Trends in Digital Identity Management
Posted May 31, 2018
In this episode Frank is joined by Rooly Eliezerov, President and Co-founder of Gigya, which is now owned by SAP. They explore trends in sovereign identity, GDPR and blockchain.
Frank: Hey everybody, welcome to another edition of Digital Identity 360. We’re honored today to have Rooly Eliezerov with us from Gigya. Rooly, it’s a pleasure. Thanks for taking your afternoon or evening I guess for you to come and speak with us.
Rooly: Thank you for having me.
Frank: So, you know Rooly, in getting prepared for this episode it was interesting to kind of look at your background. You’ve written a book called “Digital Identity Crisis”, which I found interesting because we find ourselves, as a company, at the forefront of adopting digital identities through eCommerce. As a B2B to C company, digital identity is becoming a very very big issue for us. Why did you pick the book identity and crisis? I mean, that’s an interesting title, maybe expand on that a little bit.
Rooly: First of all, my entire practice is around identity, as Co-founder of Gigya, which provides a platform for digital identity management. And what I’ve seen throughout the years is how we, people around the world, extend our identity to the virtual space. It’s not just going to the internet to consumer or into that space and we begin to understand that there is not much control over all these parts of our identity and I think that we hear now with Facebook story, a representation of a broader phenomenon, where people begin to realize that they have no control over parts of who they are, where data resides and not only where but what is being done with that.
Frank: It’s interesting, because I think the extension of that is, if in fact I have an identity, I begin to lose control of by virtue of just the enormous amount of transactional information and stuff that I do online. Naturally, leads to regulation and we’re seeing this obviously in Europe with GDPR. What’s your view of that nexus between these growing digital identities, the proliferation of these identities throughout the internet, and now the regulatory bodies trying to kind of swoop in to control that?
Rooly: Right, so I think this had to come at some point. For years the internet has been the Wild West. Companies were trading our information without our knowledge or consent. At some point, when the public pushed for it, the regulator put some structure in place. All GDPR is about transparency and control. It’s just letting people know. It’s requiring companies and any entity that collects personal data to be transparent and to give control, so I can choose if I want it deleted or how it’s being used.
Frank: It’s interesting from our perspective, really. It creates a potential interesting tension point. On the one hand, good returning customers, I would imagine are less like to be forgotten with sites that they travel to a lot, you know, businesses they trust, those kinds of things. On the other hand, bad actors will be the first to ask to be forgotten. It kind of creates a potential crisis. So, the question is, as the May 25 deadline looms for GDPR, just this week, will people share more information or less. Or, are we going to se a tsunami of forget-me requests followed by kind of a normalization?
Rooly: So, I think here comes the part – not only the liability, but also the opportunity businesses have. I think overall people will share more, because they will get value. They want the value and they are willing to share. But, then comes the questions of trust. There will be those companies that will leverage this change and understand that it’s a part of a natural evolution of this internet and will use it to create a long-lasting relationship with their customers. The others that will continue to try and do all these kind of tricks, I think they will begin to lose trust, and therefore their businesses. So, overall people will share more, but only with the companies they trust. And, the play here is to create this long-lasting relationship with your customer.
Frank: Absolutely. It’s interesting you said that because on the internet trust is the only currency that matters. At the end of the day, I trust you or I don’t. And, so, we’re seeing in our business as people move quickly to do the transformation and it creates all kinds of tensions, as you know. You’re deep in the weeds with that in your practice. But, people are now saying, look, if I really have trust in my customer, why do I need passwords? Why can’t I have seamless authentication? What’s your view on this whole issue on trust, the death of passwords, if in fact they are going to die, and the whole idea of frictionless or seamless authentication throughout the experience?
Rooly: Very good question because I think everyone has it and almost on a daily basis. It’s a painful process to just find which password did I choose for this bank account or for that website. I think, first of all, passwords will die, but it will be a long process. However, we do see the beginning of the other solutions to replace passwords. One of them, I think interesting one, is called behavioral biometrics, which means, not the biometrics in sense if your iris or your fingerprint, but it’s the way you behave. The way you swipe the phone, or use the keyboard, or other signals like your location, and other related data that devices can supply today. What’s interesting, not that it will transparently identify or authenticate you, but it will also do will be constant, which means that the authentication will not be a gate, like binary situation – you’re either authenticated, but then you can do whatever you want. You’re constantly authenticated. It makes it even more secure.
