here or, or alignment, which could help out the user experience.
I have a few more questions, kind of with the analyst hat on thinking back over the past year, there've been quite a lot of solutions coming out dependent on a smartphone. So, you know, getting a, a QR code to while you're in a restaurant, to make sure that there were no cases while you were in the vicinity, things like that portion of the population, one doesn't have smart phones or two has a smartphone, and isn't comfortable using all of the functionality. So Ali, from your standpoint, do you see identity verification, primarily relying on smartphones? Where can we create some independence there?
I think we need the small phone, the internet, or the web that, that that's for sure. I would be an interesting marketing arms to say it's different today. Nevertheless, I'm quite sure in the near future, you will see, think about the app faults, right? They have all the facilities, they have all the technologies they need to where even people who have a phone can still use kiosk systems or that the cameras out there, whatever to unlock the stuff or they're. So I'm quite sure what will happen is that it will see using different input, terminal different technologies to get to the information and also do the verification will be provided in many different shape of form. If you think about, we were working with, with one vendor at the moment, for example, where they want to unlock pass, and just because of the verification of the face.
So that's an interesting thing where the camera's in the car. Now, that's interesting to you, to the fact the camera is not allowed to switch on when you drive while driving. So, as I said, they're amazing possibilities, but you always have to keep in mind, what does that mean to the personal safe zone and data policies towards the personal individual? And so that's why I'm saying, I think that must, I'm quite sure many very intelligent people out there with just working as we speak right now on new functionalities, on new products, on new technology to make this happen. Right. And it is digital means you need to be somehow connected to the digital world. So there must be, there is always a little bit of a caveat when, when you want to use the digital world, you need to window to it. And this today it's the phone. Yeah. And then we take it from there, but I'm, I'm quite sure what we will see in the future, different ways, how to enter the digital world, let's say this way.
And that's a great point that you, that you bring up that even though it may be possible to expand past the smartphone, that there needs to be boundaries of privacy too, to make sure that, okay, this is used in the, in the car example, as you said, that this is only used while unlocking the car, but not at any other unauthorized point in that, in that use of the car, but really only for locking, unlocking or walking through the airport. Yeah. That it's a much more guided. Yeah. Then that, that brings me to the consideration of, of out of band and offline. Do you see these capabilities as more coming in the future? Or could we find, find this capability now in today,
This is part of play, especially this offline thing is always dumping. So as soon as we go offline, which means we can do something and then we, because digital meets online. So again, this is a, exactly this middleware in the Midwest. And when you do something offline, that means you can do something while no one is watching. And then you come up online and do something with it. So that's a huge, in my personal opinion, a huge security area we need to have to look for. Nevertheless, we need to find a way. So I, I personally think, yeah, there will be this one thing, but this will be a very small percentage of our people will go into shops, into standup things to pop up things where you can do this as a service, right? And then you can take it from there. But, but again, if, if we allow with this is for me the back to what I, what I said earlier, if I, I can have the best team of security guards in front of my front gate, if I keep the back door open, which means allowing things like offline stuff or sending pictures, instead of doing it live, all this kind of stuff, this is the backdoor people will use.
For sure. And these are normally not the people we want to have in our house with other, the ones we don't want to have enough homes. And this is, this is a little bit of a trade off. This is exactly what we're talking about, right? Yes. It won't be alive would be a dream to say, there's not fate off in the digital world because you need to be part of the digital world to make, make the most off.
And that leads perfectly into my next question actually, of, of reconsidering this trade off. And so if we, if we take for granted that going through an identity verification process remotely, if we take for granted that that process is secure, is it possible that we're also teaching end users to normalize that process of taking out a document with their private information and holding it up to a webcam or their smartphone whenever somebody asks and what, what should we do there to protect end users from that?
