Event Recording

Human-Centric Identity

Log in and watch the full video!

Security vs experience. Platform vs best of breed. Fast vs thorough. The identity technology world forces us to make trade-offs. These difficult decisions are an endless exercise in technical and logistical nuances like developer and IT resources, product licenses, integrations, and deployment methods. 

Get ready! We are entering an era where IAM professionals can rise above those tradeoffs, and rapidly evolve from technical experts to experience artists by using solutions that customize, code, and integrate for you. This means humans can focus on what humans do best: creating amazing experiences, differentiating from competitors, reacting to market trends, leveraging innovations like decentralized identity and partnering with business owners to anticipate and exceed user expectations.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
So, if you've digitally engaged with an organization recently, perhaps your bank, a retailer, your healthcare provider, a government agency, you may have left that interaction. Wondering why does this have to be so hard? Why does it have to be so hard to get access to those sites? To that information? Sometimes it feels like a robot actually created the login interface. It's certainly not human centric. I'm Candace worldly, chief product officer for ping identity. And it is amazing to actually be at a live event after two years of very few live events being here with you. So we can share information, learn from each other. Is I better grab the clicker, guys. Sorry about that. So
Today I'm gonna share my thoughts on human identity, what it means and why it's hard to achieve the trade-offs that we often make that add complexity to that process and how those complexities manifest themselves in the user journey. And finally, how we can make this better in the future. Now let's start with what is human-centric identity? My definition of human centric identity is that we make it almost as invisible as possible to the end user, that they even encountered an identity experience. Let's be realistic. Users are not looking for a better identity experience. That's our word. They don't actually care. They just want easy access to their bank account, their travel profile, the lab report from their doctor. And they wanna do that in a way where they don't have to fear that something bad's gonna happen because they logged in to some site online.
Now don't, we will always, as identity practitioners have the unenviable job of trying to figure out how we make digital engagement, both secure and simple in the process of trying to accomplish this. We make trade offs, this or that. Now humans have been making trade offs for a long time. We're all pretty used to that. By the time we become adults now in the earliest days of human existence, those trade offs were a little harder to accept. Be the fastest runner be eaten by lions today. Those trade offs are a little easier to accept the fancy sports car, the beach vacation, or post COVID. Do I have a second dessert or do I fit in my suit prior to the identity conference in Berlin? A few of us maybe had to like try two suits on before we actually came to the conference this week.
Now companies like most of us wrestle with the idea of, or, and the implications that it has for their business in the digital age, making those trade offs can mean it, you, it make it difficult to reimagine how to respond, to changing environmental business and marketing requirements and ultimately delight your customer. Now, for example, what's the best approach to dealing with multiple user populations, employees, B2B, B2C, B2B to C pick your acronym. You must choose between all customer and workforce identities on a single platform to drive efficiency and consistency or diversify identity platforms in order to achieve risk mitigation from a single point of failure or attack risk. Now you must choose between a single platform that delivers efficiency, but limits you to good enough capabilities or a best of breed solution, which means you get the best solution for your organization, but at the expense of operational efficiency and vendor sprawl, and in the age of digital delivery, the natural tension between great digital experiences and securing those interactions has increased.
The choice is often soften security restrictions at the expense of the user experience or maintain a stringent security posture at the expense of customer dissatisfaction and account abandonment. Now in a time when cyber attacks are on the increase trading off between security and user experience is a lose lose proposition. Human-centric identity means equal weight for both security and experience. The only way to be sure that you're delivering secure and great experiences is by permeating intelligence and orchestration throughout your identity platform and the products and services that reside on that platform. Many identity solutions already incorporate adaptive capabilities, adaptive capabilities. When woven into the business process workflow with orchestration can dramatically streamline and make simple, the user experiences you deliver to your customers. Now in a time when, excuse me, we just talked about a number of tradeoffs that we have to make as organizations and those tradeoffs we've been making reduced risk, but by doing that, they also introduce complexity into the process.
Now, many organizations wanna hybrid cloud, but making that choice means they're gonna either have to deal with multiple infrastructure cloud infrastructure vendors, or they're gonna have to deal with a combination of an on-prem and cloud provider. They also wanna limit the number of applications that are being leveraged in their organization, but the ease of application access by their user population via app stores makes that almost impossible to control. No matter how security actually is worried about breaches that result as after passwords are stolen or password spraying or other types of identity attacks occur while the legal and governance teams are more worried about privacy regulations that may impact the company financially, if they're not complied with. And finally, you have to think about your stakeholders. The identity teams are having to manage all of those things across a diverse set of stakeholders, making their jobs much more difficult.
