KuppingerCole organized its 11th European Identity & Cloud Conference (EIC) May 9 — 12, 2017. EIC is about Identity & Access Management (IAM), Governance, Risk Management and Compliance (GRC), and Cloud Security. I was there for the first time in 2007, when Martin Kuppinger, Tim Cole & co organized it for the first time at the Deutsches Museum Munich. A lot has changed in 10 years, including the venue. This year, at Infinity BallhausForum Unterschleißheim, there were more than 700 participants worldwide, including vendors, end users, analysts, and thought leaders.
EIC’s themes reflect the changing world and business — from IAM & IT security perspective. Here is my summary of main themes this year.
Business needs to be more and more open, and times when a firewall was enough to keep the bad guys out of your systems are gone. Besides employees and consultants, your business partners and customers need to have access to everything. The smart way to handle this openness is to rely on identities. An identity can be very strong when required (e.g. for employees), while for some use cases (e.g. for consumers) it can be very weak – even anonymous or pseudonymous. A consumer is not willing to give any of their personal data for you at the first contact. But in order to get them become your customers you will need to be able to do relevant marketing. Tracking and privacy need to be in balance so that being a customer does not feel creepy, but you can still deliver personalized value. This is also one reason for the coming General Data Protection Regulation (GDPR) legislation in the EU.
I think General Data Protection Regulation (GDPR) was the hottest theme this year. It was one of the main topics in 3 out of 4 Pre-Conference sessions, numerous regular sessions, and 5 out of 6 After-Conference Workshops. In today’s digital economy, customer data is considered a strategic resource. However, the use of this resource needs to be strictly controlled. All services should be built for Security and Privacy by Design, e.g. data minimization, appropriate controls, and monitoring. Your customers have the right to be forgotten, which is not always simple to implement. For any use of personal data, you need to have an auditable consent from the subject — a separate consent for each attribute and for each use. And this consent must be withdrawable any time by the customer. This makes a strong business case for implementing a proper Consent Lifecycle Management. The on-going digital transformation calls for products that are customer-centered, while at the same time compliant with laws and have implemented Privacy by Design.
Combining Identity and Access Management (IAM) with Customer Relationship Management (CRM) has been a hot topic for a couple of years now, even though it has been done successfully for several years already. Customer IAM (CIAM) uses CRM, ERP, Identity Management, and your website for source data. It also offers self-service capabilities (from password handling to delegating visibility and decision making) to make it convenient for the customer. CIAM brings also easier and/or adaptive authentication, because customers will easily go else-where if presented with a login screen.
According to John Tolbert (KuppingerCole), Know Your Customer (KYC) combines marketing automation, analytics, and information protection on top of CIAM. KYC helps to manage the ownership and lifecycle of all customer information from various sources, as well as keeping track of the consents for using the data. This is the part where you need to ensure you don’t annoy your customer; focus on data sharing transparency, fine-tune your marketing, and allow limiting cross-channel ads. Make security your competitive advantage and protect your customers’ data. In these times, usability is even more important than before — make it intuitive!
Internet of Things (IoT), Internet of Everything (IoE), Industrial Internet, Industry 4.0, Identity of Things. A lot is happening between devices. Industry systems have had connectivity and automation for decades, but the change going on right now is huge. Industrial connectivity is changing more rapidly than ever. There will not be an Air Gap (i.e. a complete separate network) to trust. Which is good, since Air Gap does not make the network secure; a simple USB stick could start a massive breach.
IoT will enable massive changes in services for consumers as well, for example an automatic water leakage sensor could SMS and call you instead of just beeping at your empty home. Possibilities are limitless.
The discussion around Blockchain is still a lot about finding good uses for it. It is obvious that there are very strong use cases for it, but also much space for discussion how exactly to implement it and if there would be alternative solutions. At least there will not be a one-size-fits-all Blockchain, but different kinds of distributed ledgers instead. There are already some Blockchain implementations done in the IAM scene, and I’m sure more will come.
Whatever we are talking about, Artificial Intelligence (AI) will be part of it.
Of course, a lot of AI discussion is just hype. Often instead of AI, we could actually just talk about traditional algorithms. Still, AI will change the world sooner than one could think. Some of the changes happen quicker and stronger than predicted, while some slower and weaker. The one thing I am certain of is that a lot will change.
I look forward to seeing what next year’s KuppingerCole EIC brings and which of 2017’s themes will be still hot.
Chief IAMist, Spellpoint