Yeah, the only, I mean, this is I, I had this conversation earlier this week with a good friend of my west had the best way of learning is finding out. Right? If you think about the hot Ayron, you will touch with one, one time in the lifetime, a kid or a person touching a hot iron. I did this myself. So, which is not good, especially when it comes to official documents, what you just said. So I think the way how we can do this is really to, to make the, the use of clothes and the user experience in a way where we try to get as much of the possible security breaches. And so on documented in the right ways to the end user can see this, or we say, okay, we find out, okay, the answers we getting, for example, interesting. So maybe this person is not really experienced enough to do this, right?
This is sometimes the case as well, where you tell, for example, you can stop the process and say, why don't you go to X? Y is that let him or her help you again, security wise, an interesting question, but nonetheless, and the next step as well is all this documents stuff we are having today will become digitalized in the future as well. So I think I personally believe as well is that this whole thing will be in a, in a, and then encapsulates a secure environment where you don't need this to put a document in a screen anymore on the camera, but for now exactly. That's I think the part where we all need to work together, what is the best way to secure it, make it flawless and make it a good user experience. And sometimes you have to, maybe you have to do two, three things, which are not that digital, right? If you're thinking about things, as soon as the printers involved automation is, has the breakup itself already.
Yeah. That's, that's really quite true. Maybe if we can shift gears just a bit and come over to the biometric side of all of this, we can maybe consider the, the need for accuracy across all different types of faces. So considering ethnicity, considering age, how, how is this handled?
It's I mean, the technology itself, they are very mature already today, right? So it's all about this. When you think about what you need to do is, and this is always the first thing I try to discuss with customers. It is that you need to look behind the skin, right? And that's the point doesn't matter. It does matter how the shape of the face is and all this kind of stuff. And that's something that biometric some biometric solutions out there can do this to pay the estate. I don't care if you are a woman, a man, a it's, you are black, white, green, yellow, you name it, right. I just see the structure of the face. And I built the, the, let's say the, the cortex of your face in a digital map. So no bias towards race, no bias towards gender and this kind of stuff.
And, and business beauty nowadays with the biometrics functionalities we have is that we don't care. We just care that you are the person or the human being you are saying you are, and this is, this will work anytime if I have to be at or not. If you see my passport, for example, I don't have a read on this one. I was scared when I, okay. So these are things which are done. They don't matter. It doesn't, it doesn't matter if I, if I changed things on my face or I have lipstick on a lot, it is purely looking behind the skin, underneath the skin and see what's really going on. And that's exactly when it comes also to voice, seeing the lips, turning thing, that you are, the, the things going in your face and the muscles stop working, all this kind of stuff.
This is something you can't fake or of cost. People will find a way to do this, but today it's very hard to do this. So that's race and the race meets every time, an uphill better. Again, the people who want to hear from us, if it is identity of it is something I saw. Yes, biometrics nowadays can help us to the box and getting things done. However, and that's one thing where for some, you know, for some Microsoft stopped doing this whole big project around face recognition, that was a big thing two, three years ago, because the idea was great to see, okay, if something goes on, if you see panic in the eyes or something like this, we want to make sure we can get the right rescue positive. And so on, on the other hand, you're not seeing in young about possibilities and security and private data that would mean we need to screen, and we need to video the whole time human individuals and of course, a one month. So it's always the case here. And with biometrics quite simple, they can help a lot and in the right way to identify and authenticate us as well.
Yeah. And then if we take that a, well, I guess first thing I should say, what came to mind is actually that being able to look past gender, ethnicity, and age, things like that towards the structure of faces, this is a huge point of accessibility for perhaps transgender people who otherwise in their identity. It may look as though they've just sprang into being in the middle of their life or at age 20 or at age 40, which really isn't the case. And so if there can be continuity, despite a difference in gender, you know what their first identity document to one which has been renewed later, that's a, that's a huge step. What, what I would love to ask is what, what is the risk of biometric data then becoming the next target of, of identity theft and what, how is that protected and how could that be addressed if biometric data is able to be stolen?
