Event Recording
Peter Weierich - Consumer IAM: Business Drivers and Challenges
Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
Log in and watch the full video!
Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.
I have an account
Log inRegister your account to start 30 days of free trial access
RegisterSubscribe to become a client
Choose a package
Right now I'd like to introduce our next speaker. Peter Warwick. Warwick
Ish. Yes. It's always complicated for us. Yes non-German guys. Yeah.
And I don't know why Martin has me introduce the Germans because I can never get their names. Right. But he's getting back at me for letting him have the Polish gentlemen, I think, but with no further ado, Peter, it's all yours. Thank you.
Thank you very
Much. If they bring your
Slides up the introduction. So what, what I'm going to tell you is a bit contradictory to what we heard before, because I will talk about things which just happen regardless from questions of privacy and things like that. In some, in some cases, and I will talk a lot about business or cultural developments and just a little bit about technology, which is an enabler for things. And let us just have a look on what eCommerce did to the retail market. For example, in Germany, you can observe that many of the classical shops or boutiques, which offered different, even, even premium brands, they close their shops because the people come inside, they inspect the products. They check, whether the shoes fit or which size fits. Then they leave the shop, go to eBay and Amazon and buy the things online. So these shops have to close because they are just misused as a showroom for customers and people buy in the internet or wherever it's it's, they get the cheapest price. They go to portals and look where, where they can get the, the, the best price. This leads to, to a development that the vendors, the manufacturers themselves are going to open showrooms. They are officially shops, but in fact, WMF, these shops are showrooms where people can take knives into their hands. They can inspect them, and then they decide maybe to buy there or from, from the internet.
What I, and what we see is that technology changes the world. In this case, changes business models, internet, marketplace, and price comparison. Porwal change the world. They, they really change the insight of cities and the, the big brands, mainly the, the, the premium brands in, in the end customer market implement their own multichannel strategy. And they say, it's for me as a manufacturer, it does not count where the people buy. It's just relevant that they take VMF added Puma, that they buy my product. That's the only thing they are interested in. And they build up new business models to, to implement these new market models. And some go further like Adidas, you might have seen in the use. They, they try to, to push their products out of Amazon and eBay marketplaces, and just want to offer their high price things over specialized dealers and their own internet shop. And what we see in when talking about technology for eCommerce, it's quite easy. You have your login in, in Amazon and eBay, which is just username and password. And for payment, you have extra service providers, which are working PCI compliant with banking, things like that. So what will happen next? What will be the next verticals where business models are changed because new technologies just make it possible, make new things possible.
One example, insurance companies. They have these very indirect sales channel. These of a and Berg, which are very, very expensive because they of course want to earn a lot of money and insurances who sell their products directly to the customers can be much more cheaper than the old fashioned guys in the market. So hopefully not the, the insurances will pass away, but just the, the G we'll see that. And it's important to have for the insurances to have a direct contact to the customers, which does not exist right now,
What is coming to the shops. And so to say, they, they develop over years, a high customer loyality. So the insurance guy knows his customers and knows best what, which products his customer really needs. So there are very long lasting relationships. And I, I just put this picture of this, this shop, into this presentation, because the guy who ran this shop, she exactly knew what is the size of my genes and my shoes. So she always could say, Peter, I've, I've got new genes for you when she, she got new new products from, from the vendors. So this is something which is quite similar in classical retail business. And in, in, in things we consider right now. So the key factor is to know the customer and the insurance companies or insurance groups. They do not own the customers. They just own the contracts. So the contracts for the family, for the car, for the house, life insurance, but they do not have a real relation to the end customers because just the agencies and the brokers like MLP and the guys like that, they, they own the customer. And they cost a lot of money, really a lot of money because they, in many cases earn a lot of money and this makes things really expensive. So if
The classical insurance companies want to survive against new upcoming direct insurance companies, they have, if they do not want to die, they have to eliminate these costly intermediate agencies and brokers. And interesting enough, did you know that the car manufacturers, mostly the premium ones like BMW, Audi, and Daimler in many cases, do not know who is driving their cars. Are you aware of that? Because the car is bought by a leasing company and it's handed over to IC consult to Siemens, to all these companies. And the, the guy who really is using the car is not known to the manufacturer. In most cases, he does not have a relationship to this driver. For example, three years ago, I wa I, I put into mini.de my, my, my dream car. And I still get mailing from, from mini because they do not know that I'm driving a mini for two years already. Yeah. I fit in, yes, because about 60% of BMW, timers and Audis are sold to fleet managers. And the manufacturer does not know the user and the user, the driver, he decides after three years, what he wants to have next, whether it's a, B, M w again, or an Audi or mat or Toyota. So we have a very similar mechanism there.
