Join Robert MacDonald and Javed Shah, with guest Michael Cichon CMO, for a new IBA Friday session! This week, they will be discussing the KuppingerCole Providers of Verified Identity Report.
 


 
IBA Friday 10/14/2022 from 1Kosmos on Vimeo.

Video Transcript
Robert:
All right. Hi everybody. It's time for us to goof around and have our next IVA Friday, I guess. I'm Rob. Just as a reminder, this is 1Kosmos' IVA Friday. It's the Javed and Rob show. Javed, say hi.




Javed:
Hello.




Robert:
We've got a special guest today, Javed. It's always fun when we have special guests.




Javed:
I don't know what's special about him, but yeah, okay, fine.




Robert:
Yeah, I know. Well, I mean he's the big hitter this time but we've got level C level people on the call, so we got to be good.




Javed:
Oh, a special guest to the show. I see. Oh my goodness.




Robert:
Michael Cichon is joining us. Hi, Michael.




Javed:
Hey, Michael.




Michael:
It's a pleasure to join you, my esteemed colleagues.




Robert:
Yes.




Javed:
Esteemed. Oh my god. Okay.




Robert:
He even said it without laughing.




Michael:
What are we wearing today? Iron Maiden. No Led Zeppelin, huh, Javed?




Javed:
Robert, you and I are esteemed, okay?




Robert:
We're esteemed. Yeah, that's true. That's true. It's good to know. So anyway, today, Michael, thanks for coming. You wanted to talk about one of the recent reports we had. What do you want to talk about?




Michael:
Well, as you know, as the Head of Marketing, it's pretty exciting when we get some of the coverage that we've gotten recently, notably from KuppingerCole. A couple reports came out, one in particular on verified identity providers. But before we get into that, for people that are not familiar with KuppingerCole, Robert, can you give us a high level? Who is KuppingerCole?




Robert:
Yeah, sure. KuppingerCole is an analyst firm. They were founded around 2004 and they are an international and independent analyst organization. They're headquartered in Europe. They're led by Martin Kuppinger and that company specializes in offering neutral advice on the market that we kind of play in. So identity and access management, governance, GRC, on top of things like digital transformation and things along kind of market trends as well.
But being that they started in Europe, that's where they got their footing and over the last probably 10 maybe or so years, you've really kind of seen them penetrate into the North American market here. And they're pretty much everywhere. A lot of the customers and prospects that we go in and talk to have either used KuppingerCole or aren't aware of their reports, but they're one of the bigger ones.




Michael:
So I've seen KuppingerCole mentioned more often now when we start talking about Web 3.0 and blockchain technologies, authentication, identity proofing, and so forth. This particular author of this report was Annie Bailey and she's been around quite a while in this area with bit of credibility.




Robert:
Yeah, she's a great analyst. She's been with Kuppinger for a while now as well. She focuses on, like you're saying, things like digital identity, decentralized identity, identity verification, blockchain, privacy, and other kind of topics related to emerging technologies. That's kind of her focus.
And that's this recent report, which you said was the providers of verified identity. She looked at evaluating solutions that can serve as a foundation for customers who need to utilize verified identities for onboarding either an unknown customer or verifying a contractor or employee or whatever that might be. But that providers of identity and the vendors that are associated with it, she looked at whether or not they can enable external identities or internal identities, all used by the enterprise in some way, shape, or form. So she looked at full service providers that can register onboard and kind of authenticate that verified identity as well.




Michael:
Okay, so identity verification. The report basically gives a landscape, gives kind of a directional guidance on how to evaluate these vendors. But just a half step backwards, verified identity, what is it and why do we need it?




Robert:
Javed, go for it. Why don't you, I already talked a lot. Your turn.




Javed:
Was distracted because I was pulling in my...




Robert:
Oh, you got your water. Not your beer today.




Javed:
You were asking what is verified identity?




Robert:
Yeah, what is verified identity?




Michael:
What is it and why do you need it? I mean, identity I think is you start talking about digital identity. People have different ideas for what it is. So just in a nutshell.




