ForgeRock® has introduced its newest identity management platform, including an implementation of the User-Managed Access (UMA) standard. Built on consent-by-default and consent-by-design principles, the ForgeRock Identity Platform™ is the first identity management platform to support an UMA implementation designed for consumer consent and data sharing purposes.
“Highly scalable platform architecture is becoming increasingly sought-after amongst hyper-connected organisations that must support millions of customers across even more devices and things,” said Martin Kuppinger, founder and principal analyst of KuppingerCole. “As the influence of the IoT spreads to all aspects of our lives, the ability to adapt access management capabilities quickly will become pivotal to future business success. Furthermore, with consumer expectations surrounding data security and privacy higher than ever before, standards such as UMA will soon become the industry benchmark to which all organisations must conform.”
Providing strategic business certainty as the regulatory landscape shifts
The use of customers’ personal data has significantly evolved over time due to regulatory changes and court decisions. For example, the EU Court of Justice decision in late 2015 affected many U.S. companies’ use of the Safe Harbor framework, and changes in regulations – such as the emerging EU General Data Protection Regulation (GDPR) – often affect the use of data for which consent was previously gathered.
The new ForgeRock Identity Platform, specifically designed as a User-Managed Access solution, enables businesses and government organisations to present customers with options to proactively delegate – and revoke – data access to others. It also enables individuals to consent to data access that was requested and to deny requested access, to monitor data access they have consented to over time, and to adjust that access upwards and downwards, all in a fine-grained fashion and in a conveniently centralised location. These capabilities provide important freedoms to give or withhold consent.
A superior technical solution where before there were few
Previous consent–to-share tools have consisted largely of checkboxes, cookie acknowledgment widgets, and – for the more technically knowledgeable – “social login” application libraries. However, today’s new regulations require new solutions. The ForgeRock User-Managed Access solution offers a new dimension in consent-to-share tools.
Giving customers reasons to trust
Sources and volumes of personal data have also grown as consumer Internet of Things (IoT) devices have become more pervasive; soon, connected cars, medical devices, and smart home devices – all made by different manufacturers – will be competing for consumers’ attention in how their personal data is shared with other applications, people, and organisations in their lives.
“In an era of very public data breaches and heightened consumer awareness, ‘fostering trusted digital relationships’ can’t be considered a buzz phrase. Privacy strategy must include a consent-to-share strategy that looks after the top line of the business,” said Mike Ellis, CEO of ForgeRock. “The UMA standard was created to give an individual a unified control point for authorising who and what can get access to their digital data, content and services, no matter where all those things live. The new ForgeRock Identity Platform enables private and public organisations to quickly deploy secure identity services based on UMA principles.”
According to Eve Maler, VP of Innovation and Emerging Technology at ForgeRock and founder and chair of the UMA Work Group, “Organisations looking to design personalised digital services that also respect an individual’s right to control access to their data will find that the ForgeRock Identity Platform offers a new set of tools making this possible. Further, by designing services that offer this transparency and respect, organisations are also better able to address the implications of the emerging regulatory landscape. As we celebrate the upcoming Data Privacy Day 2016, our new Identity Platform is tangible proof that ForgeRock is delivering on its commitments to consumer privacy and data protection.”
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow