KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In his talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will look at the concepts behind Decentralized ID and its current state. Based on that introduction, he will share his perspectives on how Decentralized IDs can improve the cybersecurity posture of organizations for different use cases, including workforce, business partners, customers, and citizens.
In his talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will look at the concepts behind Decentralized ID and its current state. Based on that introduction, he will share his perspectives on how Decentralized IDs can improve the cybersecurity posture of organizations for different use cases, including workforce, business partners, customers, and citizens.
I'll, I'll try to be quick, quick, very fascinating by, by the way, Paul, I, I'll, I'll surely borrow the stupidity quote and refer to you as, the hope I have a bit is while there's no patch for human stupidity, there may be a pitch patch for AI stupidity. So a bit of hope remains So beyond centralization cybersecurity. Now I look more at the cybersecurity aspect of, of decentralized identity today, and I thought it was a slide I used in a another keynote already, which is when we look at zero trust, what does it mean to identity, to attack chains and other things?
So again, zero trust, less established term and established concept. And what we have is zero trust doesn't start with security, it starts with identity or security starts with identity. I think this is the point to make here. That's where the things start. Me Martin is using, I'm using a device, go our network to a system, an application or a SaaS service. Then it's combined, do something with data and it's all powered by net, by software. So what it starts with identity, and then I have the access part at some point.
And maturity of cyber attacks start with identity again, security starts with identity and attacks. Start with identity based attacks. It's really that point we should be always aware of, which now used to place malware, some lateral movement, getting access to more systems, gaining access, oh, identity and access management, stealing, data spreading versus software, software, supply chain attacks, et cetera. It's really, things start with identity and that means we need to get better when it comes to the identities.
And this is where the decentralized identities thing comes into play because when we look at it from a cybersecurity perspective, then and say at the end it starts with identity, then we need to look at how can we get better here. And to be honest, what we do is identity management is weak in many, many areas. So a good proof of is this really Martin rarely happens. We do it frequently, indirectly.
So okay, if, if Martin can pay that purchase on that e-commerce website and the parcel doesn't come back, then probably things have been going, were were correct. But at a certain point it get, it starts to get, become a risk because above a certain value, a certain threshold, the risk is too big. And we still don't usually don't have really good proof of margin. So we need something which is better.
And this is where the concept of decentralized identities comes into play, where we have an identity and a proof of the user, which is registered and which then can be used to authenticate and to authorize to a service. So it's about getting a, a verified digital identity. I can reuse it's decentral in the sense of it's not the account I have at Amazon, the account I have at co call Analysts, the account I have here or there. And we all know it's also totally annoying.
You know, you, you do something and then whatever, more or less every time when I try to to, to purchase a ticket for my favorite football club, I still need to remember, oh, which account did I use? And then this goes through the email address and I have a.info and that dot the e email address and.com. Sometimes you need more because they say, oh, you already used that. And then I used the other one, I don't know which was the last one.
It's, it's so much. 1980s, it's not really fun. It's outdated. Most of the stuff we are doing here around identities is outdated. When do you get an organization and they say, okay, I have here a freelancer.
So, or a third party working at a, sometimes it's just not managed well. So, so even, even with the, the physical security people in, in many organizations using shared accounts because there's so much change and no good management process doesn't make sense. And then the process for onboarding is expensive. There are people you, you queue, you're paid as an external contractor going in. There are other people working on a process, costs a ton of money.
So these, these decent central identities have massive weaknesses and they are not good. So it's cumbersome, it's expensive and it's weak. More or less the typical way we deal with identities maybe a bit over the top as I phrase it right now, but in tendency, I think that's the fact. So if we say we have one or few, I believe it'll be probably few decent settle so to speak, identity improves, which are really strong and verified and I can do a lot more.
There's the concept of a distributed lecturer than usually behind, which, which allows us to, to manage the relationships between different parties. So me and whatever the, that retailer, me and that government or who, who, whomever else, helpful different ways to do it. I see that some, some of the concepts we're currently looking at are, are a bit too technology focused and not enough use case focused. So I think that is something where we need to be very, very clear about for everything we do around decentralized identity. The thinking of it should be what is the use case?
What do, what people want to do? And I have for instance, have the strong belief that a wallet only will be successful when it works globally and seamlessly. And the sheer idea to say, oh, we distribute a wallet in a region like the eu and this will foster a digital business and make you great again, sorry, it's the wrong way. Enable the business and may maybe do some other things, will, will be much more powerful. But anyway, we will see a tendency, we have a tendency, we see this concept, it's established and it's something that helps us in many areas.
So a bit ago we, we, we asked about where do you see the, the biggest value of decent last identity? And surely there's the consumer space and I would also say the citizen space of the three C, consumer, customer citizen, which is a very important one, but there's also a huge opportunity in workforce. There's surely this privacy thing.
