By Ivar Wiersma, Head of Venture Development at enterprise blockchain firm R3
Recently, many businesses have moved towards federated Single Sign-On, (SSO) identity systems and began using large tech companies such as Apple, Google or Facebook as identity providers. On top of this shift, there has been an abandonment of on-premises identity management systems, replaced by off-site, third-party platforms for enterprise. But, data leaks and breaches combined with regulation such as GDPR make it harder for businesses to act without these updated systems. Many businesses are left with a choice: comply, or face the consequences and the data risks involved. The solution is transparency and decentralisation.
Regulating Digital Identity
On one side, the pressure from data privacy activists and regulators is increasing. Regulations such as GDPR threaten steep fines for non-compliance, which is forcing companies to either exit the European market entirely or comply with the regulations. Organisations are realising that while compliance is expensive, a potential data breach arising from the use of outdated legacy identity systems could be far more costly in the long run.
Most companies have good security for their systems in the office. But, as employees head home, these systems become less secure. The greatest risk stems from the fact that access to data requires identity verification and the majority of current approaches to authentication are not robust enough across the board. Phishing attacks and credential stuffing remain threats, and while some of this can be mitigated with SSO and Multi-Factor Authentication, we need a better way to verify identities more broadly without increasing the burden on users.
Even post-lockdown, the shift to remote working this year has been a real test for businesses of all sizes globally. Given this, businesses across all industries are exploring new ways of working and have been forced to accelerate the already shifting concept of work the traditional 9-5 office desk to flexible timings and locations. Even as the crisis diminishes over time, it seems that we will never work the same way again, so the need for secure and effective digital transformation within identity verification is urgent.
As organisations undergo digital transformation, it is extremely important to update ID and access management systems to work over these digital channels. This means that all the processes, systems and security protocols in the physical world need to translate into a digital one.
Effective use of Digital Identity
Ultimately, the effective management and utilisation of digital identity boils down to the question of trust. People want to shop on sites that they trust. People want to use social networks they trust. Poor identity management leads to people losing faith in a platform and ultimately moving away from a previously popular service.
Effective use of Digital Identity also comes down to security. With the high tech that we have access to today, cyberattacks are on the rise which can be tremendously damaging. The true tragedy comes in cases like Equifax or British Airways when customers can’t stop using the service but do so knowing their data has been compromised. Those same customers will probably leave the first chance they get, and it will certainly damage long-term perceptions of the organisation. As a result, companies are finding creative ways of deriving a competitive advantage.
A couple of years ago, the digital identity sector saw dramatic improvements in customer service as a differentiator. Given this, it seems likely that the next revolution will be “that company doesn’t sell my data and respects my privacy, so I’m going to support them.” The focus will be transparency and knowing a company is only using data in a way that is aligned with the user’s consent. Although security remains a paramount concern to customers, convenient user experience is a top requirement for an effective platform. A key example here is social media platforms, such as Facebook, which offer log in across other sites. It is not fully disclosed exactly how a user’s personal data is recorded and shared, however the simple login function means customers continue to use regardless of privacy concerns. Companies must find a balance between high security checks and ease of use to avoid cyberattacks without compromising on user experience.
A key takeaway for digital identity must be privacy. While companies can, and do use data about our age, gender and location to drive personalised ads and services, it is important for the user to be able to opt in, as opposed to being forced in by default. In other words, customers should be in control of their data, how it’s shared, and by extension the level of personalisation they want. It’s one of the core principles of the self-sovereign identity (SSI) movement which has the capacity to transform business models. If a user owns and has control over their identity data, and that data is portable from context to context, there is far less lock-in. Companies must therefore adapt in order to deliver sustaining value to keep their clientele.
Looking at the future of Digital Identity
The future of personal data is anyone’s guess. One thing that is clear, however, is that now personal data is being viewed for what it is: personal. In this sense, the future is actually surprisingly predictable. With more regulation and increased consumer fears about the handling of data, many enterprises will be forced to disregard their traditional, centralised approaches to data.
About the author:
Ivar Wiersma has 20 years’ experience in banking, capital markets, fintech, venture building and corporate innovation. He has launched new banking products, Led innovation, Blockchain and Advanced Analytics teams at ING and co-founded ING Labs, responsible for creating 15+ ventures and company spin-outs. Ivar has been an advisor, investor and board member for start-ups and has served 2 years on the R3 board, prior to joining the firm as head of Venture Development.
The Venture Development program supports more than 175 startups building on Corda with services ranging from technical support, mentorship, business and strategy support, access to capital and customers as well as community events and workshops. In addition to leading the Venture Development program globally, Ivar leads R3’s digital identity strategy and has a specific focus on self-sovereign identity projects on Corda.