Bring your own identity (BYOI): New models of digital identity
As digital business grows across all industries, and data privacy continues to pose a significant risk to enterprises, the growing need for security includes a reliance on trust in digital identities.
From a consumer point of view, digital identity remains fragmented, exacerbating the issue of identity credential overload. This approach will not scale as we move into the future, especially as our lives become more and more connected with “things” that require secure access and authentication.
New and innovative approaches to digital identity (“digital ID”), such as mobile identity and decentralized or blockchain-based methods, will disrupt business models and long-held approaches to identity and access management (IAM). By 2021, BYOI will be recognized as a common practice in 55 percent of consumer IAM programs, up from less than 30 percent today.
What is BYOI?
Bring your own identity (BYOI) is the concept of allowing users to select and use a digital ID, such as a social identity (such as Google, Facebook, and soon Apple) or a higher-assurance identity (such as a bank identity) to access multiple digital services.
These digital IDs are created by identity providers (IdPs) and are then enabled to allow third-party access and usage by service providers (SPs). BYOI is used for authentication and access to digital services, but can also be used for identity attribute sharing (sharing identity attributes such as name and address).
By 2023, Gartner predicts that BYOI will unlock the value in digital identities leading to a multibillion-dollar industry, up from a $50 million industry today.
Types of Digital IDs
To date, social identities have been the most commonly demonstrated type of digital ID with BYOI. The social identity form of digital ID stems from social networks (e.g., Facebook, WeChat and LinkedIn), some of which allow consumers to create accounts and log into applications across multiple platforms.
In addition to social identities, BYOI can include other identity providers such as governments, banks and mobile network operators. We need so many digital identities for a single entity because of how we manage trust. We use the term “level of trust” to describe the level of security as it relates to the creation of the digital identity and the strength of identity-proofing and authentication method(s) used.
Recommendations for IT Decision Makers
BYOI and digital identity networks offer IT leaders the potential to leverage outside identities to help reduce friction and to increase adoption, security and overall end-user satisfaction. In addition, other use cases can be enabled with identity attribute sharing, thus allowing new business opportunities.
A core aspect of BYOI is that IdPs have made a business decision to make a significant investment in their IAM approach and to retain the customer, and therefore have established themselves as custodians of digital identity.
We recommend the following items to determine the appropriate approach to BYOI and to understand how these models can enable trust across digital ecosystems:
- Focus on reducing friction by leveraging BYOI use cases such as account registration and login.
- Determine specific consumer readiness to take on BYOI, for your business.
- Embrace BYOI but ensure that the level of trust provided aligns with your risk tolerance.