Identity management veterans Diana Volere, Diane Joyce, Eve Maler and Susan Morrow introduce you to new entrants in the field.
Digital Identity – just the phrase leaves you thinking this must be important; after all, our identity is about who we are and what we do. Digital identity is a big technology space too. It encompasses a variety of sectors including verification-as-a-service, consumer identity and access management (CIAM), cloud (SaaS) identity, transaction authentication, and the newest entrant – self-sovereign identity. The financial value of the identity space is massive. Identity verification-as-a-service alone has been predicted by McKinsey to be worth $20 billion by 2022.
The workforce required to design, build and deliver the various identity services must be talented, forward-thinking and aware of human behavior. To achieve this, business technology teams need a diverse set of individuals across multiple disciplines.
Digital identity is being increasingly recognized as a key part of information security, as it builds a good foundation for web authentication, access control, identity verification, battling social engineering and more. And, like security, the identity industry needs good, diverse recruits.
We at Women in Identity, are working to promote and support women in the space. As well as looking to open up opportunities for women wanting to enter the world of digital identity in all of its forms.
Diane Joyce introduces Rosalie Dowding
Diane Joyce has been pivotal in the creation of the UK Digital Citizen Identity marketplace; sitting on the government/private sector partnership Identity Steering Group (IDSG), she has provided thought leadership, architecture design and innovation in the propagation of trusted online transactions in the digital age.
DJ – What do you do in the Industry?
RD – I am now the Product Manager for our GOV.UK Verify product. Effectively, this means I represent the voice of the customer and I am ultimately responsible for making sure that the product is successful in the eyes of its users – and our Post Office leaders! I’m really proud of the fact that we have seen usage grow over 160% YoY – despite the challenges we all know about.
I work closely with Government Digital Service (GDS) and our technology partners to review user feedback and continuously improve our Verify service. Every week I analyse data on our users’ experience and to look for ways we can make this better. I’m also responsible for promoting the product, helping people – inside and outside the Post Office, understand why a digital identity service such as Verify is so important for the way we are likely to live our lives in the future.
Each week is totally different. On Monday, for instance, I created a social media campaign to encourage Universal Credit claimants to set up a digital identity account that will help get them through the application process faster. Then on Tuesday through Thursday I was running user labs to test how well people might engage with a chatbot as part of a general account set-up process. Today I’ve been speaking to new starters at the Post Office to explain what digital identity is and what we are doing in this space. Oh and, in between times, keeping an eye on how the service is performing and making sure there are no issues lurking.
D J – Which areas do you think are the greatest challenges in digital identity?
RD – Although people are conscious of the risks associated with data – identity theft, data breaches etc. – I believe there’s a general lack of awareness of how these happen, and that it is even a real problem. We are all comfortable with proving our identity in person with a passport and/or driving licence (even to a complete stranger) so it is sometimes hard for people to understand how it could be an improvement to do it all digitally. And we like to have something tangible in our hands. We can associate a physical passport with identity; a digital identity, on the other hand, feels nebulous and techy.
The identity industry has spent too long talking amongst itself about things like standards and compliance, interoperability and technology. We need to get out there and talk directly to the users of our products and services to help them understand how digital identity can actually make life safer and simpler. We’re doing for identity what PayPal did for cash – but no one knows it yet!
Inclusion is a further problem. Most digital identity products are designed for people who are already comfortable in – and have access to – the world of e-commerce, social networking and online banking. But key services are becoming increasingly digitised and many people don’t exist easily in the new digital world. We have to find better ways for people to prove that they are who they say they are even without a digital or financial footprint. Local and central government can take the lead but ultimately banks, retailers and other commercial organisations need to be a major part of the solution.
Digital identity should be making the user’s day easier, but it’s not there yet. We have to prove our ID repeatedly, carry around myriad passes and ID cards, not to mention remembering all our various logins and passwords. There is no consistency and each organisation does it their own way. Gov.UK was a starting point for achieving a more uniform way of proving ID to access multiple services – but it needs to work beyond government.