So many of these companies have the idea, I need this 360 degree, few to the customer with classical marketing means. But as we just, just heard people do not hand over these private information to everybody too. So the, the, the companies, the manufacturers have to have to offer incentives to, to the people that they give free their personal information, and they have to provide a significant security level. And just then they can establish step by step this lifetime relationship. So now a bit towards technology, finally, what are the security levels, which are needed to establish these relationships and what can be done for that? So for the first contact info, email mail in whatever, there's, it's just necessary to have a very, very low entry barrier to have almost no security requirements, because low entry barrier is, is necessary to, to get into contact to this potential customer and the more personal information and transactions and things like that have to be managed via the internet.
The security levels have to, to be increased. So for personalized safe services, where I can maintain my personal data, which I hand over to BMW, or to AXA group, it might be sufficient to just take the Facebook or out log in, or to create the username and password, things like that. And the more sensitive the information become account status, information, contract, informations, status of my life insurance. This is a very private information. I would say. I would not like to share this with, with the world. The more security features are required up to things where I need bank like security, great, like which are regulated in this case. So what can we do? One point is authentication. Interesting enough if I say username, password and Facebook log in is okay for some things, but to get more deeper to personal relationships, I need at least one more factor of authentication. And in Germany, there was the Buddhi personnel SWI a project, which was made so complicated and so complex. And so overregulated that no one uses this today for authentication of business processes. Although theoretically, this could be done very interesting in Sweden
In Sweden, there are some, there is a regulation which says for, for certain business processes and customer business processes, you need multifactor authentication. And what they are using is not a special card for this business process, because we have so many cards. Anyway, they may, they take the bank card because to get a bank card, you have to prove your identity and a bank card is of course, sensitive enough because you are paying with that card as well. So it is considered to be secure enough for a multifactor authentication. So why do we not take this bank card for authentication for additional factor? I expect that this is although it's not done in Germany right now, as soon as the first player in the market will offer this feature, many will follow. Of course, I could also take my health insurance card, but this may be bit too, too, too sensitive for many people or even my, my ID card, my employment ID card, this case BMW or Pricewaterhouse Cooper, these cards are secure enough as well. So I expect that in Germany, things like that will happen as well. And I don't know whether will this will happen, but
A way to go to external identity providers, which say, okay, I know this person,
It's smart him. I know him. And it's okay if he wants to go on to your Porwal and to wants to see his personal life insurance contracts. The, for me, one of the most secure approaches would be biometric. And there's a startup in, in Nurnberg. For example, my bio ID, they have a very advanced technology to prove identity with your built in camera, in the, in the notebook, as well as the, the voice recognition stuff. And they offer their services over Federation protocols as a service. So you can enroll there. You can prove your identity with different means. And then you could use this service to prove identity and to authenticate with this external service.
So always the classical identity and access management with username and password will survive, but just for the baseline and to gain higher security levels, you always have to, to make a balance between security and usability, because many, many things which are secure are not used because it's too complex to use them. Just the example with complex passwords, you always know these things already. And in, if we talk about consumer oriented and access management systems, it's quite interesting that many of our customers also implement multi-brand strategies so that if you have a BMW account, you can use the same account for mini and the other brands within the group as well. So these, in, in, in complex corporations like insurance companies, we have the same example. There's one unit who offers the service of an identity provider, which can then be used by, by other units.
We already talked about Facebook and biometry. And last year I talked about external authorizations, ex Zal was already mentioned before, and we see a growing demand to use these technologies to authorize transaction or access to confidential documents within the corporations, but also in end customer facing applications. So already my last slide. So I'm just in time consumer and access management is for us as an integration company, the, the top market, we have incredible growth rates. We with different customers at the meantime, no three big car manufacturers are customers with customer E I M projects where we manage some 1,000 thousand users already with web access management Federation. In all scenarios you can imagine. And we also had a first external authorization project out of the financial services market, because last year I said, the financial services market is the first one who uses this technology and other will follow. So this is all this already has happened. And interesting. The lead times are weeks. So the implementation, the need and the, the, the, the implementation is always a question of weeks instead of months and years, as in classical identity management and access management projects, Martin, I, I guess you will, will agree. And that's very interesting. Those projects in many cases are not paid by it or from it budgets, but from marketing budgets, thank you for your attention.
