Mobile security—discussed much, solved never? BYO has added complexity that companies are having a hard time addressing. Recent data breaches have shown that no organization or user is invulnerable.
Employees are not helping because they don't perceive themselves as a risk. Password practices are weak, so why does research indicate that not only is BYOID a good idea, but it's an asset for marketing?
Both the lines of business and IT departments see value in bring your own identity initiatives, where social networking or digital IDs are used for application login. The groups also agree, however, that more security is needed to increase BYOID adoption.
A report, "The Identity Imperative for the Open Enterprise 2014," conducted by the Ponemon Institute and CA Technologies, examines business user and IT department attitudes toward BYOID.
"n today's application-driven economy, access to applications has to be simple and secure. BYOID is an increasingly popular option for simplifying access. It can also reduce the need to create new accounts for every site, which leads to registration fatigue and abandoned shopping carts," said Mike Denning, senior vice president and general manager, Security, CA Technologies.
There is a high global awareness of BYOID, with 61% of IT users saying they are very familiar or familiar, and 55% of business users saying they have a high level of familiarity with BYOID.
BYOID deployment using social IDs is still in its infancy, but the appeal is up, especially for mobile and web customer populations—50% of IT and 63% of business users express high or very high interest in BYOID and using social identities such as Facebook, LinkedIn or Yahoo.
Customers engaging with the business via the Web and mobile device were the highest rated targets for digital identity engagement for the business of course, but for IT, the targets were fairly evenly distributed among customers, job recruits, employees, contractors and retirees.
Ownership of digital identities is dispersed throughout an organization, where IT users say such ownership is most likely shared throughout the organization, lines of business or IT. Business users say it is lines of business, data analytics and marketing and sales.
This report concludes that the results reinforce the need for collaboration across IT and business functions and suggests creating cross-functional alliances to encourage cooperation and teamwork to achieve greater value from BYOID
Perceived Value and Use Cases
Identity is now viewed as a contributing growth asset as well as a security component. Both IT (69%) and business users (65%) agreed that an important reason for BYOID adoption in their organization was to achieve a stronger identity credential and get a higher level of confidence that a user is who he says he is.
But business users cited capturing attributes about users as the biggest benefit (95%). This indicates an evolving view of identity. No longer viewed as simply a component for protecting data, identity is now seen as a value asset that can provide data which could drive incremental revenue and help maintain customers.
The most common BYOID use case named by 30% of IT and 40% of business users, involves making registration easier for users. Business users' second highest priority BYOID use case is to access additional identity attributes for targeted marketing purposes, but for IT it's all about supporting specific mobile initiatives and on-boarding employees.
Additional security developments could drive increased BYOID adoption. The majority of IT (72%) and business users (70%) said "identity validation processes" would help increase BYOID adoption.
Implementing fraud risk engines also rated among the top three across both groups. Interestingly, only 27% of business respondents believed formal accreditation of the identity provider was very important/essential, while 59% of IT users believe formal accreditation is very important /essential.
Perception of Identity Providers
Respondents' preferred identity provider varied based on the situation and region. When asked what social ID was of most interest to their organization, IT users ranked PayPal as the preferred identity provider across all regions.
Business user responses varied with Amazon edging out PayPal and Microsoft. When asked what social ID respondents preferred as a consumer, Google was highest ranked among both IT users and business users.
Barriers to Adoption
IT users have legitimate risk and liability concerns, according to the report, that may inhibit broader adoption.
First, some business users still resist utilizing a third party identity due to privacy concerns and a need to maintain anonymity. Some are also concerned about using a third party identity for certain transactions or scenarios.
They might be perfectly satisfied with using social login to access a newspaper, but will not do the same to access their online banking account, for example.
Organizations that accept third party identities also worry about instances where an identity is compromised and non-legitimate access is granted to applications or customer data. This adds to the complexity of how liability is handled in the event of a data breach or compromise.
Complexity is not erased either, as 21% of IT users cite it as a concern along with a loss of control (19%).
"A holistic examination of the attitudes uncovered in the research show two clear views of identity," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "IT continues to take a traditional risk-based, security view of dealing with identities, while the business side takes a more value-based, customer-centric view of identity. In order to gain the most value from any BYOID initiative, these two groups must collaborate and become allies for secure business growth."
The report concludes that BYOID is a "promising trend" and offers 3 tips to help companies see if BYOID as part of their strategy is right for them.
Engage IT and business in collaborative discussion around BYOID.
Conduct BYOID risk assessment.
Monitor BYOID trends.