Defining identity and trust in today’s digital world

CSO  >  Digital identity  >  personal identity / recognition + access authentication / personal data
OstapenkoOlena / Getty Images

While the concept of ‘identity’ has become a critical element in an increasingly digital world, defining exactly what it is remains an ongoing challenge. This is odd because when it comes to effective cybersecurity, having a valid identity is a fundamental requirement.

Agreeing on exactly what is needed to create a trusted identity is difficult because of the different approaches taken by organisations. Many see it purely as an administrative exercise rather than as an integral part of their overall security strategy and infrastructure. This, in turn, can lead to poor management and unnecessary risks.

Such attitudes need to change – and quickly. With digital identities now a vital component within an organisation’s day-to-day operations, creating, managing and protecting those identities has never been more important.

A shifting landscape

When computing first entered the business landscape, digital identities tended to be little more than a log-in and password combination. Fast forward to 2019, they have become a core part of everything from data privacy to meeting compliance and governance regulations.

High-profile instances of data theft have led to demands for better protection of customer data, which can only be achieved by protecting people’s identities at the same time. Unfortunately, these demands are coming at a time when many organisations are just coming to terms with what is required to secure the data and identities of their employees and customers.

Indeed, Ping Identity’s 2019 Consumer Survey: Trust and Accountability in the Era of Breaches and Data Misuse reports exposed how today’s environment—ripe with data misuse and large-scale security breaches — is impacting Australian consumer behaviour and relationships with service providers around the world. 

Approximately one half (49 per cent) of Australian respondents reported that they are more concerned about protecting their personal information than they were one year ago.

Securing customer data and identities is a much more difficult task and increasingly organisations are realising they have much work to do. They must continue to evolve their definition of ‘identity’ and work towards creating the concept of a single ‘digital you’ for each customer.

Unfortunately, as usage of online communications and services has increased, there have been hundreds, if not thousands of ‘digital you’ profiles created for every real-world individual. In most cases, the organisations that have created them have no idea that they relate to the same person.

‘Real You’ versus ‘Digital You’

The challenge of creating a one-to-one relationship between an individual and a single ‘digital you’ is significant, but it’s not one that can be ignored. Indeed, it’s a journey that no public or private-sector organisation will be able to avoid.

A key challenge comes from the fact that there has been a tendency for IT security systems to be designed to protect things rather than people. Shifting to a mindset where protection is instead focused on individuals means it will be necessary to rethink and redevelop everything that’s been done for the past 30 or 40 years.

Traditionally, the approach has been to build perimeters and walls and use encryption and keys to protect centralised assets. However, in an increasingly online and mobile world, many of these assets are no longer the property of the organisation using them.

The data belongs to the customers, patients, students and pensioners that are interacting with the organisation. This means the notion of a single ‘digital you’ has to be the next goal in the world of cybersecurity.

Making the single ‘digital you’ a reality

A growing number of businesses and government agencies are beginning to understand the value of having a unified, single ‘digital you’ for every individual with whom they interact.

In many cases, this is being driven by developments such as open banking and by regulations such as GDPR. There are concerns that without some form of a digital identity standard, open banking will be either extremely difficult to implement or potentially impossible. This is because organisations won't be able to make a one-to-one connection between data and the person who owns it.

When it comes to GDPR and other privacy requirements, effective authentication is also crucial. However, if you protect data without protecting identity, you’ve created a ready-made roadmap for man-in-the-middle or man-in-the-browser data breaches.

Trust has become critical

During the past few years, having effective data security measures in place has become a marketplace differentiator for organisations and trust is starting to become a dialogue among consumers.

As a society, we are now on a path towards a world where customers will increasingly base their consumer decisions on trust and the Ping Identity 2019 Consumer Survey reaffirms this in finding that Australian consumers expect companies to protect them. The expectation from 65 per cent of consumers is that a company is always responsible for protecting data. This includes when users fall victim to phishing scams or use an unencrypted Wi-Fi connection.  At the same time, more than half of Australians (59 per cent) say a company sharing their personal data without permission is even more likely than a data breach (26 per cent) to deter them from using that brand’s products.

Customers, when given a choice, are now actively selecting additional security measures such as multi-factor authentication to protect their accounts.

It’s clear that, in the future, customers are going to expect trust and security, even as they also look for more frictionless online interactions. They want to be confident that, at all times, their data and digital identity is being protected by everyone who has been granted access.

To succeed in this new world, organisations must ensure they have the strategies, processes and tools in place to make this trust a reality. Those that fail to meet this challenge will lose out to their competitors who do.

Related:

Copyright © 2020 IDG Communications, Inc.

What is security's role in digital transformation?