Guest blog post by Steve Wilson, VP& Principal Analyst, Constellation Research Inc.
We all know that digital transformation is imminent, but getting there is far from easy. The digital journey is fraught with challenges, not the least of which is customer access to the online world.
IT is not what it used to be. The online world is bigger by most measures than the so-called real world, and it's certainly not just a special corner of a network we occasionally log into. Enterprises are finding they need to totally rethink customer identity, bringing together the perspectives of the CTO--for risk management and engineering--and the CMO--for the voice of the customer.
Consider this: The customer experience of online identity was set in concrete in the 1960s. Information technology meant mainframes, and computers only sat in "laboratories." That was when we had the first network logon. The username and password was designed BY system administrators FOR system administrators.
By design, passwords were never meant to be easy. Ease of use was irrelevant to sys admins. Everything about their job was hard. If they had to manage dozens of account identifiers, so be it. In fact, the security of a password lies in it being difficult to remember and therefore, in a sense, difficult to use. The efficacy of a password is, in fact, inversely proportional to its ease of use!
The tragedy is that the same access paradigm passed through the Age of the PC in the 1980s to the Internet in the 2000s. Then before we knew it, we all turned into heavy-duty "computer" users. The PC was just a miniaturized mainframe, with a graphical user interface layered over one or more arcane operating systems.
Today, all "devices" are computers. Perhaps you've heard that today's smartphone is more powerful than all of NASA's 1969 moon landing IT put together? And the user experience of "computing" has finally changed radically. Few people ever touch an operating system anymore. The whole UX is at the app level. It's all tiles and icons, spoken commands and gestures. Wipe, drag, tap, flick.
Identity management one of the last facets of IT to be dragged out of the mainframe era. We have mobility to thank for that. We no longer log on, we unlock our device. Occasionally, we might be asked to confirm who we are before we do something risky, like look up a health record or make a larger payment. The engineer might call it "trust elevation" or some such, but to the user it feels like a reassuring double check.
We might even stop talking about two-factor authentication now that mobile is so ubiquitous. The phone itself is your second factor, a part of your life, hardly ever out of sight, and instantly noticed if lost or stolen. Under their covers, mobile devices can make use of many other signals - history, location, activity, behavior - to effect continuous or ambient authentication, as well as recognize misuse.
So the user experience of identity per se is disappearing. We simply click on an app within an activated device, and things happen. The authentication UX has been dictated for decades by technologists, but now, for the first time, the CTO and the CMO are on the same page when it comes to customer identity.
Learn more about customer IAM and how to implement it successfully in your enterprise when you listen as Ping Identity's Patrick Harding, CTO, Brian Bell, CMO and I tackle these topics in a lively discussion called Consumerization Killed the Identity Paradigm.