Yesterday’s National Strategy for Trusted Identities in Cyberspace event was a bit of a blur. Really good conversations. Lots of new ideas swimming through my head. Here are some of the highlights:
New faces from outside the echo chamber
First and foremost, there were a lot of new faces and new companies at the NSTIC event. The NSTIC team did an admirable job of getting companies to the table that hadn’t been there before. There were retailers, energy companies, and banks in the room who had never engaged with the identity community before. This is a huge step forward. As I wrote about last week, participation, specifically relying party participation, is critical to the success of NSTIC. As Senator Mikulski said, “The key to a voluntary system is actually having volunteers.” If the event was indication, there is a new wave of volunteers, willing to participate in NSTIC.
Business of Identity
The bulk of our conversations yesterday were regarding the business impact of better identity practices. Companies pointed to existing inefficiencies that they can remove from their business simply by starting to accept federated credentials. These sorts of scenarios weren’t particularly complex, which is why they have good chance to succeed. They are simple scenarios with real business impact – exactly the kind of thing identity teams need in order to demonstrate value.
What was even better was that these simple scenarios were the stepping-stone to more complex, new business opportunities. Remove inefficiencies, then unlock new business, repeat. We’ll be talking more about these opportunities in future blog posts and in our research.
Identity Market Opportunities Abound
I noted that there is a huge gap between trust frameworks and the application of identity technology. If I was a medium-sized business, I would have no idea how one related to the other. I would have no idea how different identity services inter-relate and how to best deploy them.
What is needed are identity service brokers. An IdSB would take your service-level, level of assurance and confidence, and privacy requirements, then match them to an existing trust framework and select and deliver identity services, likely from different providers that meets your requirements. IdSBs do not exist, but they need to.
An attendee asked “what are the attributes of carrier-grade identity providers?” That’s a puzzler. Just having a really big set of identities doesn’t make you a carrier-grade IDP. But what does? A fellow panelist suggested that attack resilience is a key attribute. Resilience is part of the story but not the whole. I’m not entirely sure we, the market, knows what a carrier-grade identity service looks like… I’m not sure they exist yet. We have lots of product, an emerging array of services, but we don’t have an identity dial-tone for the Internet. It will be interesting to see which business emerge as the telcos of identity.
Catching-up and going forward
This was just a little sample of the conversations we had. I’ve captured the Twitter stream, which you can check out for a little more detail. So what next? NSTIC’s momentum is definitely picking up. If you want to get engaged, come to our Catalyst conference. Jeremy Grant, director of the NSTIC program, will be giving an update. But more importantly, we are hosting a workshop for NSTIC at which you can sit down with the NSTIC team to talk about what the strategy means to your business and industry, and learn how to participate.