The Evolution of CIAM and What’s in Store for the Future of Identities

Hey everybody, my name's James Lapa. This is the first time I've ever been introduced as an appetizer for a meal that's happening tomorrow. So just the taste, I promise. Nothing more, not a full meal. So again, my name is James Lapa. I'm the VP GM of the Identity Business Unit at Interest. I'll do a quick little snapshot on the on interest and who we are and where we fit into this identity world, but just some, just some high level snapshots. So I'm gonna cover off consumer identity and access management interest as both workforce and and consumer. We have a lot of evolutionary stuff happening in consumer side of the equation. Get into some five building blocks with respect to our thoughts about consumer identity and access management and its evolutions, things to consider. So, you know, we're seeing the perimeters gone. Identity is the number one, you know, security methodology to protect, you know, corporations and consumers.
61% of breaches are really compromised credentials. This trend is kind of, if we have a trending S-curve chart that we kind of track on this and from the nineties going into now that that trending is really around compromised credentials. Pretty soon I think we're gonna see 80 plus percent of, you know, credential compromise as the number one breach methodology. You know, 52% of companies, you know with 10 billion plus in revenue have had fraud happen to them in the past two years. The digitalization age has happened. Fraud is becoming more and more paramount. Fraud is this big trending thing that we're seeing, especially from banks, FinTech organizations and some government entities. How do we stop preventing fraud? How do we create a friction free environment while, while fraud protecting, and I'll get into some examples of that coming in, 88% of of our customers, retailers, banks, government entities are paramount and first and foremost around CX customer experience.
How do I create a friction free environment in my consumer oriented activity? So what we're seeing trending wise is, is a mobile first experience. There are huge swaths of geographies, Africa, others that are still kind of nascent in the mobile side of the equation, especially on the smart mobile side. But the penetration rates have surpassed what we're seeing otherwise. So this mobile first experience is becoming paramount. Privacy and security are everywhere. There's government regulations, California Privacy Act, gdpr, the list goes on and on. Canadian Sovereignty Act. So the privacy and sovereignty issues are, are paramount in cm. You cannot move without kind of considering these geo or these regulatory stuff. Hipaa, CJs, the list goes on and on. With respect to security and privacy, again, I'm triple downing on the on, on the fraud aspect of C I M. We are not as identity professionals.
We are not isolated from aiding and assisting and being a contributing beneficiary, not a beneficiary. A contributing variable to helping kind of banks et cetera with fraud reduction and personalized engagement. So we've been doing CIM for over 15 years. Back 15 years ago, it started off in a very generic ubiquitous methodology. Now we're seeing more and more personalization requirements as part of that CM experience. A quick snapshot on interests. We get this credit a lot. We've been in business for about 52 years now. One of the most common things I heard is tell me about interests. Who are you? So I'm gonna take advantage. I got you all trapped and went room to to let you know about that. So we're almost a billion dollars in revenue.
You know, we have thousands of partners. We got about 200 million identities that we are currently and actively protecting on an ongoing basis from our IAM platform, from our machine and user identity, from our 5 0 9 PKI strategy, we have been doing physical identities for well over five decades. There's a 90% chance that one of your smart cards in your wallet has been generated by some interests technology. So we've evolved from that physical identities of credit cards, smart cards, access cards, passports, and into the digital identities. We're a leading player in the DTC digital travel credentials activity. The UK home office is an activity that we're fully engaged in. And again, the issuance of digital and physical identities has been around for about 50 years for us now. So now c i M has historically just if you, you know, if you take a look at it from a rudimentary perspective, it's really been around mfa.
So what we've seen over the last 15 years is really we're being asked to and being demanded to kind of how do you secure the full customer journey. So what I mean by that is we have to take a look now at onboarding has a phase of cim, right? So historically it's, you know, we can interconnect with your active directory or with your customer database and then start taking, you know, on the journey of mfa, you know, authenticating against your varying services for banking or for government entities. But now this is being, the spectrum has been expanded and broadened. What I mean by that is really onboarding. So we're seeing a high demand and a high requirement for ID proofing and ID verification as part of the CM process. So verifying remote. So digital banking, remote work, digital citizenry has all taken shape quite strongly.
So this high requirement of idv ID proofing has really become part of that whole securing the customer journey. Lots of ID proofing exhibitors here, lots including ourselves. Lots of presentations on that. So how do you register with ID proof? We're seeing the ID proofing not only for onboarding and account opening, but what we've seen is a couple banks and a couple government entities. When you're getting into that fraudulent equation, how do you use ID proofing and id ID verification for high, high risk transactions. So has a step up methodology. So people are using ID proofing as a authenticator. If you're trying to transfer, I don't know, a hundred thousand dollars to a Nigerian prince, we've all gotten those emails and you happen to be wanting to do that. Bank sees this high risk transaction and literally would force you to do a step up and to Id proof yourself, verify your government issued Id do a liveness self check, make sure that gets validated, use that as an authenticator and then move on.
We're also seeing with onboarding, so digital signature has become paramount in consumer identity and access management. See the ability to digital sign terms of service and also digital sign transactions like mortgage papers and whatnot as we go into the transaction side of the equation. So that is the another variable of the evolution that we're seeing in consumer identity and access management as we start to build on this. It's really create and authorized. So now we're getting into the account creation. With account creation comes consent management. What are you allowing or disallowing that consumer to do? What is that consumer allowing or disallowing that bank government entity retailer to do or to do not? So consent management is super strong in centralized cm and also as we all know, verifiable credentials. Consent management is a key piece of all the decentralized identity that's evolving as part of the C I M strategy.
Provisioning entitlements, right? Huge criteria, especially around oof API protection, API access controls. Historically, five years ago that was a nice to have. Now that whole API access management API protection methodology is a core requirement of of the CM and enroll based, right? So we're seeing Rach as we saw that very strong in the workforce now we're getting mandated and asked increased policies, increased role-based access methodologies for your CM strategies. Next part of the build, and I'm probably gonna spend a little bit more time and not on on this cuz this is what we feel has the, been the biggest evolutionary part of C I M. So what we're seeing is risk based authentication and adaptive MFA becoming paramount in that. So we have been evolving our risk, our RBA strategy, external risk engines are mandatory. The ability to provide and take in risk-based variables so that you can make your decisions.
Risk-based variables include all the rudimentary stuff of I P G location of, sorry, lost track. I dunno that water was for me. So I P G A location, et cetera. But what we'll also see is an increase around two forms of risk-based is session oriented and U E B A user behavioral analytics. So the ability to take in information around how a user is behaving with his or her or they environments really around mouse movements, how many times they're inputting their sin behavioral around day and time. So this is very applicable and we're seeing a lot of, we're applying AI ML capabilities around that U E B A, around that learning behavior around that kind of data. So behavioral analytics is, is a contributing variable into that RBA profile that we build. And also session based stuff. I mentioned that Nigerian print and that a hundred thousand dollars.
So if you're in session, if you're learning about that transaction, if you're learning about that behavior, if you're doing an anomaly of that, you don't transfer money and now you're transferring, you know, large quantities in a frequent environment. So getting, being in session, receiving that information, receiving those anomalies, building out that risk based score is very, very important. Also, what do you do with that variable, right? So we have a whole bunch of methodologies around step up authentication. You can just make them step up, do another just base MFA strategy or then you can go super high assurance around your ID proofing has an authenticator methodology around that. Or if that policy is broken on that individual, you can block also by using AI and ML against that risk profile. You can start to take a look at patterns. So one of the benefits of the cloud is that we have the ability on a CIM strategy to take a look at that whole portfolio patterns around fishing patterns, around RBA patterns, around anomalies, around transactions, and make either universal step up, universal blockage or just monitor and track.
So RBA is a critical variable. We've used to see it as part of features and functions as part of RFPs, rfq, and as part of our analysis with banks as an instance. But now it's a full fledged core requirement coming up. Also, certificate based CBA certificate based authentication is a rapidly emerging on the workforce side, we're seeing a lot of high assurance certificate based authentication, X 5 0 9 predominantly Fido standards mixed with authentication user certificate based strategies coupled with device certificate based strategies. Now you have two forms of au you know, high assurance authentication entering into your MFA world, allowing for a high assurance passwordless strategy on the consumer side, mostly 5 0 9 on the workforce, to be honest, on the consumer side, the evolution of apples and a androids use of PAs keys on the 5 0 2 standard. So, you know, they don't have to worry about key or key control management.
