The digital world is integral to millions of people throughout the UK. Each person representing multiple data selves as a citizen, consumer and employee but how can those identities be secured from data breach? And how can they be combined to provide one interoperable, trusted identity that enables a person to securely access everything they want to in that digital universe, from retail and bank accounts to secure workplace systems?
In a report released earlier this month, titled; The Case for Digital IDs, leading independent technology trade organisation, techUK emphasise the important role UK government and enterprise have to play in adopting best practice methods of issuing and managing digital identities to provide a user-friendly, secure digital environment.
In a world where internet banking fraud increased by 19% in 2018 and mobile banking fraud by 10.5%, not to mention 9 in every 10 attempted website logins originating from bots attempting ‘brute force’ access, digital identities must evolve to become more secure and easy to manage.
What does a secure interoperable digital environment look like?
At present we have a disparate digital environment where government agencies and enterprises heavily rely on passwords to provide users with access to their secure information.
Cumbersome and unsecure, passwords are the primary source of data breach for large organisations. Easily intercepted and hacked through an increasing variety of methods, whether part of a one-time-password form of multi-factor authentication or not, passwords do not provide a robust form of knowing a user is who they claim to be (read our recent password hack blog piece on Metro Bank here).
In techUK’s report the concept of passwords for user access is not only questioned from a security perspective but also from an end user angle. Remembering numerous passwords isn’t user-friendly. Having to rely on keychains on specific devices to access accounts isn’t user-friendly. Expecting people to use different methods and passwords to access accounts as a consumer, citizen and employee isn’t user-friendly.
The advent of centralised, robust digital identity
The techUK report recommends that “the UK Government should establish a policy to facilitate the creation of a fully functioning digital identity ecosystem, which operates across public and private sectors.”
At present numerous UK government departments require an identity to suitably serve the public but there is no universal mechanism of proving identity. Passport and driving licence are commonly cited, however 1 in 5 individuals do not have this form of documentation available.
Providing a standardised, secure means of locking down an individual’s identity in the digital world is essential. However, once that trusted identity is issued that user could easily use that as a secure means of accessing their digital world.
The answer to an identity evolution for UK enterprise and governments
To pull multiple databases, hardware and systems across a tangled web of connectors, databases and technology sounds complicated. It is. However, there is a tool from a UK-based company that enables just that to be achieved, and makes the integration process simple for those adopting it.
At Intercede we have been pulling the world’s most secure organisations’ IT systems together, across government departments and enterprise, to provide their citizens and employees with one interoperable digital identity.
The MyID platform is what is known as a Credential Management System (CMS), essentially a central cog that ties numerous systems and technologies together and enables large organisations to issue and manage a cryptographically protected identity for employees, military, police, and civilians alike.
An identity is protected by multi-factor authentication but does not require a password. To access any system using MyID issued credentials a user must prove who they are by firstly using a ‘credentialed’ device, which has a secure key on it, and secondly with a PIN and/or biometric such as a fingerprint scan.
This secure multi-factor approach means access requires not only the right device but also the right knowledge for the PIN or right biometric for the fingerprint. If all of the chosen authentication methods cannot be completed access is denied.
MyID takes that trusted identity and enables end users to take advantage of the digital identity to access other secure data, systems and networks. Whether that is a civilian using their smartphone to access their civilian documents from multiple government agencies, or an employee at a defence manufacturer accessing different databases and hardware.
MyID’s concept of a trusted identity everywhere is also securing industrial internet of things devices (IIoT) for major technology manufacturers.
For the UK government it is important to recognise the threat of weak digital identities and put steps in place, in line with techUK’s report (available here: https://www.techuk.org/images/documents/digital_id_FINAL_WEBSITE.pdf) to counteract them.
Evolving civilian identities to meet the level of interoperability and security found in Kuwait’s best practice environment takes time at a national scale.
However, for large UK enterprises the opportunity to safeguard data by issuing employees with robust digital identities using a CMS platform like MyID is here and as the cyber threat of weak credentials continues to grow, adopting a solution like MyID is a significant step to safeguarding against hacks, data breach and the significant associated costs – both financial and to reputation.
Interested in finding out more about MyID and how it will help secure your organisation against data breach? Contact us now: firstname.lastname@example.org