Event Recording

A 4 Year Journey Towards a Smooth and Strong e-Signing Solution in a Multi-National Insurance Company

Name: A 4 Year Journey Towards a Smooth and Strong e-Signing Solution in a Multi-National Insurance Company
Uploaded: 2023-05-10T12:00:00+02:00
Duration: 29 min 21 s

Posted on May 10, 2023

A journey of the multi-national insurance company to find and introduce a smooth corporate e-signing solution, both legally and technically well-justified. A story of considering and aligning different dimensions to find a tiny path between legal trust and protection, technical constraints, smooth user experience, global EU Regulation (eIDAS) and country-specific local habits.

It was a huge puzzle to identify and solve all the critical actual and future needs of the different business use cases for e-signing across the company to come up with a singe corporate solution and move gradually away from the very fragmented and mainly technically driven landscape of signing solutions.

Traditionally those have been introduced as the ad-hoc remedy to some local needs in isolation from other initiatives and without proper validation of both short and long term legal impact to the company.

Show description

Speaker

IAM Global Product Manager
If P&C Insurance

Mihails Galuška

Since 2021 managing the portfolio of customer and partner identity related services across If P&C Insurance - the largest insurance group in Nordic countries with operations also in Baltics. From 2016 triggered and led the project to establish a smooth centralised, both legally and...