Javed:
Yeah, I guess there's so many different interpretations of that. I think just having a digital identity for a person is probably not enough. To be able to verify the person behind the identity, to have actually the identity created from the person, having validated a government-issued identity, for example, with an assurance level that you can measure, store, track, because it could go down. It could go up based on whatever the journey the person is taking. To have the verification journey for that digital credential I think is what I would interpret verified identity, big picture.


But that's not enough as well because you may issue a person, a human a verified identity, but then so what? Someone has to verify. You want that ecosystem to make the value of that verified identity credential go up or down depending on the value created in the ecosystem. So there's much to this. There's an entire ecosystem to be spoken for, so to speak.




Michael:
So online, my user ID and password when I log in, right? Online, if the service lets me sign in with Google, I'm Mr. Google guy. If they let me sign in with Facebook, I'm Facebook. But none of this is really verified. I mean, anybody can create these Google accounts, claim to be me.




Javed:
Yeah, that's just your social identity, right?




Robert:
Yeah, absolutely. And there's nothing tied to it, right? There's nothing that says that that actually is Michael other than a username and password. And that doesn't actually ever prove identity. Right?




Javed:
Exactly. And there has been effort, actually, in the industry to have... There've been folks like ZeroFox, for example. I worked with them many years ago and there've been other entities that try to assess the level of fraud with your social identity or even with the identity provider that you chose to authenticate with. All power to the user. But if there were a heuristic potentially that you could compute for one provider, that doesn't necessarily grow to scale for all of the different providers potentially that could vouch for you as the user, right?




Michael:
Got it.




Robert:
Michael, just to go back to the report, just quickly, what they look for in terms of the providers of the verified identity. So they have to provide the majority of a number of capabilities. Now, I'll just quickly kind of run through them just to give you an idea in terms of what they're looking at. So document verification, biometric verification, attribute verification, the registration of the actual user itself into the platform, workforce applicability, customer identity and access management applicability, and then the reduction of fraud. Those are all the categories that Kuppinger looked at and leveraged to determine where people fit in and how they fit into this report.




Michael:
Okay. All right. So I get it. So identity verification, we all do it when we get a new job. You have to do the employment eligibility. When you create a bank account or you open a crypto wallet or something, you're getting driver's licenses and stuff like that. So the report kind of evaluates remote identity verification or automated identity verification. All right, so I guess I'm all excited about this report because 1Kosmos fared really well.




Robert:
It did. We did.




Michael:
Yeah. There's four different categories and first is overall and then product leader, innovation leader, and then market leader. So we ranked in the leadership area for overall, so that means what?




Robert:
That means that looking at the combination, combined view of the other three leadership categories that you just talked about. So it's product leadership, innovation, and market. The combination of those will determine whether or not you are an overall.




Michael:
Got it.




Robert:
We ended up as an overall leader, which is super exciting. Which then gets us in into product. So product leadership means that we, 1Kosmos, we focus on the functional strength and completeness of the solution. So we round out the solution very well.




Javed:
Yeah.




Robert:
Yeah, go ahead. Sorry, Javed.




Javed:
Look, I mean, there are folks who verify the identity and then they forget about it, right? Yeah, we verified it and then we forgot about it. Well, what's the point of verifying identity if you're not able to reuse it for the lifecycle of the identity you're trying to manage? And I think that's the difference. And that is very hard to do. You cannot build a point product that just scans a document and then call yourself identity based authenticator. You cannot do that.
What you have to have is a platform that is able to scale not just from the gov ID scan, but also to understand, well, this is a digitally verified identity with a certain level of assurance. With that level of assurance, I could subject it to said criteria for authenticating into not so secure services potentially, but for the higher risk, higher friction journeys, we want to raise the assurance level and reuse the identity that we verified for authentication down the line.
And that reuse is what Kuppinger called out as remarkable and worthy of leadership. So that is not a product-specific outcome. That's a platform-specific outcome. And Robert, you know I always do this.




