Digital Identity Reflections
It’s been quite an identity ride over the past three years (2016 – 2018), as I’ve led the leader in Customer Identity and Access Management (CIAM). I couldn’t help but reflect a little over the holidays…
2016 in Identity – CIAM shifts from marketing to security.
Hindsight is great. So if you’re an identity executive and you’re now saying that customer identity is more about security than marketing….well, welcome to the group. However, we had the foresight to predict that and create a 5-year strategy that invested into that thesis, starting in 2016.
- It was the final year of the Obama administration with renewed national conversations about identity and how this era has changed the way we view ourselves and each other.
- Digital identity becomes the backbone of digital transformation according to GEN (Ret) Keith Alexander, CEO and former Director of the NSA
- Australia launches ‘alpha’ version of a new, national opt-in digital identity credential for government services sponsored by the Digital Transformation Office (DTO).
- Underground hacker market cost of full financial information such as name, address, credit card information, social security number, date of birth, drops to $15 per digital user.
- US digital identity breaches rose from 318MM in 2015 to 4,815,012,420 by end of 2016. Securing digital identities becomes the new focus for CIAM.
- Dyn DDoS Attack rocks the IoT security landscape, taking down Twitter, Amazon and Spotify. Identity of Things expands CIAM.
- Yahoo! admits to two breaches which ultimately amount to 3B digital identities stollen – the largest breach ever.
- Vista Equity Partners acquires Ping Identity for $600M (a 6x multiple on projected revenues)
2017 in Identity – CIAM becomes politically charged.
No one could have predicted the level at which customer data was being used inappropriately. Hindsight now confirms that customer privacy is not only important, but if not properly protected can be leveraged to perform the worst actions. 13 Russians have been indicted by special counsel Robert S. Mueller III on an elaborate conspiracy to incite political discord in the United States presidential campaign. Why do we attach CIAM to this? Well, this is 100% about protecting against harmful digital hackers disguising themselves as upstanding citizens. If you recall, Clinton campaign chairman John Podesta received a phishing email masked as an alert from Google that another user had tried to access his account. It contained a link to a page where Podesta could change his password. He shared the email with a staffer from the campaign’s help desk. The staffer replies with a typo – instead of typing “This is an illegitimate email,” the staffer types “This is a legitimate email.” Podesta follows the instructions and types a new password, allowing hackers to access his emails.
- The era of Russian hackers and the Trump administration
- US Department of Homeland Security is funding three projects to explore the use of mobile devices for digital identity.
- Digital Identity and Authentication Council of Canada (DIACC) puts together a nationwide public-private consortium of large and small innovators to create a digital identity ecosystem that will make transacting and sharing personal data online easier and safer.
- Brexit officially starts and the Great Repeal Bill follows
- SwissID is born – UBS, Credit Suisse, Swisscom, Swiss Post, stock exchange operator SIX, Raiffeisen, Swiss Railways, Zuercher Kantonalbank, and insurer Mobiliar all join forces to let people use just one login profile to order in shops, buy train tickets or do banking transactions
- Australians’ Digital iD™ platform launches and provides greater choice and control in how they prove their identity online
- APAC governments first in adopting identity technologies including biometrics – Singapore trials new digital identity scheme (includes biometric elements; enables encryption; and has open Application Programming Interfaces).
- Deutsche Bank leads a coalition of firms (Allianz; Axel Springer; Daimler; Postbank; Core; and Here Technologies) looking to create a universal digital identity in Germany.
- Decentralized Identity Foundation (DIF) is formed to help building an open-sourced decentralized identity network.
- Visa selects Neustar as a digital identity partner for Visa ID Intelligence
- Australian government creates Trusted Digital Identity Framework, made to provide easier and more secure for citizens to access government security online
- Thailand announces plans to set up a national single-point digital identity platform.
- CapitalOne launches KYC for non-banking customers
- IDPro Launches – the First-Ever Digital Identity Professionals Organization
- NIST releases Digital Identity Guidelines
- Equifax breach exposes 150MM digital identities; as well as the Facebook/Cambridge Analytica data misuse, T-mobile, and Under Armour to name a few
- US digital identity breaches remain alarmingly high at 2,051,817,513
- Mitek, a global leader in mobile capture and digital identity verification software solutions, announces that it has acquired ICAR, consumer identity verification solution provider.
2018 in Identity – CIAM covers the entire journey of personal information & trust becomes the focus.
The Zero Trust Architecture model was created in 2010 by John Kindervag, who at the time was a principal analyst at Forrester Research Inc. Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. The first step to enable a Zero Trust model IS strong identity and access management (building strong authentication, authorization, and encryption throughout) , and I think we can all agree that Zero Trust for consumer data became the focus for 2018 (practically everyone jumped in – including Google, Microsoft and others) and will drive a suite of new innovation in 2019.
- Trumpism Is ‘Identity Politics’ – politics based in appeals to the loathing of, or membership in, a particular group.
- Government of Canada announced it will launch a pilot for the new Known Traveller Digital Identity prototype, in collaboration with the World Economic Forum
- Mastercard and Microsoft announced a strategic collaboration to improve how people manage and use their digital identity.
- PSD2 applies as of January, 2018 – European Banking Authority (EBA) recently released new guidelines on open banking systems, which named data security a top priority as banks will begin to share their customers’ financial information with other authorized providers.
- General Data Protection Regulation (GDPR) is enforced as of May 25, 2018. Digital identity data becomes the center of every digital transformation project.
- Marriott breach exposes over 500MM digital identities; Under Armour expanded to 150MM; Adidas; and even Identity theft protection firm LifeLock experience breaches.
- Facebook Cambridge identity data misuse advances to a Facebook identity data breach. The world begins to treat all personal data as a first class citizen (anonymous, known, social, health, financial….it doesn’t matter). Who can a consumer trust anymore?
- US digital identity breaches reach 1,370,710,977 in total.
- Relx, the UK-listed information and analytics group, purchases ThreatMetrix, an online identify verification business, for £580m
Again, it’s been an exciting time in the land of digital identity. Digital identity, in general, and Customer Identity and Access Management (CIAM), specifically, has become the center of all digital transformation projects. “Identity-first” brands have begun to treat each customer’s unique digital identity as the key to their personally connected world and, thus, the most valuable thing they own.