Global Trends in Bring Your Own Identity (BYOID)
 

Global Trends in Bring Your Own Identity (BYOID)

on

  • 2,096 views

A growing number of sites and services are allowing visitors to login using a social or digital identity from a trusted third party – like Facebook, LinkedIn, PayPal, Google or Microsoft. The ...

A growing number of sites and services are allowing visitors to login using a social or digital identity from a trusted third party – like Facebook, LinkedIn, PayPal, Google or Microsoft. The technical term for this is “federated identity,” but most call it Bring Your Own Identity (BYOID). By allowing visitors to use an existing trusted credential, organizations can improve the customer experience and potentially save costs. This presentation shares the results of a recent survey by the Ponemon Institute and CA Technology of over 3,000 IT security practitioners and business users worldwide to understand how companies view BYOID.

This SlideShare contains the raw results from the survey efforts. You can get more analysis and insight into the report by visiting the CA Technologies BYOID: New Ponemon Institute Report on Key Digital Identity Trends page http://www.ca.com/lpg/ponemon-study.aspx?cid=GLOB-SMM-SEC-AGH-000072-00000016&social=425887.

Statistics

Views

Total Views
2,096
Views on SlideShare
2,049
Embed Views
47

Actions

Likes
1
Downloads
13
Comments
0

3 Embeds 47

https://twitter.com 39
http://www.slideee.com 7
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Global Trends in Bring Your Own Identity (BYOID) Global Trends in Bring Your Own Identity (BYOID) Presentation Transcript

