According to a recent report, the Identity and Access Management (IAM) market is expected to reach US$23 billion by 2025. A Bring-Your-Own-Identity (BYOI) approach at the enterprise level is expected to drive much of this growth.
The concept of BYOI has become something of a fixture in most people’s daily lives. Research suggests that the average internet user will have 207 online accounts by 2020 – requiring users to remember a lot of different passwords and login combinations. Features like single sign on enable consumers to sign into online services and applications using a single login from Facebook or another social media platform. In this way, they can access services more quickly, and aren’t forced to remember dozens or even hundreds of passwords.
The B2B world is taking longer to embrace BYOI, however. Despite its popularity with consumers, many enterprises are questioning whether the benefits outweigh the potential risks. Indeed, organisations are unlikely to allow access to their valuable corporate information through social media authentication. It’s important, therefore, to employ a solution that delivers not only the speed and convenience, but also enterprise-grade security.
Access for everyone
It’s no coincidence that the acronym BYOI resembles BYOD; after all, the need for the former is a result of the latter’s success. For more than a decade, employees have wanted to access corporate networks via their own personal devices. Today, BYOD has almost replaced the traditional model of using company-issued devices. In fact, some businesses have now embraced the trend to such an extent that they actively encourage employees to use their own devices, while ensuring that the appropriate levels of IAM and data security are in place.
Yet employees’ access rights aren’t an organisation’s only concern. Secure access must also be granted quickly to customers and partners. The increase in the number of contractors used by businesses means a wide variety of different access rights and permissions to ensure productivity and security. Given such considerations, it’s fair to say that IAM can now be viewed as a business enabler.
Businesses may not be doing enough just yet. A large global survey released by the Ponemon Institute in 2018 revealed that more than two fifths of organisations are worried about the risk posed by their inability to secure access rights to data, systems and physical spaces. With the same study highlighting respondents’ concerns about the cyber risks posed by organisations’ use of digital identities (47 per cent) and employees’ use of personal devices through BYOD schemes (35 per cent), it’s perhaps unsurprising that IAM is quickly being recognised as an important priority for a more effective security infrastructure.
Introducing a BYOI strategy powered by enterprise IAM can help to meet these needs, but care must be taken with the planning, design and implementation to ensure it is simple and quick for employees to use. Respondents to the Ponemon survey admitted that a lack of suitable technologies (53 per cent) and an increase in complexity (31 per cent) were key concerns as factors that could cause a decline in their organisation’s cybersecurity posture in the next three years.
The identity broker approach
Fundamental to BYOI is the creation of an identity entirely independent from any of the applications or networks for which it will be used. Instead of having to set up an identity on every single application, an identity can be established once and then applied to every resource that requires access. It’s logical, therefore, that as BYOI gathers traction in the B2C space, social media companies are increasingly effectively becoming identity brokers, using cloud-based services in which a single user account is linked to identities from different sources.
This single user account can also be used as a form of BYOI linked to an organisation’s applications and networks, thus blurring the line between business and personal, and creating a universal identity. Such an approach is currently being taken by the FIDO Alliance, a non-profit organisation led by tech giants including Google, Microsoft and PayPal, whose stated aim is to change the nature of online authentication. Despite the endorsement of such heavyweights, however, the identity broker approach isn’t necessarily the right approach for many enterprises.
Given the huge importance placed on IAM as part of a modern information security strategy, it’s debatable whether any organisation would want to outsource it to a third party, particularly a social media company. After all, not only would doing so create a single point of failure, but a social identity broker would inevitably become a prime target for hackers seeking a way into the corporate network – as seen all too clearly through hackers’ success stealing Facebook access tokens to then take over users’ accounts.
What’s more, creating individual user accounts would require every single user to work with the broker to ensure that their relevant information is both stored centrally and consistently updated. While this may have its advantages in the long term, the fact that each user will need to register with a broker before they’re able to access their company’s resources seems somewhat counter-intuitive.
BYOI benefits for all parties
As mentioned above, identity management concerns more than just an organisation’s employees; it is necessary for everyone that needs to access information with that organisation. Fortunately, advanced IAM platforms that work on an ‘outside in’ model are capable of delivering identity management solutions which address everyone and everything that needs to be properly identified, managed, and granted appropriate access rules – offering much more than just single sign on for internal users.
BYOI is essentially an extension of this. A manufacturer connected to a retailer via a B2B integration network, for example, may secure business with another retailer. If that retailer is also connected to the B2B network, the manufacturer could begin trading using its existing security and authentication settings.
With an enterprise-wide IAM platform, rather than a social network, acting as an identity broker, and by maintaining the same levels of security and data protection across each connection, it’s possible to deliver speed and convenience benefits to both users and their respective organisations. By doing so, and in an era in which information security is ever more important, BYOI can become a true business enabler.
John Notman, Director of Product Marketing, OpenText
Image Credit: Dom J / Pexels