Identity management is becoming increasingly important among companies. However, it is necessary to have a defined strategy as well as the appropriate solution. To assess the state of identity management, Byte TI organized a meeting that was attended by two experts in the field such as Charles Scott, digital risk consultant ForgeRock Spain and William Arias, country manager of ForgeRock Spain The first question was mandatory: Is enough attention paid to identity management? According to Guillermo Arias, country manager of ForgeRock Spain, “yes, and more and more, although it depends a lot on the size of the company. What we see are very concerned cybersecurity departments and also that business areas are paying more and more attention to this section. There is no doubt that identity management generates tension with the user, but more and more businesses are making decisions to incorporate it”.
Guillermo Arias, country manager of ForgeRock Spain So the interest is clear, but from then on companies often make mistakes for its implementation and subsequent management. According to Arias, two errors usually occur: “The first is quantification. Recently, a report detailed that 21% of CISOS were not aware that their clients had been phishing. It is very important, therefore, to be aware of whether we are being attacked or not. The second flaw is the dichotomy that occurs between simplicity and security. We see security departments that are very strict and business areas that say that it cannot be at the cost of losing shopping carts. In our opinion, identity management should be dealt with through progressive profiling, just as we now do not conceive the world like 20 years ago where you filled out a very long form so that they would provide you with any service, now it is about giving client information to as it navigates. On the other hand, in access management we highlight the use and value of artificial intelligence for risk detection. In the case of ForgeRock, we are able to detect possible risks only by the device the user is using or by their geolocation. The objective is to detect the risk before the user reaches access, so that the user experience has the least friction possible”.
Usability
One of the elements that creates the greatest problem with regard to identity management is that which refers to usability. Therefore, not all platforms are suitable. It is about using the one that is easiest for users since that will provide us with a series of advantages. As Arias stated during the meeting, “it has happened to all of us that access to a certain platform or service has been frustrated and this hampers the user experience. That is why it is important to start talking about digital identity, for which it is necessary to have a tool that makes a continuous and intelligent analysis of that access and that the user does not even appreciate it. In this way, unnecessary and duplicate accesses will not occur: Why do you have to make the user go through re-entering passwords if, for example, they decide to change their purchase? This is a section that must be improved, because it results in loss of business because current users, especially millennials, will abandon a brand or a purchase if negative access management occurs or if they have to constantly enter passwords. access”.
Identity management generates tension with the user, but more and more businesses make decisions to incorporate it
For all these reasons, ForgeRock’s country manager advocates that companies establish a correct digital identity strategy. This strategy, according to Arias, must go through “understanding the user’s journey and knowing what they are looking for in our application or our website. Credentials are given a lot of importance when we often forget that this is where the biggest impersonation problems come from. That is why we are committed to the use of AI since it solves security problems in accesses and at the same time gives a more than satisfactory user experience”
Carlos Scott, Digital Risk Consultant at ForgeRock The company’s product is based on these two previous premises: security and usability. But in addition, it focuses on the fact that the customer must be at the center of any strategy to boost the business of an organization. And it is that, as stated by Carlos Scott, digital risk consultant ForgeRock Spain, “digitization has had a very important impact on our lives, in most cases for the better, but it has also introduced much more cumbersome aspects such as the processes of Registration. In this way, when you interact with a platform, the first thing was to start a registration, which took a long time before being able to start using that service. To this registration process we must add the need to remember countless passwords, which is also another negative point. That’s why at ForgeRock what we want is to eliminate this type of tedious elements and for access to go to the background and run transparently”. For Scott, “one of the fundamental things about an identity management technology is that it can support different types of identities. When we interact with a service, we tend to play a different role and, in turn, the company faces two challenges depending on whether it is a client/citizen or an employee. For this reason, the priority when providing a service to a consumer is to facilitate the experience so that they encounter as few obstacles as possible without reducing the security around identity control. You have to deepen that relationship of trust. On the other hand, when we talk about employee identity management we talk about tens of thousands of connections and what we are looking for is employee productivity and it is about having the necessary access, only for what you need, and in those you have authorization makes it easy”.
More and more devices
Another problem that affects identity management is not only the users, but also that they connect from different devices. We are not only talking about mobiles, computers or tablets, but also different IoT devices that are connecting to a network. That is why “at ForgeRock we are committed to giving an identity to each of the devices that connect to the network. We believe that it is in this part where the evolution is going to be seen and where new technologies and business models are going to be exploited”. With this proposal, several interesting areas are opened up, such as in the area of mobility where, for example, a manufacturer will no longer treat a vehicle as hardware, but as software. Scott is clear: “By giving each device an identity, new business models such as shared vehicles can be promoted, where specific services can be provided according to the user who is in the vehicle and personalized digital services, such as, for example, that the put your playlist in the car when the user is inside” But, as he assured, there can be many more advantages, from the implementation of a safe and usable access control that can benefit banking applications or specific parental control functionalities. “In this way, with our relationship engine on our platform, the user decides with whom they can share the family accounts. We are the market platform that meets all end-to-end user requirements,” concludes Scott.
What is new
Basically, ForgeRock’s platform compared to others is that we are faced with a solution that covers any type of need, since it offers advanced identity management, access, government and API protection capabilities. And it is that, ForgeRock Identity Platform allows to deploy throughout an organization for all use cases: employees, customers, devices and objects. The identity solution allows you to associate access management, user-managed access, identity management, directory services, edge security, and also provides an identity gateway. Another advantage, as Scott pointed out, is that “the entire platform can be used as a service (PaaS) or it can be deployed, for millions of identities, in a matter of minutes in any cloud environment, whether hybrid or multicloud.” The solution also guarantees complete regulatory compliance based on security, consent and protection of personal data. In fact, ForgeRock is one of the only digital identity providers that combines the ability to integrate the GDPR and the right to delete personal data, as well as being compatible with other regulations such as the PSD2 directive and Open Banking. As Scott assured, “we propose the first solution on the market to model the relationships between billions of users, devices and objects” in a cloud or microservices environment. This allows organizations to link digital identities to each other, in such a way that a person can be associated with their connected and user objects. Additionally, ForgeRock Identity Platform uses real-time data and situational context to personalize and protect the customer experience.
