Digital Identity and Privacy: Stories from the Frontline

Quickly getting onto the discussion about stories from the front line. Let me first take a step back and talk to you about identities, the diversity in humanity. And if I were to look at identities from the front line, how does it look like? And typically it looks like Should I all right, lovely pastors, no longer relevant.

You know, when we get into organizations and try and get the identity space, right? I know most of the time, most of us try and Del into something which did not work or which is not likely to work from the front lines. Let me try and look at it from a perspective of maybe zero to five years and five to 20 years, and then maybe let's look at it from 20 years from now from zero to five and five to 20. I actually call this as a stage of evolution of digital identities. I'm sure we've heard about digital identities all show the morning.

And that's what we are likely to do maybe tomorrow and day after and so and so forth. But believe me, I think digital identities have not yet arrived. And let me try and again, take you back to the next slide. Evolution of digital identities. What we trying to see here is it's no longer used varies in passwords. And I don't think that's anything new that I'm trying to talk to you about, but let's construct digital identity, right? How does a digital identity look like to you today? Digital identity is actually starting to become a complex structure or a mirror of who you are.

It's actually quickly mirroring who you are. So your personal thoughts and people would come here and talk about artificial intelligence and machine learnings, your likes dislikes, how you do things. When you do things where you do things, what do you use as tools, computers, iPads, and devices. What do you create? Probably you're creating data artists, maybe producing something. And where do you finally store all of this information? Right? All of this are just some variables which constitute a digital identity for all of us.

Now let me try and again, take a step back and try and say, why is this happening? Why is it that people are trying to look at digital identities in this fashion? Especially because I think there are four business models, which are evolving in the world. And I'm not saying this, you would probably want to do Google on world economic forum. And I've said this in one of the conferences here before the first one is outcome based models. The business model that you're seeing in the world evolve one very important is the outcome based business model. What does it really mean?

It means you no longer want to buy a product because of the product itself. You want the outcome from the product. So let's take an example of a car. You don't want to buy a PM or you don't want to buy Mercedes-Benz because it looks good. You want to buy it because it engages with you, right? For example, Tesla, for example, if you look at it, it is walking on that path, right? You would want to go to a hospital.

It would, you would want your machines stuff to engage with you. You wanna go to a bank, you would want the banks to engage with you and give you an outcome, which is way different from just storing money in the banks. And this goes on and on. Believe me, this is one very important business model, which is evolving, which is going to impact identities. As I speak to you about the second one is hyperpersonalization what does this really mean?

Hyperpersonalization is something that you and me like, for example, if you're walking into a mall today, you would have a Google come up or you will have an apple come up and say, Hey, you know what? You've been in this mall for a long time. You've come after maybe two months.

You know, this is the shop that you want. This is what you would probably like to do. If you want to hear music, music is made to your taste. For example, the lyrics, the song you will all combine quickly and create a music out fly. If you like to buy a shoes, Nike, for example, if you go to us, you could actually go and construct a Nike shoes for yourself.

And if you get into manufacturing 4.0, you would actually be able to produce a car by talking to an API, sending a signal to a factory, which could be anywhere in Vietnam or China, which may be free overnight to produce maybe those 20 cars, which could probably have your name written on it because you carry some impact in, in some site of the world. Right? So what I'm trying to say is hyperpersonalization is likely to be one very important business model.

Again, fundamentally it comes back to identities. The third one, which is actually below is access versus ownership.

Now, this is important. All of us here are aware about access versus ownership. Cloud. For example, is one such big example of access versus ownership, right? You don't want to own stuff. You want to use stuff, right? You don't wanna probably own a house. You want use a house. You don't want to own technology. You wanna use more of the SA and stuff, stuff like that. So I think there are a lot of business models, which are evolving. Airbnb could be one very important one. Uber could be one very important. One. Fundamentally what it means is access versus ownership.

You don't want to own an asset. You want to be able to use an asset and you want to be able to use another asset tomorrow. And all of that is possible because of digitalization of business, right? And what's happening in the digitalization of business. What's happening is typically around three.

You, you can kind of put them into three buckets. The first one is digitalization helping you to enable businesses growth through digitalization, which means if your companies are investing in digitalization, those are for those aspects, which is enabling you to grow your business. The second one is efficiency, which means something which enables you to cut down the cost, create efficiency, could be bots that you're trying to write. And the third one is an experience where you give better experience to customers or better experience to anybody internal or external in your organization.

So anything and everything that you do from a digitalization perspective could probably be sitting in any of these three buckets. Why am I trying to talk to you about business models? I spoke to you about identities. I spoke to you about the fact, how do you construct a digital identity? And then I spoke to you about business models. Because if you see there is relevance between what is happening in the world on one side, in terms of business models and how people have started to look at identities.

So I may want to end this here by saying the, the, the section here by saying that identities to drive business models, identities are likely to drive business models. Couple of examples here, any business that you take could be divided into front office, middle office and back office, and the front office could be adoption in the cloud. Your front office could be the sales office could be the product office and so and so forth. It could be mobile app integration, WhatsApp integration. It could be KYC. For example, O KYC, for example, the middle office.