View profile

Show Transcript

Okay. Hello, my name is Miha and I'm learn to use this one. I used to work for the National Certification Authority in lava and wearing also the head of product owner for different types and shapes of electronic signatures, which qualified el electronic signatures provided across the country. And this is where I learned a practical part of eSigning. And, and then later I joined if insurance company, which is the largest Nordic insurance company operating in seven countries in Scandinavia and Baltic countries. And since we're the digital first company, this smooth digital operation is something very critical to us. And yeah,
And in, in, in, if, when I also as, as a product owner, I had like two babies there, which are relevant to the context of this conference. And the first one was like the award-winning mobile application for health insurance back then in 2018. I think we've got this word and, and it has the centralized iden. It had already then the decentralized identity in its core before even all the like discussions appeared here about that. So I can share some experiences, some features later if you're interested. But then another baby also very important is the corporate electronic signing service. So, which I've got green light for to work upon it from the management back in 2016 actually. And it is important, it was important because we, we often have cross-border and cross-departmental operations and with customers, with partners, with whoever. And first of all, the first thing we did, we wanted to learn the landscape.
So what was already there in place because we obviously have seen different like appearances of what people call e-sign. And we have have identified at least four, but actually more than that, different eSigning solutions used in if in different parts of, if we've been paying for them and each of them solved one specific isolated problem for either department, country or use case. And you know, those all are made, were driven by it. And for it, EIG mainly unfortunately is either black or white. So it's either e-sign or it is not at all. So, and they don't care about the datas because e-sign solutions are very much different. And the problem, the real problem is that in all those implementations, legal voice was not represented. So, and that's important point, that's fundamental point here because e-sign is all about like legal, it's all, it's all about collecting and preserving evidence full legal to use later. So we need, with e-sign, we need to ensure sufficient legal protection.
So they are the primary customers of this thing. So they must be equipped eventually to, to go to the court and, and, and, and, and, and struggle there. So, and the, i I can make this strong statement that legal is the only valid reason to have his resigning in place. I can't imagine of any other valid, sufficient reason to have his resigning there. So it's the only, if you don't need it for legal purposes, just skip it's much easier and cheaper. So, and what we start not started, but what we've, what we've learned, we've learned to ask in order to like to screen out the relevant candidates because there are tens or hundreds of them on the market who can be the supplier of assigning solution and which of them is okay, we've learned to ask five questions, which by accidents relate very much to the requirements of ADAS towards advanced electronic signature, by the way.
And this five questions are the first one, how does the signature like identify unique person in the world? So can you point, when you see the signature, can you point your finger to one person, maybe let's say you in the world and tell, okay, this, the claimed signee is you. So of course obviously usually you use social security numbers or something like that to identify. The next question is, could it be somebody else who pretends to be you then when added this signature? So that's another question and very important one. So how does this signature ensure that it is really you? Number three is could the change to, so is the document which we get as a sign document, is it the same or is the same as the one which has been originally presented to the signer for signing? So has it changed on the way or while keeping it or, so it's important. So the the outcome is the same as the income to the designer.
And then important question, if we sign some document with you, why should anybody else, like banks or insurance companies, whoever in the world like find our signatures credible enough for them to make their decision based on what we have signed, like in the contract because they need to rely on upon it as well. So what, what is the framework or regulation which makes it trusted for them? And then number five, imagine is that in five, 10, whatever years the signing solution provider, which you used to sign all the documents in your archive suddenly disappears. Will you lose evidence then are your evidence is done or part of them or not? So are you secure on that side? And that's, these are like five, like I would say screening questions. Of course there are many more detailed questions, but these are five screening questions which we've got.
And let me show you a few examples of different classes of signing solutions. There are many of implementation, but the IY will take two classes of them, which we have seen a lot of around. And the one class of signing solution is what we call here finger signing. This is where you like make your graphical signature with a finger on the screen and the solution on the backend. It tries to collect different facts about who did what you are in the signing. Like IP addresses, email addresses, even the location of the graphical signature on the document and then give it away back to you as a report. So like evidence report that big class of solutions and let's, let's just check, okay, does this solution clearly identify who is the designer? Mm. Will IP address or email address tell you this? Like clearly I'm not sure because email addresses and IP addresses used to be shared among users, different people the same addresses and, and and also the graphical signature. I'm not sure if you, if I know how your signature looks in the passport, so I don't have it to compare. So I, so therefore I don't think I can identify you out of the document alone, out of the signature. The same problem is with impersonation impersonation. Since, since these credentials are shared like IP and email, it can be rather easily impersonated well on detecting changes. There are some measures, it depends on solution, but, but it's not like clearly yes or no. There could be some, some options for that.
It's a problem with credibility as well because it's as credible to others as it is to me because they cannot identify IP address doesn't tell anybody to anything to the bank. If you show this signature, okay, is it your IP address or not? So they do not know. And with preserving evidences in long term, it's also like, it depends. So it could be or could be better or worse. So, but it depends on solution. Anyway, none of these questions get the clear yes, answer clear like green check mark, check there. So we skip that solution, that class of solutions.
Another big, really big and popular class of solution signing solutions, at least in Nordic region. I'm not sure about other parts of the world or Europe, but is are those who like rely upon the existing and like credible identity providers present on market like bank s different types of IDs which are there in the pockets of people around people like those and trust them. And those signing solution providers, they identify signer and then they present the original document to you and okay, now press the sign button. And when you press the sign button, they use some their own invent and proprietary method of signing, which is not very standardized. And what they do, they immediately start changing the original content of the document. They add like footers, headers, borders, extra pages. They add additional information about who it was, who came us and improved our, our his identity here.