So we're seeing past keys coming up at a really rapid race, la, Latin America, Western Europe, some Asia countries are kind of mandating that high assurance certificate based off for your consumer I am strategy is becoming part of that. So another consideration of of, of the evolution of this, and of course as we all know, continuous off, it's not just my analogy I use for my kids, they don't know what I do. I just think we do mfa, MFA's, like, you know, letting someone inside the house, but once they're inside the house, there's no control. So now having, you know, continuous control around mfa, around transactions, around activities, around time of day and around kind of lag time, continuous authentication is a rapidly evolving evolution. CX is paramount. I'm a security guy. Been a security guy for 30 years. Another analogy, another house analogy, sorry for boring you on that, but another house analogies, well, you have to lock your front door.
It is a form of friction locking your front door. Security is a form of friction, but keeping CX paramount and upfront and early in your decision making process of trying to make that friction free, trying to make that customer experience well, trying to make cart abandonment that you are not a contributing variable to cart abandonment, making that a very low variable. So progressive profiling people change, people do different activities, continuously profiling individual subscribers, applying the goods and services security levels required for that very important compliance. It's, it's, it's a, it's a positive but also a weight that we all bear Becoming compliant is a core requirement of that. So mapping that into your c I M strategy
And now finally just the, the, the second finally. So around the evolution of stuff, self-sovereign identities. So really we're seeing the ability for decentralized either blockchain or other decentralized identities is becoming more and more pronounced. We don't have any ambitions to be decentralized or a DLT platform. We do have ambitions to be able to take self-sovereign identities, take consent, mar management, take verifiable credentials. As an example, we have currently three pilots going on in the decentralized building wallets, building back office capabilities, being policy capabilities around work, live and learn really around citizen decentralized identities. So the ability to have your work credentials, your educational credentials as verifiable credentials in a decentralized government digital ID strategy. So we're seeing a lot of that play that'll obviously enter entering the enterprise, especially the educational credentials, the work credentials, making those all verifiable credentials is a key part of the cm, greater control of personal data. Improved privacy. P i i is super important for us. We don't hold data. We have strategies, consulting and methodologies to help simplify that. Wrapping it all together. I mean it's, we all live in a rather large ecosystem. Social logins are becoming key. Integration with third party systems, different DLTs, different FinTech back office systems. These are becoming more and more and more pronounced on a daily basis. And then mobile, mobile SDKs and API development are key criteria for that.
Thank you. Hopefully this is useful.
Thank
You. We have a booth and if you want to spam me or do some fishing, there's my email. Give it your best shot.
Thank you James.
Thank you. And we
Have a few minutes left and it's very good because we have numerous questions. One question from Wolf, from Weber, every citizen is a customer to governmental organizations. Still this isn't realized by those thus is just a matter for private businesses? What's your thought?
Sure. Well, C I M is, I call it capital C, it's consumer and citizen. So roughly on our CM business we're 50 50 around government entities and around private businesses. Most mostly around banking retailers. So airlines. So utilize us for c i m customer experience security as they journey into that. So yes, c i M is super applicable. It's part of the seas, it's the customer part of the sea and citizens. So yes, absolutely.
Okay, thanks. And then another question. We want to do continuous authentication, but how can we do it in a seamlessly seamless way? Thanking the user experience.
Okay, I don't have enough time for that one. So, so, so, so, so that's, so that's a deep dive would absolutely. Again, james.la Palm, that interest reach out. I mean there's a whole bunch of methodologies depending on what you mean by continuous, depending on the integration. Is it a CASB integration? Is an API integration? I mean there's a whole bunch of different ways of, of gathering the data to provide. So we have to be session oriented. We have to gather the data to apply the continuous mfa. So depends on your environment if you're, do an workforce, consumer, what your ecosystem is. But it's all, yeah, lot, lots of venues, lots of things to talk about that. So,
Okay. So anyone of you, if you have more questions, add them to the app and you'll be able to answer them through the app as well.
Oh, okay. Yes. Sorry, I didn't mean to take away from the app, so Yeah.
Yes, sorry. No, so thanks for your presentation. I think we've seen a lot of the trends. A very good summary of the state of CM as it is today. And I also, for me it was very insightful. Thank you very much, James. Good.
You're welcome. Hopefully it was useful. Thanks guys.