CIS14: Global Trends in BYOID
-
Upload
cloudidsummit -
Category
Technology
-
view
240 -
download
2
description
Transcript of CIS14: Global Trends in BYOID
Global Trends in BYOID
Merri4 Maxim CA Technologies
July 21, 2014
2 © 2014 CA. ALL RIGHTS RESERVED.
abstract
§ While Bring Your Own IdenLty (BYOID) can deliver tangible benefits to end users and relying parLes, these benefits are accompanied with potenLal risks and liability concerns.
§ CA Technologies and The Ponemon InsLtute recently conducted a worldwide survey of over 3,000 IT users and business users to understand the value, benefits and concerns that organizaLons have around using BYOID.
§ This session will review the key findings from the Ponemon Survey, deliver insight into the current state of BYOID and provide guidance on how enterprises can overcome these barriers to gain the maximum value from BYOID without unnecessarily increasing risk or fraud.
3 © 2014 CA. ALL RIGHTS RESERVED.
§ 17+ years of product management/product markeLng experience – SecurityDynamics – RSA Security – Netegrity – OpenPages – CA Technologies
§ Tracking/stalking me: – [email protected] – www.twi4er.com/merri4maxim
About me
4 © 2014 CA. ALL RIGHTS RESERVED.
The Promise of BYOID Reduce complexity, improve user experience
5 © 2014 CA. ALL RIGHTS RESERVED.
The Challenge of BYOID “I am Losing Control”
6 © 2014 CA. ALL RIGHTS RESERVED.
Survey Summary
§ In early 2014, CA worked with The Ponemon InsLtute to develop a market survey to gauge interest and adopLon of BYOID across 8 geographic regions – USA/Canada
– Australia
– Brazil
– France
– Germany
– India
– UK
– Italy
7 © 2014 CA. ALL RIGHTS RESERVED.
Different personas explored in this survey
IT User • I need to manage
customer data • I need to keep
sensiLve data secure • I need to meet
compliance and policy mandates
Business User • I want to simplify
the customer experience
• I want to know more about my customers to help improve retenLon and drive incremental revenue
8 © 2014 CA. ALL RIGHTS RESERVED.
Sample Sizes IT User Business User Total % of total
sample
USA/Canada 570 428 998 32%
Australia 99 110 209 7%
Brazil 158 185 343 11%
France 127 148 275 9%
Germany 182 180 362 13%
India 141 152 293 8%
Italy 143 131 274 8%
UK 169 192 361 12%
TOTAL 1,589 1,526 3,115
Other demographic Info • 100% of respondents were from companies with >1,000 employees • 75% of respondents were from companies with $500M+ in annual revenue • Target Ltles for IT users were CIO/CISO; target Ltles for business users were VP/line of
business manager • Even distribuLon across all common verLcal markets
9 © 2014 CA. ALL RIGHTS RESERVED.
General Findings
§ Need to simplify user experience is driving interest in BYOID
§ Mobile and web customers are driving need for BYOID
§ Security enhancements sLll needed to drive more BYOID adopLon
§ Business users & IT users have different opinions on value of BYOID
Key Survey Findings
11 © 2014 CA. ALL RIGHTS RESERVED.
Interest in BYOID is highest for online & mobile users
§ SupporLng survey data – Q5. “How would you rate your organiza1on’s level of interest in accep1ng
digital iden11es for any of the following user popula1ons? § Employees, Contractors, Re1rees, Job prospects, Mobile users, Website users
– 82% of all business users across all regions responded “Very High” or “High” for mobile users
– 79% of all business users across all regions responded “Very High” or “High” for website users
– None of the other idenLty types were even close
§ Key takeaway: – Customers want and expect a simple user experience => BYOID can assist
12 © 2014 CA. ALL RIGHTS RESERVED.
IT Users and Business Users are looking at BYOID for different reasons
§ Q3: “What are the main reasons for BYOID adop1on in your organiza1on today? Please select all that apply.” – 95% of business users selected “To capture a4ributes about users from
external sources” v. only 26% of IT users who selected same AND – 48% of IT users also selected “To outsource password reset acLviLes to
idenLty providers ” v. only 9% of business users who selected same
§ Key takeaway: – Business sees value in BYOID for gathering customer data whereas IT sees
BYOID as more of a cost savings iniLaLve
13 © 2014 CA. ALL RIGHTS RESERVED.
Business users and IT users see different BYOID benefits
Top 3 BYOID Benefits for IT Users Top 3 BYOID Benefits for Business Users
IdenLty ValidaLon-‐74% Reduced fricLon in user experience-‐78%
Contractor on-‐boarding-‐57% Simplified engagement for end users-‐ 75%
Fraud / risk evaluaLon & reducLon-‐55% IdenLty ValidaLon-‐63%
Q18. “Which BYOID benefits are of most interest to your organiza1on? Select all that apply • Targeted marke1ng • Fraud/risk evalua1on • Iden1ty valida1on • Contractor on-‐boarding, • Reduced fric1on in user experience, • Simplified engagement for end users • Increased revenue • Security enhancements • Access to fresh iden1ty informa1on
14 © 2014 CA. ALL RIGHTS RESERVED.
