Digital Identity Trends – Previewing The Year Ahead

Digital Identity Trends

The lack of security of the Internet of Things captured public attention this year as massive distributed denial of service attacks took down much of the internet. The culprits? Unsecured connected devices that were easily accessed and manipulated to do the bidding of shadowy hackers. When you can’t access Netflix anymore, cybersecurity is suddenly a dinner table conversation. Looking forward to 2017, we expect security to continue to be a point of concern, but also see an increased focus on privacy as regulations and connected devices put new pressures on organization to protect customer data.

Attacks will Continue Until Security Improves

Due to the massive number of cheap/unsecure IoT devices around the world, DDoS attacks are likely to continue through 2017. However, the ramifications will be less severe as key service providers harden defenses and device manufacturers adopt identity-based security to minimize vulnerabilities. And while catastrophic DDoS attacks may have received the biggest news coverage 2016, just as big a story was the failure of IoT device manufacturers, and service and infrastructure providers to adopt and scale robust security and privacy tactics. We can expect that trend to begin to reverse in 2017, with device manufacturers turning away from hard-coded username and password access management and adopting passwordless authentication.

Passwordless Security Will Prevail

As millions of IoT devices go online to enable new products and services, it will no longer be enough to apply a legacy approach to authentication, authorization and identity management. For modern connected devices like home lighting arrays, garage door openers, and smart wearables, using username and passwords to control access and authorization just won’t work. Innovative new IoT initiatives in 2017 will require passwordless identity management and continuous security techniques to maintain secure access to devices and services.

One such passwordless methodology that will be widely used is push notifications – using real-time messaging to smartphones to grant access to data or authorize use of online services. Mobile phones are an ideal method of authentication because they’re familiar, they’re usually always with the user, and they can receive notifications. The smartphone/push notification methodology also enables continuous security. If a suspicious action is detected – for example, a user moves from a protected network at their office to an unprotected network at a bookstore nearby – an additional factor of authentication can be invoked, sending a push notification with a code that would need to be entered in order to continue the session.

In 2017, organizations will also be focused on making sure that security doesn’t get in the way of a great customer experience. The added benefit of passwordless authentication is that it reduces friction in the login process, because responding to a push notification or biometric cue is so easy. Passwordless authentication will help businesses and governments get closer to that coveted seamless experience.

Organizations will Think Beyond the Perimeter

Organizations adopting IoT devices or services into their business models will face new challenges as connected devices moves the collection and sharing of customer data beyond the confines of the business and into people’s homes. Take healthcare for example. The distinction between in-home and clinical healthcare devices will continue to erode. Smart, portable medical devices enable patients to measure their vitals at home, enabling a connected healthcare experience that continues after the patient has left the hospital. Remote monitoring leads to a wealth of data available to clinicians, not just at annual checkups, and gives patients a larger, active role to play in preventative care. However, the proliferation of digital systems and devices and the ease with which personal health data can be collected and shared creates more vulnerabilities where personal data can get exposed or stolen. Here is why healthcare IT decision-makers are increasingly turning to customer identity management as the technology most effective for achieving new security objectives that extend beyond the hospital grounds. By adding features like contextual authentication and authorization, hacking these systems becomes more difficult and personal health data can be secured more effectively.

New Privacy Tools Will Proliferate

Consumer-facing IoT in healthcare, household appliances, and more, will have a critical requirement: privacy. As connected devices collect and share massive amounts of data, patients, customers, and citizens will need a way to control who can access what data, on what device, and under what circumstances. To address this challenge, organizations will look to new consent and sharing standards such as the OAuth-based User-Managed Access (UMA) protocol. Adding momentum to the adoption of new consent and sharing standards will be the fast-evolving global privacy regulatory environment. The Federal Communication Commission (FCC) in the U.S. recently announced rules that will require broadband Service Providers to take greater steps to protect the privacy of consumers. Meanwhile, in Europe, the E.U.’s General Data Protection Regulation (GDPR) – slated to come into effect May 2018 – will give citizens control over their personal data, while simplifying the regulatory environment for international business. Both new regulations present opportunities for organizations to use strong privacy protections as a competitive differentiator. Strong, scalable customer identity technology will be a critical element in those efforts to build customer loyalty.

By Simon Moffatt

MIT
Smart Manufacturing Startups AI and machine learning's potential to drive greater visibility, control, and insight across shop floors while monitoring machines and processes in real-time continue to attract venture capital. $62 billion is now invested ...
Gilad David Maayan
Azure Storage Pricing Introduction to Azure Storage Services Azure Storage is a set of cloud storage services provided by Microsoft as part of the Azure public cloud. It offers highly scalable object storage, file systems ...
Shireesh Thota
Here’s How to Position Your Organization for the Era of Data Intensity We live in a data-intensive era. Data is booming. Companies are realizing that data is one of the most important assets and they ...
Metasploit-Penetration-Testing-Software-Pen-Testing-Security
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
David Dymko
Working with virtual machines and or Kubernetes A conversation with David Dymko, Director of Engineering for Cloud Native Development at Vultr.com If you work with virtual machines and or Kubernetes, and if you have some ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.