Conforming Implementation of the User-Managed Access Standard Helps Organizations Build Trusted Digital Relationships with Customers and Protect Internet of Things Data Privacy
SAN FRANCISCO – January 27, 2016 – ForgeRock®, the leading open platform provider of identity management solutions, today introduced its newest identity management platform, including an implementation of the User-Managed Access (UMA) standard. Built on consent-by-default and consent-by-design principles, the ForgeRock Identity Platform™ is the first identity management platform to support an UMA implementation designed for consumer consent and data sharing purposes.
“Highly scalable platform architecture is becoming increasingly sought-after amongst hyper-connected organizations that must support millions of customers across even more devices and things,” said Martin Kuppinger, founder and principal analyst of KuppingerCole. “As the influence of the IoT spreads to all aspects of our lives, the ability to adapt access management capabilities quickly will become pivotal to future business success. Furthermore, with consumer expectations surrounding data security and privacy higher than ever before, standards such as UMA will soon become the industry benchmark to which all organizations must conform.”
Providing Strategic Business Certainty as the Regulatory Landscape Shifts
The use of customer’s personal data has significantly evolved over time due to regulatory changes and court decisions. For example, the EU Court of Justice decision in late 2015 affected many U.S. companies’ use of the Safe Harbor framework, and changes in regulations – such as the emerging EU General Data Protection Regulation (GDPR) – often affect the use of data for which consent was previously gathered.
The new ForgeRock Identity Platform, specifically designed as a User-Managed Access solution, enables businesses and government organizations to present customers with options to proactively delegate - and revoke - data access to others. It also enables individuals to consent to data access that was requested and to deny requested access, to monitor data access they have consented to over time, and to adjust that access upwards and downwards, all in a fine-grained fashion and in a conveniently centralized location. These capabilities provide important freedoms to give or withhold consent.
A Superior Technical Solution Where Before There Were Few
Previous consent–to-share tools have consisted largely of checkboxes, cookie acknowledgment widgets, and – for the more technically knowledgeable – “social login” application libraries. However, today’s new regulations require new solutions. The ForgeRock User-Managed Access solution offers a new dimension in consent-to-share tools.
Giving Customers Reasons to Trust
Sources and volumes of personal data have also grown as consumer Internet of Things (IoT) devices have become more pervasive; soon, connected cars, medical devices, and smart home devices – all made by different manufacturers – will be competing for consumers’ attention in how their personal data is shared with other applications, people, and organizations in their lives.
“In an era of very public data breaches and heightened consumer awareness, ‘fostering trusted digital relationships’ can’t be considered a buzz phrase. Privacy strategy must include a consent-to-share strategy that looks after the top line of the business,” said Mike Ellis, CEO of ForgeRock. “The UMA standard was created to give an individual a unified control point for authorizing who and what can get access to their digital data, content and services, no matter where all those things live. The new ForgeRock Identity Platform enables private and public organizations to quickly deploy secure identity services based on UMA principles.”
According to Eve Maler, VP of Innovation and Emerging Technology at ForgeRock and founder and chair of the UMA Work Group, “Organizations looking to design personalized digital services that also respect an individual’s right to control access to their data will find that the ForgeRock Identity Platform offers a new set of tools making this possible. Further, by designing services that offer this transparency and respect, organizations are also better able to address the implications of the emerging regulatory landscape. As we celebrate the upcoming Data Privacy Day 2016, our new Identity Platform is tangible proof that ForgeRock is delivering on its commitments to consumer privacy and data protection.”
The ForgeRock Identity Platform is available for download now at: https://www.forgerock.com/downloads/