One of the requirements for conducting online transactions is proving that you are who you claim to be. Whether it’s checking a bank balance or ordering some groceries, companies need to know who is making the request.
However, to attract and retain customers, businesses need to make this digital identification process as seamless as possible. Clunky interfaces and a requirement to enter personal details multiple times are likely to result in people transacting elsewhere.
Unfortunately, for many organisations, the identity experience they are offering falls well short of ideal. Users have to navigate multiple steps, remember passwords, and deal with annoying multi-factor authentication requirements.
For companies, it’s a matter of striking a balance between having effective security and delivering a positive customer experience. They need to select and deploy the identity tools that will ensure effective security without it becoming a tiresome burden.
Overcoming the challenge
Yet, even modern identity protocols such as OAuth fail to solve the problem. OAuth often requires customers to navigate away from the application or service they are trying to use, authenticate themselves, and then return.
This challenge is particularly acute when it comes to mobile apps. User experience can be negatively impacted by variable network conditions and the different interfaces used by the company and the identity service provider.
Connectivity is key
Seamless interoperability and connection have therefore become fundamental values that enterprises are pursuing. This is particularly important when it comes to secure identity which needs to make sure that the devices and users interacting within the environment can be verified and trusted.
It’s for this reason that open identity standards are so crucially important. Open identity standards allow the integration of identity systems under one authentication authority that can serve as the single, objective source of truth in the enterprise.
Open identity standards also marry the purpose of security with more streamlined user experiences and greater productivity. Without identity systems that work together, users will be left to log in to every individual app and service they use while at work.
But the promises of open standards go even further. Because they enable interoperability, the standards can also smooth out any barriers that delay or restrict developers in their job. Those standards can take much of the grunt work that developers are burdened with and free them to actually push their discipline forward.
OpenStand, a group formed in 2012 by the Internet Engineering Task Force (IETF), World Wide Web Consortium (W3C) and the Institute of Electrical and Electronic Engineers (IEEE), places innovation as a central value of open standards. It’s all about driving innovation of the internet and making sure that, through cooperation, everyone can benefit and drive global technology forward.
Other standards such as the Decentralised Identity Foundation (DIF) and W3C provide for further innovation of personal identity that allows for user-owned identity with a closely-held private/public key pair in lieu of usernames and passwords to further enhance security.
These principles are being borne out in new standards that promise great things for identity security. The FIDO 2 project is a particularly significant movement in this direction. Formed of WC3 and the FIDO alliance, which was created to address problems of interoperability in authentication, FIDO 2 aims to provide open authentication standards and roll out password-less authentication globally.
No longer a ‘castle and moat’
It’s often said that, when it comes to IT security, identity is the new perimeter. The increasing complexity in enterprise infrastructures and, the rise in remote working as a result of COVID-19, has made it very challenging to preserve the traditional ‘castle and moat’ that have been used for years.
As the old perimeters become ineffective, authentication and identity are becoming the new walls with which infrastructures are protected.
It should be remembered that it’s not just the case that identity has to change. In fact, it has to become the first line of defence at the network security perimeter. It has to be able to reach and interoperate with all parts of the network security infrastructure, and this can only be achieved by using pen identity standards.
As more facets of life are handled online, proving identity will become even more important. Striking the right balance between security and usability will be key.
