2019 In Identity – Here We Go!!
It would be remiss of me if I did not share how I came to my predictions for identity. My thoughts about 2019 are really a product of a strategy we created three years ago. When I walked in the rain with the founder of Janrain, Larry Drebes, this time three years ago, we talked about the future of identity – our conversation took us well into 2020.
It was that walk in the streets of Portland, Oregon when I came to realize something so powerful that it would later lead to the merger of Akamai Technologies and Janrain. Larry and I talked about his time at Yahoo!, and the steps he took with Janrain over the following two decades. In 2016, Larry and I established a 5-year plan (2016 – 2020) that is still valid, and plays nicely into my thoughts for 2019. But before I share anything about 2019, I have to comment a little on the history leading up to that rainy walk in January.
Larry invented Rocketmail (a product of Four11), which is now Yahoo! mail. Four11 was acquired by Yahoo in 1997 during the dotcom boom. It was then that Larry realized the friction involved with registration and login that would lead to his founding of Janrain in 2002. When consumers clicked on an advertisement in the Yahoo ad-network the largest drop in engagement was when digital properties required the consumer to register. You can imagine the exchange between Larry and Jerry Yang, co-founder and CEO of Yahoo back then:
Larry: “Jerry, what if we allowed our publishers to offer consumers the ability to use their Yahoo! username and passwords to log into their digital properties? What if they could register using their Yahoo! profile?”
Jerry: “Can we do that?”
Larry: “Yes, I think we can. Yahoo can become an identity provider for our clients, and we can call it ‘Social Login’ “
Larry founded Janrain in 2002 based on the idea of reducing friction and increasing security for digital natives. He wanted to reduce the effort associated with registration and login, inventing the concept of IdPs (Identity Providers) and Social Login. In 2004, Larry began working with Verisign, Microsoft, and LiveJournal to help establish the OpenID Foundation. If you look at the early specifications of OpenID, you will see the contributing Janrain engineers (Carl Howells, Josh Hoyt, Kevin Turner, and Mike Glover – Larry didn’t want to be in the spotlight then and still doesn’t). Janrain later became the first to provide an OpenID SaaS platform (called OPX), a turnkey enablement solution (called RPX and later Janrain Engage), and a universal OpenID login SDK (called IDSelector). It was the first OpenID system that allowed companies to centrally provision and manage a secure, comprehensive, branded OpenID to their employees or end-consumers. Back then Janrain provided the broadest security enhancements to OpenID including SSL certificates, InfoCard integration, phone-based two factor authentication, and anti-phishing site verification tools.
When I heard Larry’s story, not only was I getting completely drenched walking the downtown streets of Portland without an umbrella, but I quickly began to appreciate that Janrain was an absolutely amazing find.
Me: “Larry, so let me get this straight. You invented Social Login; then you and your team helped to create the digital authentication protocol, OpenID, that powers the digital web today and, finally, you created the CIAM category that you’re operating in?”
Larry: “Well, I’ve never quite thought about it that way. But I suppose so.”
Larry is one of these quiet innovator types. He absolutely hates being in front of customers, but customers just love him. His knowledge is endless, and his understanding and vision in the identity space is unmatched.
In 2009, Larry decided that it was time to offer traditional registration and login and the ability to capture, store, and manage consumer identities. A new product was developed with early adopters in 2009 and formally launched in 2010 – the company created a cloud directory that it called “Janrain Capture”, and an Identity Cloud service it called “JUMP” (Janrain User Management Platform).
Little did Larry know that he was an entire decade ahead of IAM vendors like Ping Identity, who are only now launching their consumer cloud directories. As of this writing, Ping ID for Consumer runs in a single availability zone in AWS based on proprietary technology from UnboundID (an LDAP directory based on OpenDS, originally built for on premise deployments, and later re-platformed for the cloud). Hats off to Ishan Kumar for starting the customer journey.
Larry launched Janrain’s Cloud Directory in 2009, which is now globally distributed using AWS supporting 60 Availability Zones within 20 geographic regions around the world, and including regions like China and Russia; using native AWS database services that scale linearly without the need for proprietary database as-a-Service engineering.
