Managing Digital Identities will Drive the Digital Economy

Written by

Gartner forecasts that 2015 will see 4.9bn connected things in use, a 30% increase on last year. This will grow to 25bn by 2020.

There will be winners and losers in this hyper-connected world. For organizations to take advantage, understanding and managing digital identity will become increasingly critical, both in order to protect consumer privacy and provide enterprises with greater visibility into customer preferences. 

Organizations will not fully benefit from mobile, cloud, or internet of things (IoT) technologies without a scalable and repeatable identity strategy that enables them to identify and engage with customers in a meaningful way, whatever the means of access.

Maximizing User Experience

By 2020, Gartner believes that 60% of organizations will use active social identity-proofing and let consumers bring in social identities to access risk-appropriate applications. It also predicts that by 2020 new biometric methods will displace passwords and fingerprints for access to endpoint devices across 80% of the market.

Canny enterprises will start to use identity to transform and personalize users’ experience so that, for instance, a connected vehicle remembers the preferences of each driver or a financial services portal offers customers a convenient overview of all their activities and accounts in one place.

Similarly, wearable devices such as fitness trackers or healthcare monitors will offer a wide range of personalized functionality to support the user’s individual goals. As everyday, wearable items connect to the internet, digital identity management is becoming essential if companies are to maximize the user experience without compromising privacy.

At its simplest, identity management (IM) creates and administers the rules that govern what we can do online. It answers the questions: Who (or what) are you? What can you (or it) do online? However, it is rarely that simple because the number of applications, devices, and things involved in making these types of decisions are often complex.  

Every application, on and off site, needs to have externalized identity management capabilities in order to centrally manage users and things and their sign-on and authorization policies. For some, this can mean hundreds or thousands of applications interacting online, all of which must be IM-enabled.

Identity Relationship Management

In an environment where the digital marketplace increasingly dominates and more goods and services than ever before are available online and via devices, companies and governments are realizing that securing and managing digital identities of customers or citizens is fundamental.

To connect people to relevant goods and services, businesses and governments require customer-focused identity management. The evolution from legacy forms of identity management to customer-focused identity management has a name: identity relationship management (IRM). 

“Companies and governments are realizing that securing and managing digital identities of customers or citizens is fundamental”

Unlike the old IM systems based on monolithic platforms using static rules for decision-making, today’s IRM is equipped with the ability to integrate with any application regardless of where it is, provide device-agnostic access, and handle large-scale populations or decisions based on consumer context.

To protect digital identities today and in the future, businesses need a more robust, multi-layered security model, in which context guides decisions on whether to give access, and how much. Even with correct credentials, a login attempt from an unrecognized IP address or at an unusual time of day might trigger additional security precautions in the form of asking security questions or texting verification codes to a user’s mobile phone.

Identity and Security

When looking at developing a robust and repeatable identity strategy, there are four key steps security officers need to follow. Firstly, whereas IM used to be all about managing access to the people inside the firewall, now external contacts and customers need similar authentication. Depending on how, when, and where each user accesses the system, their experience should be tailored appropriately.

Next, organizations will need to make sure they use a unified identity platform, which allows a repeatable way to protect a growing number of devices. Furthermore, whether the communication comes through a human or machine, it needs to reach the platform in a standardized way. Therefore, look at open standards and technologies supported by your identity platform.

Finally, security officers need to be able to analyze and act in real time upon requests to connect. This means checking the location, time, and device to ensure requests are valid, warranted by legitimate business need, and consistent with past behavior. It also means data needs to be encrypted and authenticated as it is communicated between IoT devices.

The issue of identity has the power to transform an organization in the digital economy. Those that harness the right identity model for new business ventures will in turn be more responsive to the connected landscape. Ultimately, this could be the difference between those that roll out new offerings more quickly than the competition, and those that get left behind. 

About the Author

Neil Chapman is senior VP and MD EMEA at ForgeRock, and has been selling enterprise technology solutions globally for nearly 20 years. He’s worked with financial giants like Enron and Credit Suisse and led sales and business development at a variety of enterprise solution vendors. He is passionate about open source, good science, mountains, and the written word.

What’s hot on Infosecurity Magazine?