Suddenly everyone is at it. Want to connect with the world’s professionals on LinkedIn? You can use your Facebook account to log in if you choose. Looking to find the right music on Spotify? Log in via Facebook. Even the UK Government is considering allowing citizens to use their social media identity to access public services safely and securely as part of the Identity Assurance Programme (IDAP).
It’s called ‘Bring Your Own Identity’ and it is set to become commonplace.
A study commissioned by CA Technologies and produced by the research firm Quocirca, found that 27 per cent of organisations use social media as a source of identity for consumers. And, according to Gartner, by the end of 2015 50 per cent of new retail customer identities will be based on social network identities.
It’s easy to understand why. First, allowing consumers to log into secure sites using their existing social identity helps overcome ‘login fatigue’ – that tiresome trial and error of trying to remember which username and password combination you’re supposed to be using. Second, more identities and identity data is being created outside the enterprise than inside. These identities, in the form of the behaviours they are tied to, are being used to define and profile enterprise interactions. Third, identity is becoming more about behaviour and responsibility, and less about an ID and password.
The Quocirca study highlights that BYOID is likely to extend beyond consumers, all the way to employees. For example, employees may take their identities with them from one job to the next, in a similar way that many already do with their mobile devices. Imagine how much time that would save your organisation when hiring new employees.
However, if social media sites are to be used as a source of identity, organisations need to approach the issue intelligently.
Identity and access control across the extended enterprise
Users increasingly need to access partner applications, yet do not want to be burdened with separate sets of credentials for disparate applications. The ultimate experience is a seamless single sign-on (SSO), regardless of who actually owns the application.
This SSO process can use any identity source, including social identity. Social media marketing is becoming a standard marketing practice. The ability to securely consume and utilise identities issued by other trusted social media identity providers like Facebook or Google allows the business to engage their customers with seamless single sign-on onto their marketing sites. Once a part of their system, it becomes easier to execute custom-tailored marketing campaigns and attempt to convert them to customers.
Businesses need to recognise that the return on investment in federated IAM is not just about improved security. It also represents an open-ended business opportunity. Knowing your users through their digital identities and then being able to maximise their potential is the cornerstone for controlling interaction between a given business and the outside world.
BYOID is bringing consumerisation to enterprise security, as an increasing number of organisations start using Facebook, Google, and other social and consumer cloud identity services as a core part of their identity management environment, giving them the ability to extend identity management from their enterprise out to wider circles of customers, partners, and prospects.
Which side of the bridge do you sit; security of ‘no’ or security of ‘know’?
Marco Comastri is the General Manager for CA Technologies EMEA