And this, this is again, something that I'm quite sure there's a huge risk, if not already ongoing that people want to go after biometric data, if that is the next key to unlock services and the big things. And, and again, so that means for us, we need to make sure that if someone wants to unlock something with his case, then it needs to be live. It needs to be in the moment. And we need to make sure that this is the real thing. And then that works, keep others the way to try to steal, because you can't deal with this. You can try to rebuild it. You can make 3d masks and they are awesome out there, right? So they didn't receive the mass. I'm seeing in the moment spectacular. Nevertheless, you can't, you can't just replicate this and saying, I'm taking a picture and do something.
So that's why I'm saying it is always important for half the human being involved in the process of unlocking and authenticate every time you again. And yes, that sometimes feels a little bit annoying, but to be honest, I'd rather be a little bit annoyed than using all my money or someone is stealing my identity or something like this. It's always this again, this trade-off of saying, okay, what do I really want? Is it okay to smile five times in my phone? I'm quite sure many people smiling much more on the phone just to see how good they look. So two to three times more and you can unlock your digital life.
Yeah, that's a, that's a good point there. And my last question here, while I've got you on the hot seat is pretty future-oriented. And so at the moment, we're looking at identity verification, having benefits for both the end user and, and a customer and anybody who is providing that service. And so it's, it's a benefit for the end user because it's protecting them from being impersonated. And it's also protecting the company because they're, it's reducing fraudulent attacks and, and, and authorized logins. And it also allows them to fulfill compliance requirements for know your customer, anti monitoring, money laundering. So these things are clear, but I wonder if you could envision in the future that same benefit being offered to the end user to verify that their company or the service provider that they're trying to access is indeed who they want to be interacting with. And isn't an impersonation. This was another result of the past year is that there were so many fraudulent domain names. If we take Netflix, for example, I think there was a 600% increase in the number of fraudulent domain domain names, which targeted Netflix in order to fool end users, just trying to log in. So could identity verification go the other way around for the end user to verify whoever they're interacting with?
I that's, that's the tricky question, I think. Yes, but I'm still with guys. So I do need to deduct 20% from what I'm saying, but I I'm seeing it. Yes. I think it must be this can't be a one way street. Why? Because of me as an end user, I want to be secure the other way around as well. I'm quite sure it will be hard to confirm that the employee I'm talking to at a let's call it a bitch German bank or something like this is the person he, or she says to me, well, what has to happen? Is that a secure key somewhere? Making sure if I open up a channel to my bank, that this channel is secure and whoever's on the other side will be verified by the company, the bank, the insurance or whatever. So it has to be on that side as well.
I'm, I'm fine. I feel very good. And the whole thing opening up the, the secure channels, all this kind of stuff. So men in the middle or men in the browser, it's going away more and more because we are getting the right technologies again, I'm fighting to on Mr. And Mrs. We'll find new ideas to get this done, but yeah, you're absolutely right. I think we need to find a way that both sides are secure and just can meet in a secure environment. If we get to this, I'm quite sure we have big steps forward towards the secure and flawless digital world to be really honest.
Well, it comes back to what you said earlier is that the, the next months and years are going to be really interesting and probably show a lot of change when it's coming to, to redesigning these digital processes. So yeah, we have a lot to look forward to, I think, but let's start to wrap this up and come back to our original question. So kind of at the end of this, this discussion, what can we take away here? You know, what, what is this trade-off and, and can we add security to these onboarding and authentication processes without adding too much complexity?
Yeah. I, I think the answer is twofold. I think yes. If you increase security, that normally means more complexity in general, the question is on which level does that hit the end customer, the end user? So the complexity will be there either way, but the point is, where can we consolidate this and how do we present the spec to the end user? So for me, example for me, I just grade, if I can, and again, a little bit of headway here. I do apologize, but if I can combine all security checks behind one verification, check from my side, with the biometrics and the document, for example, and the company who's asking me to do this, does all this security checks and the niece, this whole process. There's no complexity for me as an end user behind it. The point is where it becomes really interesting is when we always say, okay, or we need to add another door, we need another, another door and do this on the customer journey or the user drug.
