Interview news

Forrester’s view on digital identity

single image

Laura Koetzle is a Group Research Director at Forrester Research; she leads Forrester’s research organization in Europe. She will make her appearance at the IDnext event. And we asked her some question about current developments.

Zero trust takes the approach that no users are devices are to be trusted. It seems to be driving the agenda of the executive board? What’s your prediction on this?

In the interest of full disclosure, I was one of the members of the research team at Forrester that first proposed the Zero Trust approach in late 2009. I’ve thus been a proponent of Zero Trust as an approach for more than a decade, and its three fundamental principles remain sound. Those are: 1) Treat all entities as untrusted by default; 2) Enforce least privilege access; and 3) Implement comprehensive security monitoring. Those fun principles haven’t changed much since 2009, but the tools and techniques for implementing them have evolved considerably. It’s worth reiterating that Zero Trust is an architectural approach, not something you can purchase in a (software) box. And precisely because Zero Trust is an architectural approach, it’ll remain relevant for years to come.

Talking about predictions. Forrester 2022 predictions stated this is a year to be bold. The old ways of working no longer work. The future is up for grabs. Leading companies will use the crucibles of 2020 and 2021 to forge a path to an agile, creative, and resilient tomorrow. We are half way through 2022, can we draw any conclusions yet?

Sometimes, I’m tempted to throw my crystal ball away altogether, because the past 2,5 years have been a series of unanticipated external shocks (yes, epidemiologists have warned for years about a pandemic being a near certainty, but no-one knew exactly when it would happen).  And all of us who don’t work in national security intelligence agencies were certainly not expecting Russia’s invasion of Ukraine and the subsequent precipitous rises in energy and food prices and in inflation.  These continuing shocks and the adverse economic consequences thereof will mean that the companies that invested in transformation during the pandemic will have an even larger edge over those that didn’t make those investments.  Thus, if you find that your company didn’t spend the pandemic retiring technical debt and building greater capacity to adapt to exogenous shocks, you now have a second crisis during which to do it (given the downward-revisions in European GDP growth estimates for 2022 and 2023, investors won’t be expecting brilliant results anyway, so now’s the time to invest as much in transformation as you can).

Several aspects of self-sovereign identity are included within the eIDAS (key enabler for secure cross-border transactions) regulation. The (big) vendors anticipates fierce on this movement. Still, there are some hurdles to take. What’s your view on this? And do you think this all will work together?

Forrester’s view on digital identity (and here we’re addressing government-to-citizen and business-to-customer only) both in general and in Europe specifically is that several barriers to broader adoption remain, including: 1) lack of interest; 2) low trust in government entities and concerns about the rise of the surveillance state; 3) concerns about data privacy violations and abuse or misuse of data; 4) usability issues; 5) ecosystem fragmentation (and here eIDAS does address key issues around software capabilities and interoperability, but that’s just for the EU); 6) disagreement about whether identities should be centralized or decentralized; and 7) policy reversals when a new political administration takes over. I don’t know if it will all ever work together at a global level, but efforts like eIDAS and adherence to open standards and protocols will certainly make it work better over time.

What will be your main message in your keynote session at the IDnext event?

I’m going to be giving a rather practical talk on attracting and retaining talent by delivering on your employees’ privacy expectations. I’ll show how to use the employee privacy segmentation that my colleagues have built to understand what your employees expect and to develop practices that will promote trust and engagement with specific segments of employees.

Leave a Comment

Your email address will not be published.

You may like