DJ – Where do you think identity will be in 5 years?
RD – GDPR is already creating a cultural shift in the way we think about data control. The public is increasingly mindful of the fact that our personal data belongs to us – the individual customer – not the organisation that supplies us with even the most essential products or services. Collecting and storing someone’s data is now as risky as collecting and storing their hard earned cash. In order for it to become an asset rather than a liability, we really need to focus on how digital identity can help support this new environment.
My prognosis for 2024 is:
- The user will own (and understand) their own identity and decide how/when it is used. They will not have to prove themselves repeatedly and will be in full control as assertions will be passed between different organisations without any data being transferred and always with the user’s consent
- Shopping, travel, accessing government and financial services will require little effort as we are all instantly recognised when we interact with people and organisations
- Smartphones won’t exist; we will use wearables and biometrics to consent to, and interact with, services
- The ‘No Touch’ Amazon shop will be the norm, as our digital identities flow seamlessly between the online and offline worlds
DJ – So what will your day as a digital identity user look like in five years?
RD – As a digital identity user, my holiday travelling for instance, just got a whole lot easier:
- I’ll walk through the Underground station and board my train – no barriers to negotiate, no device to scan. I’ll be verified through facial recognition stored in my digital identity wallet
- On arrival at Heathrow, I’ll pass straight through the airport without any interruption – my luggage was auto-scanned and linked to my digital ID; my digital ID includes government level assurance that I am entitled to travel. And my new Apple wearable alerted me to my gate number and boarding time.
- And on-board I’m automatically served a Gin & Tonic and my favourite meal!
- I check into my hotel with facial recognition and unlock my room with a code sent to my new wearable. And then it’s straight to the pool!
DJ – Why do you think the identity space is a good place for women to work in?
RD – It’s a really interesting place for women at the moment because – I believe – we are changing people’s lives for the better. In my experience, women tend to think of think of things more inclusively and with a real sense of a higher purpose. When you’re implementing huge change in society as this is, we do need to balance the technical possibilities of digital identity with its human implications.
It’s also an important place for women to have an active voice due to the almost critical need to have a diverse range of people working on designing and building the digital identity ecosystem. New technology has already shown itself to susceptible to bias against women/ethnic minorities and all this does is lead to further exclusion. Think of the impact of the failure of facial recognition algorithms and machine learning simply because the systems haven’t learned form a truly diverse range of people. And yet biometrics are fundamental to the new digital authentication techniques we are developing.
DJ – How would you explain Digital Identity to a child?
RD – It’s the way you know who you are talking to when you can’t see them face to face. In the playground, you’ll wave at someone you now – and they’ll recognise you – without having to start over and reintroduce yourself. On the Internet you need to do something slightly different because you cannot see them. We create a picture of you based on lots of different pieces of information and put it into a wallet that you control. This is called your digital identity, it’s like waving online and being instantly recognised.
DJ – If you could steal credit for any great piece of art, film or book, which one would you claim?
RD – The Field of Light by Bruce Monroe, because it’s just magical. It’s cool that it moves around the world – from Wiltshire to Ayers Rock!
DJ – If you were CEO of an organisation, what one thing would you make compulsory and what one thing would you ban?
RJ – Ban: Dress codes.
Compulsory: Socialising beyond your own team or organisation, invite other teams to afternoon tea, have cross company lunches and sports events… make it easier to share ideas (and have a good time!)
DJ – What animal would make the best prime minister if the animal kingdom was to take over the world?
RD – Warthogs – they are hilarious, and we need more fun in the world!
DJ – What film title describes your life?
RD – Life of Pi(e)
Diana Volere introduces Mary Writz
Diana Volere is a Principal Solution Architect for Saviynt, functioning as an evangelist in Identity Governance Administration. She’s been in identity, focused on delivery and technology sales since 2000. Diana has worked with technology leaders such as Novell, Oracle and ForgeRock, and has a passion for how we translate physical identities and culture to the digital landscape.
