Identity Protection: Can we afford to sit back and relax?

Jimmy Nilsson

Jimmy Nilsson

Mobility is everywhere. It has the potential to give businesses the competitive edge if used wisely, providing anytime, anywhere access to business critical applications empowering staff, partners and customers alike, writes Jimmy Nilsson. Today’s customers don’t want to wait, and why should they? Providing services such as access to personal or business data at their specific time of need is the nature of the on-demand culture we all live in.

Having secure access to data, whether personal or corporate, in this on-demand world is crucial. However, we found that a staggering 63% of confirmed breaches investigated in our 2016 Data Breach Investigations Report derived from weak, default or stolen passwords. The static (or ‘naïve’) password often made up of birth dates and names simply isn’t strong enough anymore. Now, sophisticated cyber criminals don’t just bypass these passwords. Rather, they actively use them to advance their cyber agendas.

Combine this apparent password weakness with the continued growth in online transactions, the rise of the sharing economy and the emergence of the Internet of Things and the need for reliable, user-friendly authentication mechanisms has become more pressing than ever.

The opportunity

A vast identity ecosystem with various identity solution providers, data providers and service providers has now evolved, all with the intention of protecting user and company information against those who wish to obtain it illegally. Faced with so many security options and providers, selecting the right partner can be confusing, especially when we consider the specific selection criteria each individual audience – consumer, enterprise and Governments – uses when making decisions.

The desire to transact more business online in one procedure or ‘flow’ without asking consumers to visit a physical location to confirm their identity is driving the need for online proofing and verification solutions. These solutions can help enterprises and Governments make decisions based on a risk profile created with data they possess. This is used to proof or re-validate the identity data without invading the privacy of the individual.

From experience, there are organisations that shy away from multi-factor authentication identity methods as they fear the complexity in terms of implementation and maintenance. Stop for a second… Let me re-emphasise the 63% statistic from above – these were confirmed breaches derived from weak, default or stolen passwords. Breaches that may have been avoided with stronger identity authentication. Faced with this fact, surely nothing should seem too complicated to strengthen this access point into business critical systems?

The process can be made simpler by aligning with a trusted identity partner to assist in its management.

Sharing knowledge for ongoing innovation

We know that the digital world is constantly shifting and evolving, pushing new technologies into new territories and addressing ever-changing user demands. We believe that the security industry has a responsibility to its stakeholders to continually invest time, money and expertise into developing these evolving technologies and ensure that the future data generated is protected.

Verizon regularly works on research projects with various industry organisations such as the Open Identity Exchange to develop the next phase of innovation. More recently, we’ve linked with industry and academic institutions on a project called ReCRED (Real-World Identities to Privacy-Preserving and Attribute-based CREDentials) within the framework of the European Union’s Horizon 2020 Programme. The aim of this is to understand the ‘Trust Paradigm Shift’ in the digital world, reviewing the role of unified authentication and authorisation within mobile usage.

We see projects such as this as valuable insights for education and increasing confidence in digital commerce such that identity systems are transparent, secure and interoperable and provide best user experience for all parties.

Jimmy Nilsson is Managing Director of Verizon Professional Security Services

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts