Bringing Your Own Identities: The New Reality

By Robert Block ·

I have worked in Identity Management for more than 12 years, constantly monitoring (and at times influencing) its evolution. My employer, FishNet Security, recently acquired my former company, Logic Trends. This acquisition has caused a massive inventory and maintenance of my identities. It has also caused some serious reflection on the number, quality, frequency of use and criticalness of those identities.

Mergers and acquisitions are a VERY common theme, and with those mergers comes this idea of having to bring with each acquired person their identity (or, in most cases, identities). Let’s take a quick look at my inventory:

  • Old Corporate (Logic Trends)
    • Benefits/HR
    • Salesforce (was a shared log-on)
    • OpenAir (was the same as Network)
    • Email
    • 401k
  • New Corporate (FishNet Security)
    • Benefits/HR
    • Salesforce (individual log-on)
    • OpenAir (individual log-on)
    • Network (domain-authenticated user)
    • O365 (legacy LT account for Lync purposes)
    • VPN (domain credentials)
    • 401k
  • Personal
    • LinkedIn (still set to my old LT email)
    • Facebook (built on Gmail account)
    • Gmail
    • Yahoo (for music services and other services tied to U-Verse)
    • Apple-ID (tied to Gmail)
    • Bank
    • eBay
    • PayPal
    • Travel Partners sites (hotel, airlines, rental cars, etc.)

I am sure there are more, but you get the point. I have noticed in my personal world that new services I wish to consume (games, news, music, etc.) have allowed me to opt out of creating a “new” identity and use an existing “valid” identity from a current service such as Facebook or Twitter. Today this is primarily driven by marketing (the new service I want wants me to be able to share that I am using it with my friends, so I am able to choose that log-on instead). However, this has been extremely convenient, and something I believe will continue to evolve, so much so that I believe we will see Facebook and Twitter (not exclusive to just these two) begin to provide true Identity “validation” services to other business (on behalf of the end user consumer).

I think about how this current corporate acquisition (FishNet Security/Logic Trends) has gone — for the most part quite smoothly — but it was just that — a corporate acquisition. FishNet Security had little to nothing to do with my personal transition, yet I am sure they care that I have now added their logo to my LinkedIn as well as Facebook page. I see integration between these largely separate areas of life (corporate and other) being continually merged for many reasons, and I see the need to “validate” my identities’ existences as becoming more of a reality.

BYOD (Bring Your Own Device) is all the buzz – BYOId (Bring Your Own Identity) is quickly joining the conversation. Here is what we’re seeing:

  1. Millions of dollars are spent each year by corporations validating identity.
  2. Service providers such as Twitter and Facebook also spent millions of dollars validating your identity.
  3. For marketing and revenue purposes, Facebook and Twitter are aggressively creating circles of trust so that your native ID can be leveraged by those additional service providers.
  4. Corporations are no longer exclusively shunning social media.
  5. Corporations are being pushed (in certain industries like retail) by their consumers to more rapidly adopt their social credentials as valid identities.
  6. Corporations are more readily entering into conversations regarding the outsourcing of identity as a service.

It is these six drivers that I believe will continue to “push” the maturation of “Bringing Your Own (insert valid) Identity.” The next blog about this will cover a breakdown of the standards and services looking to make BYOId a reality.