DV – What is your role and your company’s role in the identity industry?
MW – I am VP of product management for ForgeRock, an identity and access management platform. ForgeRock is a visionary in the identity space, helping shape future standards and contributing thought leadership in many areas. ForgeRock was one of the first to focus on privacy and consent, and to treat multiple identities (applications, devices, things) equally.
We are always pushing boundaries and incubating innovations for new use cases – for example using graph databases to facilitate highly performant, fine-grained authorization decisions based on multiple degrees of relationships; another example is embedding identity in service mesh architectures.
DV – What made you choose to move into the identity industry at this time?
MW – My background is cyber security – the bulk of my time working in breach detection/prevention. Historically breach detection looked at anomalous network, OS, or application activity but increasingly it examines anomalous user behavior. Innovation is happening around understanding and linking identities for breach detection. This is what initially made me excited about moving into the identity industry.
Further, I started to think about how identity impacts the consumer experience in a digital world – which is very relatable – because we all participate in the digital economy. I love customized and harmonized digital experiences. I care about those experiences making my life easier, I also care very much that they don’t impact my privacy.
Last, I love to be working in areas of innovation – and identity is on the forefront of digital innovation – identity technology has to innovate as quickly as the quickest all digital innovations happens. As we move to service meshes and serverless code, and as we embrace the Internet of Things, we need identity to be infused at all layers. So an extra fun bonus to me was to realize that by moving to the identity space, I get to sit at the forefront of all digital innovation.
In short, from every angle identity is an interesting space to be in.
DV – What did you do outside of this field which was most helpful to you in coming up to speed on identity?
MW – I admit I underestimated how deep the identity domain runs – I am a quick study and so I thought it wouldn’t take me too long to feel proficient. I read books and talked to a ton of smart people, but to be honest, I still have so much to learn. I am humbled but also pleased because I thrive on curiosity and learning, and to know I have a lifetime of learning ahead of me makes me smile. I’m not sure when I’ll feel “up to speed on identity” but each day I’m a little smarter than I was the day before.
DV – How do you keep up with technology and advancements? What do you do to keep apace?
MW – The nice thing about product management is that you sit in the hub of a huge wheel of innovators and thought leaders. I get to talk to CIOs, CISOs, and architects of the largest enterprises to understand their priorities and roadmaps. I get to collaborate and listen to analyst and industry leaders to understand what they are seeing. I work with some of the world’s best engineers and architects. This broad exposure gives me a nice composite view of what is happening in the digital world.
DV – As a recent addition to this space, how do you now explain identity management/governance/etc to someone who has no background in it?
MW – There is something profoundly human in what we do in the identity space and I often notice the profoundness as I try to explain it to those with no background. We are human, we want to connect with each other, and as the physical/terrestrial aspect is removed and we connect digitally, that feeling of personal connection and trust can be lost. We apply a digital identity so that we can connect and trust each other once again. And if we do it right, we make our lives easier and are delighted by the results.
DV – Is it harder or easier being a woman in the identity side of tech than others?
MW – Identity isn’t tremendously different than anything in tech or security. I regularly mentor college age women on the considerations when joining a male dominated field, but at the end of the day, I feel identity is an incredibly innovative space that offers a meaningful and interesting career. I recommend it! The trick in any tech field is to start early in your career building a meaningful network among peers who are different than you. That network is the key to having compelling job opportunities in the future.
DV – What current technology advancements do you think will have the greatest impact on identity?
MW – Sharing and Things. As we connect more Things and share more of our lives (such as banking information and health records), businesses will have more ability to provide us with meaningful value. But that won’t happen if we don’t trust the security and privacy. Sharing and Things will (hopefully) drive increased security, privacy and consent.
DV – How do you balance that tension between aggregating consumer data and protecting consumer privacy?
MW – You wouldn’t divulge all your health and financial information to someone you just met. Digital relationships are the same. People build trust over time and want to have control over what you share, when you share, and how you share information. When a service provider shows they are a good steward of customer data, customers feel comfortable giving more access over time. You build trust through transparency, consent, and treating your relationship as long-term.
DV – What do you see being the big advancements in identity over the next 5 years?
MW – Wherever you see interesting digital innovations you see identity enhancements; the sharing economy, internet of things, and service mesh architectures are just a few of those places.
Eve Maler introduces Shilpa Maher
Eve Maler is an 18-year veteran of the identity industry, having worked with companies like Forrester Research, PayPal, and Sun Microsystems and driven the development of standards such as SAML and User-Managed Access (UMA). These days she’s VP of Innovation & Emerging Technology at ForgeRock, tasked with driving privacy and consent innovation in its Office of the CTO.
EM – What do you do in the identity industry?
SM – I’m the Head of Delivery for Digital Identity at HSBC and have been in this role since the beginning of 2018. My role entails defining the strategy: talking to stakeholders and business sponsors around use cases to solve business problems, educating people about what we’re trying to do, building consensus, and building delivery plans and roadmaps after I’ve figured out how we’re going to achieve what I think we need to achieve in 2019-2021. I talk to vendors and consultants on a regular basis to be sure I’m on the right track. Then I secure funding, get resources, and make things happen!
I got into this role by being in the right place at the right time. I came back from my Christmas vacation to find that the guy heading up identity had handed in his resignation. I was asked if I’d like
to take over. I spent a couple of weeks with him and he brought me up to speed.
EM – How does your professional background connect with identity?
SM – I have a master’s in economics and an MBA from Henley Business School. What I’m about is bringing order to chaos. I like having big problems to solve and then solving them. In a way, this is exactly my cup of tea. Identity is a massive problem to solve, and I like breaking that problem into its component parts and figuring out how to solve it, which is the state of identity industry at the moment.
EM – What are the components of that big identity problem?
SM – As people’s digital footprint grows, identity fraud increases. Consumers are more aware of their data privacy, and there’s greater regulatory pressure coming from GDPR, Open Banking, AML, and so on. Customer experience and frictionless authentication are the goals, but proving who I am over and over again is a painful experience and doesn’t feel right in today’s digital economy. The fundamental thing is, how do you build trust? We collect lots of customer data all the time, but we don’t remember how we collated it. So it’s all about establishing trust in the event of collecting the data.
The components I see are: awareness of regulatory boundaries, trusting the data itself, enabling customers to trust, and accommodating multiple models being deployed across the globe. There’s no universal ID solution at the moment. And there are a number of bodies looking at industry standards, and interoperability of standards, which is key. Our view is that identity, especially in cyberspace, is basically lots and lots of data about the individual, and it’s about linking it all together with a level of veracity. It’s how you do that which is going to crack the code.
EM – What strategies have you used for learning and keeping up with new concepts and technologies in the space?
SM – Because I was so new and we were trying to get our current project off the ground, we were meeting with a lot of people right at the beginning. I immediately got involved in the CEF project, and was meeting with the UK Cabinet Office and lots of vendors. I was thrown into the deep end! In the beginning, I really did think, “What have I done? This is really complicated. I’m never going to understand it.” But now I’m feeling that quite a lot of people are in the same boat and this is not a solved problem. It’s a really big debate, and there are lots of concurrent activities and people working on it.
My industry knowledge to date has come from meeting all these people. I’ve attended very few conferences on this. I tend to read a lot of newsletters and I network a lot. Women in Identity is a key one for me. I would love a mentor but I don’t have one today; it’s really important for new people like myself to have a mentor to help and guide them. It took nine months to get familiar and comfortable to the point of talking about the subject and making things happen.
EM Where do you think identity will be in five years?
SM – If we can crack getting this attribute linking model off the ground, I think we will have made great strides! If we can start recording the events that led to that linkage in attributes and the relevant status of assurance and start sharing these ‘event records’ with other partners, it would be a huge step forward for everyone, especially the consumer.
