April 27
Andi Hindle | Cloud Identity Summit

CIS Tweet Jam Highlights

Last week, we hosted the annual #cloudidsummit Tweet Jam. Identity experts were tweeting about this year’s theme of ‘Intelligent Identity’ as a preview to the conversations we expect at CIS in June. The best news of all is a special promotion that was announced during the Tweet Jam that you can use even if you couldn’t participate. And to top it off, the code has been extended for one more week!

In case you missed the Tweet Jam, we have compiled the tweets for you, and provided a few highlights for each of the questions that were asked. Feel free to jump in and add your own thoughts on Twitter, too. Just make sure to use: #cloudidsummit.

Q1: Blockchain promises to be the single biggest ___________ of modern era.

Blockchain (and distributed ledger technology generally) has had a lot of identity press in the last 12 months, much of it less than positive! Now that some of the hype has died down, we wondered whether there are actually any real identity problems that are solved better (or, at all!) with distributed ledgers. The jury’s still out… the debate will continue!

  • Jon Lehtinen: A1 – Blockchain is the biggest rorschach test of the modern era. You can see anything in it, and it tells all about you #cloudidsummit RT
  • Eve Maler: A1 #cloudidsummit #blockchain promises to be the biggest shoebox of the modern era. #receipts RT

Q2: Describe the worst IoT idea and argue why. Pictures welcome!

The participants weren’t short of ideas and input for this one. Big surprise. Your homework, then, is to help answer the question: what can we do as an industry to make this better?

  • Avik Kumar: One which creates more vulnerability than convenience. Or one which hacks my device to churn bitcoins for itself! #cloudidsummit #iot RT

  • Steve Wilson: A2. #CloudIdSummit Describe the worst #IoT idea – Internet connected toys. Barbie Dolls with Privacy Policies. #NLP #HelloBarbie RT

  • Paul Madsen: A2: any device for which the value of connecting doesn’t warrant the risk of doing so #cloudidsummit RT

Q3: How do companies need to prepare for new regulations such as PSD2, GDPR and Open Banking?

“Now is the perfect time to…PANIC!” Apparently not, though. Good news here: a modern identity infrastructure provides a solid foundation to help deal with the challenges (and grasp the opportunities) created by evolving regulatory frameworks. And the emphasis on privacy was welcomed by many.

  • Eve Maler: A3 #cloudidsummit Orgs shd prepare for regs by seeing personal data as a joint asset & removing IT friction from asking for consent #trust RT

  • Steve Wilson: A3. #cloudidsummit American co.s best prepare for #GDPR by embracing data #privacy properly and sincerely. You know your customers want it! RT

  • Lance Peterman: A3. Lawyers, lots of lawyers. #cloudidsummit RT

Q4: What digital identity trend are you most excited about right now?

One of the harder questions we posed during the Tweet Jam, simply because there a lots of things to get excited about at the moment! The increasing number of open standards, activities around improving security and convenience for customer-facing implementations, and the slow but steady advent of intelligence-based identity systems garnered most of the attention. But plenty of other topics came up, too.

  • Pam Dingle: Financial-grade API security is by far the most fascinating trend going on right now. Pushing the envelope (A4 #cloudidsummit) RT

  • Lance Peterman: A4. Risk-based, context-centered authentication as an alternative/supplement to username/password patterns. #cloudidsummit RT

  • Nishant Kaushik: A4. The trend towards marrying #security and #usability, instead of viewing them as in conflict. Identity-based security FTW! #CloudIdSummit RT

  • Jon Lehtinen: A4- OAuth profiles offering more IAM capability to replace proprietary products in the enterprise. #cloudidsummit RT

Q5: What’s the most interesting identity angle to the AI story? How are authentication expectations evolving?

Most participants were positive about the ways that AI could potentially improve our approach to a range of identity problems, including authentication, authorization and fraud/risk analysis. Some also pointed out that we need to exercise caution here, and that standards and regulations may need to evolve in parallel.

  • Nishant Kaushik: A5. Algorithmic Accountability. Identity becoming more central, so potential to disenfranchise & hurt is huge #DigitalDivide #CloudIDSummit RT

  • John Bradley: A5: The problem is really pulling all of the signals together. AI might help some, but first we need to share session info. #cloudidsummit RT

  • Bertrand Carlier: A5. minority report style precognition of user fraud #cloudidsummit RT

Q6: Will my self-driving car need its own identity? Why?

Surprisingly, no one got into the question of liability on this one! But there was lots of commentary about the way the autonomous vehicles will need to interact with other systems (traffic management, police, licensing authorities, other vehicles, home automation…) and that this will likely drive (no pun intended!) a need for an in-vehicle identity stack.

  • Bill Evans: A6: No, *your* car will not. But truly autonomous cars (i.e., self-driving ubers) will. As will “active” IoT devices. #cloudidsummit RT

  • Bertrand Carlier: A6. yes of course. Who would receive and pay fines if not? #cloudidsummit RT

  • John Bradley: A6: Depends on what you mean by identity, Yes it will be a OAuth client and have attributes and a credential. #cloudidsumit RT

Q7: What do enterprises need to do to balance privacy and security?

There was clear consensus that these two things are not contradictory–they go hand-in-glove. And by and large, we have the right tools and technologies in place to do what’s needed. There’s more work to do and regulation may be needed to help speed adoption, but the sense is generally that there’s good progress in the right direction here.

  • Paul Madsen: A7 – #cloudidsummit (Venn Diagram on Surprise User and Surpsrised Data Custodian) RT

  • Dasha Cherepennikova: A7: data minimization, tokenization, segregation (and much more!) #cloudidsummit RT

  • Jeff Lombardo: A7 #cloudidsummit MFA (and not 2FA) then transparent control (in the back end) and communicate to the user about real-time risk evaluation RT

  • Ishan Kumar: A7 #cloudidsummit they have to do both. It’s not a balancing act. I would ask how do they balance privacy and data monetization? RT

Q8: What’s the biggest way to get consumers to protect their digital identity?

Ah, the elephant in the room! Should we expect consumers to do this? Or should we be ensuring that we mandate and build systems that do this from the outset? A little bit of both is, perhaps, the answer.

  • Justin Richer: A8 #CloudIdSummit Make it so that they don’t have to do anything to protect it, or that what they have for identity doesn’t need protection. RT

  • Steve Wilson: A8: I have a problem with how that Q is framed. Take care not to make consumers solely responsible for their digital safety. #cloudidsummit RT

Thanks again to our moderator Elinor Mills at the Bateman Group and to all the participants that jumped in on the conversation last week, we look forward to hearing more from you all at the Cloud Identity Summit, June 19-22.

By Andi Hindle, Content Chair, Cloud Identity Summit

View More Posts

Identiverse brings us to the future!

— Nat Sakimura