Identity Management

What is the Future of Identity Management?

In part two of our anonymity and online identity special we seek three industry professionals’ views on the ever changing role of identity management.

Earlier this week, the BBC reported that a Facebook user masquerading as Prince Harry conned an Austrian floor fitter out of thousands of euros through a fake contract at Buckingham Palace. The victim finally contacted the police after not hearing back after two weeks, but the Austrian Kurier newspaper said that his chances of getting his money back were “slim”.

Issues surrounding ‘identity’ are becoming increasingly difficult to manage. Everything, from online user behaviour to security, is changing so quickly it leaves people in a huge state of flux. This in turn, has an impact on the industry as a whole. Dr Guy Bunker, Senior Vice President – Products at Clearswift says “where [the identity management industry] is heading and where it needs to head, are subtly different.”

“There is currently a play by very large organisations who would like to ‘control’ identity in the future,” he says. “If you look at Facebook and WhatsApp – they are two huge ‘identity’ stores, which cross boundaries of all types. However, identity needs to be given back the individual for them to control. A move away from corporate-based identity will help improve scalability and collaboration – if the individual is in charge.”

“So,” he continues, “we need identity providers, who are compatible with each other – and trusted by companies (for their corporate logins), governments (passports, taxes) as well online shopping. There needs to be openness and choice for the individual – and control over the identities (personas) they set up and the attributes that they share, e.g. date of birth, address and bank details.”

“People today have many identities that they use online, including those identities for business use and personal use,” says Lee Weiner, SVP of Products and Engineering, Rapid7.”The use of these identities is becoming mixed across work and personal, to a point where it is difficult to distinguish between the two. This creates an increased need for diligence by both individuals and corporations.”

“An example of this would be the management of passwords; people re-use passwords often and sometimes that can cross over personal use and business use,” he continues. “If someone has a password on an online consumer service where the password may be stolen or compromised, it is possible and likely that that password is used elsewhere including at the person's place of business.”

“This poses risk to both the individual and the business,” he concludes. “Technologies and solutions need to address this notion, not just by managing corporate access and passwords, but also understanding when a user’s credentials may be compromised due to activity that could go on inside the corporation, as well as outside the corporation. We’ve seen this in the past with mobility, where the use of your personal device can pose risks to an organisation when used for business purpose, some level of management of that device is required by the corporation. The same is true for identities.”

“In my view, the identity management industry needs to go through a process of consolidation and simplification, as a universal standard of application or platform interface has yet to be agreed,” says Matt Middleton-Leal, Regional Director, UK & Ireland at security firm CyberArk.  “With organisations relying on legacy applications for longer than ever, identity management platforms need to be compatible with many types of interfaces.”

“I expect that the industry will ultimately separate the identity layer from systems and applications. For instance, this could be achieved with an enterprise ‘service bus’ concept for identity and access management that integrates with all systems, while removing the need for lengthy implementation projects,” he continues.  

“The anonymity issue may need to be re-addressed at Government level, in order to allow better data sharing for authentication purposes. However, I fear it will be some time before this is achieved,” he concludes.

Online identity has become so integral to so many different aspects of our lives that the way this pans out will impact all of us in one way or another. Where do you think the identity management industry is going?



Kathryn Cave is Editor at IDG Connect


« Is There Such A Thing As A Hobbyist Programmer Anymore?


Is Anonymity Good or Bad? »


Do you think your smartphone is making you a workaholic?