Both the IT and business sides, though, did want identity providers to give them information related to security issues such as "history of password re-sets," if the account had been abused, the history of identity takeovers, how long the user account had been established and whether it had ever been suspended. IT personnel also want to have a phone number tied to the account.
The Ponemon survey concluded with the recommendation that the IT and business sides should have a "collaborative discussion" around BYOID in terms of how it might fit into any planned projects.
"This exercise could include basic simulation/modeling of a new online initiative with BYOID and without BYOID," the Ponemon report said. "This will help address key questions: Will supporting BYOID increase new customer acquisition? Are the costs of continuing to require users to create and maintain their own accounts more than the incremental value that is generated by BYOID?" But before any use of BYOID, a thorough risk analysis should be done by a corporate team that includes legal and business expertise to understand any liability issues.
Sign up for CIO Asia eNewsletters.