Michael has some real challenges when it comes to managing his online identity. At home he struggles to manage a long list of usernames and passwords for accessing his favourite social media sites (Facebook, Twitter), his online banking and other financial products, services from his local council and a mass of access across online retailers, hobby sites and more. Michael is technically savvy and keeps abreast of technology news and trends.
Michael's employer has an altogether different view on his identity. Here controls over the data and IT services that Michael can access have to be demonstrated to auditors as regulatory demands need to be met. Michael appreciates the needs of his employer, but still feels that their approach ultimately only adds to his wider challenges on access. N
aturally his professional life has a significant online element which means that he has effectively adopted a separate persona (Michael the employee) in a significant part of his digital footprint in the world.
The challenges described here are not unique to Michael. Any online user in any location will share some of the problems listed here to greater or lesser degrees. When taken together the problems and interdependencies seem to represent a larger problem that would be a daunting task for any solutions architect.
So, in the context of identity and access, what does the future look like for Michael? Will identity problems of this nature grow, or will we eventually see fundamental changes to the approach for identity and access in next generation (3.0?) solutions?
The best attempts at answering these questions need to look at what forces will influence future change. Here a few scenarios may play out:
Change will come from those bodies who seek to redefine standards and best practice from the top down. Organisations such as the Global Identity Foundation work to build new models and frameworks that will realise a new identity vision in the future. They can be well supported by academics and major IT vendors alike and seek a combination of revolutionary and evolutionary change in IT systems delivery.
Time and investment will be needed to find routes to adoption however and the emergence of competing models may cause reluctance amongst early adopters.
2. Within the industry
Change will come from within the IAM industry (analysts, vendors and customers who shape real world solutions today). Commercial vendors have a primary goal to maximise the value returned to their shareholders. Market forces mean they develop solutions based on short term customer need and the realisation of revenue. Strategic roadmaps will be in place however, and the leading vendors will be looking to ensure future success by being front and centre in developing the right solutions for the long term.
3. Online environment
Change will come through some other necessity driven by the online environment. This could be from positive forces (innovation which brings new consumer approaches which find mass appeal and adoption quickly) or negative ones (further failures of major online service providers to protect consumer data leading to a tipping point in what users demand).
However, whenever and wherever future changes for Identity and Access Management are realised, this will not be in isolation. Engineering new 'fundamentals' back in to already massive-scale IT solutions would be hideously risky and costly, but there are a whole host of related areas where transformation and evolution to next generation models are needed.
While IT service delivery and computing models are transforming now (with the combined forces of cloud, mobile, business socialisation already impacting solution design in fundamental ways) identity and access solution delivery still remains linked to relatively inflexible dependent technologies (for example, email). Taking this view, the next-stage planning for IAM seems to remain a very complex task needing buy-in to a very long-term roadmap.
What can be done today however is an easier question to answer. Any enterprise responsible for the delivery of digital services needs to act now to make sure that they are building the solutions that are as future-proof as can be reasonably architected today. While this sounds like a rather open challenge, the basic principles within IAM are actually simple. For example:
- Start solution design with a focus on the user. Build people-centric solutions that meet the demands of the enterprise without compromising the requirements for privacy for the consumer. Improve the user experience for identity and access through delivery of clear and concise interfaces that empower the user to get more from their online experience.
- Adopt intelligent solutions for access that measure risk based on the context of the user access and the transaction requested. Concepts of security need to evolve to determine access privileges based on a more complex assessment of variable attributes rather than the simple black/white models that prevail today.
- Accept that the concept of identity does not relate to people alone. Model for future solutions that extend identity to the items that people own, share and use too. Avoid long-term lock-in to specific technologies or processes. The rate of change for IT continues to increase. Enterprises need adaptable and scalable framework based solutions that will allow them to adopt best-of-breed matched against business requirements through time.
Given the forces for change in IAM building in this level of flexibility is essential. Find the commercial models that support the above. Return-on-Investment for IAM needs to reflect the changing expectations of the market and should support the flexibility that both vendors and customers need to build and deploy the best strategic solutions.
At Pirean, we are focused on developing and delivering solutions for Identity and Access Management that help to solve the challenges for personal and professional identity. We work with customers across many different industries delivering IAM solutions in diverse environments for B2E, B2B and B2C.
We continue to challenge ourselves, our partners and our customers to find answers to common questions on identity and access – working to balance the demands of business stakeholders today with the strategic vision for IAM solutions tomorrow.
Colin Miles is CTO of Pirean