Frank: It’s very interesting you say that. We have a theme at the company this year called “The Power to Predict.” Our view of the world is if I can understand how Rooly interacts with the digital world, is it a mobile device, a PC, whatever. Who Rooly is in totality across his different identities online, and most importantly, a real-time assessment of this behavior, I can be predictive. I think that’s where we’re headed. To your point, at the end of the day it’s my behavior today that’s going to predict my accessibility and my interactions with my partners on the internet. Think of this way. Franks a good consumer ’til he’s not. That’s very binary. So, if I’m not tracking that behavior in real-time, it’s very very difficult to really understand and impute trust on a consumer. What are your views on this concept of sovereign identity? People are no saying look, ultimately the digital identity is going to replace all analog forms of identity. We’re going to this kind of broad sovereign identity. What are your views on that?
Rooly: I really am fascinated by this idea. Actually, the idea of having people or individuals own their identity is being in the identity experts community for years and years. However, when blockchain arrived that was the first time when it’s technologically actually feasible. The idea that on one hand we don’t want one civic entity to own our identity like Facebook, or Google, or even the government. We really look for, maybe to get there, that the even the government will not own your identity. On the other hand, you don’t want me to own my identity completely because I can then change it and make, for example, my credit score, or add a diploma, or something like that. With the blockchain, that’s a system that its decentralized and therefore nobody owns it. On the other hand, it’s trusted and secured. I think in this way, I’m very excited about it. There are some questions around when it will be adopted and for it becomes a critical mass. But when it happens, I think, for so many reasons it will make things much more right.
Frank: Yeah, isn’t it interesting, Rooly. You’re absolutely right as it relates to the immutability of the block chain. It’s really that inability to change it that in a weird sense will provide the authentication trust that you need for that identity to function across the internet, so very, very cool. Another interesting thing that we’re seeing in our business and you know we run probably 120, 130 million transactions a day through our network is just the inability for human beings to interact with that much data. So, AI is a big part of what we do, in a machine and so and so forth. How do you see AI playing in this whole concept of identity, sovereign identity, the block chain, etc.?
Rooly: Another very interesting topic which relates to identity. As our identity becomes more digital it means that its more…its data and therefore data can be used, analyzed, processed, and therefore decisions can be taken in a more, let’s say, analyzed way, or a more sophisticated way. I think that we already see people delegate their navigation decision to GPS apps. I see it coming. The more data we have, the more sophisticated the algorithms will be, the more we will delegate because it will simply by more correct in our own decision. On one hand, we already see it happening. I don’t know how much time we have to give examples, but as people are quantifying themselves and measure, their able to take more rational decisions. We see that it makes their life even better in many senses, not only productive and effective, but really on the mentality level. However, there are questions that when we delegate to computers our decisions as much as their more correct, we’re losing a little bit more of our humanity and individuality.
Frank: That’s right. Ironically, our identity. A little bit of our identity. Rooly, it’s interesting. What I find fascinating about this space is the speed and confluence of technology, consumer behavior, risks, threats, and so forth coming together, and how, really, as businesses move rapidly for digital transformation, move rapidly from PC and MAC based platforms to phones and mobile devices, how so much is accelerating and really for experts like you and others like us in the identity world, it’s becoming something to grapple with. Consumers want it better, faster, less friction, more trustworthy, and at the same time, to your last point, am I losing a bit of myself in this digital identity. It’s very interesting.
Frank: As we close, top opportunity in digital identities and what worries you the most.
Rooly: In terms of opportunity, what I’m excited about is companies with right, moral values will be successful. That’s the thing I’m positive about. The thing I’m more afraid is related to security online. I think the amount of resources we as society and culture invest in security is small compared to how much we will need to invest. And, once you hack into an account you have so much breadth of data and then the risk will be greater. So, I think this is something we’ll need to keep an eye on.
Frank: Yeah. Really well said. I think in a very real sense it’s an arms race. As more and more people come on, more and more opportunity for the bad actors to monopolize and harvest that information, the more we have to invest in technologies in ways to ensure the security and frictionless journey of our customers at our businesses. Rooly, it’s been a real pleasure. Thank you for joining us today. Folks, this is Rooly. Check out “Digital Identity Crisis.” Rooly, a subject matter expert and domain expert in this field, and Rooly, we’re honored to have you. Thank you very much.
Rooly: Thank you very much.
Frank: My pleasure.