Now, all the things that we talked about lead to complex administrative requirements and far from frictionless user experiences, this flow diagram illustrates a typical user journey. As you can see, there are a lot of steps here. Now, the world we living today has little tolerance for bad digital experiences. Pause for just a minute and think about the last 72 hours. How many times have you had to engage with a website where you had to deal with a password given you haven't traveled for a while, maybe a password reset, a challenge question, multifactor authentication. Sometimes it can be incredibly frustrating. We're all professionals in this particular industry. And even we, as professionals can find that incredibly frustrating. We understand the requirement for that protection. And yet every time we have to reset a password, it makes this a little crazy. At least it makes me a little crazy. Maybe you guys are more tolerant.
The other thing to think about is how many times have you or someone in your family deleted an app off your mobile phone? Because you found the experience with that app was just too difficult to deal with. There were 10 other apps on the app store that did the exact same thing. We're in a world where the tolerance for, for difficult experiences has eroded to the point where people just move on to the next vendor. Now let's inspect this journey a little bit closer first. There's no single fraud vendor. That's gonna be able to deal with everything that you need to have handled. So you're gonna need to deal with multiple fraud vendors to get a single fraud check. That means you're gonna have to integrate multiple fraud vendors. And that can take months. If not weeks, you'd like to be able to test different scenarios for an AB test, but developing those tests and actually CRE operationalizing them is extremely difficult for your teams.
That's time and capacity that those teams could be spending on revenue generating activities. Finally, there's limited adaptive authentication capabilities. A lot of companies wanna do MFA everywhere today, but that introduces friction into the user pro or the user experience at the beginning of their engagement with you. You really only wanna do MFA when the risk is high and avoid using it when the risk is low. And finally you need to do progressive profiling. And if your vendor doesn't provide that, it means you're gonna be asking for a lot of information from those users up front that's friction in the process that may result in them, abandoning the engagement with you and moving on to a different vendor.
Now, what is the solution? Identity orchestration is the solution. Leading orchestration vendors or solutions deliver a flexible low code adaptive framework. That's gonna allow you to create omnichannel seamless user experiences. It helps you solve that disjointed experience that we just looked at on the previous page. Now it reduces the amount of time that your developers have to spend integrating applications, creating AB tests, operationalizing AB tests, and it frees them up to be spending time on the things that are generating revenue for your organization now. So what are we going to accomplish with orchestration? So humor me for just a moment. My husband likes to tell me that form follows function. He's an engineer. So this usually is a conversation that occurs when we're in the middle of a home remodel or we're working on landscape and I want it to look great and I want it to be simple.
He wants it to meet the technical specifications. Both are important. My question at the end of that conversation is why do I have to choose between something looking great and being easy? And at meeting technical specifications, if we think about the identity world we've been living by the mantra of form follows function, form follows function is the equal to security Trump's experience. So why do we make our customers choose? Why can't we deliver both? That's certainly what they want going forward. We need to enable the individuals in your organization responsible for identity and designing and developing user experiences to do that development. Not only through a technical lens, but also through an artistic lens. We need them to be able to translate identity technology, into experiences that their friends and family would embrace. If any of you have ever had to be it for your friends and family, you know how much you would really like those experiences to be easy.
Now, how do we accomplish this? The approach is a no is no code integrations and automatic automated workflows. This means you no longer need to do complex integrations between applications. You no longer have to develop those AB tests from the, from ground up. And you're using your coding resources where you can actually generate revenue. Now, automation is a critical part of this effort because it reduces the manual steps or manual effort that historical approaches have required. Just imagine all the possibilities. If you could take your developers and put them on revenue, generate and activities, instead of integrating applications patients. Now, we look at this flow earlier and we talked about how the complexity of this flow manifested itself for your users. Now, look, let's look at the impact that orchestration will have on that flow. Once you've applied it, here's how the experience evolves with orchestration, from something that was annoying to users, to something that delights users first, by integrating multiple fraud vendors into a single fraud check, you can reduce your risk and increase the number of customers that actually convert to full-time customers. By AB testing, you can optimize the experience for your users. Learn from that AB test and evolve your experience over time. As a result of that feedback, you can balance security and convenience with adaptive capabilities. You can only use MFA when the risk is high, or there's an indication through the contextual elements around a given interaction that it's likely fraudulent. And finally, you can personalize this experience through the profiling. Basically you can create experiences that are personalized for those users in a way that helps them understand that, you know, what's important to them.