It's not always the customers, also the user journey, right? And you, for example, need to lock in your computer every morning and you have to type in six different passwords and you need to re authenticate. Okay, I see you as the same problem with an eye that is complex. And I don't like this. If someone says to me, listen early in the morning, authenticate yourself for the day, for example, which smiling, independent, happy to do this, and then your group. And if you don't use your system for 20 minutes, you have to do this again. That's right. I would say, and that's the point? It is. Where do we add the, the, the complexity, because it is that this, no one can tell me that if I add more security texts or checking or whatever, this raises the complexity, for sure. But do I want this on the customer side and user side, or do I do this on my side?
And making sure that the layer in between is as flawless and as user experience friendly as possible. And I think that's, that's the next big, big game changer as to say, if you find the, the vendors, the vendors, or the solution bring us, or whatever, giving you that same, this is the platform, this is the, the user flow. And that competitor complexity will be underneath the hood. You don't need to think about that. I think it's okay. Otherwise in general, the onsite, yes. Increased security means at the complexity is the question is who has to deal with it.
Yeah. And an interesting point to take, as well, as of course, we want to reduce complexity in the sense that we, we want a simple and straightforward workflow, but in the sense of, of thinking about real individuals and their digital identities and, and, you know, a digital identity is not just a username, but this is, this is the real individual represented in a digital form. And so there should be complexity there. And so if we separate this word from, from the question here, do we want to direct and simple workflow, or do we, do we want individuals with complexity so that we can really be sure of who we're dealing with and deal with individuals with complexity also with respect with, with respect to the fact that they're not just a username floating around in cyberspace, but really a human being who does deserve to be protected. And so kind of in, in this aspect of, of bringing in identity verification, it's bringing in a level of humanity to our digital selves, which perhaps hasn't existed in, in as real, a way as before. So I would argue that complexity here is really not a bad thing when we're talking about the depth of the, of the human self, when we're talking about processes, yeah, please, please. No more complexity, but the, there is a case to be made for the complexity of the human self.
Absolutely. And you're absolutely right. And I also think, especially also, as I said, the user flow or the user experience, whatever, as a, as you want to unlock, sometimes you want to have two, three steps just feel okay, best time security going. Right. Absolutely. Right. And this is, this is where we have, I think, amazing experts out there who are building these flows, checking with customers on what do I need? So for example, my, my, my, my mother would need a different flow than I, and I'm telling you, my son once got a completely different flow than me. So basically we need to make sure that yes, we all want to be one great family. Nevertheless have differences in age, faith and everything. That's nothing we should, we should on others for the individual, as you said, but then make it as flawless as possible. So everyone can have this auto audit experience in the right way.
Yeah. Nicely summed up Ali. I'd love to, to call out to the audience and ask if any of you have a question to ask now, it'd be a great time to enter it in, in that question field, on the go-to webinar panel. And I can kill some time while you're typing those in kind of goes through some announcements again, that again, if you're interested in any of the topics coming up, I'd love to welcome you at the KC live event or at the EIC. So those could be interesting places for you to get some more information, or if you happen to be interested in gaining more expertise on a specific topic like identity, access management, or incident response management, we do offer some masterclasses in these. So that could be a great way to boost the resume if you're interested and what's new and fresh is our tools choice offering, which is a self service advisory.
And so what that means if you and your organization are interested in procuring a new tool, for example, something with soar or ITSMs, you can access these on-demand videos. And they've been made by our analysts and our advisers who then walk you through that process of getting to really know the market segment, those vendors in it, and the process of, of holding down a short list and, and building up POC and going through the RFI process. So if you're there, that could be a really interesting resource for you. We have a whole host of other advisory. So if something here on the list, tickles your fancy, feel free to get in touch as well as our research. And this is what consumes most of my time. I write quite a free reports, which are here, give insight on, on the market and on interesting topics like these. So knock yourself out. There's plenty to read. And with that, thank you so much for attending at the moment. There are no questions from the audience. So if there is one, send it in. Now this is your last chance, but otherwise, thank you so much to you all. It was a great conversation and for all of you who attended today, thank you. Bye.
Stay Connected
Related Videos
How can we help you