If you were to look at an insurance would be auto claim auto underwriting. So for example, if Analyst come in, because office background, etcetera, etcetera, the company may not want to auto underwrite. Me or the company may want to auto underwrite me and so and so forth. Right? I don't know if anybody here has heard about usage based insurance. Has anybody heard about usage based insurance? This insurance is typically when you buy a car, you end up paying for insurance upfront. Why do you want to pay it upfront? Right? When you use the car, you pay for the insurance, right?

So when you drive the car, you pay and you get a bill on a WhatsApp, right? If your driver drives the car, maybe your bill is higher for the day. If you drive the car to a particular area, which is more accident prone, you probably end up getting more bill on that particular day. So usage based insurance, again, I'm trying to take you back and saying, all of this is possible today because of identity profiling, because of understanding who you are, because there's a humongous amount of data in and around what you do today.

I just wanna summarize this and I'm trying to summarize this by saying, you'll probably not see telecommunication companies tomorrow. You know, telecommunication started with voice, right? Then it kind of evolved into data, right? Telecommunication companies all across the world are trying to buy content companies, right? And they are actually becoming content organizations more than telecommunication organized. You know why? Because they bought the pipe, the pipe lets you fly in any amount of data. Once you bought the pipe, then you need to maybe able to utilize that pipe. Right?

So in India, for example, one of the large companies, which has more than 700, no, I think around 450 or 500 million customers is saying, I wanna give you voice free. I wanna give you data free, but what it wants to sell you, it wants to sell you content actually. And you know what banks, for example, may not be there because it's API banking and you and me are trying to engage with the bank directly through these APIs travels become aggregator. Power is likely to be produced by people like you and me.

I'm sure in Germany and Berlin everywhere, you see a lot of power come up your houses, you actually push it into the national grid and the national grid you're able to charge them or you're able to deduct. And every piece of technology in the power company is likely to change from a net metering to a CRM solution, to an accounting solution because the accounting solutions are not used to not used to looking at they're used to looking at vendors, which may be in, in the space of thousand or 2000, but suddenly the consumers have become producers.

I repeat the consumers are starting to become producers. And again, fundamentally, where does this take us back? It takes us back to identities of who you are, what you do, where you are, what you produce. And so and so forth. Just wanted to take a couple of minutes on what's changing around the entire risk GAT of what you look at, right? Governance was likely to be a control that was appreciated by regulators or desired by regulators, right? Fundamentally, if you just go down to the new threat, actor, investors have become threat.

Actors, investors are supposed to invest in your organizations. They have actually becoming threat actors. Customers are becoming threat actors because you have millions of them. And you're talking to them on a daily basis. You're connecting with them directly, right? Consumers have become threat actors and reputation goes beyond boundaries. Which means if you go wrong in one side of the world, you go typically wrong in all sides of the world. Strategy and planning. All of us here from large organization would want to enable technologies to help yourself to grow, right?

But that itself is a risk. Why is it a risk? Because if you look at the new threat actor, easy access to technology today, all of us are able to get into SaaS and buy technology for the cheapest possible amount and be able to leverage it, to be able to do business, which means there is no difference between the haves and the have nots. If your organization was 10 billion, it essentially had good technology today. I think even a startup would probably have a better technology than a $10 billion company, which means that has become the biggest new threat actor operations.

Can you imagine outcome is measurable every single day. If you look at organizations like Google, Facebook, Twitter, offer that matter.

Tesla, any car manufacturer, anything that you do be to see a retail store on a daily basis, the outcome is measurable. And if on a daily basis, the outcome is measurable. That itself has become the new threat actor. A regulator is tech savvy. It wants all amounts of data that you have and reporting is expected to be high transparency. Can you imagine people don't like even single list of things that you don't put. People have to come up on the stage and say, Hey, you know what?

We are, sorry. We did something wrong, right? So people are expecting high transparency. Let's imagine 20 years from now and Five to 20 and 20 years from now.

I just, I just wanted to kind of take an example, not to kind of sound dramatic, but just assume that you know, you're sleeping one day in the morning and you have a smart watch next to you. And probably you would've heard this, but I want to kind of emphasize this with, with the, with the idea of what we are speaking around your, your smart watch, dips into your Google map and tries to find out that, Hey, this is Monday morning. Traffic is heavy. Let this gentleman sleep a little longer. Maybe after 10 minutes as nudges your bed.

It, it kind of, you know, sends a signal to a sensor which nudges your bed and you get up. And then it sends a signal to a mirror and it tells the mirror that today is a, maybe a Monday you're supposed to do a full body scan. And then you go in front of a mirror, the mirror scans your body. It tells the, it, it knows that you're eaten a little more, which means it talks to the treadmill and, and says that you need to run for 10 minutes more. And by the time you finish your treadmill, it sends a signal to your Gier to say that, Hey, you know what? This guy likes a hot water bath in this order.

