Analysts to Explore Tomorrow's Identity and Access Management Demands at Gartner Identity & Access Management Summit 2013, March 11-12, in London, U.K.
By the end of 2015, 50 percent of new retail customer identities will be based on social network identities, up from less than 5 percent today, according to Gartner, Inc. Along with federation technologies and mobile computing, social identity adoption will have a major impact on the practice of identity and access management (IAM) in 2013 and beyond.
“For an increasing number of Internet users, social networks are the Internet. Using ‘login with Facebook’ — or other popular social networks — reduces friction and therefore improves users' experience of customer registration and subsequent login,” said Ant Allan, research vice president at Gartner. “For registration, the required personal information can be imported from users' social profiles, reducing — if not eliminating — form filling. Moreover, using a social network identity means users don't have to remember rarely used passwords or endure convoluted password reset processes when they forget them.”
Mr. Allan added that organizations also benefit from the use of social identities for authentication. It reduces the number of abandoned registrations and logins, and makes it easier for customers to browse and buy. Therefore, it also helps organizations attract and retain customers.
However, the lack of identity proofing and weak authentication for social network identities can expose merchants to more fraud. Service providers therefore have to defend themselves. They may allow social network registration, but augment the process with additional controls when a retail site provides access to sensitive data and monetary transactions. Alternatively, merchants may accept the increased risk without additional controls because of the potential increase in the number of customers and the volume of purchases; this approach "passes the buck" to payment card companies — but they already have robust fraud detection and management tools and processes in place.
“It's important for IT leaders to remember that, despite the increased risk of fraud, social network identity proofing and user authentication are no worse than the practices currently used by many businesses. In fact, social network identities could offer better identity proofing than ‘raw’ customer registration. This is because social network analysis can potentially identify bogus social identities, and some vendors can exploit the ‘wisdom of crowds’ to verify claimed social network identities,” said Mr. Allan. “There will be increased demand for specialized vendors that support this use of social network identities, as well as for support for the OAuth and OpenID Connect specifications in traditional IAM vendors' Web access management and federation products."
“However, using social network identities for authentication may not suit all organizations. Businesses offering consumer-facing services, as well as government agencies offering citizen portals, should assess the benefits of accepting social network identities for customer and citizen registration and login,” Mr. Allan said. “They must also weigh these against the risks posed by the lack of identity proofing and weak authentication for social network identities. Mitigating these additional risks may offset any cost savings.”
Gartner analysts will explore these topics at the Gartner Identity & Access Management Summit 2013, March 11-12, in London. For further information about the Summit, please visit gartner.com/eu/iam. You can also follow the event on Twitter at http://twitter.com/Gartner_inc using #GartnerIAM.
About the Gartner Identity & Access Management Summit
The Gartner Identity &Access Management Summit aims to identify the technology, tools and techniques needed to establish effective IAM programs at a time when the Nexus of Forces — mobile, cloud, information and social — presents new challenges and opportunities to chief information security officers and IAM leaders.
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. The company delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the valuable partner to clients in approximately 10,000 distinct enterprises worldwide. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 7,900 associates, including more than 1,700 research analysts and consultants, and clients in more than 90 countries. For more information, visit www.gartner.com.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.