Now, I thought it would be worthwhile to provide just a little bit of information on how you can start your journey to human-centric identity. Now you can do this without orchestration. It's obviously easier with orchestration, but first embrace the idea that no single vendor is gonna give you everything that you need for an end-to-end identity experience, select an orchestration partner that allows you to choose the identity solutions that are most appropriate to the business requirements for your organization. A good orchestration partner is gonna allow you to select the best of breed vendors, excuse me, the best of breed products and integrate those seamlessly into your user experience. Second, they're gonna allow you to do AB testing so that you can optimize that experience over time to ensure satisfaction on the part of your user's employees and partners. And finally, it will enable you to essentially develop user experiences that are customized to your vertical, whether you're in banking, retail, healthcare, whatever that may be, you'll be able to create user experiences that appeal to the best practices and preferences of the users in that particular space. Now the identity industry started with identity and access management, and it's been kind of the same for a long time. Obviously we've evolved this industry. I'm not certainly not saying we've stood still, but from a user experience perspective, it hasn't really changed. It's not exactly human-centric in terms of our approach.
The approach has been squarely in this space for a long time. And the intent was to ensure secure interactions and rarely has security been compromised for user experience. Certainly not intentionally. I mean, occasionally I think, you know, something happens and it goes really well, but for the most part, security always has trumped that user experience, but the world has changed and user's tolerance for a bad experience. When they're engaging with an organization has eroded over time. They expect both a secure and a frictionless experience from their vendors.
We're now in the second evolution of the identity market orchestrated experiences. We're moving over time to the third. We are now in a place where corporations control most data for individuals. And over time individuals in the world of personal identity will begin to take control of their own identity. Now we're very close to being on our way to a time when individuals will become the administrators of their own identity. And essentially it's the mobile phone that is enabled that with a mobile phone. We're now smartphone specifically for the flip phone users, sorry, you're gonna have to wait a while, but from, for a smartphone, you can now carry your own credentials, merits attributes in your wallet. It's only been since the pervasiveness of smartphones, that personal identity became a potential reality. Now corporations will continue to have some control of data associated with the individual users associated with their organization or in, in interfacing with their organization.
However, individuals are going to begin to gain more control and as corporations as we enter this world of personal identity and it becomes the norm, corporations will relinquish some of their role as the stewards of data. And individuals will assume that control they'll assume privacy and autonomy as they take on that control the tools we need are available today to begin to deliver more human centric, identity experiences for our users. Now it's up to all of us as security practitioners and as vendors of identity to be focused on delivering human-centric identity through orchestration today and through personal identity as we move into the future. Thank you very much.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Evolving Identity and Access Management for the Digital Era

Join Identity & Access Management experts from KuppingerCole Analysts and Broadcom as they discuss how business IT is changing, and the implications for IAM. They will define modern IAM and explain why and how IAM needs to change to support modern app development, regulatory compliance,…


Continual Access Control, Policies and Zero Trust

Trust no one, always verify. We know that Zero Trust phrase already. But this principle is rather abstract - how and where exactly should we do that? Martin sits down with Jackson Shaw, Chief Strategy Officer at Clear Skye to discuss one very important part of Zero Trust: Identity and…

Analyst Chat

Analyst Chat #154: 2022 Wrapped Up - Major Trends in IAM and Cybersecurity

Another year gone already! It's time to take a look back at 2022. Martin Kuppinger and Matthias talk about what happened in the past year and identify top trends in IAM and Cybersecurity. They go beyond technology but also look at processes and business models. By this, they also…

Webinar Recording

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…

Event Recording

The Future of Access Management: The Role of Contextual Intelligence, Verifiable Credentials, Decentralized Identity and Beyond

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00