Last week I had the privilege of attending a consumer identity and access management day hosted by specialist CIAM consultancy IdentIT to deliver a key note presentation on the future trends of consumer IAM. Identity specialists, security leaders and enterprise architects gathered at the Circuit Zolder in Belgium for an afternoon of identity discussions, case studies and more importantly track racing on a former F1 circuit!
Future Trends Keynote
I focused my keynote on a few topics: where we were with respect to CIAM, where we are now…and where we might be heading.
Everyone remembers a bad login or registration experience especially when it inhibits access to a service they’re wanting to access – perhaps making a purchase, checking our bank balance in our mobile banking app or getting a quote for car insurance. Those bad experience are also what we tell our friends and colleagues. But how can those processes be improved? What else does a service provider need to think about when it comes to building a solution that needs to cater for external identities? I touched on the broad array of functionality that is needed – from proofing and secure login, through to broad data integration and profile management, consent, privacy and usability.
Many existing and startup vendors are looking to support a range of clients on this journey – from the likes of ForgeRock, Auth0 and Ping through to more localised specialists such as OneWelcome, Ubisecure and Quasr. They all provide a range of non-functional and functional capabilities – which are fundamentally different to those faced by workforce identity (WIAM) or B2E platforms. The operational owners of CIAM platforms are different, the budget holders are different and the metrics and success measurements are also different.
Where is CIAM Heading To?
Everyone wants to predict the future. It helps with strategy planning, technology procurement and risk assessment. There are certainly models to help in this field – The Future Today Institute is one of many that provides some tools to help. But alas, no one has a crystal ball.
But I broke the discussion into two camps: Incremental Innovations to those existing providers and also introduced some more Radical Innovations that may start to emerge in the next 5 years.
In this camp – looking at the likes of Okta, Auth0, ForgeRock and Ping can see a narrative focused on “orchestration”, “risk reduction”, “fraud strategy”, “analytics & insight” and “privacy and consent”. Many of these innovations are available today and will start to develop further over the next 2 years. This will require both technology improvements (perhaps via organic R&D or acquisitions) and also understanding and process improvements from the buy-side in order to gain benefits from these capabilities.
A way of analysing more transformative ideas is to start to look at the problems many organisations will face over the next 5 years, as opposed to the solutions they will need. Solutions analysis is often lead by incumbent concepts and technology – resulting in the view that “faster horses” will be needed tomorrow when in fact a car is the answer. So what problems will the modern enterprise of tomorrow be facing? A simple PEST (political economic social and technological) can generate a few ideas. A few ideas I jotted down included the role of the meta-verse – the virtualisation of every interaction from purchasing, entertainment and information through to manufacturing and asset ownership. What challenges will that create? PII protection, persona management, user control and autonomy, advanced data sharing with interesting uses of cryptography? I imagine so – all within an agile and responsive manner that can show business value and revenue generation.
What Will We Need?
I teasingly suggested we may need to see the role of Chief Identity Officer being introduced into larger organisations. Will this be needed? Is the CISO or CIO able to design, measure and communicate the needs and benefits of a modern identity and access management system? It seems from the discussions I had on the day, they probably can..for now! In addition to potential people related changes technology advances may come in the form of wallets and decentralisation (albeit many thought this was currently a head of the deployment curve) as well as privacy vaults and anonymised data sharing techniques.
Overall a great day on the tracks in Belgium. Thanks to the entire IdentIT team for arranging a great work experience with many interesting discussions with EMEA specialists in the CIAM space. All attendees received a signed copy of my latest book: CIAM Design Fundamentals which hopefully provides a foundation to some of the most exciting emerging trends in the consumer space.
About the Author
Simon Moffatt is Founder & Analyst at The Cyber Hut. He is a published author with over 20 years experience within the cyber and identity and access management sectors. His most recent book, “Consumer Identity & Access Management: Design Fundamentals”, is available on Amazon. He has a Post Graduate Diploma in Information Security, is a Fellow of the Chartered Institute of Information Security and is a CISSP, CCSP, CEH and CISA. His 2022 research diary focuses upon “Next Generation Authorization Technology” and “Identity for The Hybrid Cloud”.