So different disclaimers and transaction IDs, which are meaningless to me. And that's what you get is the signed document, what they call a signed document. So the problem, the first problem here is the original content is gone once you sign. That's the fundamental first fundamental issue. And, and, and they just, okay, let's keep going next big problem with this type of solutions was you immediately become dependent in long run on them because it's a proprietary method of signing. So you need a proprietary method of verifying the signature. How do you get to that sir? Okay, they tell you, okay, now use the link, we have a link upload document there and you will get the answer if the signature is okay and they even add some transaction IDs, which only they know what it means.
So if they disappear the method, the verification method is done, some of them know it's a problem, it could be a problem. And what they suggest, this is the quote from the official documentation of one of those providers, okay, option one, get the link if the link is not there, build your own verification method. That's simple. So try to do our job and if you are not capable of that, just the easiest the last resort. Take the hash of the sign document, take the publication from Financial Times, combine those data into the mathematical formula, calculate the verification results, and here we are. So you have verified the doc, the, the signature. That's easy. That's what our lawyers usually do during the morning coffee. So, and then they can be, can can repeat this exercise in the court easily so judge can understand as well. Yeah. So it's clear no go as well. But, but even this is not the biggest problem with that type of signing solutions.
And the biggest problem from my perspective, from our, that's our subjective judgment. So don't take it as, as, as, as, as a, as a, as, as a, like a full truth. But that's how we judge it. It, and this is what I call credibility bubble here because what they do with adding all those headers, footers and extra pages, they make you believe, they try to make you believe that the signing secret belongs to the intended signee, but it does not because they instead use their own like certificate or like, which belongs to them and is controlled by them to sign the document to actually seal document. So you don't see the signees name there, where the signature should be. It's their name, it's the company name there usually. But by, by adding nice logos and everything, they actually steal credibility from bank IDs from all those guys who are really credible on the market.
They, they, they, okay, let's call it borrow credibility, not steal, but that's, and it's not even a bubble, it's a foam because you, they use the same, exactly the same secret to sign different documents for different signers. So it's, it's the same secret used across by them and that's obviously not what we was looking for. And I can also not hear from the stage tete. I can show you how it, how I got the fake document look more authentic than the original one signed with this method on my own like machine with no any special software for that. So it's, it's, it's, it's incredible. So what we were looking instead was solution, which uses the, the secret of intended signer to sign the document. So it must be protected by that secret. So it's a strong evidence of the signature. That's a legal fact as well. Yeah. And unique secret for each signer, obviously. Yeah. So let's summarize. Do they identify a person? Yes, they they do they use credible ID provider, but then impersonation, that's exactly what they do. They impersonate, in fact they impersonate that signer with their own identity.
The tech changes bad because they do change document immediately straight at the straight at the signing time. You don't get original content anymore. And they try to address the credibility issue for third parties with the credibility bubble. That's what they do. They try to make everybody believe that it was that sign signer who signed the document. But maybe yes, maybe no, there are no strong evidence of that in the document. That's the fact. And you, number five, you become immediately dependent on them. Since they use proprietary sign-in methods, you depend on them. So your evidence is like very vulnerable, let's say to their business also if they are present in the business. So I, I'm now cutting out the long story how we selected what we did. So, and, and, and, but the long story short, that's the target situation. The the actual one. And we have like one big red block in the middle, which is a signing engine which is accessed by different signers.
Our employees, employees of our branded businesses, of our partners customers, whoever. They use it via webpage or mobile or API to trigger and sign documents. And the outcome is the signed PDF file, which is easily, can easily be used and opened and reread in the a any acrobat software across the world. Also signatures can be like validated there in a standard manner. And that's the centralized and unified part of it. The the very local part is here because we also want users to have smooth experience and something which they used to use. And we, we also rely here on the existing identity providers. That's obviously case and, and and a good idea. But comparing to those mentioned before, we have certification authorities here in the middle and they do important job for us. They create unique signing secrets for those people who prove identities to the certification authorities.
And those secrets are used then to sign document and these, these secrets are there inside the final document. So not not secrets, but but the like the, the proofs of them being in possession of those secrets. So, and that's makes very much difference to the final, to the end result. Obviously it costs much more than that type of solution, but it is a completely different legal story then. So because when we look in the final document, it is their, first of all their original content. What we see here, that's the signed document and we hear, see the, and the signature information is there apart from the content. So it's in a special dedicated area of the PDF file in the metadata area. It lives together, it's connected, but it's not here. It does not corrupt the document. And we have the real names of the signers there and they are, they have those green bubbles next to the names.
So that's important because that means that these inform this information is trusted and verified. Okay, that can, that can be different levels of how you verify what, but but of actually put it, to put it simple, it is verified and trusted information that the name of the signer is this. So that's what we can rely upon and can easily present to the judge and they can understand it easily eventually. So, and all these information in evidence is detached from the solution provider. It leaves within the document. So we get it to the archive and it stays there forever. So as long as we keep it and protected, but we are not dependent on the provider anymore, we can switch at any point in time. So we are not attached and it's smooth and it's respects local habits of people. So, and obviously we get all the green marks here for to as positive answers to all questions.
And also it's, it's what actually this a this advanced level is about, I would say. So having all those green marks here, so one short aspect, important aspect I should emphasize. So how we did it and it was a team and the leadership was here and, and the legal person we put in the middle of the team or, or they, they, they are our customers in this, in this project and, but it's not just as simple as getting any legal person and any IT guy and, and even brilliant legal person and brilliant IT guy, it'll not fly because those legal people must be like it enthusiasts. They must be trying to step into it and understand how it works, why it works like that. And the opposite is also true. Like it guys must be like law enthusiasts or legal, like legal enthusiasts must want to understand and look into regulation, understand how it works, why it's there. So they must become towards each other in this type of projects. Then it's, I can't imagine any other setup which will work than for, for this type of, of eSigning projects at least of course business context is there as well. So for smooth journeys and for for making sense to, to have this like paper signed at all.
