Social media logins becoming baseline for enterprise user ID

Growing demand for identity management that spans internal and cloud-based systems will push companies towards increasingly flexible and context-reliant user identification that will likely include social media logins and other credentials, an Oracle technical expert has predicted.

Speaking with CSO Australia at this week's Oracle CloudWorld conference, Clarence Cheah, the company's senior manager for identity management, said the increasingly circuitous path taken by users and data – from on-premises systems to cloud-based systems, for example, and to mobile devices and back – had forced enterprises to look past conventional user ID-and-password authentication schema to 'continuous authentication' where user credentials follow their path from one online service to another.

This approach, in turn, requires services to consider a range of factors in establishing a user's identity – including, for example, the device they're using, the country or city they're accessing it from, or the device's current location.

Authentication "used to be simple," Cheah said. "You'd have a username and password, and maybe a token. But if you're going to go to a concept of continuous authentication – to allow the integrity of that application, to allow for SaaS or for using a mobile device – that means we have to know a lot more about you. Yet users expect a simpler, quicker login."

They also want a login that's familiar, he added. And, because identity will be determined by a number of factors, "it's not really a major issue if one of those is a Facebook login, versus the context of your devices and the history of how you transact."

The need for a more holistic view of identity is driven by the fact that "new requirements are being brought onboard quicker than they ever have been," said Richard Watson, Oracle's ANZ general manager for security and identity management.

"I remember talking to clients two years ago, who said they would never accept a social login – but now they're walking around with iPhones and accessing their email and Facebook."

The Australian market has been particularly proactive in revisiting long-held user management practices that had often ended up with each key application maintaining its own user-identification systems, Cheah said, adding that the rest of the Asia-Pacific region was still taking "baby steps".

"The maturity of the Australian market, from a regulatory and governance perspective, has really been able to help redefine what identity means," he explained. "Awareness of what identification is, has evolved well over the last 20 years of silos being built up in different application tasks – and we're still grappling with trying to bring them back together."

With a myriad of cloud applications and mobile devices creating new access methods, there was a risk that new silos could be created – which lent further credence to the positioning of social media as a user-friendly baseline for authentication.

Cheah cited the challenges of authentication to online government services, whose users are charged with remembering usernames and passwords for services they might only visit once or twice a year. The simple task of administering these services imposes such a burden that tying into more frequently-used social services could prove to be a more user-friendly process of user authentication.

"It becomes a matter of the social media [being the baseline] and then augmenting that with other authentication methods," Cheah explained. "It's developing a heuristic awareness that you can continue to develop; you've got to have all of those endpoints tying back through a strong policy control engine."

The benefits for organisations are many, he continued: "That becomes a huge opportunity – not just in reducing the administration costs around resetting usernames and passwords, but also in accelerating the deployment of services. We have a security container that we can deploy on the user's device, we can build a solid core and control the way authentication security flows."

Watson agrees, noting that companies that fail to revisit their ideas of what identity management involves, will fall behind the curve as the increasing fluidity of the user environment exposes the weaknesses in existing authentication methods.

"Start with a convergence outcome in mind," he said. "Unless you've actually invested in the discipline of a converged baseline approach to onboard these requirements, you're still going to be chasing your tail."

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags social media

More about ANZ Banking GroupCSOEnex TestLabFacebookOracle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts