Saving trust in digital identity will take transparency and decentralization
This is a guest post by Ivar Wiersma, Head of Venture Development at R3
Throughout recent years, we’ve seen organisations move towards federated identity systems and the use of large technology companies like Google, Apple and Facebook as identity providers. There has also been a shift from legacy on-premises identity management tools towards third-party cloud identity platforms like Okta and Ping for enterprise. Recent high-profile data breaches have led to a renewed interest in consumer privacy, this, combined with recent regulations such as GDPR and CCPA, is starting to reveal a paradigm shift that embraces the new concept of self-sovereign identity.
Regulating Digital Identity
On one side, the pressure from data privacy activists and regulators is increasing. Regulations such as GDPR threaten steep fines for non-compliance, which is forcing companies to either exit the European market entirely or comply with the regulations. Organisations are realising that while compliance is expensive, a potential data breach arising from the use of outdated legacy identity systems could be far more costly in the long run.
Most companies have good security for their systems in the office, but as employees head home, these systems become less secure. The greatest risk stems from the fact that access to data requires identity verification and the majority of current approaches to authentication are not robust enough across the board. Phishing attacks and credential stuffing remain threats, and while some of this can be mitigated with Single Sign On (SSO) and Multi-Factor Authentication (MFA), we need a better way to verify identities more broadly without increasing the burden on users.
With the rollout of national lockdowns and the shift to remote working, this year has been a real test for businesses of all sizes globally. Given this, businesses across all industries are exploring new ways of working and have been forced to accelerate the already shifting concept of work the traditional 9-5 office desk to flexible timings and locations. Even if the current crisis diminishes over time, it seems that we will never work the same way again and so the need for secure and effective digital transformation within identity verification is urgent.
As organisations undergo digital transformation prompted by the pandemic, it is extremely important to update ID and access management systems to work over these digital channels. This means that all the processes, systems and security protocols in the physical world need to translate into a digital one.
Effective use of Digital Identity
Ultimately, the effective management and utilisation of digital identity boils down to the question of trust. People want to shop on sites that they trust. People want to use social networks they trust. Poor identity management leads to people losing faith in a platform and ultimately moving away from a previously popular service.
Effective use of Digital Identity also comes down to security. With the high tech that we have access to today, cyberattacks are on the rise which can be tremendously damaging. The true tragedy comes in cases like Equifax or British Airways when customers can’t stop using the service but do so knowing their data has been compromised. Those same customers will probably leave the first chance they get and it will certainly damage long-term perceptions of the organisation. As a result, companies are finding creative ways of deriving a competitive advantage. A couple of years ago, the digital identity sector saw dramatic improvements in customer service as a differentiator. Given this, it seems likely that the next revolution will be “That company doesn’t sell my data and respects my privacy, so I’m going to support them.” The focus will be transparency and knowing a company is only using data in a way that is aligned with the user’s consent. Although security remains a paramount concern to customers, convenient user experience is a top requirement for an effective platform. A key example here is social media platforms, such as Facebook, which offer log in across other sites. It is not fully disclosed exactly how a user’s personal data is recorded and shared, however the simple login function means customers continue to use regardless of privacy concerns. Companies must find a balance between high security checks and ease of use to avoid cyberattacks without compromising on user experience.
A key takeaway for digital identity must be privacy. While companies can, and do use data about our age, gender and location to drive personalised ads and services, it is important for the user to be able to opt in, as opposed to being forced in by default. In other words, customers should be in control of their data, how it’s shared, and by extension the level of personalisation they want. It’s one of the core principles of the self-sovereign identity (SSI) movement which has the capacity to transform business models. If a user owns and has control over their identity data, and that data is portable from context to context, there is far less lock-in. Companies must therefore adapt in order to deliver sustaining value to keep their clientele.
Looking at the future of Digital Identity
Looking forward, it is likely that we are going to see a lot more people viewing personal data as something that is theirs and with this, a want to retain control and ownership over that information. At the same time, we’re going to see an increase in regulation focused on consumer privacy and data protection. This will force enterprises to realise that traditional, centralised approaches to identity will no longer be fit for purpose and force them to explore the new decentralised approaches that are being developed today.
With the fallout from the pandemic accelerating digital transformation at a pace that would have been unimaginable previously, it is clear that we are facing a revolution in the way that we use data. Shifts to at-home working and ‘track and trace’ systems has meant that our personal data is now more readily required by our employers, and the state, adding new fuel to perennial data privacy and online surveillance concerns. In this context, it is more important than ever that we look to achieve a balance between privacy and efficiency. With that in mind, a movement towards decentralised technology is a vital step forward in the digitalisation of digital identity management.
About the author
Ivar Wiersma has 20 years’ experience in banking, capital markets, fintech, venture building and corporate innovation. He has launched new banking products, Led innovation, Blockchain and Advanced Analytics teams at ING and co-founded ING Labs, responsible for creating 15+ ventures and company spin-outs. Ivar has been an advisor, investor and board member for start-ups and has served 2 years on the R3 board, prior to joining the firm as head of Venture Development.
The Venture Development program supports more than 175 startups building on Corda with services ranging from technical support, mentorship, business and strategy support, access to capital and customers as well as community events and workshops. In addition to leading the Venture Development program globally, Ivar leads R3’s digital identity strategy and has a specific focus on self-sovereign identity projects on Corda.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.