cis14: global trends in byoid

Global Trends in BYOID

Merri4 Maxim CA Technologies

July 21, 2014

2 © 2014 CA. ALL RIGHTS RESERVED.

abstract

§  While Bring Your Own IdenLty (BYOID) can deliver tangible benefits to end users and relying parLes, these benefits are accompanied with potenLal risks and liability concerns.

§  CA Technologies and The Ponemon InsLtute recently conducted a worldwide survey of over 3,000 IT users and business users to understand the value, benefits and concerns that organizaLons have around using BYOID.

§  This session will review the key findings from the Ponemon Survey, deliver insight into the current state of BYOID and provide guidance on how enterprises can overcome these barriers to gain the maximum value from BYOID without unnecessarily increasing risk or fraud.


§  17+ years of product management/product markeLng experience –  SecurityDynamics –  RSA Security –  Netegrity –  OpenPages –  CA Technologies

§  Tracking/stalking me: –  [email protected] –  www.twi4er.com/merri4maxim

About me


The Promise of BYOID Reduce complexity, improve user experience


The Challenge of BYOID “I am Losing Control”


Survey Summary

§  In early 2014, CA worked with The Ponemon InsLtute to develop a market survey to gauge interest and adopLon of BYOID across 8 geographic regions –  USA/Canada

–  Australia

–  Brazil

–  France

–  Germany

–  India

–  UK

–  Italy


Different personas explored in this survey

IT User •  I need to manage

customer data •  I need to keep

sensiLve data secure •  I need to meet

compliance and policy mandates

Business User •  I want to simplify

the customer experience

•  I want to know more about my customers to help improve retenLon and drive incremental revenue


Sample Sizes IT User Business User Total % of total

sample

USA/Canada 570 428 998 32%

Australia 99 110 209 7%

Brazil 158 185 343 11%

France 127 148 275 9%

Germany 182 180 362 13%

India 141 152 293 8%

Italy 143 131 274 8%

UK 169 192 361 12%

TOTAL 1,589 1,526 3,115

Other demographic Info •  100% of respondents were from companies with >1,000 employees •  75% of respondents were from companies with $500M+ in annual revenue •  Target Ltles for IT users were CIO/CISO; target Ltles for business users were VP/line of

business manager •  Even distribuLon across all common verLcal markets


General Findings

§  Need to simplify user experience is driving interest in BYOID

§  Mobile and web customers are driving need for BYOID

§  Security enhancements sLll needed to drive more BYOID adopLon

§  Business users & IT users have different opinions on value of BYOID

Key Survey Findings


Interest in BYOID is highest for online & mobile users

§  SupporLng survey data –  Q5. “How would you rate your organiza1on’s level of interest in accep1ng

digital iden11es for any of the following user popula1ons? §  Employees, Contractors, Re1rees, Job prospects, Mobile users, Website users

–  82% of all business users across all regions responded “Very High” or “High” for mobile users

–  79% of all business users across all regions responded “Very High” or “High” for website users

–  None of the other idenLty types were even close

§  Key takeaway: –  Customers want and expect a simple user experience => BYOID can assist


IT Users and Business Users are looking at BYOID for different reasons

§  Q3: “What are the main reasons for BYOID adop1on in your organiza1on today? Please select all that apply.” –  95% of business users selected “To capture a4ributes about users from

external sources” v. only 26% of IT users who selected same AND –  48% of IT users also selected “To outsource password reset acLviLes to

idenLty providers ” v. only 9% of business users who selected same

§  Key takeaway: –  Business sees value in BYOID for gathering customer data whereas IT sees

BYOID as more of a cost savings iniLaLve


Business users and IT users see different BYOID benefits

Top 3 BYOID Benefits for IT Users Top 3 BYOID Benefits for Business Users

IdenLty ValidaLon-‐74% Reduced fricLon in user experience-‐78%

Contractor on-‐boarding-‐57% Simplified engagement for end users-‐ 75%

Fraud / risk evaluaLon & reducLon-‐55% IdenLty ValidaLon-‐63%

Q18. “Which BYOID benefits are of most interest to your organiza1on? Select all that apply •  Targeted marke1ng •  Fraud/risk evalua1on •  Iden1ty valida1on •  Contractor on-‐boarding, •  Reduced fric1on in user experience, •  Simplified engagement for end users •  Increased revenue •  Security enhancements •  Access to fresh iden1ty informa1on


Ranking IdPs that you would accept at your employer

Top Ranked IdP for IT User

Lowest Ranked IdP for IT User

Top Ranked IdP for Business

User

Lowest Ranked IdP for

Business User

USA/Canada PayPal Yahoo PayPal Yahoo

Australia PayPal Yahoo Amazon Facebook

Brazil PayPal Yahoo Yahoo LinkedIn

France PayPal Yahoo/Facebook Amazon Google

Germany PayPal Yahoo Microsoq Google

India PayPal Yahoo PayPal Facebook

Italy PayPal Facebook Amazon Facebook

UK PayPal Yahoo Microsoq Google

Q8: “Please rank the following iden1ty providers in order of interest to your organiza1on. 1 = of most interested and 7 = of least interest. If possible, please avoid 1es.”


