Recently, many companies have moved towards federated Single Sign-On, identity systems and started using large tech companies such as Apple, Google or Facebook as identity providers. On top of this shift, there's been an abandonment of on-premises identity management systems, replaced by off-site, third-party platforms for enterprise. But, data leaks and breaches coupled with regulation such as GDPR allow it to be harder for businesses to act without these updated systems. Many companies are left with a choice: comply, or face the effects and the data risks involved. The answer is transparency and decentralisation.
Regulating Digital Identity
On one for reds, the pressure from data privacy activists and regulators is growing. Regulations such as GDPR threaten steep fines for non-compliance, that is forcing companies either to exit the European market entirely or comply with the regulations. Organisations are realising that although compliance is expensive, a potential data breach arising from using outdated legacy identity systems might be far more costly over time.
Most companies have good to safeguard their systems in the office. But, as employees head home, these systems become less secure. The best risk stems from the fact that use of data requires identity verification and quite a few of current methods to authentication are not robust enough across the board. Phishing attacks and credential stuffing remain threats, even though a number of this can be mitigated with SSO and Multi-Factor Authentication, we want a better way to verify identities more broadly without increasing the burden on users.
Even post-lockdown, the shift to remote working this year has been a real test for businesses of all sizes globally. With all this, businesses across all industries are exploring new ways of working and also have been forced to accelerate the already shifting concept of work the standard 9-5 office desk to flexible timings and locations. Even while the crisis diminishes over time, it seems that we can't work exactly the same way again, therefore the requirement for secure and efficient digital transformation within identity verification is urgent.
As organisations undergo digital transformation, it is extremely important to update ID and access management systems to work of these digital channels. This means that all of the processes, systems and security protocols within the physical world need to translate into a digital one.
Effective use of Digital Identity
Ultimately, the effective management and utilisation of digital identity boils down to the question of trust. People wish to shop on sites they trust. People want to use social networks they trust. Poor identity management results in people losing faith in a platform and eventually leaving a previously popular service.
Effective use of Digital Identity also is dependant on security. With the hi-tech that we have use of today, cyberattacks take presctiption an upswing which can be tremendously damaging. The true tragedy comes in cases like Equifax or British Airways when customers can't stop while using service but do so knowing their data has been compromised. Those same customers will most likely leave the first chance they get, and it'll certainly damage long-term perceptions from the organisation. Consequently, information mill finding creative methods for deriving an aggressive advantage.
A few years ago, the digital identity sector saw dramatic improvements in customer service as a differentiator. With all this, it seems likely the next revolution is going to be “that company doesn't sell my data and respects my privacy, so I will support them.” The focus will be transparency and knowing a business is only using data in a way that is aligned using the user's consent. Although security remains a paramount concern to customers, convenient user experience is really a top requirement for a highly effective platform. A key example here is social media platforms, such as Facebook, which offer log in across other sites. It's not fully disclosed just how a user's private data is recorded and shared, nevertheless the simple login function means customers continue to use no matter privacy concerns. Companies must find an account balance between high security checks and simplicity of use to avoid cyberattacks without compromising on user experience.
A key takeaway for digital identity must be privacy. While companies can, and do use data about our age, gender and placement to drive personalised ads and services, it is important for the user to be able to opt in, instead of having in automatically. In other words, customers ought to be in control of their data, what it is shared, and by extension the level of personalisation they want. It's among the core principles from the self-sovereign identity movement which has the capability to change business models. If your user owns and it has control over their identity data, and that data is portable from context to context, there's far less lock-in. Companies must therefore adapt to be able to deliver sustaining value to have their clientele.
Looking in the future of Digital Identity
The future of private data is anyone's guess. Something that's clear, however, is the fact that now private data has been viewed for what it's: personal. Within this sense, the future is really surprisingly predictable. With increased regulation and increased consumer fears about the handling of information, many enterprises will be instructed to disregard their traditional, centralised approaches to data.
About the author:
Ivar Wiersma has 20 years' experience of banking, capital markets, fintech, venture building and corporate innovation. He's launched new banking products, Led innovation, Blockchain and Advanced Analytics teams at ING and co-founded ING Labs, responsible for creating 15+ ventures and company spin-outs. Ivar continues to be an advisor, investor and board member for start-ups and has served 2 years around the R3 board, just before joining the firm as head of Venture Development.