The following article was originally written by Terry Gold in RE:ID Magazine for their Spring Issue (Hard Copy). It is meant to share Terry’s experience in pioneering the commercial IDaaS market as well as fundamentals and current-state of the market. A detailed research report will be released in June. Contact us directly if you have questions nor feel free to comment.
When it comes to identity credentials, historically the higher level of assurance, the more costly and complex it was to produce and manage. These higher costs, in turn, kept PKI-enabled smart cards out of reach for the masses. Only large organizations could attempt to scale, lower costs and resource a project that was demanding across various skill sets. But identity-as-a-service can enable smaller organizations without the resources the ability to use these advanced technologies.
When performed in line with best practices for trust and security, high-assurance identity programs demand a diverse set of skilled resources. While the token – or card – is what is most visible, it’s only the tip of the iceberg. Most of the complexity is in the back-end infrastructure required to securely issue and manage the larger system. This complexity is further compounded by the many touch points required to integrate, operate, support and form policies that enable it all to work cohesively.
Through the PIV program, the U.S. Federal Government has demonstrated that complexity can be reduced for organizations that require high assurance credentials. By building a model centered on delivering a set of capabilities as a service, the program has rolled out IDs to millions of individuals across agencies.
The reality is that complexity still exists but it’s now designated to those that can deal with the complexity, thus eliminating the burden for customers. Software as a Service (SaaS) models provide a turnkey solution, enabling customers to only be concerned about consuming the service, not managing it.
Think of it like riding a bus. If I were to hire a privately chartered bus to take me from Los Angeles to San Francisco on my own, it would cost thousands of dollars. However, if I buy a ticket for a commercially available bus that was already scheduled to make the same trip, the price becomes commoditized as the costs are shared across many customers.
The same can be said for the identity-as-a-service model. However, for this symbiotic relationship between provider and customer to mutually benefit, a group of customers must agree to the same set of service capabilities. The more customers that a provider can get to do so, the more they can monetize their existing service and likely lower costs, as they have more people sharing it.
When looking across various markets…
This article was recently made available in digital format at SecureID News. Click here to read the full article here HERE