Later Larry expanded his inner circle with other thought leaders, including Ashish Jain who worked with Larry to create ‘Login with PayPal’. With Ashish’s and Larry’s leadership, PayPal became an IdP and Janrain became the first to launch with PayPal as part of its Social Login solution. With over 30 social login providers globally, Janrain led the industry in reducing login and registration friction.
By 2015, the success of Social Login fell far behind the need for a broader Customer Identity and Access Management offering. In 2015, Gartner published the Magic Quadrant for Identity and Access Management as a Service, Worldwide. Gartner focused on B2E (business to employee) use cases, excluding B2C where Janrain was focused. However, it messaged that as-a-Service or cloud-based solutions were going to dominate – stepping into a direction that Larry had already mastered by being in AWS since it’s launch in 2006.
Then in 2016, Gartner expanded its research with the introduction of B2C use cases with their Gartner Critical Capabilities for Identity and Access Management report.
The true tipping point; however, occurred when analysts acknowledged Janrain’s category explicitly with the Forrester Wave: Customer Identity and Access Management, Q2 2017. That was it! Janrain was acknowledged as a leader, and it was then that traditional IAM vendors were forced to start expanding their offerings to address a larger market opportunity of consumer identities.
Then it happened. In 2018, Janrain re-established its #1 leadership position when KuppingerCole announced Janrain in the #1 position for CIAM in their report: KuppingerCole Leadership Compass CIAM 2018. Larry, I, and the Janrain senior team celebrated this milestone, reflecting on our 5-year plan and what we would unleash in 2019 that would truly take the market by surprise….and here it is. Look out Okta, OneLogin, Ping, Salesforce, Microsoft, Centrify, Sailpoint, CA, IBM, Oracle, Simeio, SAP, Auth0, ForgeRock, LoginRadius, Pirean, iWelcome and others…..for the most sophisticated, security-centric CIAM offering in the history of identity.
Identity Technology in 2019
1. Zero trust will require sophisticated adaptive authentication.
2. Passwordless and Registrationless will be powered by biometric sensors (e.g. facial scan).
3. Identity analytics and intelligence will deliver business value beyond access and governance with identity.
4. Internet of Things will redefine the concept of “identity management” to include what people own, share, and use.
5. Blockchain for Identity is not the right use case and will continue to struggle.
6. Identity Fraud will become the focus, well beyond marketing and personalization.
Identity Attacks in 2019
1. We’ll see a significant increase in attacks against ‘human identities’. 10B+ identities breach in 2019.
2. A growing number of cybercriminal attacks will be made against ‘connected thing identities’
3. A new round of nation-state attacks will steal intellectual property and other trade secrets to gain competitive market advantages.
4. Biometric hacking will emerge exposing vulnerabilities in touch ID sensors, facial recognition, and passcodes.
5. Azure Active Directory (AD) will be breached.
Standards Development in 2019
1. FIDO (Fast IDentity Online) will continue to struggle to be the standard it sets out to be – limited to high-end applications and organizations.
2. PSD2 will create a shift in how users bank online and GDPR will guide companies on how to best store and protect customer data.
3. Other standards groups will continue to compete for dominance and no one will rise to the lead: Biometric Consortium; Secure Identity Alliance (SIA), Center for Identification Technology Research (CITeR); IEEE Biometrics Council; Biometrics Institute, Australia; Smart Card Alliance; International Biometrics and Identification Association (IBIA); Kantara Initiative; Open Identity Exchange; Open Security Exchange; Asian Pacific Smart Card Association (APSCA); Organization for the Advancement of Structural Information of Standards (OASIS) and, of course, the OpenID Foundation.
The Consumer Crisis of Trust in 2019
There will be a growing climate of distrust from which nothing is exempt: people’s trust in government, media and business will decline like never before. Consumer identity solutions will be adopted in order to help recover and re-establish consumer confidence in who and how their personal information is being used.
Larry, you rock! Thank you for such a fabulous opportunity. Here’s to a fabulous 2019 and beyond!.