Verizon

Top 100: Verizon’s new structure enables strategy

Verizon has fit the definition of a company in motion this decade with its acquisitions of AOL and more recently in 2017 the core Internet business of Yahoo that set the stage for an overall restructuring kicked off in the fall of last year. With
/
NYT

Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000

MIAMI — The leaders of Riviera Beach, Fla., looking weary, met quietly this week for an extraordinary vote to pay nearly $600,000 in ransom to hackers who paralyzed the city’s computer systems. Riviera Beach, a small city of about 35,000 people just north of West
/

Digital Identity Trends

The lack of security of the Internet of Things captured public attention this year as massive distributed denial of service attacks took down much of the internet. The culprits? Unsecured connected devices that were easily accessed and manipulated to do the bidding of shadowy hackers. When you can’t access Netflix anymore, cybersecurity is suddenly a dinner table conversation. Looking forward to 2017, we expect security to continue to be a point of concern, but also see an increased focus on privacy as regulations and connected devices put new pressures on organization to protect customer data.

Attacks will Continue Until Security Improves

Due to the massive number of cheap/unsecure IoT devices around the world, DDoS attacks are likely to continue through 2017. However, the ramifications will be less severe as key service providers harden defenses and device manufacturers adopt identity-based security to minimize vulnerabilities. And while catastrophic DDoS attacks may have received the biggest news coverage 2016, just as big a story was the failure of IoT device manufacturers, and service and infrastructure providers to adopt and scale robust security and privacy tactics. We can expect that trend to begin to reverse in 2017, with device manufacturers turning away from hard-coded username and password access management and adopting passwordless authentication.

Passwordless Security Will Prevail

As millions of IoT devices go online to enable new products and services, it will no longer be enough to apply a legacy approach to authentication, authorization and identity management. For modern connected devices like home lighting arrays, garage door openers, and smart wearables, using username and passwords to control access and authorization just won’t work. Innovative new IoT initiatives in 2017 will require passwordless identity management and continuous security techniques to maintain secure access to devices and services.

 

One such passwordless methodology that will be widely used is push notifications – using real-time messaging to smartphones to grant access to data or authorize use of online services. Mobile phones are an ideal method of authentication because they’re familiar, they’re usually always with the user, and they can receive notifications. The smartphone/push notification methodology also enables continuous security. If a suspicious action is detected – for example, a user moves from a protected network at their office to an unprotected network at a bookstore nearby – an additional factor of authentication can be invoked, sending a push notification with a code that would need to be entered in order to continue the session.

In 2017, organizations will also be focused on making sure that security doesn’t get in the way of a great customer experience. The added benefit of passwordless authentication is that it reduces friction in the login process, because responding to a push notification or biometric cue is so easy. Passwordless authentication will help businesses and governments get closer to that coveted seamless experience.

Organizations will Think Beyond the Perimeter

Organizations adopting IoT devices or services into their business models will face new challenges as connected devices moves the collection and sharing of customer data beyond the confines of the business and into people’s homes. Take healthcare for example. The distinction between in-home and clinical healthcare devices will continue to erode. Smart, portable medical devices enable patients to measure their vitals at home, enabling a connected healthcare experience that continues after the patient has left the hospital. Remote monitoring leads to a wealth of data available to clinicians, not just at annual checkups, and gives patients a larger, active role to play in preventative care. However, the proliferation of digital systems and devices and the ease with which personal health data can be collected and shared creates more vulnerabilities where personal data can get exposed or stolen. Here is why healthcare IT decision-makers are increasingly turning to customer identity management as the technology most effective for achieving new security objectives that extend beyond the hospital grounds. By adding features like contextual authentication and authorization, hacking these systems becomes more difficult and personal health data can be secured more effectively.

New Privacy Tools Will Proliferate

Consumer-facing IoT in healthcare, household appliances, and more, will have a critical requirement: privacy. As connected devices collect and share massive amounts of data, patients, customers, and citizens will need a way to control who can access what data, on what device, and under what circumstances. To address this challenge, organizations will look to new consent and sharing standards such as the OAuth-based User-Managed Access (UMA) protocol. Adding momentum to the adoption of new consent and sharing standards will be the fast-evolving global privacy regulatory environment. The Federal Communication Commission (FCC) in the U.S. recently announced rules that will require broadband service providers to take greater steps to protect the privacy of consumers. Meanwhile, in Europe, the E.U.’s General Data Protection Regulation (GDPR) – slated to come into effect May 2018 – will give citizens control over their personal data, while simplifying the regulatory environment for international business. Both new regulations present opportunities for organizations to use strong privacy protections as a competitive differentiator. Strong, scalable customer identity technology will be a critical element in those efforts to build customer loyalty.

By Simon Moffatt

Simon Moffatt

Simon is the Senior Product Manager, ForgeRock, Simon is a recognized technology leader in the fields of identity and access management, the identity of things and devices, consumer identity management and digital transformation. Much sought after as an industry speaker, Simon has co-authored several whitepapers on the topic of consumer identity and digital transformation.

He also regularly posts his thoughts on his blog The Economics of Identity. His 15-year career encompasses roles within venture capitalists as well as privately backed US start-ups.

GDPR Compliance: A Network Perspective

GDPR Compliance: A Network Perspective

GDPR Compliance Regulations can be a tricky thing. For the most part, they’re well thought out in terms of mandating ...
SolarWinds Survey Showcases the DevOps Disconnect

SolarWinds Survey Showcases the DevOps Disconnect

Survey Showcases the DevOps Disconnect The increasingly distributed nature of today’s tech environments has amplified the demand for DevOps practitioners ...
Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices With workplace mobility now a way of life and companies investing in cloud-based ...
Collaboration and Beyond: Four Technology Trends That Will Have Maximum Impact

Collaboration and Beyond: Four Technology Trends That Will Have Maximum Impact

Collaboration Trends Four Technology Trends 2017 is coming to an end, which marks the time of year when we take ...
Accenture News

Bank investments in technology not yet driving significant revenue growth: Accenture

/
NEW YORK (Reuters) - The $1 trillion invested by traditional banks globally over the past three years to improve their technology has not yet delivered the revenue growth that had ...
Facebook

Facebook reveals Libra cryptocurrency, with lofty goals

/
SAN FRANCISCO/NEW YORK (Reuters) - Facebook Inc revealed plans on Tuesday to launch a cryptocurrency called Libra, the latest development in its effort to expand beyond social networking and move ...
Tech Crunch

Three years after moving off AWS, Dropbox infrastructure continues to evolve

/
Conventional wisdom would suggest that you close your data centers and move to the cloud, not the other way around, but in 2016 Dropbox undertook the opposite journey. It (mostly) ended its ...