With the proportion of business activity conducted digitally growing by the day, the challenge of securely establishing user identities has never been more pressing.
Increasing threats of cyberattack, privacy regulations, and the pressures caused by the COVID-19 pandemic together have made the need even more acute. Organisations need to find a way to secure their IT infrastructures while giving staff the access they need to get their jobs done.
Consumers are also very aware of the importance of digital identities. A recent research report released by Ping Identity showed that 81 per cent would stop engaging with a brand after a data breach and 55 per cent would not sign up to an online service that had recently been hit with a breach.
When it comes to cybercrime, the picture is not much better. According to a UK government Cyber Security Breaches survey, 46 per cent of businesses reported some kind of cyberattack in the previous 12 months. Many say they are also experiencing attacks more frequently, with 32 per cent confirming such incidents happen at least once a week.
The challenge of privacy and ID
This is the reason that both businesses and consumers are taking an increased interest in digital identity and personal privacy. It’s also being fuelled by regulations such as the European Union’s General Data Protection Regulation (GDPR) which promising heavy punishments for those that fail to protect the personal privacy of European citizens.
It’s clear that privacy is no longer negotiable, however, this raises a problem. It’s a problem that is not just for those who are legally bound to protect privacy or those who are most at risk of losing it. It’s a problem for everyone.
With all the best will in the world, privacy is a requirement that most cannot meet nor comply with for one simple reason – digital identity is broken.
This current model of digital identity provision has been in use for some time. Users authenticate to an identity provider and are then passed on to a service provider. This model leaves next to no control for the user over their own identity, and this is the reason why the model is broken.
A new approach
There is a better approach to identity, and one where the identity provider and the user switch places.
It involves Identity providers giving individuals a digital identity through which all important records of the relationship and various transactions could be kept. This ID could be stored in a digital wallet held on a mobile phone.
Users could then decide which parts of their personal data to share and not be required to hand over the entire tranche as is currently often the case. Also, enterprises would be able to verify those identifiers quickly through cryptography and provide a better customer experience.
Taking this approach not only increases user privacy and control, but it also removes friction as these data exchanges can take place without requiring separate consent to be shared with other third parties.
This approach is sometimes called decentralised or self-sovereign identity and it represents a radical shift in the power dynamic between service providers, identity providers and users.
Gathering pace
Decentralised ID is not just a pipe dream, but rather something that is gaining increased attention around the world. Research firm Gartner has decreed that decentralised identity and the renewed interest in protecting privacy and data ownership will be “transformational”.
Adoption of the concept of decentralised identity is an effective way to put users in control of their own identity. It reduces their level of risk when the next mega-breach hits, releases businesses from the burden of storing personal information and improves compliance with privacy regulations.
With the need for trust in a digital world never more apparent, this approach needs to be fostered and widely adopted. Eventually, it will come to underpin the online lives of everyone.