Category Archives: Valuable

Privacy industry: Measure of Quality for SaaS

If you thought that Middle Ages could only happen on Earth you would be wrong. This days they are happening in cloud but not for long.

Image courtesy of Computer Economics
Image courtesy of Computer Economics

Just think Google or Facebook and their stand on data ownership, protection and retention and its pretty clear that software-as-service’s (SaaS) market has Data Feudalism written all over.

And Google and Facebook aren’t exceptions.

More of a rule on how current internet industry is preferring to handle user data, their privacy and security.

Gartner predicts that this will continue not only through 2014. but also year after as well.

It states that 80% of IT procurement professionals in companies that work in other industries will remain dissatisfied with SaaS contract language and protections that relate to security. Among other things because of lack of meaningful financial compensation for losses of security, service or data.

But this is just a piece of puzzle.

“Concerns about the risk ramifications of cloud computing are increasingly motivating security, continuity, recovery, privacy and compliance managers to participate in the buying process led by IT procurement professionals,” said Alexa Bona, vice president and analyst at Gartner.

As it seems companies are buying more and more of SaaS services regardless.

Public cloud market grew overall in 2012, with 49 percent of organizations having systems in place compared to 47 percent in 2011. according to report by Computer Economics(CE).

CE expects that by 2018. new SaaS application sales will exceed new on-premises application sales.

For now this is how many companies is interested to use these apps in SaaS:
37% Email and calendaring
32% Human resources applications
25% ERP (enterprise resource planning)
11% Expense reporting
24% Other
(multiple answers query)

Adoption of SaaS is boosted primarily by speed of implementation, reduced IT infrastructure, scalability and easier upgrades. Availability, disaster recovery and lower costs are marked as less important.

But CE points that what adds more value to SaaS are in good order:

  1. data privacy
  2. security
  3. control over processes
  4. integration
  5. and performance.

These are major concerns that companies have with public cloud services. That is also way Compliance Officer and compliance in general (regulatory and non-mandatory) is going to play major roll in the future of SaaS.

Like in other things US and EU have opposite approach on how to boost consumer trust in public cloud services (particularly SaaS) and how to end Data Feudalism and internet industry’s Middle Ages.

US is in favor of industry self regulation and EU of regulatory compliance.

In both ways this is a win-win for Privacy industry and consumers.

These trends aren’t going to play such a big roll in adoption rate of SaaS services but are going to play major roll in product differentiation.

In other words, privacy is becoming crucial measure of quality for SaaS.


6 Drivers of €1.000 Billion Identity Industry

Personal data as a new kind of currency will create €1 trillion market in EU by 2020 but the main challenge will be to establish the trust that keeps this information flowing. BCG explains why.

Evolutionary path of digital identity value creation
Image courtesy of The Boston Consulting Group

In process automation, User enablement, Personalization, Enhanced delivery, Personal data-driven R&D, and Secondary monetization — are six major trends of Identity industry according to The Boston Consulting Group report The Value of Our Digital Identity.

All of these trends will impact all of today’s industries by 2020 and all of them as a foundation have personal data which BCG describes as a new form of currency.

BCG predicts that by 2020 Identity industry, as a part of Privacy industry, will be a €1 trillion Market only in Europe, not counting rest of the World.

But as BCG states that realizing the full potential of Identity industry is not a given. People are worried about loss of privacy and the improper use of their personal information. Companies fear the backlash that could result if they approach managing personal information in the wrong way.

The challenge is to establish the trust that keeps this information flowing.

For EU businesses and governments, the use of of personal data will deliver an annual benefit of €330 billion by 2020.

For individuals, the value will be more than twice as large: €670 billion. Much of that will be due to online services (i.e. Facebook, Google…) thanks to business models that monetize personal data and are highly valued by consumers.

Identity industry will emerge over three phases – Digitization, Internal enhancement, External applications – that will in most EU countries be simultaneous.

Digitization is a process of creation of basic digital product experience specially in public sector and traditional production. Basic digital identities are used as secure authentication.

In fact, it is the public sector and health care that are expected to profit the most, realizing 40 percent of the total organizational benefit.

Internal enhancement is a process of leveraging personal data internally. Personal data will be used for R&D, delivery optimisation etc. and most active in this phase will be telco and media companies and financial services.

External applications is a phase in which companies will start tapping data ecosystem opportunities like sharing data with third parties in both directions. The most active will be internet sectors and retail.

TOP5 remarks on Data Privacy by Leading EU Academics

According to leading EU Academics, proposed new EU regulation is boosting privacy industry with its start-ups that are creating out-of-the-box privacy tools, software companies that are creating anonymization, pseudonomizetion and encrypting tools and new market need for security and privacy experts and consultancies. And this is why…

Image courtesy of Feelart /
Image courtesy of Feelart /

More than 100 leading senior academics from across Europe, from disciplines such as Computer Science, Law, Economics and Business Administration signed a position regarding proposed European Data Protection Regulation.

Economic, administrative and social processes in Europe are starting to be influenced by invisible net of newly created value as a result of automatic processing of personal data. This is not something that is happening in EU but throughout the world.

