Securing digital identities for the cloud era

Author: Sumal Karunanayake, Senior Vice President Asia Pacific and Japan, ForgeRock

Though it may not be widely recognised amidst all the noise around technology trends like cloud computing, mobile, and the Internet of Things (IoT), identity is a fundamental requirement to future digital growth. Without a scalable and repeatable identity strategy, businesses and organisations will not be able to properly take advantage of mobile, cloud, or IoT. A proper identity strategy allows them to identify and engage with their customers in a meaningful way — whether it be through a laptop, mobile phone, tablet, connected car, healthcare wearable, connected home device, or the next great connected innovation.

As businesses migrate to a digital marketplace where goods and services are available online and via devices, companies are realising they must manage the digital identities of every customer and every prospect in order to gain any benefit from cloud computing, mobility, and IoT. Cloud, mobility, and IoT require a new way of thinking and acting to protect a business and help it grow. For example, customers can access company systems via multiple devices, and expect a user experience tailored to how, when, and where they access services. This requires a single platform to unify the entire ecosystem and provide a simple, repeatable way to protect a growing number of devices. Building a platform that supports and unifies the entire ecosystem is challenging enough, but organisations also need to support new services, new devices, and new infrastructure.

So how do enterprises protect data they can’t see as it’s communicated between different parts of the ecosystem? Encrypting and authenticating data is important, but it’s also vital to know who accesses data and how, as well as where and when they access it to help ensure proper security. This knowledge helps to verify that current behaviour is consistent with past behaviour and that the user is legitimate.

Real-time contextual clues, in addition to credentials, can help organisations better vet whether to give access and how much to give. If a system detects a login attempt with correct credentials, but from an unrecognised IP address or at an atypical time of day, it triggers additional security precautions such as asking security questions or texting verification codes to a user’s cell phone.

Contextual intelligence and awareness can add significant value to digital services. For example, Toyota’s in-car portal “knows” which car and which driver is accessing the Toyota platform, and where they are. This allows the system to recommend petrol stations, find a parking spot, and offer real-time traffic information and automatic rerouting. Other services can exploit a wide range of contextual data — such as location, time, customer record, temperature, device, and virtually anything else — to customise interactions with users.

Identity management focused on the customer enables significant differentiation for products and services in an increasingly crowded market, because it transforms and personalises the user’s experience. For instance, a financial services portal could offer customers a convenient overview of all their activities and accounts in one place, and wearables—from fitness trackers to smart shoes—could offer a wide range of personalised functionality to support the user’s individual goals.

Much of the future development of digital identities will be made possible by a shift to Identity Relationship Management (IRM), which ties users to digital identities that an organisation can identify and interact with. This helps businesses to identity-enable cloud, mobile, and IoT services quickly, and offer richer, seamless customer experiences across applications, devices, and things. IRM can support multiple devices per user, react to context, and scale up to accommodate millions of users at a time. It links devices (laptops, phones, tablets, even cars) and new mobile and social apps to a single security platform that enables identity synchronisation and single sign on anytime, anywhere.

IRM can provide organisations with a dynamic, proven security system that delivers much greater insight into who accesses which systems from which devices and when. This new data helps companies to understand their customers, not just protect them. It opens up new revenue opportunities for cross-selling, upselling, and delivering personalised services to customers. Given the potent combination of iron-clad, adaptive security and a personalised customer experience, it is a technology every organisation looking at cloud should evaluate now.

Identity is a fundamental requirement for achieving future digital growth for many businesses. That’s why it’s imperative to establish a robust, secure, scalable, dynamic, and flexible identity management regime to steer a safe path for businesses and their customers toward cloud computing and beyond.

Read more: Serious Business: Cyber Security and Brand Survival

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags identity managementdata securityCloudInternet of Things (IoT)cloud securityencryptionSecuring digital identitiemobilecloud computingCSO AustraliaContextual intelligenc

More about CSOTwitter

Show Comments