Out-Law News | 06 Aug 2014 | 9:52 am | 2 min. read
In a study sponsored by CA Technologies, the Ponemon Institute conducted a global survey of more than 3,000 IT and business users and decision makers to assess their attitudes towards the concept of 'bring your own identity' (BYOID).
To be distinguished from 'bring your own device' (BYOD), where staff use their own mobile devices for work purposes, the BYOID concept is that customers use existing "trusted digital or social networking identities" to access applications they operate.
"In today’s application economy, organisations need to securely deliver new apps to grow their business quickly," Ponemon's report said. "This can increase IT risks, which puts a premium on an organisation’s ability to simplify the user experience without sacrificing security. Using an existing digital or social identity issued by a trusted third party to access applications can help organisations meet the need for simplicity, security and a positive customer experience."
According to the survey, 67% of IT users believe BYOID can help businesses to strengthen user authentications for use of applications, whilst 54% of IT users said they think it can help reduce "impersonation risk". However, survey respondents said that "security enhancements" were required before BYOID would become more widely adopted.
"When asked which features would most likely increase BYOID adoption within their organisation, IT users’ top features are identity validation processes (73%) and multi-factor authentication (66%)," the Ponemon report said. "Business users say both identity validation processes and simplified user registration at 71% are the most popular features for increasing adoption."
"The study also indicates a high level of interest for some level of accreditation of the identity providers with 59% of IT saying it is essential or very important and another 21% saying it is important. Only 27% of business respondents say accreditation is essential or very important. However, an additional 48% believe it’s important," it said.
According to the report, privacy concerns are hampering the adoption of BYOID by business users. It also identified concern about relying on "a third party identity" for some types of online transactions.
"They might be perfectly satisfied with using social login to access a newspaper, but will not do the same to access their online banking account.", it said. "Organisations that accept third party identities also worry about instances where an identity is compromised and non-legitimate access is granted to applications or customer data. This adds to the complexity of how liability is handled in the event of a data breach or compromise."
However, Ponemon said that the majority of business users they surveyed said they believe BYOID can help companies deliver "a better customer experience" (79%), whilst 76% of business users are also of the view that adopting BYOID can improve the effectiveness of marketing campaigns.
"Business users see the value of BYOID in improving the consumer experience to increase customer loyalty and generating new revenue streams," Ponemon said. "This underscores the need for IT and business collaboration to address the challenge that today’s organisations face: how to secure the business while simultaneously empowering it."