Users are paying for nominally free cloud services by providing personal data.

Like checks, shares, bounds, bitcoins, euros or dollars so are personal data becoming generally accepted as payment for goods and services although they are lacking some of characteristics of money.

They are becoming valuable not only for marketing purposes but also for optimization of development, production and distribution of products and services. Further on for enhancing sales and search for better employees and many more things. All of that is packed in virtual databases that are like wallets of our personal identities.

Leading EU Academics stand for more robust data protection laws and are  pointing to arguments that are created by lobbyist aimed to weaken data protection in Europe. They stand for…

1. Innovation and competition are not threatened

Regulation of data protection will impact innovation and competition in positive way, not negatively as some may suggest. They say that for example regulation has promoted innovation in the areas of road safety, environmental protection, and energy.

For data protection, we already see start-ups throughout Europe that offer European citizens solutions to protect their personal data “out-of-the-box”.

Security and privacy experts are selling consulting services to companies to help them manage their IT infrastructures more securely.

For many important business processes, it is not data protection regulation that prevents companies from adopting cloud computing services; rather it is uncertainty over data protection itself.

2. On informed consent

For the last 18 years usage of personal data in the European Union has relied on the principle of informed consent and that is a practices that needs to continue.

It is true that formulating data protection terms for some is viewed as a costly exercise but it protects consumers from blindly consenting to whatever does cloud provider wants to offer, as is experienced today in the USA (opt-out principle).

But EU practice boost new business. European companies are producing technical tools that will help users manage their privacy decisions automatically or with very little effort. Furthermore, technologies are being developed that interpret privacy terms for users and summarize the terms to facilitate decision-making.

3. On ‘legitimate interest’

By proposed EU data protection regulation companies are required not only to claim a legitimate interest, but also justify it. Moreover, the draft report of the European Parliament’s rapporteur now outlines legitimate interests of citizens and it determines where the interests of citizens outweigh company interests and vice-versa.

Citizens have a legitimate interest that profiles are not created about them without their knowledge and that their data is not shared with a myriad of third parties that they do not know about.

4. When to apply the regulation? When is data ”personal“?

Although some internet companies are claiming that they are collecting a lot of user data only for statistical purposes and therefore are not engaging in any re-identification practices, realty is that can be very lucrative. And technically, re-identification is possible even with dynamic identifiers.

That’s way anonymized, pseudonomized and encrypted data are still sort of personal data. They are just processed by useful instruments for technical data protection but are not tools for permanent anonymization.

Encryption helps to keep data confidential. Pseudonyms restrict knowledge about individuals and their sensitive data like concealing of the relation between the medical data of a patient. Anonymization goes even further but complete anonymization takes all the value from the personal data and it is a big question is it ever really done.

5. Who should determine data protection requirements?

Leading EU Academics are against the plan that the European Commission establish itself as the institution that would later define details about data privacy rules through ‘delegated’ and ‘implementing’ acts.

They think that only details that are less critical from the perspective of politics and fundamental rights may be left to the Commission’s discretion. Everything else is above EC position according to European constitutional requirements and should be a responsibility of the European legislative bodies to make such decisions by themselves.


How much will Identity And Access Management be worth in 2018?

Identity And Access Management Market hit $5,13 billion in 2013 at is expected to double in the next three years in some surprising new areas

Image courtesy of Wikipedia
Image courtesy of Wikipedia

The Global Identity and Access Management (IAM) market is worth $5.13 billion in 2013 according to two online reports Global Privileged Identity Management Market 2014-2018 and IAM Market – Global Advancements, Forecast & Analysis (2013–2018). It’s a booming market that is expected to double in size at $10.39 billion by 2018.

That is CAGR 15.1%. And according to first report the CAGR will be even higher, at 26.6% over the period 2013-2018. So there are plenty of new business opportunities there based on identity i.e. privacy industry.

Identity and Access Management market consist of on premise and cloud IAM divided in components like provisioning, directories, SSO, Advanced authentication, Password Management, Audit, and Compliance & Governance. Wikipedia describes Identity management as the management of individual principals, their authentication, authorization, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.

What we are really talking about are businesses related to  Active Directory, Service Providers, Identity Providers, Web Services, Access control, Digital Identities, Password Managers, Single Sign-on, Security Tokens, Security Token Services, Workflows, OpenID, WS-Security, WS-Trust, SAML 2.0, OAuth, RBAC etc.

Second report states that the main driver of IAM Market are cloud IAM services which are lowering cost and complexity of IAM projects implementations. Cloud IAM services have open this market for Small- and Medium-sized Enterprises (SMEs) based on new attractive pricing models like monthly subscriptions, usage-based pricing etc.

The biggest market in terms of revenue will be North America and the biggest growth is expected in Asia Pacific.

The key vendors dominating this market space are BeyondTrust Software Inc., CA Inc., IBM Corp., and Lieberman Software Corp. But there are also Dell’s Quest Software Inc., Cyber-Ark Software Inc., Novell Inc., Xceedium Inc., Fischer International Identity LLC, NetWrix Corp. and Acceleratio Ltd.