Mobility is everywhere. It has the potential to give businesses the competitive edge if used wisely, providing anytime, anywhere access to business critical applications empowering staff, partners and customers alike, writes Jimmy Nilsson. Today’s customers don’t want to wait, and why should they? Providing services such as access to personal or business data at their specific time of need is the nature of the on-demand culture we all live in.
Having secure access to data, whether personal or corporate, in this on-demand world is crucial. However, we found that a staggering 63% of confirmed breaches investigated in our 2016 Data Breach Investigations Report derived from weak, default or stolen passwords. The static (or ‘naïve’) password often made up of birth dates and names simply isn’t strong enough anymore. Now, sophisticated cyber criminals don’t just bypass these passwords. Rather, they actively use them to advance their cyber agendas.
Combine this apparent password weakness with the continued growth in online transactions, the rise of the sharing economy and the emergence of the Internet of Things and the need for reliable, user-friendly authentication mechanisms has become more pressing than ever.
A vast identity ecosystem with various identity solution providers, data providers and service providers has now evolved, all with the intention of protecting user and company information against those who wish to obtain it illegally. Faced with so many security options and providers, selecting the right partner can be confusing, especially when we consider the specific selection criteria each individual audience – consumer, enterprise and Governments – uses when making decisions.
The desire to transact more business online in one procedure or ‘flow’ without asking consumers to visit a physical location to confirm their identity is driving the need for online proofing and verification solutions. These solutions can help enterprises and Governments make decisions based on a risk profile created with data they possess. This is used to proof or re-validate the identity data without invading the privacy of the individual.
From experience, there are organisations that shy away from multi-factor authentication identity methods as they fear the complexity in terms of implementation and maintenance. Stop for a second… Let me re-emphasise the 63% statistic from above – these were confirmed breaches derived from weak, default or stolen passwords. Breaches that may have been avoided with stronger identity authentication. Faced with this fact, surely nothing should seem too complicated to strengthen this access point into business critical systems?
The process can be made simpler by aligning with a trusted identity partner to assist in its management.
Sharing knowledge for ongoing innovation
We know that the digital world is constantly shifting and evolving, pushing new technologies into new territories and addressing ever-changing user demands. We believe that the security industry has a responsibility to its stakeholders to continually invest time, money and expertise into developing these evolving technologies and ensure that the future data generated is protected.
Verizon regularly works on research projects with various industry organisations such as the Open Identity Exchange to develop the next phase of innovation. More recently, we’ve linked with industry and academic institutions on a project called ReCRED (Real-World Identities to Privacy-Preserving and Attribute-based CREDentials) within the framework of the European Union’s Horizon 2020 Programme. The aim of this is to understand the ‘Trust Paradigm Shift’ in the digital world, reviewing the role of unified authentication and authorisation within mobile usage.
We see projects such as this as valuable insights for education and increasing confidence in digital commerce such that identity systems are transparent, secure and interoperable and provide best user experience for all parties.
Jimmy Nilsson is Managing Director of Verizon Professional Security Services