Safe handling of digital identities: 5 key questions.
21 de julho de 2020During the coronavirus crisis, the subject of digital identities has come to the forefront
By Jordan Van Den Akker
On one hand, increased homeworking has meant we need to communicate digitally on a whole new level while still maintaining security and privacy. On the other hand, track and trace systems aim to use digital identities to follow society’s movements in unprecedented ways.
But what are digital identities? And how do you manage them and keep them secure? Let’s look at the five most pressing questions.
1. What is a digital identity?
People are exchanging data through digital methods increasingly more — with other people and with companies, organisations and governments. It’s efficient, but it requires secure exchange of information between a personal device, such as a laptop or mobile phone, and the computer or server receiving the information.
This is where digital identities come in. A digital identity is information about someone, or something, within an internal or external digital network. A digital identity certificate works like a digital passport for a person, website or IT system.
It proves that they’re who or what they claim to be and enables information and documents to be exchanged securely.
As digital certificates use a very secure infrastructure, they’re the gold standard for securing digital communication at the highest level.
2. How do digital identities affect businesses?
Dealing with digital identities and exchanging information securely is nothing new. Employees, partners and suppliers have expected secure access to business applications and networks for a long time.
As a company, you also want to be sure of the identity of people logging into your systems. So there’s a need for digital passports that take care of all this.
On the flip side, however, the people logging in expect organisations to handle their data correctly, so their privacy remains protected. And the General Data Protection Regulation (GDPR) now enforces this.
It’s easier said than done because criminals also know the value of digital identities and private information. Usernames, passwords and other sensitive data are increasingly becoming the target of cyber theft.
Which can have far-reaching consequences for your organisation, including loss of trust and damage to your reputation.
Another concern is that if digital identity certificates aren’t managed well and kept up to date, they can prevent your systems such as websites and applications from working properly. And so put your business continuity at stake.
3. What problems do companies face when managing digital identities?
Many organisations are unaware that digital identities need to be protected with certificates that provide a strong, secure digital record of them. Which means such certificates are often managed in a reactive way.
Expired certificates are often only discovered, for example, when an internal or external system such as a web server or application begins malfunctioning. If expiry dates for certificates aren’t registered, their expiration only comes to light when there’s some kind of failure.
This also means that when managing digital certificates it’s important to know who the owner and holder of each certificate is so it can be easily renewed.
Knowing who’s allowed to access which part of your network, services and information at all times is crucial for the continuity of your primary processes.
Unknown and unmanaged certificates pose a security risk due to vulnerabilities in weak cryptographic standards, such as Secure Hash Algorithm 1 or misuse of key lengths. And free certificates that don’t meet trusted standards are used far too often and can lead to digital passports that are easy to steal.
The owners of these free certificates often aren’t properly registered either, which results in non-compliance for your public key infrastructure (also knowns as PKI and meaning a management system for digital certificates).
4. How can we stay in control of digital identities?
To secure a business digitally, it’s important that identities, privacy and security work together. As an organisation, you have to find the optimal balance between ease of use and protection.
Develop a digital identity strategy
The first step is to develop a digital identity strategy that describes how your organisation will deal with identities in the digital and physical world. And how ease of use, privacy and security play a role.
Investigate existing vulnerabilities
Next, you need to do a risk analysis to identify any existing vulnerabilities in how communication and authentication are managed. In this risk analysis, the risks should be grouped into strategic, tactical and operational risks and labelled with categories such as confidential, integrity and availability.
Move from a reactive to a proactive approach
You can then move forward to design, in detail, the control measures needed to implement your strategy. As well as the security of data and systems, consider physical security and the security of equipment too as these can also affect the security of your digital identities. Using a PKI and Identity Access Management (IAM) is crucial for this.
Manage your certificates
To gain control over your digital identities, for hardware, software and people, you need a streamlined system for managing them effectively. You can create your own system — by using a spreadsheet, for example. But as you gain an increasing number of certificates, professional tools can help you do this in a more standardised way that’s easier to use.
These certificate management systems help you to register, validate, issue, revoke and manage your various certificates. They also help you to track down the certificates held in your organisation.
