Securing digital identities into the future

Author: Sumal Karunanayake, Senior Vice President Asia Pacific and Japan, ForgeRock

Gartner believes that by 2020, 60% of organisations will use active social identity proofing and let consumers bring in social identities to access risk-appropriate applications. It also predicts that by 2020 new biometric methods will displace passwords and fingerprints for access to endpoint devices across 80% of the market.

Identity is increasingly critical to the digital economy, protecting consumer privacy and providing enterprises with greater visibility into customer preferences. Historically, most businesses focused on managing the identity of their own staff. However, businesses and organisations can’t properly take advantage of mobile, cloud, or Internet of Things (IoT) technologies without a scalable and repeatable identity strategy. Without it, they have no way to identify and engage with their customers in a meaningful way — whether it be through a laptop, mobile phone, tablet, connected car, healthcare wearable, connected home device or the next great connected innovation.

Companies are now starting to use identity to transform and personalise users’ experience so that, for instance, a connected car remembers the preferences of each driver or a financial services portal offers customers a convenient overview of all their activities and accounts in one place. Digital identity is fast becoming essential for wearable technology too. Wearable devices such as fitness trackers, or healthcare monitors, offer a wide range of personalised functionality to support the user’s individual goals.

As we watch everyday items connect to the Internet, the importance of digital identities will become increasingly clear.

In its simplest form, Identity Management (IM) is the creation and administration of users and things and the rules that govern what they can do online. It answers the questions: Who (or what) are you? What can you (or it) do online?

This may sound simple, but the number of applications, devices and things involved in making these types of decisions are often quite complex. It involves taking every application (on premises and off) and externalising the identity management capabilities in order to centrally manage users and things and their sign-on and authorisation policies. For some enterprises, this often comprises hundreds or thousands of apps interacting online that must be Identity Management-enabled.

As businesses transition to a digital marketplace where their goods and services are available online and via devices, companies and governments alike are realising that their ability to secure and manage the digital identities of every customer, every prospect, and every member of the public is a fundamental requirement.

Legacy identity management (IM) was based on monolithic platforms that used static rules to make decisions. It was not designed to easily integrate with any application (on premises or off), to provide device-agnostic access, to handle large-scale populations, or to make decisions based on consumer context. In short, traditional IM is struggling to meet today’s business demands.

To connect customers and citizens to relevant goods and services in the digital age, businesses and governments instead require customer-focused identity management. The evolution from identity management to customer-focused identity management has a name: Identity Relationship Management (IRM). IRM is equipped with unique capabilities that differ from traditional identity management requirements.

To protect these identities, businesses need to implement a more robust, multi-layered security model, which uses context clues to decide whether to give access, and how much. Even with correct credentials, a login attempt from an unrecognised IP address or at an atypical time of day can trigger additional security precautions, asking security questions or texting verification codes to a user’s mobile phone, for example.

In order to protect an organisation managing increasing digital identities, security officers should:

Think externally – authenticate external contacts and customers. As each user accesses systems with multiple devices they expect an experience that is tailored to how, when and where they are accessing services.

Use a unified identity platform – which will allow a repeatable way to protect a growing number of devices.

Read more: How do you define a cyber security professional?

Use open standards and technologies, supported by your identity platform – the platform needs to be reachable in a standardised way, whether the communication comes through a human or machine.

Analyse real-time behaviour and context – ensure data is encrypted and authenticated when it’s communicated between IoT devices. Check the location, time and device to ensure requests to connect are valid, warranted by legitimate business need, and consistent with past behavior.

The winners and losers in today’s digital world will be determined by how they approach the issue of identity as they develop new offerings. Those that utilise the right identity platform can quickly respond to the needs of their business, reinventing themselves to roll out new services to any device or thing more quickly than their competitors—and to seize a distinct advantage in the market.

Blast from the past?

Try our new Space Invaders inspired video game NOW

What score can you get ?

Join the CSO newsletter!

Error: Please check your email address.

Tags futureGartnerc3poIdentity Management (IM)biometric methodsStar Warsdigital identitiessecuringCSO Australia

More about Gartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sumal Karunanayake

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place