Securing the Digital Identity

Identity and access management (IDAM) is the process that enables the right individuals to access the right resources, at the right times, for the right reasons. It is imperative to have a good IDAM strategy.

Securing the Digital Identity

Organisations have changed

In today’s digital world, consumer and people expect a seamless customer journey uninterrupted by the need to provide their mother’s maiden name or the name of their first pet’ as they tap away on their smart phones. Organisations need to adapt in real-time to remain competitive in their field, or in the case of Government, to engage with citizens. This means scaling up working teams immediately and granting them access to critical IT systems, data stores and new technologies at less than a moment’s notice.
Identity and access management (IDAM) is the process that enables the right individuals to access the right resources, at the right times, for the right reasons. Would you give every employee access to payroll? How about each IT worker systems administration credentials? These may be obvious examples but when working in flexible organisations with an agile workforce, evolving customer-base, regular staff turnover and countless enterprise applications with varying data sets, it is imperative to have a good IDAM strategy. This is a very real problem for industries such as insurance, which are looking at digital innovation strategies to increase client retention and increase profitability and for Government bodies who need to ensure their citizen-facing services are both easily accessible and secure.
In a digital world where user experience (both corporate and consumer) is a key concern, organisations want to reduce friction for users while maintaining a strong level of security. Traditionally, implementing an IDAM programme has involved using cumbersome - and often insecure - authentication across multiple systems. Organisations typically have invested in bespoke, on-premise solutions leading to the market ‘horror stories’:
  • “History is full of failed IDAM projects" *
  • “Almost 50% IDAM projects fail” **
  • “Two thirds (65%) of organisations identify shadow IT as a challenging development to the consistent implementation of IAM controls” ***
Organisations need to drive digital change in order to engage with employees and customers, but in some of the most regulated industries, such as financial services, security remains a key priority. A clearly articulated and achievable IDAM strategy is crucial for any modern enterprise. The strategy must be business-aligned and consistent with technology capabilities, and so it requires skills beyond in-house technical expertise.

What next for IDAM?

Innovative technologies and services are emerging to support IDAM challenges and opportunities. Some cloud-based identity services make it easier than ever to provide capability such as Single Sign On (SSO) to allow the user easy access to their secure applications, and leverage social media and enterprise identities to provide security layers such as second factor credentials to traditional username and password schemes.
For example, at the cutting edge of technical advances blockchain offers innovative ways of securely storing, distributing and confirming identity-related information. Some organisations are using blockchain to manage identity and completely reinvent ‘pay-per-content’ business models.
What hasn’t changed in the market is the need for IDAM technologies to combat cyber risks. Beyond multi-factor credentials we are seeing increasing use of new factors that are now commonly supported on mobile devices such as fingerprint or facial biometrics (e.g. Apple Touch ID) – as well as adding additional checks such as anomaly detection, device fingerprinting, geolocation checks and other notification services to report or block suspicious attempts to access information and services.

Why should you care?

Previously, IDAM has been seen as a security or compliance issue and the market has many tactical technology vendors that approach the issue in this way. But to create a successful strategy in today’s reality demands a much wider range of technical and management capabilities.
In addition to removing user friction, it is important that organisations engage in a forward-thinking IDAM programme that gives the ability to rapidly adopt new technologies, provide bespoke access privileges and facilitate channels for customer engagement.
The numerous benefits to an organisation can include increased corporate data security, enablement of meaningful audit, improved transactional integrity, implementation of best-practice data governance strategies, less customer friction, increased client satisfaction and retention, and therefore reduced costs.
BAE Systems has sponsored independent research company, PAC's report into the state of innovation in the European insurance sector.
Kraig Rutland, Head of Insurance, BAE Systems 3 May 2017