Author Archives: Susan Morrow

IDG Contributor Network: The costs, the privacy and the security of IAM and personal data sharing

The concept of some component (usually software) that manages your personal data is not new. The idea is often associated with Doc Searls, who developed ProjectVRM, which advocates that customers take control of their data in the form of “Vendor Relationship Management” tools.

In my dealings in the consumer IAM space, I’ve become increasingly aware that digital identity and its applications, needs to be opened up – to do “jobs.” That is, the identity that says, I am who I say I am is more of a conduit to transfer data between me and some entity I want something from, than a statement of my digital self. Our digital lives are now so much more than using login credentials; equating Facebook with a digital identity now seems naive. Instead, services that allow us to perform dynamic identity-based transactions are setting the stage for a new era in personal data.

To read this article in full, please click here

IDG Contributor Network: Feeling secure enough to use open source for IAM projects

Identity is big, really big, especially when it is customer-facing. There are a lot of moving parts to build, pieces to hook up, and external functionality to integrate. The whole makes the identity ecosystem which was once a dream of a few but is fast becoming a reality for many.

Part of this movement towards a more all-encompassing and task-driven identity data system is the use of an API-approach to identity. These core functional API components are then augmented using open source code to add the bells and whistles. This extends the functionality of the service, quickly, cost-effectively, and easily.

To read this article in full, please click here

IDG Contributor Network: Will WebAuthn replace passwords or not?

The humble, much-maligned password has been in the news again lately. The FIDO Alliance and W3C announced in April the release of the password killer web API named WebAuthn. But, are we singing the “Bye, bye password” song, only to start up a chorus of “You say goodbye and I say hello”? Let’s take a look at the ebb and flow of password(less) authentication.

First, there was the password

We have had a sort of love/hate relationship with the computer password, ongoing for the last 40 years at least. The tech community keeps promising the demise of the password, then it never comes to pass...Instead, according to LastPass, business users have to manage, on average, 191 passwords each! And, according to Pew Research, we aren’t even using password managers, with only 12% of respondents in a 2017 survey using them, and 49% writing passwords down on paper. No wonder then, that LastPass found that 81% of data breaches were ultimately due to password compromise.

To read this article in full, please click here

IDG Contributor Network: How the Facebook privacy debacle is connected to the movement of IAM to containers

Personal data privacy and Facebook have never been comfortable bedfellows. This latest Facebook privacy debacle, where the data of 50 million users was shared without consent, with political marketing consultancy, Cambridge Analytica, may be the final straw. That seemingly little thing, that most people don’t really think too much about, consent, is raising its head above the virtual parapet and making people sit up and take notice. But why is capturing consent such a big deal anyway? I mean, if you don’t have anything to hide why does it matter who uses your personal data?

Why consent is a big deal

Consent is part of a wider act that human beings rely on to keep our daily lives and relationships ticking along - this being, trust. Trust is something that identity systems, in particular, need to use as part of the design remit of the system. You may well have heard of Privacy by Design and Security by Design, but we now need to consider including Trust by Design (TbD). Using a TbD ethos will be highly beneficial to an organization that embraces the tenets of trust. When your design remit includes trust, you design to add in respect; and, relationships that are respectful are much more likely to build (brand) loyalty.

To read this article in full, please click here

IDG Contributor Network: The cloud’s the limit for secure, compliant identity storage and personal data

Back in 2009, I gave a talk about cloud identity. It went down, less like a fluffy cloud and more like a lead balloon. It was too early – way too early. But as we reach peak cloud adoption, with rates of uptake reaching 93 percent, the sky's the limit for digital identity. Cloud computing has given digital identity, particularly IAM for citizens and consumers, a real boost. Without cloud storage and cloud elasticity, for example, we would be hard-pressed to accommodate the identity of a mass-demographic audience. When I talk here about digital identity, what I am actually talking about is the data that makes up that identity, which is often termed Personally Identifiable Information (PII) or personal data.

To read this article in full, please click here

IDG Contributor Network: Identity and the smart city

Human beings love cities, well many of us do. We love them so much that the United Nations are predicting that by 2050, 66 percent of us will live in them. So how do to make sure that all of those people are housed, have clean water, can get into and out of the city easily, and can breathe the air without coughing? Well, we make those cities, smart.

The market for smart cities is expected to be around $1.2 trillion by 2022. What this translates to, is a rush of companies going to go after that money by building smart products that enable the smart city. Smart cities are creating a veritable gold rush and this time the rush is built upon data – often our personal data. But to share and transact using that data we also need to build smart identity at the same time we build our smart city

To read this article in full, please click here