As they’re often issued in different ways to people in several departments this can save a lot of time. Which can be crucial if you need to get an application, server or website up and running again quickly.
5. What are the benefits of a strategy that takes control of digital identities?
On a practical level, when you use digital identity certificates to enable employees and customers to log into systems and applications it increases security.
And, as communications and transactions can be secured with digitally signed documents and emails, you know exactly who’s using your network. Keeping careful control of digital identity certificates for applications and services is also essential for practicality as it prevents them failing due to expired certificates.
A good digital identity strategy has benefits beyond the practical, though. Being in control of your digital business creates trust with customers and partners, which helps to strengthen your position.
A 2017 study by Gartner shows that, by 2025, 20% of digital companies with a strong digital identity strategy will grow twice as fast as companies with a poor digital vision. Another Gartner study that year says companies that are currently digitally reliable will generate 20% more online sales than companies that aren’t.
As even more business and retailing has moved online during the coronavirus crisis, we can reasonably expect those figures to be even higher now.
It’s clear, therefore, that an increase in digital trust ensures more positive commercial and organisational results.
So, as homeworking looks set to stay and we take digital collaboration to new heights, now is the time to take charge of digital identities and their certificates. Now is the time to take full control of the digital side of your business.
A AET Europe, líder global na área de soluções de segurança digital, chega ao Brasil
- HID & Santander team to secure mobile banking with authentication technologyHID, a trusted identity solutions provider, in partnership with Temenos, a provider of banking software solutions.
- Unlocking the Potential of the Brazilian Blockchain and Digital Finance MarketDespite going through an unfavorable macroeconomic scenario in the recent years, 2023 can be of recovery for crypto and blockchain scene
- Why We Must Democratize CybersecurityWhile this is creating greater awareness among smaller businesses of the need to improve their security posture
- Mejora CIAM la experiencia del cliente y la seguridad de sus datosCIAM forma parte de la tecnología que permite a las organizaciones interactuar de manera digital con sus usuarios
- AI and the Rise of MediocrityThe truth is that there is no such thing as “artificial intelligence” – ChatGPT, Midjourney, and the like are not conscious, intelligent minds
- Las empresas que usan biometría celebran una ley de IA que ofrece “garantías” y “sienta las bases del juego”Representantes de Mastercard, Veridas, Innovatrics y el Ministerio del Interior analizan los retos de la biometría tras la aprobación de la ley de IA La biometría se ha convertido en una tecnología cada vez más importante para garantizar la seguridad y la privacidad en los dispositivos digitales. La creciente relevancia de esta herramienta también se ha materializado en
- Next steps in preparing for post-quantum cryptographyGuidance to help organisations and CNI providers think about how to best prepare for the migration to post-quantum cryptography (PQC).
- 10 Reasons to Prescribe Facial Recognition in Healthcare for Patient IdentificationBiometric innovation brings incredible advancements to the healthcare domain — not only to boost patient service levels but most importantly to boost patient care and safety.
- Malware Hunting – Dissecting PDF file.There are a large number of cyber threats today, many of these cyber threats can be based on malicious code, one is known as Malware
- NAAT TECH protege la identidad digital contra el fraude, deepfake y digital injectionSus soluciones tecnológicas reducen los fraudes por robo de identidad hasta en un 99%, en un país en el que el delito ha crecido un 30% en los últimos dos años
- Governor Newsom Signs Executive Order to Prepare California for the Progress of Artificial IntelligenceCalifornia is the global hub for GenAI – we are the natural leader in this emerging field of technology – tools that could change the world
- Everything You Wanted to Know About AI Security but Were Afraid to AskAccording to Etay Maor, Senior Director Security Strategy at Cato Networks, “Generative AI can also help criminals”
- ID R&D introduces frictionless voice biometrics for securing access to ChatGPTID R&D, an award-winning provider of AI-based voice biometrics and liveness detection, today announced that it is demonstrating IDVoice®
- AI for business beyond ChatGPTBut how can we define a roadmap for adopting AI technologies that will lead us from ChatGPT to real business impacts?
- Generative AI and future of work, by Alexandre TorresOn the downside, the impact on the labor market will be brutal, especially for low-wage workers. On the other hand, Generative AI has a positive impact on productivity.