In an interview with Rob Bamforth, Industry Analyst and Marketing Consultant at Timefort Limited, following a OneLogin’s ‘Identity IS the new perimeter’ roundtable in London in late 2018, we find out his thoughts on digital transformation and where he sees it heading in the future
On Tuesday 16th October 2018, Open Access Government attended OneLogin’s ‘Identity IS the new perimeter’ roundtable in London, which included insights into digital transformation and how it is manifesting itself in businesses. The participants include Rob Bamforth, Analyst, at Quocirca, Thomas Pedersen, CTO and Co-Founder, OneLogin, Stuart Sharp, Global Director of Solution Engineering, OneLogin and James Thompson, IT Manager at Catawiki.
One aspect of the OneLogin roundtable discussion explained by Rob Bamforth is that as organisations move through what is often called digital transformation, how do they need to keep control of access and identity and how is that all changing? He argues that digital transformation is no longer solely a technical or IT challenge for organisations, but it is also a business challenge.
Immediately following the insightful OneLogin roundtable discussion, which covered much ground, Open Access Government was fortunate to speak with Industry Analyst and Marketing Consultant at Timefort Limited, Rob Bamforth to find out in more detail his views on digital transformation and where he sees it heading in the future. Firstly, the extent to which organisations across all industries are undergoing digital transformation and cloud migration was a point Rob underlines.
The shift to digital transformation
To set the wheel in motion, Rob explains how many organisations today are shifting in various ways. He emphasises that digital transformation is a very broad term and can mean different things to individuals. Rob adds that one thing it does mean is the streamlining of processes that impinge upon all stakeholders, a point he elaborates to us.
“In many organisations, the internal digital transformation is affecting the relationship employees have with their employers. Much of this involves self-service type approaches, more automation and portals where you can access and do things yourself, rather than relying on other resources that most organisations have now got rid of.”
“Increasingly, it’s the external relationships which are of more interest, because not all organisations today deal directly with consumers, but those that do are definitely transforming that relationship. You can hark back to whether it is retail or retail banking, and you can see physically the change from branches and talking to tellers inside the branch, to talking with the ATM to going online and accessing an app on your phone.”
“The escalation route that is now available to you from an app or via a website is increasingly digital, so this is a part of the transformation that organisations have had to go through.”
So, the picture Rob paints of digital transformation is clearly one of full automation, for some organisations, this means having remote workers on a video link using chatbots. There has been a massive shift in terms of how customers are dealt with, and in the middle, of course, there are the interested parties in the supply chain. Rob says that they can access the IT directly, which fundamentally shifts a whole load of processes along.
Authentication: The barrier between the end user and the application
The conversation then progresses to detail Rob’s opinions on the only barrier between the end user and the application – and indeed the success of digital transformation – the identity of the user. Rob explains that when an interaction becomes valuable, such as the opening and closing of an account, or a financial decision, there is something much more serious going on. The relationship has gone up a notch, Rob underlines, adding that in this case, you need to know whom you are dealing with. In terms of web traffic, there has been an increasing shift to the use of ‘https’ for a secured website, so you can authenticate who you think you are dealing with.
On the subject of authentication, we know that the British Red Cross is a great example of a company who have implemented software as a safer Identity provider (IdP) to single sign-on. In this instance, we know that it was crucial that the technology used is not only reliable but scalable and agile. Ensuring secure access for many employers, often working remotely, requires modern technology solutions such as Office 365 and a single sign-on (SSO), whenever and wherever required. This does, however, work for many other organisations alike, not only the British Red Cross.
Added to this, British Red Cross needed more than SSO because they work with organisations such as the NHS, which means that Level 2 compliance and two-factor authentication is the best route to fulfilling stringent access criteria. The software the organisation used was implemented as a safer Identity Provider (IdP) to single sign-on and then provided the two-factor authentication for their internet-facing, key business applications.
From OneLogin’s perspective, they felt the implementation went very well in the view of Phil Paul, Head of Service Delivery at the British Red Cross. The planning took a few weeks, but they transitioned the software used in just one evening. “Ensuring implementation happened seamlessly was of the utmost importance to us and we didn’t experience any disruption to our Office 365 service, so it was a very successful transition”, Phil notes.
Identity, credential management and ease of use
The interview with Rob Bamforth, Industry Analyst and Marketing Consultant at Timefort Limited continues as he explains his thoughts on identity, credential management and ease of use when everything is put together on one platform.
“The identity of the individual performing the action is becoming crucial, but if we go back pre-digital transformation, people were verified in many different ways. As soon as you remove the physical connection, however, you need other forms of credentials. The more you push contact through this single bottleneck point, the more that credential model becomes important.”
“Over the past decade, everybody was trying to do this and began introducing their own form of credential management, logins, passwords and everything else. Even if those approaches are simple, what you end up with is a proliferation of many of these which are horrendously complicated when used en masse.”
“During the ‘Identity IS the new perimeter’ roundtable, we discussed the iPhone. Indeed, we know that Apple has not just focused on the ease of use but the aggregate use, that is when you put everything on to one platform and make them all easy to use together.”
Rob adds that in this vein, the user is always the weakest link who will take the easiest approach when that is available. We then pick up on another aspect that was discussed during the ‘Identity IS the new perimeter’ roundtable: backing up your content to the Cloud. In terms of backing up, it’s worth considering why is this important for organisations in terms of business continuity?
Rob explains that in the past, not only did we think about doing backups, but we also thought about not backing things up in the same place in succession. He stresses that the backup process itself, in his opinion, is not that important, but the restore process is. When it comes to business continuity, Rob takes us back to a time when he was a software developer and had a massive (by the standards of the time) data repository to create which we were going to back up.
“In terms of the restore scenario of a network, we reckoned that it would take a year to do this. To my mind, levels of data storage have now gone up massively in comparison, but the problem remains. It’s not about the backing up, but how do you then use that in business continuity. What is important today is that you can resume service as soon as possible.”
“If the continuity is there in terms of something held non-locally – we’re all flexible about how we use IT – so not storing locally means that access point becomes ephemeral. If it breaks, we can immediately get going with another one, so we don’t lose continuity”
“One of the strong values of a Cloud-based model is that you have instant restoration of service because you are not having to move things around. I think that as soon as you outsource a responsibility for maintaining the data and a resilient form of bringing it back, you are paying them for that service and you are expecting them to give you a higher level of capability than you could ever do yourself, because there are colossal economies of scale at play.”
The increasingly complex technology environment
As an expert in the field, Rob then imparts his views on the increasingly complex technology environment for government or businesses, specifically around how they manage the growing volume of apps, security risk, and the expanding (and increasingly diverse) set of users, whether they are internal employees, external partners, or even customers.
When it comes to departmentalisation and the vertical integration of a solution around that, Rob says that in terms of the government departments they are very siloed. When you start to try and operate across departments, there are of course inevitable compromises, as well as potential risks.
“Over the past decade or so, there have been issues around government departments sharing their data between each other, and is there a risk here? While there is a need to balance these things, there has been a big shift over the last five years with Cloud-based resources in that this has allowed departments to start to think differently about what sort of services they require and not having to vertically integrate the whole lot.”
“You then end up with powerful horizontal platforms that are capable of delivering a service, so you can focus on what it is important. What happened with the Government Gateway is that you ended up with one for a set of requirements around HMRC which could be replicated in other areas of the government. As it wasn’t turned out into a horizontal service that was universal, it didn’t get adopted.”
“If you make it a common service, you reduce the overhead of having to build your own applications. You are essentially reusing and leveraging something that somebody already has put the effort into. It might not be 100% perfect, but if it does the job then it is a service you can use. This is a difficulty for any organisation that has become siloed, but there are services that are common and should be applied in a common way.”
Where digital transformation is heading
As this interview draws to a close, Rob reveals where he sees digital transformation heading in the future. He picks up on another theme from the roundtable discussion, that concerns the potential for collaboration between different security providers of the Cloud, with each of them offering different elements of security, encountering the threats coming in and the sharing of intelligence between them.
Rob predicts that we will see more of this in the future, so digital transformation will shift to much more horizontally-led platforms and capabilities, as he concludes in his own words.
“With that horizontal layering, you then get the opportunity for collaborating with other organisations, both on an internal and external level. This mirrors the conversation around security, which used to be seen as a physical perimeter around an organisation and now that is essentially virtualised. So, I think you can regard identity and access management as a virtual perimeter, and while we thought virtualisation was something that applied to servers, it actually applies everywhere.”