  • Global Trends in Bring Your Own Identity (BYOID) CA Technologies & Ponemon Institute July 2014
  • 2 © 2014 CA. ALL RIGHTS RESERVED. Are your users suffering “registration fatigue”?  A growing number of sites are allowing visitors to login using a social or digital identity from a trusted third party – like PayPal, Facebook, Microsoft or Google.  The technical term is “federated identity,” but most people call it Bring Your Own Identity or BYOID.  The Ponemon Institute and CA Technologies recently surveyed 1,589 IT security practitioners and 1,526 business users worldwide to understand how companies view BYOID.
  • 3 © 2014 CA. ALL RIGHTS RESERVED. The Promise of BYOID Reduce complexity, improve user experience
  • 4 © 2014 CA. ALL RIGHTS RESERVED. The Challenge of BYOID I am Losing Control!
  • 5 © 2014 CA. ALL RIGHTS RESERVED. High interest in BYOID for online & mobile users 82% of business users responded High or Very High on using BYOID for mobile users 79% of business users responded High or Very High on using BYOID for website visitors Customers want and expect a simple user experience … BYOID can help
  • 6 © 2014 CA. ALL RIGHTS RESERVED. IT and Business look at BYOID for different reasons Outsource password reset activities 48% 9% Capture user attributes from external sources? 26% 95% IT Business Business sees value in BYOID for gathering customer data whereas IT sees BYOID as more of a cost savings initiative
  • 7 © 2014 CA. ALL RIGHTS RESERVED. Different personas explored in this survey IT User • I need to manage customer data • I need to keep sensitive data secure • I need to meet compliance and policy mandates Business User • I want to simplify the customer experience • I want to know more about my customers to help improve retention and drive incremental revenue
  • 8 © 2014 CA. ALL RIGHTS RESERVED. Are you familiar with BYOID? Q1. What best describes your level of familiarity with the emerging trend in identity management termed “Bring Your Own Identity” or BYOID? 27 27 34 28 39 45 0 0 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% IT User Business User Very Familiar Familiar Somewhat Familiar Not Familiar
  • 9 © 2014 CA. ALL RIGHTS RESERVED. Level of interest in BYOID? Q2. What best describes your organization’s level of interest in BYOID? 20% 30%34% 16% IT USER 23% 40% 23% 14% BUSINESS USER
  • 10 © 2014 CA. ALL RIGHTS RESERVED. Main reasons for BYOID adoption Q3. What are the main reasons for BYOID adoption in your organization today? (Multiple selections) 1 36 26 48 13 69 0 10 95 9 11 65 Other To get multi-factor authentication at a low cost To capture attributes about users from external sources To outsource password reset activities to identity providers To create an identity credential that lasts beyond the user’s employment or temporary employment To combine digital identifiers owned by each user with corporate factors to create a stronger identity credential IT User Business User 1
  • 11 © 2014 CA. ALL RIGHTS RESERVED. Control of BYOID Q4. Who controls or “owns” digital identities in your organization? 20 16 2 5 27 28 10 18 13 24 28 9 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% IT User Business User IT IT Security Lines of Business Marketing & Sales Data Analytics Shared Responsibility Note: Two choices, “Research & Development” and “Other”, did not generate any response
  • 12 © 2014 CA. ALL RIGHTS RESERVED. Accepting digital IDs by user population Q5. How would you rate your organization’s level of interest in accepting digital identities for any of the following user populations? IT Business Website Customers Mobile Customers Employees Recruiting Job Prospects Contractors Retirees 22 28 2814 8 36 43 9 9 3 22 26 28 14 10 41 41 7 8 4 21 25 30 12 12 14 22 38 15 11 12 20 34 24 10 12 25 4412 6 20 23 35 13 9 10 18 49 11 11 14 22 31 18 15 19 22 30 16 13
  • 13 © 2014 CA. ALL RIGHTS RESERVED. Importance of third-party validation Q6. Please rate the following statement using the scale: “My organization would be able to offer more online services and programs if those digital identities were validated and trusted by a third party such as Google, Facebook, Yahoo Microsoft or LinkedIn.” 3 8 15 26 22 33 30 19 29 15 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% IT User Business User Strongly Disagree Disagree Unsure Agree Strongly Agree
  • 14 © 2014 CA. ALL RIGHTS RESERVED. Are you considering a trusted identity partner? Q7a. Is your organization using or considering the use of digital identities produced by trusted identity providers such as Google, Facebook, Yahoo, Microsoft or LinkedIn? 44 40 16 IT User 30 45 25 Business User
  • 15 © 2014 CA. ALL RIGHTS RESERVED. Deployment timeframe Q7b. If yes, what best describes your organization’s timeframe for deployment? 23 21 7 5 19 22 17 18 18 21 16 12 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% IT User Business User Never > 24 mos 12 - 24 mos 6 - 12 mos < 6 mos Already Deployed
  • 16 © 2014 CA. ALL RIGHTS RESERVED. Ranking providers by organization’s interest Q8. Please rank the following identity providers in order of interest to your organization. 1 = of most interested and 7 = of least interest. Avoid ties. IT User Business User PayPal – 1.87 Amazon – 1.91 Google – 2.42 Microsoft Live – 2.57 Amazon – 2.60 PayPal – 2.63 LinkedIn – 3.36 Yahoo – 3.05 Microsoft Live – 3.91 LinkedIn – 4.55 Facebook – 5.76 Google – 5.54 Yahoo – 5.79 Facebook – 6.30
  • 17 © 2014 CA. ALL RIGHTS RESERVED. Ranking providers by individual’s interest Q8. Please rank the following identity providers in order of interest to you as an individual accessing other organizations or service providers. 1 = of most interested and 7 = of least interest. Avoid ties. IT User Business User Google – 1.82 Facebook 2.04 PayPal – 2.59 Google – 2.22 LinkedIn – 2.73 Amazon – 2.42 Facebook – 3.50 PayPal – 2.97 Amazon – 4.07 Microsoft Live – 3.13 Microsoft Live – 5.64 Yahoo – 3.44 Yahoo – 5.84 LinkedIn – 4.09
  • 18 © 2014 CA. ALL RIGHTS RESERVED. How does BYOID add value? Q10. How do the creation and/or use of digital identities add value to your organization? Please select all that apply. 1 13 29 21 25 49 21 37 23 53 54 67 2 21 18 32 36 55 43 40 76 79 55 38 Other Generates new revenues Enables self-service processes Enhances innovations in products & services Decreases customer turnover (churn) Streamlines operations & logistics Increases customer acquisition Increases employee/customer productivity Increases the effectiveness of marketing activities Delivers a better customer experience Reduces the cost of insecurity (impersonation risk) Strengthens the authentication process IT User Business User