Yeah. And on the journey, it was a long journey and in the middle of it, when we were doing production pilot with the one of the solution candidates, COVID came and suddenly people went back to the north back but went to move to their home offices without any option to sign document, or like to put wet signature on the document. And suddenly those nice to have things became must have things and, and people, oh they, they enjoyed, okay, that's great. We had this option. It was not ideal option back then it was not good enough. And it all, COVID also was something which helped us to discover more critical business needs and conclude that the original solution provider, which we have picked for the production pilot could not satisfy, could not like meet all the critical business needs for us. So, and we had to make this hard decision, but in the middle of production pilot or by the end of it we told no, sorry, stop, we should switch.
And we started, we actually, we started switching earlier than that even. But, but by the end of production pilot we have switched to alternative to another provider or even a mix of providers, which is, which was and still is a good fit and can satisfy all the critical needs. And this is where we are now. We are in the approach in the middle of the third year of the like fully featured production mode. So when we sign more than 30,000 documents annually and one more than one third of our employees are active users of this e-sign solution without having promotion from our side, we of course we provide proper support and maintenance to, to people, but, but we do not like force them to use it. It's just comes naturally. And we have, throughout those years we have discovered several repeating usage patterns which help us now to, to add new use cases quickly.
So, okay, ah, it looks like the same, it is the same thing or similar. So do like this and they can easily jump into the signing within their business processes, within the context of their business. And we also heavily used out of the box automation options. And I can say these, these are like low hanging fruits, which we collected almost most of them now. And we are approaching the next like challenge of, of introducing low code or API based automation to get deeper integration into our business processes. So to integrate the csig deeper than just using Porwal or mobile to sign. Yeah, so, and believe me, so I've repeated the fundamentals of re-signing so many times throughout these years to different people. So then, then I decided to make a video recordings of my, at least some of explanations and, and posted them on YouTube. So if, yeah, I just, this is not for business, for any money, just just for better communication and for, for, for educating. So if you just are interested, have a look there. Yeah, there are a few videos for that. So yeah, that's it.
Yeah. So thank you Micah. We have no questions from the audience that is listening online. Do we have any here in the room?
Okay, I'll take a microphone
Or walk around. Gimme a second.
Thank you Martin.
Thank you.
Yes. You, you explained, you identified during COVID with the first solution, you implemented some critical issues or capabilities, missing capabilities just to, to know which type of critical capabilities. We
Don't say, oh, one of the critical things was, was actually the ability to use the existing identity providers. So we skip any registration, any like onboarding or ID proofing before the user can sign at least external user. That was a critical one to go like widely around. And another one was a pure, not purely but legal because those who provided, they didn't clearly understand their role in that service. They, they didn't, they actually issued certificates, but they didn't want to accept their responsibility for issuing certificates like legal because that, that's, that's important point. So like issuing passports, when you issue a passport as a, as a, as a official, you must take responsibility who you do issue it to. So, and these were like two major critical things, but there were some others as well.
Okay, thanks.
Which, which others? Hmm, which others? When you say there were some other major critics, which
Others, other, other one was purely about how the signing process goes. Like for example, when you sign, when you triggers document for signing, there are parts of information which you would like to share with your colleagues only. So they like, like management, they don't have to read the whole paper, the whole contract for example. You provide some summary for them, but you don't want this summary, first of all to become a part of Signable document and then to also to be seen by externals who you, your concert parties. And it was, it could hardly be salt with the original ones. And it was important for us.
I think for me there are two aspects of this whole e-signature partner, right? One is your certification, which is certifying a document. And the second part is a whole workflow management. Yeah. And generally when you look at a big organization, you have got the B2B landscape where you don't need legal documents because internal signatures are sufficient using your active directory. True. But when you go outside, true, you need a legally authorized signature that can be validated, right? And then when you try to combine these different providers, that's where the difficulty is because organization one is using Adobe science organization two is using DocuSign, third one is using something. So how did you, did you actually have to deal with that, separate them to separate the fact of the signing and the workflow? And did you manage that as a, as an implementation?
We have faced a lot of situations. Okay. Not, not very many, but, but, but several situations where counterparts like, okay, let's use SIG or let's use whatever. And I would say that's still a problem is between those providers of unifying standards because you cannot at the moment take the like partially signed there and partially signed here. So then of course we try to force like what we use and, but, but sometimes it depends on the business, on the risks which are part of the content of the document itself. So, but, but, but for intern it's, that's, that's, that's, that was not the driver here. So totally. So mainly it's, but for our business it's important. For example, in cases where in competitive situations, even when we like trying to make business with a customer who has our competitor as insurance provider, and now our salespeople can sign during one phone call. So they don't need to play around with like, okay, printing, sending and sending to, they just do everything on the call and strongly. So
Phillip,
I don't have any further questions from the
Audience so far. I think we are anyway, very close to the end of the time, aren't we? Two minutes. Two minutes. Okay. Any more questions from the audience here in the room? No. Okay, then we take this one and then we are done, I believe.
Thank you. No, very, very quick question regarding the architecture, because I have seen that in new architecture there are two, there were two certification authority. Yes. So my question is about those certification authority, those ca are they a local ca or are they in some trust list like utl A a tl
We actually don't care. They, they, they can be global unless, unless, yeah. So if they can provide what we need, so because they, that's that all based on ADAS regulation let's say. And it's cross European. So any company, at least from Europe who satisfies the requirements towards this can, can serve. And we in fact have those one from Italy, one from Estonia. Because, because of the set of ID providers, they can supply to us.
Okay.
Thank you.
Thank you very much for all the insights you've been providing.

