Interviewed By Foo Boon Ping
John Donovan, regional vice president of ForgeRock, an identity platform provider, shares how the company helps banks and various institutions maintain a seamless and frictionless relationship with the customers and how they look at identity management today.
Here is the transcript:
Boon Ping (BP): We're happy to be speaking with John Donovan, regional vice president of ForgeRock, an identity platform provider. And it is a quite a new concept in this world, digitisation, the convergence of digitisation and the concerns over cybersecurity. Tell us a little bit about ForgeRock.
John Donovan (JD): Well interesting, I guess you mentioned you know some of the changes and views about what identity means… kind of relates directly to the history of ForgeRock as a company.
So ForgeRock has been around and we actually call ourselves a start-up but we've been around for seven years. And the technology came originally from some micro systems. And it came at a time when identity was viewed, I guess alot, as a security play. Now, when people spoke about IT and identity though, generally looking at how do we secure the identities of employees, how do they connect to their devices, how those devices connect to the network, and how do we manage that in a kind of seamless sort of fashion, which was fine at that time but the industry has transformed itself.
Organisations like ForgeRock have come to being because we view identity more as a customer-centric kind of play, still with the elements of security but with much more of a focus around how do we connect to our customers; how do I, how do we allow our customers to connect to other customers and to devices and bring this big relationship with connected identities in a secure and managed environment, into the concept of how we digitally transform our companies as well. So ForgeRock itself was originally founded in Oslo in Norway back in 2010. We have a head office now in San Francisco, about 450 employees globally, and another 700 enterprise customers around the world.
The great thing about the ForgeRock identity platform is that the modular approach means that as companies look at what digital identity means to them, they can do it in steps – if they’re not considering IOT today – they can in the future and bring that to the platform environment.
If they’re looking at, might not be looking single silo today, they can in the future and bring that into their common platform.
BP: Now, tell us a bit about how organisations are looking at identity management today, you said alot of it started with internal staff?
JD: It did.
BP: …excess control and so on and so forth now to look at it from a customer perspective. How are they organising themselves around it and what are some of the challenges in terms of the conversation that you have with the organisation?
JD: It’s interesting. So, it becomes more of an innovation play, still with the, you know, under current of security because people need to secure those relationships but much more of an innovation play. So when organisations used to think about their customers relationships from a digital perspective is, how do we allow them to connect? And that was pretty much it.
Which was fine for a time if you think back to the late 90's when, you know, internet banking for instance first reared its head, we had this simple idea of being able to use your phone for check on the balance of your account, which was pretty revolutionary but you know that’s getting on close to 20 years ago or it is 20 years ago. So, what people want to do now not just with financial services but also health services or telecommunication access or educational services is they expect to have a full range of access and control to their own identity and the relationship of that company more than they ever have before.
So, if you have a look at what individuals or consumers want to do from a digital banking perspective now, it is million light years away advance from what we are doing 20 years ago. So, people expect to be able to have a seamless and a frictionless relationship with the banking institution.
They want to obviously be able to look at balances but they want to be able to exchange money between different accounts because they might have a business banking account or a credit card relationship or commercial or an institutional banking relationship you know. They can have you know up to 15 or 20 maybe more different identity relationships in the banking institutions but they want to able to share the relationship between those identities as seamlessly as possible.
We've also seen the idea of step-up authentication or multi-factor authentication as people start to do more complex transactions online as well. If I’m simply looking an account balance based here in Singapore on my account with one of the large banking institutions here. That’s a pretty simple thing to do right. If I want to transfer money between accounts then you require a higher degree of authentication.
If today I’m in Singapore but tomorrow I’m in Rio in Brazil or somewhere and Iwant to transfer 50,000 from one account to another account that is not necessary linked, then you require a higher degree of step-up authentication. And that's where the ForgeRock platform, the modules that we have as well as working conjunction with organisations that provide things like biometrics, really still create that seamless and frictionless relationship with the customers are looking for. They want to do this stuff and they want to do it easily and the banking institutions, and the education institutions, and government institutions also want that to happen but in a secure fashion and that is where ForgeRock comes into it.
BP: How do you see developments in this region in terms of some of the initiatives that the government…
JD: Really good, really good. I mean we have an office here in Singapore. In fact it was the first office that we established in the APJ geo…based on the level of innovation that we saw in government institutions, in financial institutions, education institutions, healthcare the Singapore and in fact Southeast Asian nations market is really well developed moving in a very rapid speed.
I think a lot of it got to do with the acceptance of digital technology, fairly obviously, but also the great relationship that exists between government and private enterprises in places like Singapore.So, whereas in some other countries there’s a little bit of resistance as to who owns the data, who owns the identity, how you connect In Singapore, there's a lot more structure around how that stuff works and that makes it easy for companies to really look at much more innovative approach towards how they do this. The great relationship between the banking institutions and the government in Singapore, for instance, makes digital transformation much easier.
BP: Identity management, security management, cybersecurity are they distinct, how organisations been looking at this issue?
JD: Well I think they're all connected.You know security,I worked in security for 25 years or so and that’s always in the background of the conversations and it is interesting when we work customers, you know quite often when we working with people like the chief digital officer or the chief marketing officer because they are looking at, through the prism of what makes sense to the customer, how do we transform a practice…and they have a very strong focus around customer relationships,historically, security had not been so customer focus, I guess, they've been involved in protecting the brand, protecting the assets.You know, banks are there because they secure finances and they lower the level of risks. So, when you have one organisation or one entity within a company that saying we need to open ourselves, we need to be more approachable, we need to be more frictionless, we need to have customer at the centre of the relationship this is the historical approach, which is we need to close the boarders, we need to lock down the assets, we need to lift the level of security... then friction occurs quite obviously.
So part of our job is to show organisations how they can blend the two, still have customer identity in the centre of the transformation exercise but in a secure fashion. Some of these companies that are putting innovation and customer experience at the forefront versus some of the maybe tier 2, some other banks that are coming, they're grappling with the whole issues.
BP: Today, what differentiate them and how do you talk to those that are still kind of sitting on the fence I guess?
JD: So tier 1 vs tier 2? Look, I think one of the big challenges, some of the big tier 1 organisations have is the historical investments. This is what the current infrastructure looks like and a historical approach towards identity. In some cases, it’s built around huge old mainframe databases that are difficult to migrate from… part of the ForgeRock value is you don’t actually need to migrate from that. We can take into account all the different silos and help federate them.
But one of the big challenges is when customers look at a digital transformation exercise.How do we do it with our legacy systems because we have millions and millions of dollars and hundreds of thousands of man hours in many cases unique internal developments based around our technology?
So in many cases when they think about a desired end state which is customer-centric, innovative, agile and what their dealing with today, sometimes they might feel it’s a bridge too far. How do we get there? The challenge is they have to get there when you look at the agility of some of financial services and fintech, when you look at the agility some of the tier 2 players that have a non-branched focus around digital banking, then people are offering those services so the challenge is there for the tier 1’s to adopt and innovative approach towards this even with the legacy systems because their customers are demanding it from them.
BP: Great. Thank you John!
JD: Fantastic! Nice to meet you! Thank you!