Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
Next speaker is from Atos. He's going to discuss whether the paradigm we have in enterprise identity management to target what's one identity is actually doable and maybe also wishful and the personal environment. Thank you. It's very interesting to hear the speech of my pre speaker about the few of the service provider, because I, when I prepared for this keynote, I took a journey back in my own history.
And I'm sure when I take some of you with me, you will remember the times when there was no worldwide rep and at least some of you and where we haven't had this problems with multiple IDs and so on, or we haven't seen it as a problem at least. So the title is one identity. Do we need more than one me?
It's a little bit provocative to, to put this here in the identity management community, because all our models, all our thinking was in giving the enterprise one ID, the one electronic ID, which can be used for provisioning, for governance and all these nice things which we need to do in the enterprise. First of all, in the wider play want to introduce Atos. Atos is one of the largest it providers in Europe.
We also are a partner of Olympic games for it services in it security for the last games since 2004, and also with Olympic games in London, we have now about 78,000 employees worldwide, and we cover the whole value chain from product solutions, consulting services, up to managed services and cloud services. So now start with a journey.
1995, we had a 1995 situation that the first rep revolution comes in. So internet sites were popping up everywhere. And from a social scientist view, the, you was promising. It was promising in a totally different way that we discussed today. It was promising in that we have now a medium where we unlike in the normal business face to face communication, we can be anonym. We can choose to have different personas with different interests, log into different services. And finally, the idea of the identity was multiple.
So when I'm with a block, I have my opinions and I can be more direct and more radical in this single lady block. As when I put my thoughts on a official website. And since disconnection of my identities of my persona was something which was not negative, but it was something of the cultural change.
Now, when we looked at the enterprise side, of course, this was not the game in the enterprise. We all were from beginning facing the silo sinking. And based on the silo sinking, the concepts we made up were targeted on bringing the XOs down and connecting the identities, accounts, the roles, the group memberships to one identity to one electronic identity. Also the privacy problem was not really obvious because from the privacy point of view, we had also things in place. We had the boundaries, we had the parameters around our enterprise. We had the firewalls, the networks were closed.
So we were able to provide quite high level of security to the privacy of the data of our employees, partners, or consultants working our networks, even if we are also some problems with the need to know principle and other things. And of course in a country like Germany, the unions at any time questioned, if this is a good idea to have control over people on one ID, but nevertheless, this was more or less a battle which has been lost because the benefits were obvious. The benefits for identity management in the classical way.
As we see it are higher efficiency of the identity related processes, higher security levels, better compliance and governance structure. And of course, for internationally operating companies, also the possibility and the agility to add new services and have mergers and acquisitions managed in a much more efficient way. So what happened since then? We had a totally new world of services technologies coming in. Some of them are there today.
Some of them are developing, but if you look at the four drivers, so to say of the modern internet age, we see that mobility was really pushing the ability of everybody to be online, wherever he is, to connect to any services at any time when we sync this further in a mobility space and connect or not persons, but items and go to the internet of things. This means that nothing is unconnected in the new world and with the tremendous success of the social media platforms like Facebook and others, this changed also the behavior of people, of the digital native generation to make all this happen.
It was essential that on the other side, we needed some technological basis, like the big data structures or the cloud infrastructure to get the demand of computing power, wherever it's needed, taking all this together. We had everything in our hands to connect the real world with the internet world.
So like it or not, your personas in the internet are connected to the personas in the real world and with the big data, which is a way to the big players in the internet and to service providers, to they can connect your transactions into, into internet with these and with physical me, I have in the normal world. So in our days it's a separation between online and offline identities disappear. And I think there's no discussion about if we can turn back the wheel that has never happened. It will not happen happen in this case.
So people in let's say the age of my son, or a little bit older, they want to act as one person in the internet say, see it not as a threat, maybe they are wrong. I don't know, but they want to act as a person on Facebook. They want to act as a person on social media. They really have not the feeling that they're, they want to disconnect both worlds. They live in both worlds at once. So this of course has very, very high impact on the behavior. And what is meaning for the service providers and the technology providers.
When you see last developments like Google glass and everything coming up here. It's interesting thing is that people who may not be aware, that's say, say, live in a augmented reality space can be connected to the internet, to a meshed network of identities, locations, timestamps, whatever, without even knowing that they are in yeah, facial recognition is working perfectly. So there are a lot of things which are there today, which may not be in use, which will be in use tomorrow. And my colleague from BT will see this picture and he will definitely see that this is a reality today.
As a heavy internet user, Emily will leave so much traces and will be connected to so much services that interconnection of the service provider information, the social media information, the social network information. So location information, and everything's a leaf behind in a eCommerce trail. You can get a very, very good picture about what she, she will do, what she is maybe intending to do, what experience they have made in the last months. And what are the reactions on several events or the behavioral analysis is a part of our days.
