Identities – The real Fight Club in the Cloud
A lot of fights have been called out ranging from Google Apps vs. Office 365 to Facebook vs. Google+. The real fight though is one that does not take place on the front pages but rather between the lines. It is the fight that will decide who will be the grand winner of the cloud race.
Why do identities matter?
Identities are the one and only true value in consumer computing but also matter in the enterprise world. Let’s look at some examples from the real life.
In the past a mobile phone was defined by its phone number. Only by the association of a phone number with a person outside the digital world e.g. by a business card a connection of the identity and the phone was created. This has changed fundamentally. The key identifier no longer is the phone number but the online identity. For WP7 you need a Live ID, for Android a Google ID and Apple requires you to be registered with iTunes.
Also in the past you had an email account for business and one for your private life and while you might keep that separation you need to consider which one to use in social networks. Do you tie your professional LinkedIn account to your business email or your private email account? This becomes increasingly important with disputes on who owns the contacts, you or your employer (look here and here for more)
How do you identify yourself with web pages and applications? More and more applications do not require a separate registration any more but connect to your Facebook account. Lesser but also more and more web pages do the same for Google IDs and other digital IDs. Nevertheless this already shows today the importance of the identities. Each connection gives the ID provider more information.
With trends like BYOD (bring your own device) the importance of identities will increase. How to differ between a business identity and a private one in a world where devices need to be tied to an identity while the device will work in both worlds is critical. Think about access management to corporate information as well as device management in a sense of patching and software distribution.
Facebook vs. Google (vs. Microsoft)
While on the corporate side the identity discussions seems to be decided in favor of Microsoft’s Active Directory the consumer identity war is full on. Some years ago Microsoft was in a pole position with its Live ID. Not only delivered it great value (SkyDrive, Xbox Live connection, etc.) but also was there a drive for the Microsoft subsidiaries to push Live IDs in the local markets. It was a major item on each countries scorecard. While I do not know whether that is still true I do recognize that I do see lesser emphasize on the live ID in the market. It seems almost as if Microsoft pulled back from the identity war.
This leaves two remaining contenders – Facebook, the reigning champion of social networks, and Google, the fighter of many styles that has just moved up to the heavyweight boxing of social media.
While Facebook had an advantage of having been there early and a clear entry into the market of the target group of kids and young adults, Google has a clear advantage addressing enterprise needs. Google plays on both sides of the fence separating the consumer and enterprise space. Much like Katniss Everdeen from the Hunger Games, Google crawls under the fence separating District 12 from the forest. By doings so Google hunts in the enterprise forest while Facebook just stays within the consumer district.
It will be interesting to see how Microsoft will react. The WP7 integration with Facebook is already high and there is e.g. no Google+ App for WP7. On the other hand betting fully on Facebook would mean giving up Microsoft’s enterprise advantage and the Live ID.
Federation will be the key
Federation means a way to build a bridge between two islands of identities so that inhabitants of both islands can communicate and exchange information. In the enterprise cloud federation is a key differentiator and with social collaboration in the B2B market it becomes more important. In case you are a user of Microsoft Lync and your company has a federation in place you can chat, talk and hold conferences with partners quite easily. A federation with the internet even allows you to communicate with consumers that use the Windows Live Messenger. The value of a scenario like this is incredibly high especially if your work in a global environment. The base for this is Microsoft’s Active Directory and with ADFS (Active Directory Federation Services) Microsoft has created an interface between the enterprise and the consumer world but also between the on premise and the cloud world (e.g. ADFS for Office 365 vs. separated identities for AD on premise and Google Apps in the cloud).
Google is struggling with federation between the enterprise world and the consumer world. This is one of the reasons why Google+ for the Enterprise is still in dog fooding only. So far a user in an encapsulated Google+ for the Enterprise environment cannot start any hangout with Google+ users in the public domain – there is a lack of federation. Issues like that show the importance of federation as well as complexities it might need to get it all sorted. I have no doubt in Google that they will figure this out over the course of the time and then Google will land the first heavy blow in the fight against Facebook. I do not see any activities on the Facebook side to address the enterprise market apart from business/fan pages which is a completely different turf.
The key piece for Google probably is not technology but politics. To what degree will Google be open to discuss a federation with the Microsoft world? How would Microsoft react? On the other hand Google might look at the world and see the writings on the wall and go for a bigger change. The change from dispersed IDs towards a universal ID where enterprise environments would incorporate the employees own individual ID. That would be a bold move and a long-term strategy.
Data Privacy – Who cares?
A great question this is. When I was at the Google exhibit on CeBIT this year and tried to discuss Google’s approach to data privacy this seemed to be an underlying argumentation. But actually we not only should care but also have some tools in place already. The tools I talk about are the laws which maybe old but still need to be followed. The data privacy laws in Europe mainly care about PII (Personally Identifiable Information) and what else would an online ID be than PII.
One of the reasons I called out the potential Google strategy long-term in the paragraph is the approach to data privacy. This is the huge advantage of Microsoft’s Active Directory in the enterprise world. It gives the control about the IDs as well as the associated information to the enterprise itself and this is where it should belong according to the laws. The enterprise is being held accountable on behalf of the employee if PII is lost or misused. Introducing a third-party into this relationship complicates things. This is true even more if we talk about identity providers on a global level.
Another factor in this whole discussion is the question of the right for anonymity. With online IDs that also will be used in the professional world anonymity will not be possible. So that would mean that individuals must have a right to more than one ID and that it must be prevented to create connections between identities. But on the other hand how can someone differ between a validated ID and an (fully legal but still) obscured ID.
In Germany there are two players trying to create a market for validated IDs. The focus so far is on legally binding email communications but there is potential for much more. One provider is Deutsche Telekom with DE-Mail and the other one is DPDHL with e-post. The key for both is tying an ID to an actual person. Interestingly enough DE-Mail is supported by the German ministry of interior. This springs another idea. Why do we need to give our online IDs into the hand of commercial enterprises? Why cannot the state control these in the same way they do with ID Cards and passports?
While it sounds like a great idea in the first place, it is not if you think about it globally. There are many countries where the state is not an authority to depend upon when it comes to online access, online IDs and the rights of free speech. So this does not make sense. Also it is risky if you think about changes that could happen over decades or centuries. A state perfectly democratic might change and become a bad choice to be the control instance over online IDs.
Let me come back on DE-Mail and e-post for a second. Their success beyond the local market will be decided by their respective strategies towards the global players. E-Post as an example is in discussions with Microsoft on how Live Ids and e-post IDs could work together.
The two worlds of identity in the future
I was recently asked how I do see the world of cloud computing in ten years. I missed to comment on the importance of identities. I predicted a world of hybrid environments and I fully support my prediction. The key question about the war on identities is, how this will end up. But I am neither Nostradamus nor do I believe there will be one shining winner. Especially the need for expression of thought in anonymity will ensure that there will be at least two* worlds. The legally binding and connected to a human, kind of ID and the anonymous ID allowing free speech. Both worlds carry a lot of value.
*probably there will be more than two, based on the fact that there will be no universal ID but several identifiable IDs in a specific context.