So I control which data I share with whom ideally under some sort of contract in the sense of I share it only for a certain time, for certain purpose, et cetera, which is I believe very important because it potentially helps us getting the data we need without all this, oh, I don't give consent et Right. Maybe also getting rid of all this annoying consent yes, no messages.
We, we, we, we see permanently. I think we need to do it better and we can do it better. And decentralized identities can help.
What, what I believe is, and this is where where then again goes back to, to identity and, and improving identity and security that is, and also for the enterprise, that was one of the things in the title. It is something which can help us do a thing a lot of things much better. I have a slide, which is, so I I would, if someone says, okay, this is a bit oversimplifying, yes it is, but I think it's should be helpful to to, to explain the idea here.
And the idea basically is you say, okay, I have this wallet, so I have a wallet, a few wallets, and by the way, hopefully these wallets will be interoperable. So if I have a proof, I can say, oh, I want to have the proof on on my other device, the same proof without doing much. That should be the minimum. If this doesn't work, it's, yeah, I will try to avoid the term grab here.
It's, it's not perfect. So we, we, we need to do do it in in in, in a really smart way. If I change my device, if I go from an Android phone to an iOS phone, or if I want to say I need this proof on my windows, PCN on my iOS phone, it should work seamlessly. Everything else is nonsense. If it doesn't work, throw it away. So I have to prove I have an EID name and address verified.
I did a, some sort of good identification here. So it's something trustworthy, it's well protected. And in onboarding process and enterprise, I didn't just bring this proof and say, okay, and the the organization knows, okay, this is Martin. And that issue them another proof, which is Martin is at Analyst and he has the role of a principal Analyst. And when I access something, I can do authorization much better. I can get rid of static entitlements of standing privileges because I say, okay, here are the proofs.
And the policy says if Martin is at being a call, Analyst in the role of principal Analysts, he's allowed to do that. And if he's in that project, he can access this team's folder, et cetera. We can do things much better, much easier with a much better governance here. If you do it right, we can onboard as partners. So Martin is in a project that's somewhere, okay, I show my proof, oh, it's Martin from Analyst, principal Analyst, we want to have him the project, we give him project proof and he's whatever, a clerk in that project.
And again, authorization happens. So what we can do is here we can do get rid of standing privileges and standing privileges or, or static entitlements. They are the root cause of all bad in identity and access management because this is why we have roles recertification, all the other annoying things where, where we need to provision things to set static entitlements in another system. All the things which are painful in identity management come from there. And so if you can get rid of this and we can, we will be better.
And a dynamic proof of a current state of a or a current, a dynamic track of a current proof is much better than having ridden a year ago that Martin has access to this and then we have forgotten that he's not in the project anymore. Much better, much more secure. It's the better way. And this is about cybersecurity. This is where we get better in security. And for work from anywhere, it's super important because a lot of people don't, don't ever touch base with their employer anymore. They're not coming to the office.
Okay, it's getting a back a bit, but also for all the B two B use cases that we can do a ton of things much better so we can get better in security. We can, by the way, also reduce process costs because these, I mentioned it earlier, these processes are cheaper. They're cheaper than today's traditional onboarding processs for employees, for partners, for everyone, much better. And it works, it works seamless.
You know, today we say, okay, we have our HR and then we match the identities and give some birthright entitlement and manual entitlements with ized identity. At the end of the day, we just have another way to come in. We can say, okay, it comes, the people come in right at the wallet, they're automatically verified. The matching is better because we know who they are. We can get rid of a lot of these entitlements factually here or of these steps if we do it right.
So basically we can integrate, we can move forward with policy-based access controls, but we also can just improve existing identity management. And that means also we can improve existing security because we have better proven identities we can use for that.
And so when, when you talk about improving enterprise cybersecurity, then I believe decentralized identities are a super important element because they are the better identities if we do the things right and the main thing is into our ability and when we then think a bit forward, then we end up with all these things around web three and all these metaverses.
It's not one metaverse, even while Mark Zuckerberg hopes that there's one metaverse, but when you look at the current in Germany, we have some TV Edwards about a metaverse and it already makes clear a lot of use cases, all isolated, many, many metaverses and you already have a lot of in production and and sciences that we have a lot of these metaverse things, so to speak, running. But all of that at the end of the day is around decent identity.
When you look at what happens in web three, when you happen in look at what is happening in gaming around web three, when you look at what is and, and in fact the metaverse in some way, then something that builds on these technologies, what is happening there? There are a lot of different elements in technology there. We need to think about NFT security and security for defi decentralized finance and blockchain and whatever else. But we also have one element that is common, that is the decentralized identity thing. That is the common element which we need to solve.
So we need it for everything we, we are looking at in the future. It's a decentralized identity thing. And when we think about autonomous systems, then we only can handle security for autonomous systems and all the interactions and relationship things with a decentralized identity will that work with a centralized identity for all the vehicles and all the components and vehicles and the traffic control systems across the globe? No way only decentralized it'll work. And that's the way we need to think about to get better in cybersecurity. Thank you.