Robert:
Yes, you do.




Javed:
It's about platforms, right?




Robert:
Yeah. And just to reiterate what Javed said there, it's not a matter of just verifying the identity. It's, okay, well what are you going to do with it after you verify it? Well, we're going to put it into a digital wallet. So just like the wallet, Michael, that you carry in your pants, right? Back pocket.




Michael:
When it's empty.




Robert:
When it's empty, yeah.




Javed:
Let's not go down that road.




Robert:
George Costanza wallet.




Javed:
Move on, move on.




Robert:
Yeah. But, I mean, you have identity cards in there that you can say, "Hey, police officer, here's my driver's license," when you get pulled over speeding. You know what I mean?




Javed:
You had him pulled over already?




Robert:
You know what I need. But yeah, the idea is that we want to take that wallet and do it in a digital format. So when we're interacting online, we know who we're dealing with. [inaudible 00:11:18]




Javed:
This whole idea of multifunction guys, there is this idea of multifunction cards, right? So it's not just a payment card anymore.




Robert:
That's right.




Javed:
Potentially, it could carry money, digital money, but it could also carry a digital wallet. So this idea of augmenting regular day use of a credit card with potentially some bearing on access to services, I think it calls for some value. And I think that's why this report is really, really useful and remarkable because it tries to bring together those different use cases together to authentication.




Robert:
That really speaks to the product leadership. So Michael, you said the other one that we did really well in is innovation. And that's one of the ones that we're, as an organization, pretty proud of because it means that we're pushing the market. We're innovating in a way that's making a difference. And Javed, you had a really succinct way of talking about the innovation that we're delivering. Why don't you reiterate that again?




Javed:
Sure. So the production of the digital identity, the verification of it, that actually carries a level of assurance that you can measure, you can store, and you can track to bring to bear the identity for authentication for the life cycle itself, to be able to use the verified identity for authentication purposes depending on the risk level, risk posture that the institution may have.




Michael:
See, that's pretty cool. And if we're talking about innovation, that's one of the things that I find is the most innovative is the various levels of identity proofing. If you want NIS certified, know your customer identity verification, we can take care of you. If you want to match a live selfie to somebody's, the picture that they took for their employment ID, we can do that. So different types of users, different responsibilities. You have administrative staff. You have staff with access to privileged systems. The ability to handle all that in one platform to me seems pretty great, and privacy along the way.




Javed:
And Robert, let's not forget everybody who does digital identity verification could arrive at an assurance level in a different way. But the assurance level itself, if it's compatible with the NIST definition of it, that carries meaning as language. You can speak to different services in the same language regardless of who produced the assurance for the individual. And the individual doesn't have to run through additional friction. There's a lot of value there to actually speak that common NIST language, which is what obviously we are pioneers in because we've been certified for God knows how long now to actually be able to do that exactly to spec and allow the assurance levels to further the use case along.




Michael:
So we like to talk, because we're technologists, we're all gadget guys, we like to talk about the leading edge capabilities. But the other thing that's innovative from my perspective is you have these systems that they're not going to go passwordless in our lifetimes. Forget our lifetime. They're not going to go passwordless. Right? And the ability to do something like a password reset, I love the password resets where, "What's your old password?" It's like, "Well, had I known that I wouldn't be resetting the password." So to be able to use a biometric match and then reset a password for a system that can't go passwordless is pretty cool.


But then there's all the other legacy systems spewing out SMS codes and you don't want six dozen apps on your phone to manage all that and the 1Kosmos app manages all of them, right?




Robert:
That's right. Yep. Absolutely. There's a sentence in this report that's interesting because I think it actually kind of describes what we do, and it's about the report itself. So bringing a real world identity to a digital credential in the most secure user-friendly and privacy preserving method requires creativity and a willingness to change the status quo.




Michael:
Wow. Did you memorize the report or were you reading from a [inaudible 00:15:48]




Robert:
What does that sound like?




Javed:
Say that again. Say that again without looking at the report.




Michael:
Got a cue card in the back there?