Playlist

European Identity and Cloud Conference 2023

Event Recording

Identity Data, Observability & Analytics - The Road to Identity First Security

May 10, 2023

Data is foundational to business intelligence - but how do you translate that into identity governance? Today’s enterprise has unprecedented levels of real-time, rich identity data across multiple parallel sources. More data leads to more predictive power in machine learning algorithms. These runtime data driven insights can become a central component to a systematic compliance and risk management strategy. This session will highlight how identity data can be used to uncover patterns, anomalies, and outliers and radically improve decision making, supporting your Identity First Security strategy.

Watch

Event Recording

Lessons Learnt Rolling Out a B2B CIAM Program

May 12, 2023

Holcim is the Global leader in innovation and sustainable and building solutions and we are offering different digital solutions to the partners (Customers, suppliers, carriers...) making business with us. The identity among those solutions definitely need to be centralized under a CIAM solution mainly focused in the Business to Business setup in order to improve management, customer experience and compliance with regulations. During this session, it will be shared the main pain points and the lessons learnt after more than one year rolling out a CIAM program.

Watch

Event Recording

Cyber Insurance as a Damage Mitigation Strategy

May 12, 2023

Digital transformation came with a wide range of advantages, but it also opened the door to potential cyberattacks. Every organization faces the risk to be the target of a cybercrime, but the transition to business digitalization leaves a greater room to present vulnerabilities in the system, and if attackers happen to identify them, the attack will occur. The world is changing rapidly, and companies must change with it, and so insurers see their possibility to break into the market. Is it worth to have a cyber-insurance policy? Does it cover all the damages? What is the extent of insurers responsibilities and the company one? Could these cases go to court and under what conditions?

Watch

Event Recording

Running Machine Learning Analytics On Traces

May 11, 2023

Let’s do things differently. To start with, let us view logs and traces as no different from any other data. The data an application indirectly generates when in use (the logs and traces) is no different from the data an application directly works with (input and output). So let’s keep them all together in a scalable cloud storage repository. Once it is there, it is just like any other big data. We need to analyze and apply intelligent monitoring to detect situations of interest. So we need to apply trained ML models to a stream of such data for immediate alerting when the traces indicate an unwanted behavior occurring or brewing. This talk will show how to harness existing technologies to do just that.

Watch

Event Recording

Urban Planning and Identity with Slime Mold or: How I learned to Stop Worrying and Learn from the Blob

May 10, 2023

In 1994, Italian physicist Cesare Marchetti discovered something: cities expand as a function of transportation speed. In short, “transportation is the lifeblood of a city.” Innovation in transportation has driven the expansion of cities—from small, walkable areas to the sprawling, car-based metropolises, presenting a challenge for urban planners.

Identity in the modern organization faces a similar challenge: if transportation is the lifeblood of cities, then identity is the lifeblood of organizations. And our organizations are not ancient, walkable Rome, but modern, sprawling Atlanta—with identities and resources widely strewn around the globe.

Like urban planners, we face a nearly-intractable challenge: how can we provide access to resources and data easily while still meeting the stringent demands of security and compliance?

Thankfully, there appears to be a solution for both urban planning *and* identity, albeit from an unexpected source: Ordinary slime mold. Aka, “The Blob.”

We’ll learn from this simple organism, describe how its simple actions create complex systems that solve these sorts of “unsolvable” problems, and see how the Blob might “think” about identity.

Watch

Event Recording

The Invisible Man Paradox

May 12, 2023

How changing requirements for a seamless yet secure customer experience affect your Customer Identity solution

Today's consumers live parallel lives, with one foot in the physical world and the other foot leaving many digital footprints across the internet. In the physical world, trust is easier to build and identity is easier to validate. In the digital world the consumer is The Invisible Man - more difficult to interact and connect with but wanting a simple, effortless digital experience with impeccable security.

