06.21.2016Enterprise Tech

Identity protection: Can we afford to sit back and relax?

By: Jimmy Nilsson
Digital investigation

Mobility is everywhere. It has the potential to give businesses the competitive edge if used wisely; providing anytime, anywhere access to business critical applications empowering staff, partners and customers alike. Today’s customers don’t want to wait and why should they? Providing services, such as access to personal or business data at their specific time of need is the nature of the on-demand culture we all live in.

Having secure access to data, whether personal or corporate, in this on-demand world is crucial. However we found that a staggering 63 percent of confirmed breaches investigated in our 2016 Data Breach Investigations Report (DBIR) derived from weak, default or stolen passwords. The static (or ‘naïve’) password often made up of birthdates and names, simply isn’t strong enough anymore; now sophisticated cyber-criminals don’t just bypass these passwords, they actively use them to advance their cyber agendas.

Combine this apparent password-weakness with the continued growth in online transactions, rise of the sharing economy and the emergence of the Internet of Things and the need for reliable, user-friendly authentication mechanisms has become more pressing than ever.

The opportunity

A vast identity ecosystem with various identity solution providers, data providers and service providers has now evolved, all with the intention of protecting user and company information against those who wish to obtain it illegally. Faced with so many security options and providers, selecting the right partner can be confusing especially when we consider the specific selection criteria each individual audience, such as consumer, enterprise and governments, uses when making decisions.

For example, citizens who are able to select their own identity providers via government website, such as via the Gov.UK’s Verify scheme often look to interact with brand names they know and trust. Large enterprises, often with global communications networks, remote workforces and virtual partners are looking to protect access to business information and systems without slowing down productivity. For this audience credibility, global scope and integrity are paramount. And finally governments looking to embrace the digital world, seek to streamline departmental processes and provide online end-user access to public services, such as for tax returns; these are often guided by procurement frameworks to attract best-of-breed suppliers and partners to help their digital transformation.

The desire to do more business online in one procedure or ‘flow’ without asking consumers to visit a physical location to confirm their identity is driving the need for online proofing and verification solutions. These solutions can help enterprises and governments make decisions based on a risk profile created with data they have. This is used to proof or revalidate the identity data without invading the privacy of the individual.

From experience, there are organisations that shy away from multi-factor authentication identity methods as they fear the complexity in terms of implementation and maintenance. Stop for a second….let me re-emphasise the 63 percent statistic from above – these were confirmed breaches derived from weak, default or stolen passwords; breaches that may have been avoided with stronger identity authentication. Faced with this fact, surely nothing should seem too complicated to strengthen this access point into business critical systems.

The process can be made simpler by aligning with a trusted identity partner to assist in its management. For example, Verizon Enterprise Solutions offers identity and access management professional services that can help organisations efficiently manage user and device identities across multiple systems and applications, whether on a fully outsourced or co-managed basis, or even in-house solutions fully tailored to specific needs.

Sharing knowledge for ongoing innovation

We know that digital world is constantly shifting and evolving – pushing new technologies into new territories and addressing ever changing user demands. We believe that the security industry has a responsibility to its stakeholders to continually invest time, money and expertise into developing these evolving technologies and ensuring that the future data generated is protected.

Verizon regularly works on research projects with various industry organizations such as the Open Identity Exchange (OIX) for example to develop the next phase of innovation. More recently we have linked with various industry and academic institutions on a project called ReCRED (Real-world Identities to Privacy-preserving and Attribute-based CREDentials) within the framework of the European Union’s Horizon 2020 program. The aim of this is to understand the Trust Paradigm Shift in the digital world – reviewing the role of unified authentication and authorisation within mobile usage.

We see projects such as this as valuable insights in educating and increasing confidence in digital commerce so that identity systems are transparent, secure, interoperable and provide best user experience to all parties.

Check our security blog to hear our ongoing reports on this and many more security initiatives.