#ISSE2020: Look to Decentralized (Rather than Legacy) Identity Approvals

A robust onboarding system that works for users and businesses should be built, as current systems “struggle to know who users are” which leads to frustration.

Speaking as part of the virtual ISSE Conference, John Erik Setsaas, VP identity and innovation at Signicat, said the infrastructure “we thought we had” takes longer and longer to work, and “we don’t want to bequeath to our children an identity onboarding system.” He argued there is a need for a robust onboarding system that knows the people that need to be involved in the system.

“We have had the same problem for the last 20 years, it [an identity system] struggles to know who you are,” he said, citing an example of how hard it was to access a bank from a different country due to the required levels of authentication.

Displaying survey results, Setsaas said 41% of respondents were unable to access financial services during the COVID-19 pandemic, and 63% had abandoned onboarding in financial services.

Showing other statistics, just over 10% of respondents abandoned onboarding due to “confusing language,” between 15-20% abandoned due to it taking too long and requiring too much personal information, and just over 20% left as they “changed their mind.”

He said: “Most people say it is a difficult process, but we need to think like the new generation.”

David Rihak, digital identity director, ADUCID, asked if the issue of identity is “even solvable,” as if it is not, “what are we doing wrong?”

He claimed that applications expect us to create an identity, and that has been accepted by society, so when looking at secure identity, we need to look at it from point of secure recovery. “We need to work with cryptography, as that is how the internet works, and how to bind it to users and scenarios where needed,” he said.

Katryna Dow, CEO, Meeco, discussed “decentralized identity,” as it is more important to think about the customer and their role than to think about any sort of technology, and she advised  to not “get hung up on what flavor” of technology you are using.

She said identity and access management technology had evolved, but decentralized identity “is often seen as a fad or not catching on.” However, she said there is more confidence in how to marry existing infrastructure with new capabilities, and that is where decentralized can be an enabler “as it allows ecosystems to form without the need for tight integration.”

She concluded that technology and emerging standards can help with trust and onboarding, and these additional tools “represent a way to bring these together in a way where everyone wins.”

What’s Hot on Infosecurity Magazine?