In this session, we will explore how identity is the link between both worlds and is the centre of every great customer experience. From providing delightful experiences to ensuring security and privacy, we will show how the right Identity Solution resolves the Invisible Man paradox, building connection and trust in the digital world.

Watch

Event Recording

IGA Everywhere - Creating your Future Security Ecosystem

May 10, 2023

Identity Governance and Administration (IGA)is a core component of Identity and Access Management (IAM) infrastructure and refers to integrated solutions that combine Identity Lifecycle Management (ILM) and Access Governance. IGA helps to cut costs, increase security, improve compliance, and give users access to the IT resources they need.

Depending on maturity in terms of IAM, some organizations may need to bolster their capabilities in ILM while others need to focus on Access Governance. But most organizations are looking for a comprehensive IGA solution, that combines traditional User Access Provisioning (UAP) and Identity and Access Governance (IAG).

Watch

Event Recording

Why Policy-Based Authorization is Critical for Identity First Security

May 09, 2023

The enterprise perimeter is now its data objects, APIs, applications, and its users are now the workforce, customers, partners and in many cases, machines. In this new, decentralized, and highly segmented world, CISOs and IAM leaders find themselves struggling with multiple systems and interfaces that control the most basic question: Who has access to what and when?

In this session, we will present a new architecture for Identity First Security based on Centralized Access and Authorization Policy Management Platform, and discuss pro and cons, specific real-world implementations.

Watch

Event Recording

Navigate the DR (Detection & Response) Jungle: EDR, EPDR, XDR, NDR, MDR, ITDR

May 11, 2023

ITDR: Is this really something new, given that around 80% of the cyberattacks are identity-related, from password phishing to bypassing MFA? Is it a separate discipline or just a part of XDR (Extended Detection and Response)? Or a new name for what Access Management and FRIP already do?

As always, there is something new and relevant in this. The fundamental question for many organizations will be on how to address the identity threat challenge best. Does it require new or different tools, or just a different use of what is already there? What to look for specifically? And how to reduce the risk of identity-based attacks? Is ITDR the core, or better identity protection? These questions will be answered in this session to help you navigating through the buzzword jungle.

Watch

Event Recording

Hack a Cloud and Kubernetes

May 10, 2023

People are under the impression that when you spin up the latest and greatest AKS, EKS, OpenShift or GKE instance, that you're secure. However with K8S, now more than ever the workload underneath matters. One privileged, neglected, container can compromise an entire setup. Rather than just talking about the risks or best practices, this talk is all about showing how easy it is to do.

The talk will first discuss possible attack paths in the Kubernetes cluster, and what differences exist in the attack techniques compared to classic infrastructures. For this purpose, a web application in a container will be compromised, then the Kubernetes cluster and the cloud account. Subsequently, 2 open-source tools will be discussed how such vulnerabilities and misconfigurations can be detected in the different infrastructure layers.

Watch

Event Recording

Trust Inspiring CIAM – Essentials for a Secure, Experience-Driven Digital Business

May 12, 2023

Confusing Customer Identity Management (CIAM) with traditional Enterprise IAM comes at a high price: Applying internal regulatory compliance requirements and heavy security challenges to customer-focused interactions could easily limit user experience in a way that it measurably affects your digital business success, with dropped or interrupted transactions. Building Identity & Access around your customers' needs requires a profoundly different approach, which is on the one hand a trust-driven interaction experience with your brand, and on the other hand, complies with KYC and Cybersecurity requirements. In this session, we will give you an overview on the current state of CIAM and future developments you should include in your considerations before deciding on how to move forward.

Watch

Event Recording

The Journey to Decarbonization and the Role of Digital Identity

May 12, 2023

In this session, we will explore how technology is playing a crucial role in decarbonization efforts. We will discuss how Customer Identity and Access Management (CIAM) can enable digital transformation and support the energy transition. Additionally, we will delve into the benefits of using Centralized Entity Management to provide customers with a single ID across all digital channels, improving the user experience and enabling personalized interactions. Finally, we will emphasize the importance of a secure customer journey and persona composition to protect sensitive data, ensure customer trust and regulatory compliance, such as GDPR. Join us to learn how these key components can help drive a sustainable and customer-centric future.

Learn about:

Decarbonization trough technology - CIAM as an enabler of digital transformation and the energy transition
Centralized Entity Management, a single ID across all customer facing digital channels.
Secure customer journey and persona composition

Watch