Ranking IdPs that you would accept at your employer
Top Ranked IdP for IT User
Lowest Ranked IdP for IT User
Top Ranked IdP for Business
User
Lowest Ranked IdP for
Business User
USA/Canada PayPal Yahoo PayPal Yahoo
Australia PayPal Yahoo Amazon Facebook
Brazil PayPal Yahoo Yahoo LinkedIn
France PayPal Yahoo/Facebook Amazon Google
Germany PayPal Yahoo Microsoq Google
India PayPal Yahoo PayPal Facebook
Italy PayPal Facebook Amazon Facebook
UK PayPal Yahoo Microsoq Google
Q8: “Please rank the following iden1ty providers in order of interest to your organiza1on. 1 = of most interested and 7 = of least interest. If possible, please avoid 1es.”
15 © 2014 CA. ALL RIGHTS RESERVED.
Ranking IdPs that you would prefer to use as an individual
Top Ranked IdP for IT User
Lowest Ranked IdP for IT User
Top Ranked IdP for Business
User
Lowest Ranked IdP for
Business User
USA/Canada Google Yahoo Google Yahoo
Australia Google Yahoo Amazon PayPal
Brazil Google Yahoo Google LinkedIn
France Google Yahoo Amazon LinkedIn
Germany Google Yahoo Facebook LinkedIn
India Google Yahoo Facebook LinkedIn
Italy Google Yahoo Google Yahoo
UK Google Microsoq Yahoo LinkedIn
Q9. “Please rank the following iden1ty providers in order of interest to you as an individual accessing other organiza1ons or service providers. 1 = of most interested and 7 = of least interest. If possible, please avoid 1es.”
16 © 2014 CA. ALL RIGHTS RESERVED.
Preferred IdPs as organizaLon v. as individual (aggregated across all geographies)
Highest Priority Lowest Priority
QuesKon 8-‐as employer
IT User PayPal Yahoo
Business User Amazon Facebook
QuesKon 9-‐as individual
IT User Google Yahoo
Business User Facebook LinkedIn
Intriguing contrast between what business user wants to use as IdP for their employer v. what they want to use personally
17 © 2014 CA. ALL RIGHTS RESERVED.
Features that could accelerate BYOID adopLon
Top 3 Preferred Features for IT Users Top 3 Preferred Features for Business Users
IdenLty validaLon processes-‐73% IdenLty validaLon processes-‐71%
MulL-‐factor authenLcaLon-‐66% Simplified user registraLon-‐71%
IdenLty provider implemenLng fraud risk engines-‐57%
IdenLty provider implemenLng fraud risk engines-‐37%
Q14. ““Which of the following features would most likely increase BYOID adop1on within your organiza1on? Please select all that apply.” • Mul1-‐factor auth • Iden1ty valida1on processes • Iden1ty provider implemen1ng fraud risk engines • Simplified user registra1on • SMS processes for user valida1on • Password recovery func1onality • Risk based evalua1on of password recovery processes
18 © 2014 CA. ALL RIGHTS RESERVED.
Supplemental data that would increase value of IdPs
Top 3 Preferred Data for IT Users Top 3 Preferred Data for Business Users
Validated phone number-‐46% Current shipping address-‐86%
None of the above-‐34% Validated phone number-‐86%
Payment informaLon-‐ 29% Payment informaLon-‐ 73%
Q17. What addi1onal informa1on or services would increase the value of the BYOID iden1ty provider? Please select all that apply. • Current shipping address • Validated phone number • Payment informa1on • Access to payment systems • None of the above
19 © 2014 CA. ALL RIGHTS RESERVED.
Factors that would enhance BYOID efforts
Top 3 Preferred Factors for IT Users Top 3 Preferred Factors for Business Users
Mobile device factors-‐52% Mobile device factors-‐66%
4 digit PIN-‐44% Passive factors such as geolocaLon-‐59%
Risk-‐based evaluaLon-‐39% 4 digit PIN-‐25%
Q15 “What factors would you add to a digital idenLty to increase control or scruLny by your organizaLon? Select all that apply.” • 4-‐digit PIN • Passive factors such as geo-‐loca1on • One-‐1me tokens • Smart cards • Mobile device factors • Risk-‐based evalua1on
20 © 2014 CA. ALL RIGHTS RESERVED.
Conclusion: A New Value-‐Based View of IdenLty is Emerging:
Risk-‐based has dominated for the last decade but that is changing Evolving towards a more value/customer-‐centric view of idenKty Key is finding appropriate balance between both
Value-‐based Risk-‐based
IT/IT Security Line of Business
21 © 2014 CA. ALL RIGHTS RESERVED.
BYOID is a Joint Responsibility IT User + Business User Must Collaborate
22 © 2014 CA. ALL RIGHTS RESERVED.
Next Steps and Q&A
§ Survey available next Monday – Email me for copy OR – Follow me on Twi4er (@merri4maxim)-‐I’ll tweet bit.ly link for results
§ ParLcipate in Tweetchat on this topic – July 29 at 1pm Eastern – Follow hashtag #TechViews to parLcipate
§ External webinar on August 7 with Larry Ponemon to discuss survey results
Senior Principal, Product MarkeLng
@merri4maxim
slideshare.net/CAinc
linkedin.com/company/ca-‐technologies
ca.com
MerriY Maxim
24 © 2014 CA. ALL RIGHTS RESERVED.
Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respecLve companies. No unauthorized use, copying or distribuLon permi4ed.
THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the informaLon. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connecLon with this presentaLon, including, without limitaLon, lost profits, lost investment, business interrupLon, goodwill, or lost data, even if CA is expressly advised of the possibility of such damages.