Bad messaging plagues identity and security industry
22 March, 2016
category: Corporate, Digital ID, Financial, Government
Overheard at a recent security conference:
“Are we sure this whole cloud thing is for real?”
When I heard this I chuckled. Of course it’s for real, the cloud enables companies to do things they would not normally be able to and take advantage of economies of scale. For a small business instead of having a dedicated computer under lock and key in a closet at the whim of consumer telecommunications technology they can outsource operations for applications, services and web sites, having them hosted from virtual machines around the globe securely and with plenty of redundancies. The cloud is not a passing fad.
It highlights a problem with the way technology companies – and those in identity and security in particular – communicate about their products. Sure, the gentleman who made the comment was older and likely the type to wait in line at the airport rather than download a boarding pass or app, but that doesn’t erase the fact that the industry does a poor job of explaining technologies.
I read a lot of press releases and article pitches every day. This is typical of what lands in my inbox: “Our ID management solution redefines the IAM landscape providing the industry’s first fully-automated approach to securing network resources via unique customer defined data sets.” What does this mean?
This is what I need: “Our solution helps enterprises onboard new employees and securely provision access to facilities and networks. Company X has deployed the system and it’s helped secure sensitive data, reduced the time it takes employees to access resources and consolidated multiple credentials to one.”
Press releases, white papers and other materials from vendors in the identity market need to focus on the problems that these technologies can solve. Stop writing about how technology is “first,” “fastest,” or “industry-leading” and tell me – and potential buyers — what it can do.
In the summer issue of Re:ID, the cover story looks at cloud-based physical access control systems. Physical access control might be one of the last industries to embrace the cloud, but as you will read this new generation of systems is ushering in some impressive advances.
In physical security, the challenge around introducing innovation has long been convincing the dealers and integrators. They wield the most influence when it comes to recommending systems, but far too often they stick with what they know — long-established, perhaps-aging technology. Educating them on the benefits of new systems and technologies can help them and their customers.
A similar messaging challenge can be found in our article on the migration to mobile driver licenses. It was one of the hottest topics of 2015, and vendors are pushing to get products ready as states try to figure out how to implement the new credentials.
Much of the early messaging around mobile driver licenses has focused on getting rid of wallets, claiming that’s “what young people want.” This may be true to some extent but alone it is not sufficient. States don’t care about thinning out the wallet or getting rid of it. Messaging needs to tell DMVs and government agencies how will it help solve their challenges. They also need to tell consumers why having a driver license app will help them?
Cybersecurity remains a huge problem, and depending on the stats, as high as two-thirds of all data breaches are caused by stolen or misused credentials. Identity companies are spending a lot of money to try and sell their systems to enterprises, but if you look at the state of cybersecurity it doesn’t seem to be going very well.
A big reason for this gap is that identity is a tough sell. When trying to get funding from the C-Level it’s easy to explain what a firewall does or how an intrusion detection system can help. But identity and access management systems are harder to explain and thus placed lower on the funding list.
This could change if identity companies communicated differently about their products. Too often the conversation revolves around technology and not the problems it can solve. Until vendors start talking about identity in terms of solving problems that enterprises face, it will continue to be a tough sell.
“Our solution can enroll a new employee into an identity and access management system by scanning their driver license or passport. With some clicks on a screen that employee can be provisioned access to necessary networks, apps and physical locations along with a strong authentication token of the enterprise’s choosing.” This helps a company understand what an identity and access management system can do.
Identity and security is an integral piece of the complex cybersecurity puzzle. Vendors need to start better communicating so organizations understand what the systems actually do and can get required funding to solve the problems.