And then by the time you finish this, it sends a signal to your coffee machine to say that your coffee should be cappuccino with maybe milk a little less. And by the time you pick up the milk, pick up the coffee, your you go to the table, the news comes up. And by the time you finish a break, first, it talks to the car and the car knows that it has to take you to the office, which talks to a bot in the office to say, Hey, you know what? Please send all the reminders to so-and-so person before he walks into office.

Now sounds a little Dramat, but believe me, all technology pieces today are already available, right? It's nothing new that I'm talking about. It's only a way that you're going to be able to construct this in the near future. And why did I speak about this? It's all to do with identity. It is me at the rate watch, which has got a machine identity at the rate bed, which has got a machine identity at the rate mirror, which has got a machine identity at the rate treadmill. All of this, what you see today are likely to disappear in the near future.

And all of them would be able to talk to each other, which I think more or less are, most of us are aware about. So it is human identity at the rate machine identity at the rate ability to talk to each other.

I mean, we are walking into a very complex scenario, not, I mean, it's kind of staring us in our face 20 years from now, but the important pieces, where is all the data that we spoke about when I spoke about the fact that I will talk to the middle is talking, the watch is talking, the Giza is talking. All of the data necessarily has to be in the cloud. You don't have a choice because it has to be in the cloud because it has to evolve into a model to be able to support you back.

Which means just about every business model, which has got any dynamics around experience has to be sitting in the cloud, right. To, to leverage and to give you the right experience is, And finally what you construct the data I keep seeing data is like water, right? You have GDPR here, but data is like water. You know why? Because you construct a small piece of data. It gets into the larger piece of data. Suddenly the context of the data changes, right? The data that you have and the data that I have could be the same.

It would be similar, but the context in which you hold the data and the context in which I hold the data could be different, which means the GDPR, for example, should ideally be different contextually. I may need to protect the data. You will not need to protect the data, right? So it's becoming important that we would have to start tagging the data contextually today or tomorrow in order to create a good framework that is likely to last us for the next 30 years. All of that is fine. Interestingly, we still struggle to get the basics.

Right, right. We still don't have the full definition of privilege identities. Do we onboard all the users? Do we onboard a standard user on your, maybe a unique system or a windows system? How does one manage the lifecycle of bots? How does one manage API credentials?

Do you, do you actually put them into a lifecycle or not put them into a life cycle and do you even manage hardcoded passwords? And I'm sure technologies available for hardcode password, but these are some simple things in life. Unfortunately, we are not able to construct. We are not able to construct a meaningful solution around to ensure that the outcome goes into the risk management bucket, which is then useful to your risk managers and your CEO and so on and so forth.

Most of the organizations have invested in different systems like the IM the Pam, the IEG, the adaptive authentication, the CIM. It's becoming difficult to try and ate and creating a single vision around the identity of what you want. And just compare this with the business. I think it's not who you are losing. It's not cybersecurity. You're losing business. If you were to kind of just twist this around, you would realize that the organization tends to lose business. If you don't have a vision around single identity.

So my take is in the next two or three minutes, reimagine identities, subject the organization to digital risk assessment, follow the identities, triangulate the use cases and create a universe of identity identities to enable businesses to grow, rather than look at it at a cost, stop, looking at it as a cost. It has got a high impact return on investment for you because organizations are likely to be different and try and work with your identity solution provider doesn't mean doesn't matter whoever it is.

I'm sure all of, all of them would be able to take you through a maturity curve, global trends, two emerging security domains, the security challenges in 2022, where big game ransomware increase attacks and identity systems and attack on digital supply chain, deeply embedded. The, the ones that you see where in somebody's actually put a bot or somebody's actually put a code, the impact on cybersecurity practices. Refilming the entire security practice, rethinking technology and responding to new threats. The concepts coming in is identity, threat detection and response.

That is the trend, which is likely to come up and which is coming up. And of course there are a lot of stories from the frontline about what has happened to the colonial pipeline. What has happened to Okta, for example, what has happened to water cybersecurity? For example, people have lost millions organizations have lost millions, right? Okta is a very interesting recent example that the identity provider itself is getting hit. So solar winds, they actually lost their administrative accounts. And so and so forth, machine identity are fast growing frontier of security.

What we are doing here as an organization towards the end of this is we, we understand these strengths. We understand the problem statements that you have, and we've created a larger platform to be able to engage with people like you and me, to be able to understand where does one want to move in terms of trying to create a single identity vision and incorporating in all of this is the multi-cloud governance, which becomes very, very important for us to look at today and incorporating in all of this is triangulation with contextual data protection.

If you believe that this is something that sounds interesting for you to probably construct, I would encourage you to talk to us. And we believe that our strategies aligned with the global trends, lastly, to just kind of end this presentation. This is the identity threat detection and response it D R is a new terminology. I think I'm sure Cola as well as Gartner. I think they've all kind of looking at I TTR as, as the new terminology for, for, for the trends, which are coming up. And there's a lot of aspects that you'll see on the left.

I will probably not take you into these, but I, I just want to pass on a message to say that are con as an organization takes the boxes for almost all of these, because we are trying to construct with the same thought process that I was trying to speak to you about. So happy for you to talk to us at any point in time. Thank you so much.