Ish. Yes. It's always complicated for us. Yes non-German guys. Yeah.
And I don't know why Martin has me introduce the Germans because I can never get their names. Right. But he's getting back at me for letting him have the Polish gentlemen, I think, but with no further ado, Peter, it's all yours. Thank you.
Thank you very
Much. If they bring your
Slides up the introduction. So what, what I'm going to tell you is a bit contradictory to what we heard before, because I will talk about things which just happen regardless from questions of privacy and things like that. In some, in some cases, and I will talk a lot about business or cultural developments and just a little bit about technology, which is an enabler for things. And let us just have a look on what eCommerce did to the retail market. For example, in Germany, you can observe that many of the classical shops or boutiques, which offered different, even, even premium brands, they close their shops because the people come inside, they inspect the products. They check, whether the shoes fit or which size fits. Then they leave the shop, go to eBay and Amazon and buy the things online. So these shops have to close because they are just misused as a showroom for customers and people buy in the internet or wherever it's it's, they get the cheapest price. They go to portals and look where, where they can get the, the, the best price. This leads to, to a development that the vendors, the manufacturers themselves are going to open showrooms. They are officially shops, but in fact, WMF, these shops are showrooms where people can take knives into their hands. They can inspect them, and then they decide maybe to buy there or from, from the internet.
What I, and what we see is that technology changes the world. In this case, changes business models, internet, marketplace, and price comparison. Porwal change the world. They, they really change the insight of cities and the, the big brands, mainly the, the, the premium brands in, in the end customer market implement their own multichannel strategy. And they say, it's for me as a manufacturer, it does not count where the people buy. It's just relevant that they take VMF added Puma, that they buy my product. That's the only thing they are interested in. And they build up new business models to, to implement these new market models. And some go further like Adidas, you might have seen in the use. They, they try to, to push their products out of Amazon and eBay marketplaces, and just want to offer their high price things over specialized dealers and their own internet shop. And what we see in when talking about technology for eCommerce, it's quite easy. You have your login in, in Amazon and eBay, which is just username and password. And for payment, you have extra service providers, which are working PCI compliant with banking, things like that. So what will happen next? What will be the next verticals where business models are changed because new technologies just make it possible, make new things possible.
One example, insurance companies. They have these very indirect sales channel. These of a and Berg, which are very, very expensive because they of course want to earn a lot of money and insurances who sell their products directly to the customers can be much more cheaper than the old fashioned guys in the market. So hopefully not the, the insurances will pass away, but just the, the G we'll see that. And it's important to have for the insurances to have a direct contact to the customers, which does not exist right now,
What is coming to the shops. And so to say, they, they develop over years, a high customer loyality. So the insurance guy knows his customers and knows best what, which products his customer really needs. So there are very long lasting relationships. And I, I just put this picture of this, this shop, into this presentation, because the guy who ran this shop, she exactly knew what is the size of my genes and my shoes. So she always could say, Peter, I've, I've got new genes for you when she, she got new new products from, from the vendors. So this is something which is quite similar in classical retail business. And in, in, in things we consider right now. So the key factor is to know the customer and the insurance companies or insurance groups. They do not own the customers. They just own the contracts. So the contracts for the family, for the car, for the house, life insurance, but they do not have a real relation to the end customers because just the agencies and the brokers like MLP and the guys like that, they, they own the customer. And they cost a lot of money, really a lot of money because they, in many cases earn a lot of money and this makes things really expensive. So if
The classical insurance companies want to survive against new upcoming direct insurance companies, they have, if they do not want to die, they have to eliminate these costly intermediate agencies and brokers. And interesting enough, did you know that the car manufacturers, mostly the premium ones like BMW, Audi, and Daimler in many cases, do not know who is driving their cars. Are you aware of that? Because the car is bought by a leasing company and it's handed over to IC consult to Siemens, to all these companies. And the, the guy who really is using the car is not known to the manufacturer. In most cases, he does not have a relationship to this driver. For example, three years ago, I wa I, I put into mini.de my, my, my dream car. And I still get mailing from, from mini because they do not know that I'm driving a mini for two years already. Yeah. I fit in, yes, because about 60% of BMW, timers and Audis are sold to fleet managers. And the manufacturer does not know the user and the user, the driver, he decides after three years, what he wants to have next, whether it's a, B, M w again, or an Audi or mat or Toyota. So we have a very similar mechanism there.
