The Future of Citizen Identity and Access Management
Highlights from Simeio’s June 17th “Ask Me Anything: Citizen identity and access management.”
Last Wednesday’s “Ask Me Anything Coffee Talk Series” was another interesting and informative session. The topic was “Citizen identity and access management.” The session hosts were Balraj Dhillon, Engagement Director – Key Accounts at Simeio Solutions, and Baber Amin, Chief Technology Officer at Ping Identity. Here are some of the highlights from the session.
What is citizen identity and access management?
The demand for digital access is a driving force for CIAM. While organizations used to deploy CIAM as a competitive advantage, it has become a necessary tool for their operations and interactions with stakeholders, and citizens via government agencies.
Societies are continuing the move toward remote services using digital methods for benefits, like Social Security, Medicare, unemployment, and other services from local, state, and national government agencies. As digital services increase, CIAM becomes a critical capability, to ensure the right user is accessing the appropriate device, data, and services.
CIOs and CTOs may have been driving digital transformation, but the new driver is COVID-19. While face-to-face visits to government offices may not be available today, citizens can easily apply for, and receive services remotely, using their digital devices. Because government agencies reach diverse demographics, where individuals aren’t technically savvy, “user-friendliness” is of paramount importance for signing-up, or registering digitally, and must be as easy as possible. In Canada, the government responded to the COVID-19 crisis with a new CIAM solution for public healthcare services. As soon as they began issuing benefits, they had a massive increase in user identities.
How has CIAM changed in the last five years?
CIAM has evolved from simply registration and authentication. It has advanced from being a front door to a front door with many checks. There is a push for compliance policies regarding consent management and privacy, like GDPR and CCPA. Privacy groups and government agencies have been leading these efforts to protect consumers and citizens.
However, data privacy is still in the early days. Over the next few years, we will see AI and ML play a more central role. For personally identifiable information attributes, or PII, the future is not about protecting the attributes; it’s about making sure the individual asserting those attributes is the right person. Leveraging all the “bread crumbs” and metadata associated with that person’s identity, like their behavior and location patterns, needs to be protected. How that data is used, the way it might impact the user and the services offered or declined, are really important to understand from a privacy perspective. It will be interesting to see how customer demand will drive these in the future.
Another aspect that has changed, is the consumerization of technology. As security tools become more consumer-focused, they change our expectations. Five years ago, logging-in using fingerprints was not a common practice. However, smartphones made accessing a device with fingerprints commonplace for everyone, not just the seven people in an IT department accessing the server room.
Identity proofing has come a long way in the last five years. I recently opened a brokerage account online. I took a picture of my passport, and twenty-four hours later, the anti-money laundering and “know your customer” process was complete. This wasn’t possible five years ago. Or if it was, it was very esoteric.
What trends will influence the future of CIAM?
I came from a healthcare background, and I see the unification of data and leveraging it to provide better patient care. Understanding the user, and enabling AI capabilities, will make CIAM more interactive to provide better care and greater access to services. All this will be coupled with data privacy.
There are challenges that need to be solved around remote identity proofing, for both the service provider and the user. Remote proofing is really difficult. It introduces new temporal and geo-location challenges. And it makes everything more asynchronous.
With regard to healthcare, telemedicine will continue to evolve. Particularly, as IoT devices are sent to you for monitoring. CPAP machines are an example of devices already doing this. But, how do healthcare workers know if the device is in the correct state? The biggest challenge with IoT devices is in the integrity of the data the devices produce.
I also see immersive VR playing a large role in real estate transactions. It’s all about the data. How can you be sure data streaming from that device is from the actual house you are buying? CIAM will ensure the integrity, or authenticity, of that data.
We’ve just touched upon some of the conversation. If you want to learn more, you can watch this, and other on-demand Coffee Talk sessions at https://www.brighttalk.com/channel/17142.
We hope you can join our next Coffee Talk where you can chat with IAM experts, ask questions and gain insights into how you can lower operational costs, and achieve greater security and privacy using IAM. Click here to sign-up.