Robert:
Yeah, exactly. So I was just reading, I was like, "I should probably say that," but that said, I wanted to make sure I got the words right. But that's essentially what we're trying to bring or are bringing to the market.




Javed:
That's what we're trying. Absolutely. Because this is not going to be solved in one day, right? The interop portion of this is the real challenge. You can produce software all you want, doesn't matter. It has to be really useful, easy for services to adopt, for services, to receive a credential from a person like Robert and say, "Shouldn't I validate this by the issuer?" That interface should be easy to consume and should scale to millions, eventually billions. So there's a lot that would go on and I hope, and of course we are trying, that the platform that we are building has that in the back of the mind and front of the mind as well, both same time. There's the roadmap that we want to build to, well, a performant verifiable credential.




Robert:
Right.




Javed:
Not just a verifiable credential. No, no, no.There's more to it.




Michael:
Well one of the words Robert used was privacy. I think that's a word that's overused because we all talk about privacy, but honestly business and government alike, we're bleeding private information out on the internet to hackers. And we call it private, but it's stored in a file that's got an administrator who has access to it and that access is password based. So that's not really commercial-grade privacy, at least not for where the web 3.0 in particular is headed.




Robert:
That's right. With our distributed identity, blockchain backend, all that stuff is kind of charted, stored in the blockchain and only the user that has the key can unlock it. Nobody else has access to it other than, Michael, you, for yours. 1Kosmos doesn't have access to it. The company that buys 1Kosmos Technology doesn't have access to it. Only the user has access to it. So it's legitimately triple encrypted. Nobody can get to it. Only the user.




Michael:
I'm going to throw one other out at you guys. I mean, when people talk vendors, companies talk about their certifications, that's a real yawner, right? Nobody cares. But if you really look at it, if you're going to take your platform through the rigor of an industry certification, you're essentially, as a vendor, signing up to your responsibility, especially as a security vendor, to deliver quality code, code that's not Swiss cheese, code that doesn't introduce new volubility into the business. And when you look at the NIS certification, [inaudible 00:18:20] 2 certification, the IVETA certification for biometrics, the facial matching algorithms that we use, that all adds up to not only a highly secure system, one that's interoperable or one keeps you out of vendor lock. I think as business decision, buying a vendor or investing in a vendor that doesn't lock you into their technology is pretty innovative.




Robert:
And then we've already done all the hard work. Listen, don't worry about it, Mr. Customer or Mr. Prospect. If you're looking at the 1Kosmos technology, we've already done all that hard work to be certified so you don't have to worry about it. And you know the technology that you're putting into place meets specific criteria that are only beneficial to you, not only now, but as we move to this web 3.0.




Michael:
Well, the report is available on our website, free download. That's my marketing little advertisement here. It's pretty exciting not only to be recognized as a leader in innovation, but the top innovator. So I won't name the other companies in the list, but beat out some pretty big names as far as out-innovating them. So hats off to, Javed, you and your team, the way you build the code and the product that you brought to market, the army of people you have behind you from quality control to [inaudible 00:19:50]




Javed:
Excellent. Takes a village. You guys too.




Michael:
Just really delighted and very proud that 1Kosmos shared as well as we did in this report, the top innovator.




Javed:
And just the beginning. Yes?




Robert:
The beginning, yes.




Javed:
Just the beginning. We're not done.




Robert:
Absolutely.




Javed:
All right.




Robert:
Well, listen, on that note, Michael, thank you for coming on for your [inaudible 00:20:08].




Javed:
Thank you, special guest.




Robert:
[inaudible 00:20:11] Listen, and we ran long. And we ran long.




Michael:
I got to get a, okay, Led Zeppelin, I'm going to get some [inaudible 00:20:15]




Javed:
I'm sure. Get on with the message. Yes.




Robert:
All right, buddy. Thanks for joining us and we'll see you again for our next IVA Friday in a couple weeks.




Javed:
Good talk, guys. Thank you.




Robert:
Have a good weekend, everybody.