Every year, the Gartner Institute provides its vision of strategic technology trends for the upcoming year. The institute has recently predicted macro and strategic technology trends in 2021. In this paper, these trends are investigated with the digital identity approach. The traces of digital identity are increasingly seen in these trends for two reasons. The first is that with the expansion and complexity of cyberspace and the advancement of technology, the challenges of digital identity are also increasing, and the second, with the outbreak of the corona virus and the elimination of physical presence, digital identity is the golden key to business resilience and competitive advantage for organizations in cyberspace.
Due to the outbreak of the corona virus and its profound effects on the world, the Gartner Institute’s prediction of effective technology trends in 2021 has also been affected by this issue. This prediction emphasizes the need for more flexibility and agility on organizations’ part to manage future changes and unforeseen events. The introduced technologies have been proposed for use by the organization in this regard. In fact, the intelligent use of a set of these technologies is an opportunity for the organization to better cope with environmental and inevitable changes in businesses and industry. In this prediction, three separate and yet interdependent themes are identified:
- People Centricity: It notes that people are at the center of all business, and that in the use of new technologies they should be prioritized as the first case in the analysis.
- Location Independence: The corona virus has progressively eliminated the dependence on physical location, having practically developed the digital business ecosystem with a new meaning and concept.
- Resilient Delivery: Organizations should be able to maintain continuity in delivering their products and services in unstable and unpredictable conditions, through risk management and forward-looking predictions.
These three themes and their subdivisions are shown in the figure below:
These three categories of technology and its subdivisions are interrelated and reinforce each other. Paying attention to and applying them, along with each other, make organizations more agile and flexible in the face of environmental change. In fact, the innovative use of a combination of these technologies will give organizations a competitive advantage over the next five years.
Given the role of digital identity in cyberspace and the upheaval resulting from the corona virus, which has redoubled the importance of this issue, this article is aimed at briefly reviewing and analyzing these trends with a digital identity approach.
2. The First Theme: People Centricity
2.1. Internet of Behaviors
Internet of behaviors refers to a set of diverse data that can be produced and collected from various sources – under the title of digital dust – according to the behaviors and actions of people in cyberspace. Managing and making good use of this data is regarded as a serious challenge for businesses.
In cyberspace, attributes or identities have become very widespread. The digital footprint, referred to here as digital dust, is essentially the same as identity data based on the behavior of individuals in cyberspace. With the advent of new technologies, new data is created and more opportunities for organizations to take advantage of this data are opened up. Behavioral data is currently considered the basis of individuals’ authentication and identity management in cyberspace. Therefore, data-driven identity management is an important issue, where data equals identity data. Accordingly, identity data governance is considered as a strategic competitive advantage for businesses. This requires the use of multiple technologies to manage behavioral data, and this is an opportunity for software companies and technology developers to provide the right platform for this area. The major point is that technology must be at the service of identity data management; excessive focus and dependence on a particular technology undermines the opportunity to address such a wide range of data and stumbles organizations into the technology trap.
2.2. Total Experience Strategy
The total experience strategy results from combining or integrating the experiences of customers, employees, and users. The goal of this strategy is to connect these diverse experiences in order to provide a better experience for all of the business stakeholders.
In general, the management of these experiences is data-driven, because the customized and specific products and services can be provided to clients only by knowing their preferences and tastes. The more you know about the individual, the higher the odds of providing better experience. In fact, creating a better experience for a person depends on a much more effective management of his identity, and this can be achieved but by recognizing him and combining his digital footprint in different contexts and situations and their detailed analyses. This discussion raises the issue of identity-aware experience.
Businesses are moving from a customer experience to an ecosystem-driven customer experience. This means that ecosystem-driven customer experience is resulted from gathering and integrating the experiences of all ecosystem stakeholders. Each stakeholder can benefit from the experiences of other ecosystem stakeholders. This helps achieve experience excellence in the business ecosystem. Creating such a comprehensive stakeholder experience in the ecosystem requires the use of a comprehensive identity and access management ecosystem. If this is the case, the possibility of providing creative and innovative products and services will be realized more than before.