Ranking IdPs that you would prefer to use as an individual

Top Ranked IdP for IT User

Lowest Ranked IdP for IT User

Top Ranked IdP for Business

User

Lowest Ranked IdP for

Business User

USA/Canada Google Yahoo Google Yahoo

Australia Google Yahoo Amazon PayPal

Brazil Google Yahoo Google LinkedIn

France Google Yahoo Amazon LinkedIn

Germany Google Yahoo Facebook LinkedIn

India Google Yahoo Facebook LinkedIn

Italy Google Yahoo Google Yahoo

UK Google Microsoq Yahoo LinkedIn

Q9. “Please rank the following iden1ty providers in order of interest to you as an individual accessing other organiza1ons or service providers. 1 = of most interested and 7 = of least interest. If possible, please avoid 1es.”


Preferred IdPs as organizaLon v. as individual (aggregated across all geographies)

Highest Priority Lowest Priority

QuesKon 8-‐as employer

IT User PayPal Yahoo

Business User Amazon Facebook

QuesKon 9-‐as individual

IT User Google Yahoo

Business User Facebook LinkedIn

Intriguing contrast between what business user wants to use as IdP for their employer v. what they want to use personally


Features that could accelerate BYOID adopLon

Top 3 Preferred Features for IT Users Top 3 Preferred Features for Business Users

IdenLty validaLon processes-‐73% IdenLty validaLon processes-‐71%

MulL-‐factor authenLcaLon-‐66% Simplified user registraLon-‐71%

IdenLty provider implemenLng fraud risk engines-‐57%

IdenLty provider implemenLng fraud risk engines-‐37%

Q14. ““Which of the following features would most likely increase BYOID adop1on within your organiza1on? Please select all that apply.” •  Mul1-‐factor auth •  Iden1ty valida1on processes •  Iden1ty provider implemen1ng fraud risk engines •  Simplified user registra1on •  SMS processes for user valida1on •  Password recovery func1onality •  Risk based evalua1on of password recovery processes


Supplemental data that would increase value of IdPs

Top 3 Preferred Data for IT Users Top 3 Preferred Data for Business Users

Validated phone number-‐46% Current shipping address-‐86%

None of the above-‐34% Validated phone number-‐86%

Payment informaLon-‐ 29% Payment informaLon-‐ 73%

Q17. What addi1onal informa1on or services would increase the value of the BYOID iden1ty provider? Please select all that apply. •  Current shipping address •  Validated phone number •  Payment informa1on •  Access to payment systems •  None of the above


Factors that would enhance BYOID efforts

Top 3 Preferred Factors for IT Users Top 3 Preferred Factors for Business Users

Mobile device factors-‐52% Mobile device factors-‐66%

4 digit PIN-‐44% Passive factors such as geolocaLon-‐59%

Risk-‐based evaluaLon-‐39% 4 digit PIN-‐25%

Q15 “What factors would you add to a digital idenLty to increase control or scruLny by your organizaLon? Select all that apply.” •  4-‐digit PIN •  Passive factors such as geo-‐loca1on •  One-‐1me tokens •  Smart cards •  Mobile device factors •  Risk-‐based evalua1on


Conclusion: A New Value-‐Based View of IdenLty is Emerging:

Risk-‐based has dominated for the last decade but that is changing Evolving towards a more value/customer-‐centric view of idenKty Key is finding appropriate balance between both

Value-‐based Risk-‐based

IT/IT Security Line of Business


BYOID is a Joint Responsibility IT User + Business User Must Collaborate


Next Steps and Q&A

§  Survey available next Monday –  Email me for copy OR –  Follow me on Twi4er (@merri4maxim)-‐I’ll tweet bit.ly link for results

§  ParLcipate in Tweetchat on this topic –  July 29 at 1pm Eastern –  Follow hashtag #TechViews to parLcipate

§  External webinar on August 7 with Larry Ponemon to discuss survey results

Senior Principal, Product MarkeLng

[email protected]

@merri4maxim

slideshare.net/CAinc

linkedin.com/company/ca-‐technologies

ca.com

MerriY Maxim


Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respecLve companies. No unauthorized use, copying or distribuLon permi4ed.

THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the informaLon. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connecLon with this presentaLon, including, without limitaLon, lost profits, lost investment, business interrupLon, goodwill, or lost data, even if CA is expressly advised of the possibility of such damages.

cis14: global trends in byoid

Technology