by Joni Brennan
In recent years, consumers have been faced with the scary effects of data breaches, especially the risks surrounding the security of their personal and financial identity. Although the evidence from these security hacks are all around us, consumers at a high rate still provide their personal information, usually without a second thought. A recent report from Deloitte indicates that 60 percent of customers who interact with brands do so through multiple channels, meaning that customers are giving their information through social media, websites and in stores - a trifecta of security concerns1. Although this information is used to enhance business practices and customer service, caution must be taken. Business must take the leading role to meaningfully inform their patrons about the types of data they are requesting, how it will be used, and how long it will be held.
Businesses are asking customers for an extensive amount of personal data information to better target their marketing efforts in order to build a relationship. Consumers often want a similar relationship, they like to know when their favorite apparel store is having a sale or the types of gifts a store will have around their mother’s birthday. Let’s agree that both business and customers have the best intentions, but as more and more data is given and received, there is an increased risk in security.
That leads to the questions: Do business value a digital identity or associated personal data that is directly matched to an individual or, is it the relationship that an identity represents? The answer is that businesses don’t need to know everything about customers to understand how to market to them; they just need to gain a sense of them. Businesses can set back the number of personal questions they ask a customer, asking them for an email address over their phone numbers or the city they reside in over their full home address. Business can still succeed with little data.
Identity and Access Management (IAM) is the security discipline that enables the appropriate individuals to access resources at the certain times and for the right reasons2. These services were traditionally built for a company’s internal use, to assist with establishing access privileges to organizational data and systems behind the firewall. Today, most businesses are running their own IAM systems for both employee and customer access.
Businesses must implement a dynamic IAM solution that securely serves employees and customers, partners and devices, regardless of time and location. Once businesses understand the risks of IAM and personal data management, decision makers will be more empowered to advance business needs by leveraging IAM. There are varying consortia in the space that can provide more information. There are proprietary and evolving open standards based approaches and policies out in markets.
The Evolution of IAM to Identity Relationship Management (IRM) shifts focus to innovation around the value of relationships that are represented by identities and not the identities themselves. This shift enables a dynamic, hyper-connected world, bringing with it the complexities of IAM, including privacy for personal data, appropriate security, access control and attributes information sharing policies (where attributes are pieces of data about a person, entity or thing). However, complexities conversely represent growing opportunities for IRM-deploying organizations. There are vendors with a core focus on making IAM, and now IRM, easy and secure for businesses and their consumers. These deployments innovate while balancing usability, privacy, and security markets grow.
An information-sharing agreement between companies and their patrons creates a symbiotic relationship between the two. Businesses are upfront about the information they need to better serve their customers and customers reap the benefits of having customized service. This agreement takes the questions out of security concerns surrounding personal data and places focus on profit and commerce.
Joni Brennan primarily serves as the Kantara Initiative Executive Director focusing on Technology Evangelism, Trust Framework Identity Assurance Accreditation and Interoperability Certification for the IEEE Standards Association.