Security Strategies

Identity Crisis Creates Comms Opportunities

Identity and authentication online are a huge mess, and communications providers can find big opportunities cleaning it up.

The problem starts on the level of individuals, who are overwhelmed by the need to juggle access to bank accounts, employer logins, access to government services, as well as dozens of games and magazine logins that add to the noise.

Businesses and government, meanwhile, need to manage access for all their users, and face regulatory liability, legal exposure and public embarrassment when they get it wrong.

Solving these problems is a significant opportunity for comms providers, said representatives of the GSM Association (GSMA) -- which represents about 800 operators, as well as 25 handset and device makers, software, companies, equipment providers and more -- and Qatari service provider Ooredoo , speaking at the TC3 Summit in Mountain View, Calif. last week.

"The average person is in password hell," GSMA CTO Alex Sinclair said. Average users have passwords for 60 online accounts, and they're overwhelmed by managing and changing those passwords on a regular basis. They're worried about identity theft and also worried about companies misusing information that identifies them.

Comms providers have a business opportunity here, rolling out authentication and identification services that make it easy for users to log in to the services they need, and then providing those authentication services to businesses and government, Sinclair said.

In other words, a customer logging into a bank wouldn't authenticate directly with the bank. Instead, a comms provider authenticates the user, then hands off the transaction to the bank. The user wins because logins become simpler to manage. The bank wins because it gets to outsource authentication and make it the comms provider's headache. And the comms provider wins by providing a service for a fee.

Oooredoo sees identification services as a potential means of building relationships with its 114 million customers in 16 countries in the Middle East, North Africa (MENA) and Southeast Asia, including Qatar, Kuwait, Indonesia and Myanmar. Many of these users use their mobile devices as the first means of accessing the Internet, Colin Yeh, Ooredoo Group senior director, group innovations and partnerships, said.

Ooredoo's situation is unusual among service providers in that many of its customers are in emerging markets. They're new to getting online, and use mobile devices as their primary access, Yeh said. "Advanced markets are already on Facebook and Google a long time, but for many of our customers, mobile is their first instance of getting on the Internet," he said. These users don't have 60 accounts to access -- though Ooredoo believes they can get there -- but they are looking for a trusted partner to help them get online. More than 60% of Ooredoo's customers said in a survey that they'd be willing to trust mobile to provide that help.

Identification and authentication should be standardized across the comms industry, Yeh said. "The services we provide and apps we provide afterward should be the differentiation, not the identification they use to get access," he said.

Simplicity will be key to next-generation identification and authentication services, Sinclair said. "In order to make things work, you have to make it really simple." Where possible, identity services should use biometrics rather than requiring customers to remember information, and keep track of customer behavior patterns to identify them. "If I see you make the same transaction every week for the same amount, I don't need a deep level of security," he said.

Comms providers should act now to deploy identification and authentication services without waiting for a revenue opportunity to emerge, Sinclair said. "We tell people get it out there, get it to the user base," Sinclair said. "Don't wait and see how you can monetize it." Comms providers can get value from other means than direct revenue. For example, identity services increase touch points with customers, who otherwise interact with apps such as Facebook, WhatsApp and Instagram, rather than the comms company providing the network. And the comms provider can collect data on customers, which customers are willing to provide so long as the company collects and distributes the information responsibly and with customer permission.

Service providers face the need to develop new business models in the transition to the New IP. Identity and authentication could be one such business model.

Related posts:

— Mitch Wagner, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profileFollow me on Facebook, West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to [email protected]

Be the first to post a comment regarding this story.
Sign In