It has been quite the year in the identity ecosystem! 2019 saw new privacy regulations in the United States, the first significant GDPR fines in the European Union, growth in open banking around the world, emerging identity standards such as WebAuthn and the OpenID Connect CIBA specification, widespread adoption of the Zero Trust security model, and a continuation of movements such as the rise of customer identity and access management (CIAM) and the increasing importance of IAM to the cloud-first enterprise.
All this gets us wondering: What will 2020 bring? As I look at how our industry has shifted its perception away from identity as the perimeter and toward identity as the core of cybersecurity, five key trends stand out. Here’s what I expect to see in the coming year.
1. America Gets Serious about Data Privacy
The United States is one of the few developed countries without a national data privacy standard. Not only is this hurting America economically and commercially, it has started to raise concerns relative to national security and the protection of American citizens. Congress will likely finally step up to address this gap and ideally take the lead by protecting more than just data, but also the digital identities of all Americans.
To see where we might be headed as a nation, consider what’s happening in California. The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, requires that each company doing business in California takes “reasonable steps to protect the security of consumers' sensitive information," and I predict that other individual states will follow suit and eventually adopt similar legislation. Even more importantly, though, is that the federal government, emboldened by rapid progress on data and security regulation, will likely take digital identity under its wing, in effect creating a robust set of consumer-data protections.
2. Privacy and Security Turn into Competitive Advantages
In 2019, we saw the very beginnings of commercial enterprises promoting their privacy and security practices to their customers as a competitive advantage. In 2020, this trend will accelerate as companies begin to adjust to the new reality: a reality where more than 60% of customers hold companies fully responsible for protecting their data.
I predict we will see an increasing number of companies following the likes of Apple, which is positioning themselves as a security and privacy forerunner in the minds of their customers. Apple’s actions include revamping their privacy website to include a strong focus on privacy as a “fundamental human right,” implementing customer-facing security features such as Apple sign-in in iOS 13, and adding transparency (along with strong end-user controls) to their location information processes.
3. Digital Identity Becomes Standardized
Digital identities were a thing of fiction just a few years ago. But in 2020, commercial and government interests will begin to intersect as state and federal governments, as well as various sectors of business (e.g., financial services, social media, healthcare) rush to build “digital identity standards.” Some standards will be built with the needs of the customer/citizen in mind, but time will tell if others attempt to capitalize and commercialize the value of these digital identities.
Digital identifier programs have already been established in Norway, Estonia and Australia. There is little doubt that it is technically possible to develop a secure national identity system. Here in the United States, where I’ve been meeting with heads of federal departments as well as a number of key figures in cybersecurity and information security, we’re seeing the government talking about using the language of a great identity-control framework.
4. Customers’ and Citizens' Patience Runs Out
In 2019, customers and citizens en masse began to voice their concerns over companies' repeated data breaches and security failures, which have exposed their data, finances, families and services to greater and greater risks. Customers have high expectations that brands will protect their data, and they’re willing to change their behaviors and disengage from companies if they feel their data has been mistreated.
In 2020, we’ll see true and substantial consequences for organizations that do not keep their customers, employees, partners and citizens safe in the digital world. With more than 80% of consumers reporting they would stop engaging with a brand online following a data breach, it's clear that people are ready to walk away from companies that can’t get identity and security right.
5. Authentication Takes on Greater Importance
With the recent and continued failings of companies to secure customer access, 2020 will likely see an upsurge of large-scale multi-factor authentication (MFA) adoption by enterprises and end users. Companies that are truly looking to protect their customers and their revenues will embrace higher forms of authentication to achieve those ends.
One of the industries at the forefront of this trend is financial services. Financial companies are facing the reality that customer experience—from registration to login, preferences and beyond—is their new battleground, and they are responding by embracing authentication technologies that enhance that experience. They’re using adaptive MFA, for example, to establish policies for high-risk interactions while setting minimal authentication requirements for more routine interactions.
Here’s to a Safe and Secure 2020
Time will tell how these issues take shape. In the meantime, if you’d like to like to dive deeper into the topic of digital identities, I invite you to read this article on an overview of digital IDs and how they are being put into practice in Ping Identity’s headquarter state of Colorado.