How Will Identity And Privacy Drive Digital Transformation?

We all have an identity – it’s what establishes who we are. In today’s connected world, the ability for businesses to understand the power of user and customer identity is pivotal to effective digital transformation. Those that can harness this power are able to deliver highly targeted services customers want, when they want them, through the medium most suitable to them. Those that cannot are destined for the business scrap heap.

Yet if identity management is so fundamentally important to future business success, why do so many businesses struggle with it? The main reason is their inability to fundamentally change the way they approach it. Traditional identity management solutions have long focused on internal security and employee-centric activity.

A new way of thinking

They were designed to manage the identities of a fixed number of users doing a rigid number of tasks. However, the type of strategy required for effective digital transformation turns this conventional thinking on its head, putting customer identity at the centre of the business model for the first time. For many businesses, this is uncharted territory. What’s more, there’s no way their existing legacy identity management systems can cope with this new approach, or the millions of external identities required for an effective customer-centric solution.

However, technology is evolving rapidly. Now there are user-centric identity platforms that provide businesses with the tools to build comprehensive customer profiles across multiple channels and touch points. In doing so, they can develop a digital picture of each customer and their habits, helping to guide the development of new, more meaningful products and services. As a result, customers get instantaneous, relevant delivery of digital and physical services. Importantly, they also benefit from intelligent security, based on dynamic characteristics such as location, device, time of day and familiarity.

However, the elephant in the room here is privacy. Businesses can’t offer more identity driven services without also implementing better privacy controls. Regardless of how good any new service is, adoption will suffer if customers feel that by using it, their privacy is being compromised. Furthermore, the impending arrival of the new EU Data Protection Regulation is likely to further intensify any issues caused by perceived disparity between identity and privacy when it comes into force (likely in 2017).

For a while now, the identity industry has been working to develop universal standards that give more effective privacy controls to users, delivering the peace of mind required to spur adoption of identity-driven services.

The prevailing identity and privacy-related standard used today is known as OAuth. You may not know it by name, but you’ve almost certainly come across OAuth in action online. It’s most commonly used as a way for a user to allow two sites or applications to exchange personal data on their behalf – for example, granting a specialized third-party Twitter mobile app access to your Twitter account to see and post tweets, or letting a news website access your email address and contact information through Facebook.

OAuth enables users to consent to sharing this data, creating easy mashups of information that make the online experience more convenient. It also lets users revoke access to their data should they change their mind at a later date. However, OAuth has some limitations. For example, while it enables data sharing between applications, it doesn’t allow data sharing with other people – sometimes called delegation. And because the apps’ business models rely on asking the user to join the sharing connection only at the last possible moment, users find that their privacy controls are far less granular than they want and expect.

User-Managed Access (UMA) is a next-generation privacy standard that builds on OAuth by putting the emphasis squarely on the user. UMA extends OAuth’s capabilities to authorise the sharing of a user’s data not only from app to app, but from person to person as well. UMA also provides users with a much greater level of control around how their data is shared. Similar to the Share feature on Google Apps, it lets users choose “scopes” of sharing based on specific rules (such as read and edit) that are specific to each app. And just like the Share feature, UMA allows users to “push” sharing to other people whenever they choose, as opposed to when an app requests access. All of these features add up to a greater level of flexibility that gives online users the chance to tailor what information they are sharing about themselves, with whom, and for how long.

Uptake of both standards will be critical to enabling better privacy controls for customers in the Internet of Things (IoT), making them more comfortable using new digital services and platforms. OAuth is a great place for any business to start; but increasingly consumers will expect the flexibility and customisation that the more advanced User-Managed Access standard permits.

Crucially, the concept of identity and privacy together creates the new “killer app” for businesses. As more and more devices and objects join the IoT, businesses must successfully balance services with effective privacy controls. You simply can’t undergo effective digital transformation without it. Ultimately, customers want to use new technology, but they also need assurance that their identity is being protected and shared in a responsible manner. Many businesses are embracing digital transformation, but only those who offer efficient identity management and effective privacy controls will reap the full rewards that it has to offer.

How much do you know about biometric technology? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

18 mins ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

1 hour ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

3 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

4 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

5 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

6 hours ago