That's nothing which comes with the future, but nevertheless, let's have on the few on the benefits, the benefits of having one idea are also clear. First of all, if you use, I made all those examples with the Facebook ID, but can be any ID you choose. If you have one ID to lock onto services, this is convenient. It opens up the possibility to use internet services in a totally new way. And the experience, the user experience you have may enable service providers to come up with new services, which are even more attractive for you.
And these tailored services, of course take advantage of big data information, delivering the right products to the website. Do you log in at the right time and thinking about the legal side or what we all think about the hackers anti-fraud services can of course be supported by having one ID and a direct connection between the electronic ID and the legal ID And governmental control can improve because it's much easier to connect one idea to the traces you leave and the traces you have in the cybersecurity space. And this is not negative by, by themselves.
It's, it's a question how we handle this in the future. What are the technologies we are looking for to create it space where not only the service providers and the big data companies, but also we as a consumer are feeling well in using the services.
Now, one of the problems may be that the business models today don't really support the privacy salt, because if you look at the business model of Facebook and the, this picture is showing the development of the privacy settings of Facebook from 2005 to 2010, I think you see that a lot more of information is available per default. It's a privacy setting.
So the idea that these companies change their business model without regulatory or market pressure, maybe a little bit naive on the other side, I believe that the business model will only be sustainable if they adapt to the challenges we are looking for. So for me, change is necessary looking at the behaviors, the technology and the regulations, and when you are a newer net user, maybe my son, maybe his kids, they will act totally differently.
They will not act as naively as we have seen it in the last 10 to 20 years, save will decide what part of their personas save on to show with their mainstream identity in the internet. There was also a French fellows offer Misha Fuko who created a little bit negatively the, the term governmentally, but in the end, of course, as I am controlling my picture of myself, when I'm in a face to face meeting with customers with partners, the same will be true for acting as my identity in the internet. I will be selective on what information I share with a global community with.
So with a close group and maybe with a personal relationship with the net. So what we have discussed before, of course also is true for the negative parts identity theft can be of course, much more threatening as having only one account in one side hacked today. Lot of people are totally caught on the wrong foot when their banking account may somehow be, be opened or some information about their credit cards are distributed, but think about having one identity and with a central ID provider and think about somebody can really exchange your identity with his identity.
So I think in Europe today, there are a lot of very intelligent people thinking about this problem, but there is not, the threat is not as clear as we see it probably in the United States. When I did a little research, I found side with a federal rate commission and I found it very interesting. I only can encourage you to, to have a look at this side. It was the first time I've seen publication, which is so easy to read and to understand without even knowing what the internet is and what, what all these other things are.
You don't have to be in any kind, an it expert or whatever, to have a way described. How you find out that your identity may be tempered with such identity is stolen. What you have to do. There's a clear, clear pass to have a police report connected with your identity report and to report this to the government. And I found this really well done and very interesting.
And probably we see a lot of these new services also coming up in Europe, but at least my believe is we are not doomed because what I've seen in the last presentations of yesterday and the day before see regulation and the technologies to enforce this kind of privacy are very fast maturing. So what we have seen was yesterday's award winner to the low and a lot of other very, very interesting new inventions. Also yesterday's cure ation presentation.
I found very interesting because it was the idea of democratization of identity management, which Kim came, brought forward yesterday in a discussion. And I think it's also about democratization of the whole big data, which is owned by me.
Yeah, my part of the big data. And if we, as technologists are delivering to this approach, if we, as a technologist company are able to deliver services protocols, and of course also set up in a regulatory framework, which supports this privacy. This can really enable the net of the future. So some important principles of course are the same as we know it from the, the enterprise space informed consent informed consent that the enterprise was easy because you had some kind of, of contractual way to communicate handling of the data with your employees or with unions or with partners.
Minimal disclosure only use these information for public use, which are absolutely necessary. And of course, a confide generality of the data and today several possibilities are discussed of using identity management like Federation services in combination with zero knowledge protocols where your only makes is yes, no, or maybe decisions. And on the other side, what we are looking for is when the social media guidance would follow the pass and implement solutions, which would enable you as a user to take total control of the sharing of your information.
This of course would at least in my point of view, bring down a lot of my concerns, which I have of sharing my information in in some years. So It's not really a revolution, which we are looking for. It's an evolution today.
Ah, 10 years ago, we had the enterprise picture today. We are the area of the extended enterprise where we have, let's say at least in most cases, a manageable network of partners connected to my enterprise. It in the future, we will see enterprise without boundaries where people use say social media platforms to build up innovation networks, to solve problems for their enterprise, but also, and work in projects outside of enterprise. And this is of course a kind of revolution syncing, but the technology behind will be an evolution of what we see today.
So the physical locations don't play such a big role anymore. And to manage all these things, we need services, which are platform independent and data centric. And so steps to this picture today are what we have seen also before are federated services offer such Federation hub services also to their customers as a solution or as a managed service connecting to private cloud internally or to external cloud services. So the key to everything of course is business and business must be influenced by money.
