In Blog, Security

Own Your Identity

There are companies that are willing to vouch for your identity. They’ll even do it for free.

Google, Facebook and Twitter all implement protocols which store your identity and allow third-party websites to query them for who you are. Quartz calls them, “The new gatekeepers.” They have made it fairly transparent to you as the end-user and it can be very convenient.

But coming from a business perspective, blindly granting control of your online identity to other companies is a flawed approach. It’s important to own your identity online. Let me explain why and how.

Granting Third-Party Control of Your Business Identity

identity management market alternative

Google and the like are not providing this service out of benevolence. They’re businesses of their own with their own agendas.

Their motivation is to collect data about you, and about your users. They actively mine your identity so that they can serve you more relevant — and thus expensive — advertising. They track which websites you visit, and store that data. They collect what they want to collect for their own purposes, and not for yours.

Security Limitations

If you use Facebook as an identity provider for your business, you have no control over password complexity or multi-factor authentication. If a user loses control of that account, how would you ever know?

There’s also the fundamental — and often disregarded — issue that they aren’t trust-worthy for business. Anyone can sign up for a Facebook account. Are you, as a business owner, going to trust that they are who they claim?

Another area to consider is that there is no mechanism for deprovisioning. When you don’t want the user to have access to your resources any more — say they’ve been fired — you have to go to each individual service provider and turn them off there. There is no single point of control for your users’ identity.

Lack of Autonomy/Control

Companies like Facebook or Google function as a walled-garden. They choose who they are willing to work with and to what companies they integrate. If they don’t want to provide identity to one of their competitors, you have no control over that.

They can also decide not to provide this service any more. Google is notorious for dropping support for programs that aren’t working out from their standpoint (RIP Google Wave, 2009-2010). Facebook can also decide it doesn’t want to work with a company anymore and leave their shared customers high and dry.

How to Own Your Identity

modern office cloud solutions

Fundamentally it comes down to this: don’t rely on third parties to be the repository of truth for your organization. Own your identity instead. Companies like Google and Facebook are in it for their own purposes, which don’t always intersect with your own.

By now, you should understand why you need to own the identities for your company. But in an increasingly decentralized business world, the how is the hard part. That’s where we come in. JumpCloud gives you complete control over who is in your directory and with whom you share that information. Learn more by checking out our cloud directory, or by reaching out to us and asking.

Recent Posts