Susan Morrow introduces Tina Keshiro
Susan Morrow worked in cybersecurity for over a decade before plunging head first into identity management for consumers and citizens. She works for Avoco Secure on cutting edge API tools that use data to do jobs for consumers. Her focus is on building relationships using data.
SM – What do you do in the identity industry?
TK – I am a Principal Product owner for an Identity Verification service provider. I work for a well-known logistics and parcels organisation.
SM – Which areas do you think are the greatest challenges in digital identity?
TK – I think the biggest challenges in digital identity is getting ordinary people comfortable with the idea of trusting digital identity services and solutions. In particular, the older generation who may find it harder to adjust to more and more services moving online and in order to access these services, they may be required to perform some sort of online ID verification.
SM – Where do you think identity will be in 5 years?
TK – I think identity will be the key for all future everyday activities. From day to day life activities like shopping, banking, doctor or hospital appointments, to leisure activities like going to the gym, visiting the theatre, or going out to dinner! Most of these activities are already accessible via our Smart devices and it will only get sleeker and quicker in time, coupled with the speed in new technology.
SM – Why do you think the identity space is a good place for women to work in?
TK – As mentioned previously to redress the balance between male and female in this industry. But more importantly, there are many talented and highly skilled women in other industries such as engineering, medical and legal and I believe these skills are transferable to add a creative and theoretical input into the thinking, designing and development of Identity solutions.
SM – What is your background?
TK – My first degree was in marketing and I entered industry as marketing manager. I am of the right age to have experienced the movement in marketing around social media which was exciting. Before this I was part of the transition from traditional marketing to http://www. Online became the main thrust of marketing, with everything being built around it. It was very interesting to see the transition from traditional marketing to online and social and this knowledge has stood me in good standing for subsequent roles and ultimately in my current role in the identity industry.
Just before entering the identity industry, I worked in a relationship management / channel manager role. I was in this role for 5 years. The job was important and challenging as it generated revenue of around £1.3 billion GBP. In this job I managed the partnership of two very large UK brands. The role covered a multitude of tasks including operational functions, training, relationship management, over-counter consumer relations, and managing commissions and budgets. Again, this role informed my future activities in identity as I witnessed why it was more convenient to buy and do transactions online.
This role led into the world of digital identity. I had become very aware of the lack of control of identity and personal data during online transactions. These data attributes are like currency in a wallet and need to be under our control.
Coming out of a consumer centric discipline like marketing and then into relationship management, gave me an insight into the importance and challenges of usability in a wide demographic use of identity. I was able to apply this knowledge to understanding the need to make identity available to a wider audience. As I began my work in the field of digital identity this aspect became even more apparent to me.
SM – How did you find the transition to Identity?
TK – The move into the identity industry was organic for me. The large brand business I was working for was looking for innovative ways to use their brand to transition into identity . Because it was a large, well-known, and therefore trusted brand, they used this as the basis for a new service built on identity. I was part of a team doing user research on what the market wanted; I was also involved in the user testing and user interface development. My move into the identity space was part of that. I became deeply knowledgeable about exactly what consumers want in terms of digital identity. Because of my research, I was able to get into the mindset of consumers and quickly identified their needs, conveying this to designers and developers – this has been instrumental in defining my role in the industry.
SM – What areas in the industry need to be improved?
TK – Identity inclusion is key to identity accessibility – digital identity needs to work for everyone. Bias is an issue in many aspects of the technology, especially as AI becomes more important – bias must be acknowledged to ensure it is not built in by default. The perfect example of this is the AI soap dispenser that only dispenses to white hands as it hasn’t been trained using hands of colour. Digital identity is too important to not be inclusive.
Another issue is the relationship building capability of Consumer IAM solutions. Any digital identity service needs to be able to offer two-way communication that is in real time. This helps to build relationships and trust indigital identity and the service that uses it.
Tina intends to become a thought leader on the human element of the identity industry – using her deep knowledge on how we want and need to consume identity and services.