2.3. Privacy-enhancing computation
Privacy-enhancing computation uses three types of technology to protect data during use and analysis. The first technology creates a reliable environment that allows the analysis and processing of crucial data. The second technology provides data processing and analysis in a decentralized environment that includes federated machine learning or privacy-aware machine learning. The third technology disseminates data before processing or analysis through technologies such as homomorphic encryption on the network.
Given the technological developments and the capabilities of data collection and analysis, anonymity or the use of aliases in cyberspace may no longer make sense. New IT tools, connecting databases and analyzing big data, and performing complex computations in a short time have made it easy to identify people in cyberspace. For this reason, it is necessary to redefine privacy in cyberspace and use new regulations, mechanisms, and methods to maintain privacy. Of course, this may be basically at odds with the two issues mentioned in the previous section. It is because the more accurate and clear the user data is, the more likely it is to provide customized products and create a more enjoyable customer experience, which is fundamentally in contrast with privacy. Therefore, it is necessary to solve the threefold riddle of “customer experience”, “customer data management”, and “privacy” with novel approaches, solutions, and frameworks.
3.1. distributed cloud
The distributed cloud enables a cloud space to be used for multiple physical locations and developed based on business needs. A variety of methods, such as the Internet of Things (IoT) edge cloud or the 5G mobile edge cloud, can be exploited for distributed cloud.
Location independence, along with cloud-based activity, has become an inherent feature of cyberspace. The Internet of Things (or objects) has now become the Internet of Identities (IoI) due to the attribution of identity to objects. In the cloud space, human and non-human identities are combined, complicating the digital identity. It also exponentially increases the volume of identity and behavioral data produced and used in such an ecosystem. Creating an identity and access management system that, while managing the identity of entities, enables them to access resources and services at the right time, with a specific purpose and time, is one of the best solutions for managing the distributed cloud space.
3.2. Anywhere Operations
Anywhere operation means providing an IT model in the organization that can support customers anywhere, and is able to manage, through distributed infrastructure, not only customers, but also business development and staff. Such an infrastructure consists of five main components: collaboration and productivity, secure remote access, cloud and edge infrastructure, quantification of the digital experience, and automation to support remote operations.
Businesses today must accept to remotely identify and authenticate employees and customers. People like to use any electronic device to connect to the network (Bring Your Own Device [BYOD]). Therefore, each person uses a different and unique identity depending on the device they use (Bring Your Own Identity [BYOID]), and businesses must find themselves facing the multiplicity of identities in the upcoming digital identity ecosystem (customers, employees, contractors, competitors, business partners, and other ecosystem actors); they must provide entities with the ability to authenticate and provide appropriate access to services and resources based on the diverse levels of risk (Bring Your Own Risk [BYOR]). This is a huge challenge because multiple contexts and platforms must be utilized to enable the customer experience to be created in its most effective form. Therefore, the ubiquitous identity can be considered as a new issue that challenges cyberspace and businesses.
3.3 Cyber Security Mesh
Cybersecurity network means the use of distributed architecture approach to create security in cyberspace in a scalable, flexible, and reliable way. Currently, the outbreak of the corona virus has taken the issue of cyber security beyond the parameters of traditional cyber security; it has now taken on a new and broader meaning. In fact, the distribution of digital assets is the main reason for the formation of cybersecurity network. This network enables people to securely access digital assets regardless of where they are located.
