Securing digital identities for the cloud era

Author: Sumal Karunanayake, Senior Vice President Asia Pacific and Japan, ForgeRock

Though it may not be widely recognised amidst all the noise around technology trends like cloud computing, mobile, and the Internet of Things (IoT), identity is a fundamental requirement to future digital growth. Without a scalable and repeatable identity strategy, businesses and organisations will not be able to properly take advantage of mobile, cloud, or IoT. A proper identity strategy allows them to identify and engage with their customers in a meaningful way — whether it be through a laptop, mobile phone, tablet, connected car, healthcare wearable, connected home device, or the next great connected innovation.

As businesses migrate to a digital marketplace where goods and services are available online and via devices, companies are realising they must manage the digital identities of every customer and every prospect in order to gain any benefit from cloud computing, mobility, and IoT. Cloud, mobility, and IoT require a new way of thinking and acting to protect a business and help it grow. For example, customers can access company systems via multiple devices, and expect a user experience tailored to how, when, and where they access services. This requires a single platform to unify the entire ecosystem and provide a simple, repeatable way to protect a growing number of devices. Building a platform that supports and unifies the entire ecosystem is challenging enough, but organisations also need to support new services, new devices, and new infrastructure.

So how do enterprises protect data they can’t see as it’s communicated between different parts of the ecosystem? Encrypting and authenticating data is important, but it’s also vital to know who accesses data and how, as well as where and when they access it to help ensure proper security. This knowledge helps to verify that current behaviour is consistent with past behaviour and that the user is legitimate.

Real-time contextual clues, in addition to credentials, can help organisations better vet whether to give access and how much to give. If a system detects a login attempt with correct credentials, but from an unrecognised IP address or at an atypical time of day, it triggers additional security precautions such as asking security questions or texting verification codes to a user’s cell phone.

Contextual intelligence and awareness can add significant value to digital services. For example, Toyota’s in-car portal “knows” which car and which driver is accessing the Toyota platform, and where they are. This allows the system to recommend petrol stations, find a parking spot, and offer real-time traffic information and automatic rerouting. Other services can exploit a wide range of contextual data — such as location, time, customer record, temperature, device, and virtually anything else — to customise interactions with users.

Identity management focused on the customer enables significant differentiation for products and services in an increasingly crowded market, because it transforms and personalises the user’s experience. For instance, a financial services portal could offer customers a convenient overview of all their activities and accounts in one place, and wearables—from fitness trackers to smart shoes—could offer a wide range of personalised functionality to support the user’s individual goals.

Much of the future development of digital identities will be made possible by a shift to Identity Relationship Management (IRM), which ties users to digital identities that an organisation can identify and interact with. This helps businesses to identity-enable cloud, mobile, and IoT services quickly, and offer richer, seamless customer experiences across applications, devices, and things. IRM can support multiple devices per user, react to context, and scale up to accommodate millions of users at a time. It links devices (laptops, phones, tablets, even cars) and new mobile and social apps to a single security platform that enables identity synchronisation and single sign on anytime, anywhere.

IRM can provide organisations with a dynamic, proven security system that delivers much greater insight into who accesses which systems from which devices and when. This new data helps companies to understand their customers, not just protect them. It opens up new revenue opportunities for cross-selling, upselling, and delivering personalised services to customers. Given the potent combination of iron-clad, adaptive security and a personalised customer experience, it is a technology every organisation looking at cloud should evaluate now.

Identity is a fundamental requirement for achieving future digital growth for many businesses. That’s why it’s imperative to establish a robust, secure, scalable, dynamic, and flexible identity management regime to steer a safe path for businesses and their customers toward cloud computing and beyond.

Read more: Serious Business: Cyber Security and Brand Survival

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags identity managementdata securityCloudInternet of Things (IoT)cloud securityencryptionSecuring digital identitiemobilecloud computingCSO AustraliaContextual intelligenc

More about CSOTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sumal Karunanayake

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts