During the coronavirus crisis, the subject of digital identities has come to the forefront
By Jordan Van Den Akker
On one hand, increased homeworking has meant we need to communicate digitally on a whole new level while still maintaining security and privacy. On the other hand, track and trace systems aim to use digital identities to follow society’s movements in unprecedented ways.
But what are digital identities? And how do you manage them and keep them secure? Let’s look at the five most pressing questions.
1. What is a digital identity?
People are exchanging data through digital methods increasingly more — with other people and with companies, organisations and governments. It’s efficient, but it requires secure exchange of information between a personal device, such as a laptop or mobile phone, and the computer or server receiving the information.
This is where digital identities come in. A digital identity is information about someone, or something, within an internal or external digital network. A digital identity certificate works like a digital passport for a person, website or IT system.
It proves that they’re who or what they claim to be and enables information and documents to be exchanged securely.
As digital certificates use a very secure infrastructure, they’re the gold standard for securing digital communication at the highest level.
2. How do digital identities affect businesses?
Dealing with digital identities and exchanging information securely is nothing new. Employees, partners and suppliers have expected secure access to business applications and networks for a long time.
As a company, you also want to be sure of the identity of people logging into your systems. So there’s a need for digital passports that take care of all this.
On the flip side, however, the people logging in expect organisations to handle their data correctly, so their privacy remains protected. And the General Data Protection Regulation (GDPR) now enforces this.
It’s easier said than done because criminals also know the value of digital identities and private information. Usernames, passwords and other sensitive data are increasingly becoming the target of cyber theft.
Which can have far-reaching consequences for your organisation, including loss of trust and damage to your reputation.
Another concern is that if digital identity certificates aren’t managed well and kept up to date, they can prevent your systems such as websites and applications from working properly. And so put your business continuity at stake.
3. What problems do companies face when managing digital identities?
Many organisations are unaware that digital identities need to be protected with certificates that provide a strong, secure digital record of them. Which means such certificates are often managed in a reactive way.
Expired certificates are often only discovered, for example, when an internal or external system such as a web server or application begins malfunctioning. If expiry dates for certificates aren’t registered, their expiration only comes to light when there’s some kind of failure.
This also means that when managing digital certificates it’s important to know who the owner and holder of each certificate is so it can be easily renewed.
Knowing who’s allowed to access which part of your network, services and information at all times is crucial for the continuity of your primary processes.
Unknown and unmanaged certificates pose a security risk due to vulnerabilities in weak cryptographic standards, such as Secure Hash Algorithm 1 or misuse of key lengths. And free certificates that don’t meet trusted standards are used far too often and can lead to digital passports that are easy to steal.
The owners of these free certificates often aren’t properly registered either, which results in non-compliance for your public key infrastructure (also knowns as PKI and meaning a management system for digital certificates).
4. How can we stay in control of digital identities?
To secure a business digitally, it’s important that identities, privacy and security work together. As an organisation, you have to find the optimal balance between ease of use and protection.
Develop a digital identity strategy
The first step is to develop a digital identity strategy that describes how your organisation will deal with identities in the digital and physical world. And how ease of use, privacy and security play a role.
Investigate existing vulnerabilities
Next, you need to do a risk analysis to identify any existing vulnerabilities in how communication and authentication are managed. In this risk analysis, the risks should be grouped into strategic, tactical and operational risks and labelled with categories such as confidential, integrity and availability.
Move from a reactive to a proactive approach
You can then move forward to design, in detail, the control measures needed to implement your strategy. As well as the security of data and systems, consider physical security and the security of equipment too as these can also affect the security of your digital identities. Using a PKI and Identity Access Management (IAM) is crucial for this.
Manage your certificates
To gain control over your digital identities, for hardware, software and people, you need a streamlined system for managing them effectively. You can create your own system — by using a spreadsheet, for example. But as you gain an increasing number of certificates, professional tools can help you do this in a more standardised way that’s easier to use.
These certificate management systems help you to register, validate, issue, revoke and manage your various certificates. They also help you to track down the certificates held in your organisation.
As they’re often issued in different ways to people in several departments this can save a lot of time. Which can be crucial if you need to get an application, server or website up and running again quickly.
5. What are the benefits of a strategy that takes control of digital identities?
On a practical level, when you use digital identity certificates to enable employees and customers to log into systems and applications it increases security.
And, as communications and transactions can be secured with digitally signed documents and emails, you know exactly who’s using your network. Keeping careful control of digital identity certificates for applications and services is also essential for practicality as it prevents them failing due to expired certificates.
A good digital identity strategy has benefits beyond the practical, though. Being in control of your digital business creates trust with customers and partners, which helps to strengthen your position.
A 2017 study by Gartner shows that, by 2025, 20% of digital companies with a strong digital identity strategy will grow twice as fast as companies with a poor digital vision. Another Gartner study that year says companies that are currently digitally reliable will generate 20% more online sales than companies that aren’t.
As even more business and retailing has moved online during the coronavirus crisis, we can reasonably expect those figures to be even higher now.
It’s clear, therefore, that an increase in digital trust ensures more positive commercial and organisational results.
So, as homeworking looks set to stay and we take digital collaboration to new heights, now is the time to take charge of digital identities and their certificates. Now is the time to take full control of the digital side of your business.
A AET Europe, líder global na área de soluções de segurança digital, chega ao Brasil
- Cryptography in Modern Business OperationsCryptography, once primarily the domain of military and governmental agencies, is now a cornerstone of digital security for modern companies.
- NetApp maintains push to data management for AIFrom data storage to intelligent data infrastructure – that’s the plan from NetApp, which has announced data curation for AI NetApp will maintain its big push towards data management for artificial intelligence (AI) workloads and took the opportunity to explain that move at its Insight 2024 event in Las Vegas this week. Core to that is data management via
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal CredentialsCybersecurity researchers are calling attention to a new QR code phishing campaign that leverages Microsoft Sway infrastructure to host fake pages Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious
- Launch a Network with Restaked Security in Minutes: Tanssi and Symbiotic Set New Ethereum StandardA Tanssi Foundation anuncia a expansão do protocolo de infraestrutura de blockchain da Tanssi para o Ethereum, permitindo o rápido lançamento de redes descentralizadas — também conhecidas como Actively Validated Services (AVSs).
- How Phishing Attacks Adapt Quickly to Capitalize on Current EventsPhishing as a Service, or PhaaS, is another development sometimes cited to explain why phishing threats are at an all-time high
- Oracle Cloud Infrastructure Expands NVIDIA GPU-Accelerated Instances for AI, Digital Twins and MoreNew OCI (Oracle Cloud Infrastructure) Compute instances accelerated by NVIDIA L40S now available to order.
- HID and AWS Collaborate to Deliver Advanced Facial Imaging Technology Powered by AIHID’s U.ARE.U™ Camera Works with Amazon Rekognition to Deliver Facial Analysis and Verification at Scale in Self-Service and POS Environments.
- HID & Santander team to secure mobile banking with authentication technologyHID, a trusted identity solutions provider, in partnership with Temenos, a provider of banking software solutions.
- Unlocking the Potential of the Brazilian Blockchain and Digital Finance MarketDespite going through an unfavorable macroeconomic scenario in the recent years, 2023 can be of recovery for crypto and blockchain scene
- NVIDIA Announces Generative AI Models and NIM Microservices forOpenUSD Language, Geometry, Physics and MaterialsNVIDIA announced major advancements to Universal Scene Description, or OpenUSD, that will expand adoption of the universal 3D data interchange framework to robotics
- Why We Must Democratize CybersecurityWhile this is creating greater awareness among smaller businesses of the need to improve their security posture
- Mejora CIAM la experiencia del cliente y la seguridad de sus datosCIAM forma parte de la tecnología que permite a las organizaciones interactuar de manera digital con sus usuarios
- AI and the Rise of MediocrityThe truth is that there is no such thing as “artificial intelligence” – ChatGPT, Midjourney, and the like are not conscious, intelligent minds
- Las empresas que usan biometría celebran una ley de IA que ofrece “garantías” y “sienta las bases del juego”Representantes de Mastercard, Veridas, Innovatrics y el Ministerio del Interior analizan los retos de la biometría tras la aprobación de la ley de IA La biometría se ha convertido en una tecnología cada vez más importante para garantizar la seguridad y la privacidad en los dispositivos digitales. La creciente relevancia de esta herramienta también se ha materializado en
- Next steps in preparing for post-quantum cryptographyGuidance to help organisations and CNI providers think about how to best prepare for the migration to post-quantum cryptography (PQC).