Identity at the Nexus of Security and Usability

If you’ve followed my last few blog posts, you may have noticed the topic of usability in security pop up quite a bit. I’ve said in the past that usability issues in security should be considered vulnerabilities, because they create attack vectors in the form of user errors, exploits and workarounds. The idea was captured in this slide I presented at the 2014 Cloud Identity Summit quoting Eve Maler.


I’ve continued to explore this topic since, and I’ll be presenting my thoughts on the subject at the Cloud Identity Summit next week. The theme of the conference is “r/evolution of security: it Starts With identity“, covering the relationship between identity and security in various arenas – IoT, privacy, customer-business interactions, the cloud, cryptocurrencies and blockchain.

In case you are unfamiliar with cryptocurrencies, put simply, blockchain forms the basis for digital currencies like Bitcoin. It is a system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system. It is for these reasons that Bitcoin trading has seen a huge jump in popularity over the last few years. To learn more about Bitcoin trading check out some of the resources on

Anyway, one of the most important topics is usability, and my talk (“Invisible Identity, or How to Delight People & Secure Users” on Mon, Jun 6 at 5:25pm in Studio 1/2) will be about using identity to bring the traditionally competing concerns of security and usability together. In it, I’ll define an emerging concept called Invisible Identity, a term Ian Yip coined last year that neatly captured the modalities and architectures I’ve been investigating and building the last few years. I’ll present the four architectural principles that, when applied to the identity and security technologies of today, make Invisible Identity a reality and such a game changer for IT-Sec. I’ll provide some examples of how it is already being used by some forward thinking organizations, and show how some common security use cases benefit in both the security and usability dimensions when sent through the Invisible Identity transmogrifier.

And if that isn’t incentive enough for you to ditch the other tracks and come to my talk, I promise to continue my CIS tradition of nerdy humor and badly-done photoshops roasting the identerati (check out the video of my talks from previous CIS’ to get a sense of what you’re in for). It is the last slot of day 1 after all, so I need a way to jolt some energy into the crowd before everyone heads off for an evening in New Orleans. And you won’t want to miss what I’ll be wearing.

Look forward to seeing everyone there.