So when people want to earn money, they have to get a clear picture of what they have to do to get more customers on board, to get more services on board. So my belief is that privacy control will only take place if it's demanded, if it's a part of the business case, and everybody is speaking about privacy by design, but it'll only happen if the concern of the users and the availability of the legal framework supports this development.
No, today, as I said, social media business is a silo. Like we have seen it in the enterprise for so many years.
It's, it's a complete silo thinking the data I own are my data, not my data, but their data. And they can do whatever, whatever they want with it. And this silo thinking of course have to come down to enable this network, which really enables us as an individual person to use our data and the best use for connecting to several opportunities, partners and businesses in the net. So Atos has seen this as one of the future developments, which we concentrate on.
And with the scientific community, there is always a definition of a journey 2016 in this case, next journey is written enterprise without boundaries. And a lot of the things I tried to discuss today will come into a lot of research activities, white papers, and so on. And you are invited to all the visits Auto's website, have a look for the new developments and see if you can share our sorts. And maybe you are interested to come to our booth and discuss this with us. Thank you for your time.
And for me, I'm not as old as I look, but in the end, sometimes I see that I'm not getting hold of the development, which is going on. As I said, when I entered my professional career, I was hired to install a email network, an international company say, there's no email at all. You can't remember these times. So in the end, I think we are always struggling to keep control, but maybe we can have a word from a guy who was always at the limit of control. If everything seems under control, you're just not going fast enough. Yeah. What's happening in the formula one, maybe true. Also the internet.
Thank you. So the question is you didn't answer your additional question, right? So will there be one identity? I believe so the question is answered. I don't think that we are able, we big data with everything and technology developments coming up to have way beyond one identity. If the one identity is technically as the enterprise one electronic U I D with clear definition, I don't know, but there are so many means to connect whatever identity you are to a legal physical me that I believe it's more about being able to control the really important data around your identity. Yeah.
As we have seen it yesterday in the key foundation discussion, I'm not sure we can really protect our identity from being shared or, or seen, but what's would be really nice is if we have the technical means to control what kind of really valuable data around my identity I share with what person, what process, what machine and what application, But that, that basically means that you should have the right to control the data that is being collected about you, which is different in different legal contexts. Right.
As we know, that's right in the us context, for example, collecting data, the data collected belongs to those that are collecting. Whereas in the European environment, they belong to those about them. They're collected You're right.
I, I think my hope was that we, we have more European model for the rest of the world, but to be honest, I believe that the business value of the data is the deciding factor. And if we are able to, to put value at the data I own, and I can offer this actively yeah.
To, to service provider without giving it away without knowing what they do with it, just maybe a way. But of course it has to be handled by people who are not experts or say was a high, But we had the same discussion in the enterprise environment as well. Right?
I mean, thinking 15 years back, it was just like the same discussion in the enterprise environment. There was the elder and directory people trying to convince business people.
Well, you need to think differently this identity, this is something to need to be externalized. This is something you need to treat separately. Now we have, we have learned how to address this in an enterprise in a closed environment to say maybe complex, but so closed. But in the, in the, in the public environment seems to be different because the market forces are different. There's not no such unique control mechanism.
So I don't think maybe so I, I like actually your, your claim that the, the, to, to, for this, to be able to be realized the bus, social media and social Facebook, whatever, Google, they need to change their business model. To some extent, now what we see is actually, it seems to go the other way around. So if you look at the current trends of Facebook trying to marketize their internal email communication, for example, it seems not to be the open space where they go out and consider business models involving other identities. Right. Yeah.
But, but this looks to me like, like kids, yeah. Kids always prove how far they can go. Yeah. Okay. And in the end there will be development, which, which have their peaks. Yeah. And regulation will come in when it's too extreme.
You see, you have seen this with many monopolies in the markets. And I personally believe that people get more and more aware yeah. What they do, they will not leave the platforms. They will maybe act a little bit different. Yeah.
So we'll be aware in what environments they are That gives an interesting thought, like would, would, would maybe at some point at a trade commission or European commission acting as a trade commission, like us would actually mandate or, or, or ask for separation of identity management for, for, for transparency requirements for trans, it could be something we didn't look at so far. Right.
So, Yeah. I see, I see that what we see in the UK that now private companies come in to, to act as a identity provider. Interesting question, of course for the companies is can I make money out of it? Yeah.
And for, for the people involved and for the citizens, the question is whom cannot trust. Yeah. And in the answer, Is it your question?
I mean, not from those people trying to make money. Right. Is this your No, no, no, no. But only if I have trust in a partnership, a partner with Mon make money was me.
That's, that's a normal case. Yeah. Yeah. I just remembers this remembers the debate when SA, when, when Microsoft was forced to detach the internet Explorer out of this insider delivery, because the browser was the entry to the open world, blah, blah, blah. Maybe at some point, Facebook will be asked to detach the identity management system from their services. Probably very interesting fault. Thank you again. Thank You.