Digital identity is the foundation of digital security. To put it another way, the new concepts of digital security are derived from the broader concepts of digital identity. Therefore, in order to create a cybersecurity network in the business environment, the identity governance in cyberspace must emphasized. On the other hand, the lack of location dependence and the creation of ecosystem-based business networks have transformed the architecture of identity and access management. As far as the digital identity management ecosystem is concerned, the architecture of this concept should also be viewed with an ecosystem approach. In the architecture of digital identity ecosystem, in fact, a number of features are considered that design and implement the capabilities, changes, and developments of digital identity as an ecosystem. These features are distinct from system architecture and organizational architecture and correspond to the characteristics of the ecosystem. Therefore, designing and implementing the architecture of digital identity ecosystem is the key to realizing identity governance. This architecture realizes the opportunity to create a cybersecurity network. Admittedly, for many businesses, digital identity was an opportunity in the past, a requirement at present, and key to survival in the future.
4. The Third Theme: Resilient delivery
4.1. Intelligent composable business
Many organizations have not been able to cope with events such as the corona virus and have been fragile due to traditional efficiency- and performance-enhancing strategies. In such a situation, business processes should be redefined based on such principles as the possibility of better access to information, creating a new point of view and approach to the production and distribution of information in business, modularity, separability, and empowering the organization to respond to unforeseen and rapid environmental changes.
Identity and access management and business model must be intelligently linked. There are two issues in this regard:
First, the extent to which the organization utilizes the concepts of identity and access management (IAM) by design is important from the very beginning of business model development. This shows how ready, or in other words, how intelligent, an organization is in using the capabilities and capacities of identity and access management. To this end, a logical separation in business must be done with the digital identity approach and it must be determined to which entities, stakeholders, and business processes the concepts of digital identity are related and how they affect each sector. In fact, digital identity in business must be intelligently considered with two approaches of holistic-based (business ecosystem) and component-based or modular (based on business processes) simultaneously. If this condition is satisfied, it is possible to develop business activities with proper planning, and at the same time, to prevent the loss of customers or the cessation of business activities in times of crisis. This concept can be explained as the identity-driven business process reengineering with a digital identity approach.
Second, the identity and access management system must be able to respond to the changing, diverse, and new needs of the business in a flexible and agile manner. Digital identity agility in the organization can be achieved through agile identity and access management. In this area, traditional approaches to digital identity are avoided and new and improved methods are used to design and implement a digital identity system.
Thus, the business ecosystem (industry) and the digital identity ecosystem reinforce one another. Obviously, the stability and resilience of the organization have to do with the degree of its ability and intelligence in creating a logical balance between these two concepts.
4.2 Artificial Intelligence (AI) Engineering
Most AI projects fail because of problems with maintainability, scalability, and governance. Without proper AI engineering, it will not be possible to take advantage of all the benefits of artificial intelligence. A robust AI strategy enables the development of high-performance capabilities, comparability, interoperability, and reliability through operational AI models. This strategy seeks to create responsible AI. Having been based on this, artificial intelligence engineering is based on three principles of DataOps, ModelOps and DevOps.
The use of artificial intelligence capabilities in digital identity has become so widespread that today’s organizations seek to exploit the concepts of identity intelligence. This concept enables organizations to maximize their flexibility and potential in using digital identity capabilities using artificial intelligence tools. This can be explained under the title of AI-Aware Identity and access management.
Hyperautomation refers to maximum automation of the organization and business processes using such tools as artificial intelligence, machine learning, robotic process automation, and the like. Automation is an inevitable issue in a way that everything that can be automated in the organization must be automated in the near future. Therefore, the use of traditional technologies and business processes that hinder hyperautomation should be abandoned and replaced by new processes.
The vast and complex cyberspace has made it very necessary and inevitable to automate identity and access management processes to avoid complexity and increased costs and increase productivity. Digital identity automation falls under two levels. In the first level, automation of specific processes of identity and access management such as continuous authentication, intelligent authentication, and adaptive authentication or context-aware authentication is introduced. In the second level, the connection and integration among the automated processes of digital identity and the automated processes of the business are considered. Needless to say, an automated organization with a digital identity approach considers both levels.
Reference:  www.gartner.com