- Identity management solutions are traditionally associated with hardware tokens and passwords, and while these continue to be used and enhanced, they do not work for everyone (e.g., hardware tokens offer better assurance but can be expensive, and it can take time to ship a new token if someone loses one). Passwords will continue to be widely used, but remembering multiple passwords, for both personal and business use, requires keeping them simple or using the same ones over and over – which in itself defeats the whole purpose of security.
- Some enterprises are starting to move towards soft token multi-tenanted solutions that require multiple-factor authentication, yet are globally available in nature, flexible (with no limit on devices and options) and include authentication apps for smartphones and iPads. Service providers such as Verizon are offering identity management services based on a multi-tenanted authentication platform that is hosted and managed by the service provider in its data center; this helps to keep costs down. This approach is being positioned by service providers as ‘identity-as-a-service’ where companies pay a per-user fee. In the future, Google and others will also be experimenting with biometrics and facial recognition as part of identity proofing and securing access to devices, but these are still some way off from enterprise reality.
- The use of a multi-tenanted authentication server provides an easy-to-use management and reporting interface and a flexible price model, compared to the majority of two-factor authentication providers which offer a traditional on-premises solution without multi-tenancy. These solutions can certainly be used in a cloud context, but they will be required to run either on the customer site, resulting in cost and complexity for the cloud service provider, or in the service provider’s data center, which can also result in cost issues because the solution will not be multi-tenanted.
Key technology market trends are driving customer demand for better identity management solutions, including mobile data usage growth coupled with BYOD (which increases the need for secure data access) and the shift to using applications in the cloud (for onboarding, scaling and maintaining control). In addition, there are business drivers at play, as organizations can react and move more quickly by giving employees and partners wider secure access to key applications and systems that improve collaboration, differentiation and time to market. Last but not least, a key imperative for many customers is regulatory compliance. Do they have the right controls and policies in place to meet audit criteria? While many operators and managed security providers are also looking at these issues, Verizon brings strong security credentials and vertical expertise with identity support for more than 125 million users globally, and it is especially strong in supporting identity programs for governments around the world as well as U.S. government agencies and healthcare. Verizon has also earned the Identity, Credential and Access Management (ICAM) Level 3 certification.
At their recent industry analyst day in London, Verizon said identity services were driving huge growth and a healthy pipeline of over $350 million for its Universal Identity Services (UIS) solutions. Verizon’s UIS solutions appeal to customers looking for cost-effective multi-factor authentication, easy enrollment and credential activation on both corporate and employee-owned devices. The authentication includes using something the user knows, something they have, or something they are, and the ‘as a service’ approach helps reduce both CapEx and operating costs. It also adds reasonable agility in being able to offer secure access to new suppliers and partners a lot more easily than in the past.