So many of these companies have the idea, I need this 360 degree, few to the customer with classical marketing means. But as we just, just heard people do not hand over these private information to everybody too. So the, the, the companies, the manufacturers have to have to offer incentives to, to the people that they give free their personal information, and they have to provide a significant security level. And just then they can establish step by step this lifetime relationship. So now a bit towards technology, finally, what are the security levels, which are needed to establish these relationships and what can be done for that? So for the first contact info, email mail in whatever, there's, it's just necessary to have a very, very low entry barrier to have almost no security requirements, because low entry barrier is, is necessary to, to get into contact to this potential customer and the more personal information and transactions and things like that have to be managed via the internet.
The security levels have to, to be increased. So for personalized safe services, where I can maintain my personal data, which I hand over to BMW, or to AXA group, it might be sufficient to just take the Facebook or out log in, or to create the username and password, things like that. And the more sensitive the information become account status, information, contract, informations, status of my life insurance. This is a very private information. I would say. I would not like to share this with, with the world. The more security features are required up to things where I need bank like security, great, like which are regulated in this case. So what can we do? One point is authentication. Interesting enough if I say username, password and Facebook log in is okay for some things, but to get more deeper to personal relationships, I need at least one more factor of authentication. And in Germany, there was the Buddhi personnel SWI a project, which was made so complicated and so complex. And so overregulated that no one uses this today for authentication of business processes. Although theoretically, this could be done very interesting in Sweden
In Sweden, there are some, there is a regulation which says for, for certain business processes and customer business processes, you need multifactor authentication. And what they are using is not a special card for this business process, because we have so many cards. Anyway, they may, they take the bank card because to get a bank card, you have to prove your identity and a bank card is of course, sensitive enough because you are paying with that card as well. So it is considered to be secure enough for a multifactor authentication. So why do we not take this bank card for authentication for additional factor? I expect that this is although it's not done in Germany right now, as soon as the first player in the market will offer this feature, many will follow. Of course, I could also take my health insurance card, but this may be bit too, too, too sensitive for many people or even my, my ID card, my employment ID card, this case BMW or Pricewaterhouse Cooper, these cards are secure enough as well. So I expect that in Germany, things like that will happen as well. And I don't know whether will this will happen, but
A way to go to external identity providers, which say, okay, I know this person,
It's smart him. I know him. And it's okay if he wants to go on to your Porwal and to wants to see his personal life insurance contracts. The, for me, one of the most secure approaches would be biometric. And there's a startup in, in Nurnberg. For example, my bio ID, they have a very advanced technology to prove identity with your built in camera, in the, in the notebook, as well as the, the voice recognition stuff. And they offer their services over Federation protocols as a service. So you can enroll there. You can prove your identity with different means. And then you could use this service to prove identity and to authenticate with this external service.
So always the classical identity and access management with username and password will survive, but just for the baseline and to gain higher security levels, you always have to, to make a balance between security and usability, because many, many things which are secure are not used because it's too complex to use them. Just the example with complex passwords, you always know these things already. And in, if we talk about consumer oriented and access management systems, it's quite interesting that many of our customers also implement multi-brand strategies so that if you have a BMW account, you can use the same account for mini and the other brands within the group as well. So these, in, in, in complex corporations like insurance companies, we have the same example. There's one unit who offers the service of an identity provider, which can then be used by, by other units.
We already talked about Facebook and biometry. And last year I talked about external authorizations, ex Zal was already mentioned before, and we see a growing demand to use these technologies to authorize transaction or access to confidential documents within the corporations, but also in end customer facing applications. So already my last slide. So I'm just in time consumer and access management is for us as an integration company, the, the top market, we have incredible growth rates. We with different customers at the meantime, no three big car manufacturers are customers with customer E I M projects where we manage some 1,000 thousand users already with web access management Federation. In all scenarios you can imagine. And we also had a first external authorization project out of the financial services market, because last year I said, the financial services market is the first one who uses this technology and other will follow. So this is all this already has happened. And interesting. The lead times are weeks. So the implementation, the need and the, the, the, the implementation is always a question of weeks instead of months and years, as in classical identity management and access management projects, Martin, I, I guess you will, will agree. And that's very interesting. Those projects in many cases are not paid by it or from it budgets, but from marketing budgets, thank you for your attention.
Stay Connected
Related Videos
How can we help you