  • 19 © 2014 CA. ALL RIGHTS RESERVED. Measuring BYOID value Q11a. Does your organization attempt to measure the added value resulting from the creation and/or use of digital identities? 27 62 11 IT User 59 38 3 Business User
  • 20 © 2014 CA. ALL RIGHTS RESERVED. How do you measure BYOID value? Q11b. If yes, how do you measure this added value? Select all that apply. 0 14 0 56 72 8 63 1 12 78 Other Cross-selling/incremental revenue Brand loyalty Risk & fraud reduction Cost reduction IT User Business User 8 1
  • 21 © 2014 CA. ALL RIGHTS RESERVED. Future value of BYOID Q12. In your opinion, how will the added value resulting from the creation and/or use of digital identities change over the next 24 months? 47 34 416 IT User 59 26 1 14 Business User
  • 22 © 2014 CA. ALL RIGHTS RESERVED. Future cost of digital identities Q13. In your opinion, how will the total cost incurred by your organization to create, use and maintain digital identities change over the next 24 months? 33 48 316 IT User 49 28 2 21 Business User
  • 23 © 2014 CA. ALL RIGHTS RESERVED. Features likely to increase BYOID adoption Q14. Which of the following features would most likely increase BYOID adoption within your organization? Select all that apply. 20 30 37 56 57 73 66 11 30 27 71 37 71 33 Risk-based evaluation of account recovery processes and user identity Simplified password or account recovery SMS mechanisms for user validation Simplified user registration Identity provider implementing fraud risk engines Identity validation processes Multi-factor authentication IT User Business User
  • 24 © 2014 CA. ALL RIGHTS RESERVED. Added factors for added control Q15. What factors would you add to a digital identity to increase control or scrutiny by your organization? Select all that apply. 39 52 32 24 22 44 18 66 7 2 59 25 Risk-based evaluation Mobile device factors Smart cards One-time tokens Passive factos such as geo-location 4-digit PIN IT User Business User
  • 25 © 2014 CA. ALL RIGHTS RESERVED. Useful BYOID characteristics Q16. As a BYOID relying party, what characteristics about digital identity known to the identity provider would be useful? Select all that apply. 55 31 23 45 60 56 69 49 15 15 35 55 29 62 Length of user account lifetime Token expiration Account recycle notification Account suspension notification Abuse account use History of identity takeovers History of password resets IT User Business User
  • 26 © 2014 CA. ALL RIGHTS RESERVED. Increasing the value of a BYOID provider Q17. What additional information or services would increase the value of the BYOID identity provider? Select all that apply. 32 16 29 46 24 13 60 73 86 86 None of the above Access to payment systems Payment information Validated phone number Current shipping address IT User Business User
  • 27 © 2014 CA. ALL RIGHTS RESERVED. BYOID benefits of interest Q18. Which BYOID benefits are of most interest to your organization? Select all that apply. 1 46 45 14 48 49 57 58 74 55 11 1 62 5 56 75 78 25 25 63 21 43 Other Access to fresh identity information Security enhancements Increased revenue Simplified engagement for users Reduced friction in user experience Contractor on-boarding Employee on-boarding Indentity validation Fraud/risk evaluation & reduction Targeted marketing IT User Business User
  • 28 © 2014 CA. ALL RIGHTS RESERVED. Importance of accreditation Q19. How important is formal accreditation of the BYOID identity provider? 29 30 2115 5 IT User 12 15 48 22 3 Business User
  • 29 © 2014 CA. ALL RIGHTS RESERVED. Minimum BYOID provider assurance level Q20. What is the minimum level of assurance you would be willing to accept from a BYOID identity provider? 22 26 30 21 8 13 38 41 Provides multi-factor remote authentication only using hard cryptographic tokens Provides multi-factor remote authentication using sofy cryptographic tokens, hard cryptographic tokens, and/or one-time password tokens Single factor authentication using a wide range of available authentication technologies None (no assurance necessary) IT User Business User
  • 30 © 2014 CA. ALL RIGHTS RESERVED. Best use case to show BYOID benefit Q21. What use case would you choose to demonstrate the benefits of BYOID within your organization? 21 20 17 12 30 8 11 4 29 49 Support for specific mobile initiatives On-boarding employees On-boarding contractors Accepting social identities to access additional attributes that drive targeted marketing promotions Streamline online user registration process for new customer acquisition IT User Business User
  • 31 © 2014 CA. ALL RIGHTS RESERVED. BYOID inhibitors Q22. In your opinion, what is the most significant inhibitor to BYOID deployment? 0 19 34 12 21 14 1 8 19 18 23 31 Other Loss of control Risk & liability concerns Lack of a compelling business case Complexity Cost IT User Business User 1
  • 32 © 2014 CA. ALL RIGHTS RESERVED. Preferred payment for BYOID services Q23. What is your preferred payment method for BYOID services? 0 53 26 21 2 37 17 44 Other Single annual fee regardless of user size Fee per transaction Flat fee per user IT User Business User 2
  • 33 © 2014 CA. ALL RIGHTS RESERVED. Conclusion: A New Value-Based View of Identity is Emerging: Risk-based has dominated for the last decade but that is changing Evolving towards a more value/customer-centric view of identity Key is finding appropriate balance between both Value-basedRisk-based IT/IT Security Line of Business
  • 34 © 2014 CA. ALL RIGHTS RESERVED. Sample Sizes IT User Business User Total % of total sample USA/Canada 570 428 998 32% Australia 99 110 209 7% Brazil 158 185 343 11% France 127 148 275 9% Germany 182 180 362 13% India 141 152 293 8% Italy 143 131 274 8% UK 169 192 361 12% TOTAL 1,589 1,526 3,115 Other demographic Info • 100% of respondents were from companies with >1,000 employees • 75% of respondents were from companies with $500M+ in annual revenue • Target titles for IT users were CIO/CISO; target titles for business users were VP/line of business manager • Even distribution across all common vertical markets
  • 35 © 2014 CA. ALL RIGHTS RESERVED. For more information …. … visit our Website to see more analysis and opinion on the survey data. http://www.ca.com/lpg/ponemon-study.aspx Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. No unauthorized use, copying or distribution permitted. THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connection with this presentation, including, without limitation, lost profits, lost investment, business interruption, goodwill, or lost data, even if CA is expressly advised of the possibility of such damages.