Digital identity: the new cornerstone of cyber resilience

If you want to seize the opportunities of the digital economy, you must also address the threats that come with it. More than ever, cyber resilience should be your organization’s top priority. And that means creating a strong foundation for digital identity management.



We are on the brink of a politically, economically and socially fractured world. That’s why the World Economic Forum’s Annual Meeting 2018 theme, 'Creating a Shared Future in a Fractured World’, aimed at developing a shared narrative to improve the state of the world. Being a WEF Strategic Partner for 19 years, Accenture brings leadership for digital transformation at the intersection of AI and Future Workforce, redefining strategy, sustainability, and technology.

Digital identities are a cornerstone of our shared digital future. We need to coordinate challenges such as interoperability and address flaws and vulnerabilities in existing systems. It is essential to debate on who should create, control and benefit from people’s identity information. How can we pursue the opportunities that come with digital identities and ensure the protection of rights in a sustainable and responsible manner?

orange-line-digital-identity-cyber-resilienceThe digital world is booming. In every industry and every market, businesses are rushing to establish new value propositions and claim new opportunities. And in doing so, they are building a future where interactions will increasingly take place on the sprawling digital superhighways of the 21st century.

These interactions – between humans, between companies, between devices and data – already determine your ability to identify, claim and add value. Their importance will only continue to grow. But who is connecting with whom? How will you know which people, which systems and processes are interfacing with what data, and whether they are authorized to do so? How can you tell whether the sensors you rely on are uncompromised? That the information they transmit hasn’t been rerouted or manipulated to further outside interests?

Without a solid digital identity foundation, you won’t be able to answer these questions. And in this day and age, that constitutes an existential threat to your business – one that can hamper your ability to add value and damage the trust relationships you’ve built with your customers and suppliers.


The impostors are coming

It’s a beautiful Saturday and you’re strolling down the street in Amsterdam, enjoying the sun and the bustle of the city. Suddenly, your phone chimes. It’s a personalized offer from one of your favorite retailers. They know you’re in the neighborhood and they know what you like, because you trust their brand enough to share that information with them.

It looks like a fabulous deal, so you make a short detour. At the very least, you’ll get a free cup of coffee out of it. But what you don’t realize is that it’s all a lie. Hackers have set up a dragnet, targeting specific phones with vulnerabilities they can exploit. When you arrive at the store and discover that you’ve wasted your time, you leave disappointed and confused. One of your trusted brands has let you down.

In this example, the endgame is disillusionment – a targeted erosion of the faith a consumer places in a company, perhaps at the behest of a competitor. But the objective could easily have been something more sinister, like identity theft or credit card fraud. Mind you, these are not far-fetched scenarios. The technology required to do this already exists and is being used in the wild today.

Whether it’s people masquerading as other people, devices impersonating other devices or data posing as other data, the benefits of our connected world come preloaded with myriad opportunities for financial fraud, as well as other threats. Dealing with them requires a new outlook on cyber resilience, one that embeds security in every facet of your digital transformation.


Building a better mousetrap

If you were the bad guy, what would you do to disrupt your organization’s essential processes? How would you undermine the trust between your company and its clients? Which weak spots would you exploit and how would you confuse your security department?

More often than not, questions like these are only considered during the final stages of a company’s digital transformation journey. Unfortunately, this means that essential aspects of cybersecurity go overlooked throughout the formative phases of the process, making it supremely difficult to even be aware of gaps in your defenses – let alone close them adequately.

Carrying out penetration tests at the tail-end of your digital transformation will tell you whether your infrastructure has obvious vulnerabilities, but it won’t tell you how attackers might leverage your processes, supply chain, employees and integrated technologies to achieve their goals. And since you owe it to your clients to provide security across your entire value chain, especially in these days of digital trust, you need to invest time and effort into anticipating security threats and addressing them before they arise.

That means embedding security in every relevant area of your digital transformation. Give your security department a seat at the table. Make them an integral part of the journey. They have just as much to add as Finance and HR, if not more. By involving them at the earliest possible stage, you’ll be able to seamlessly weave the security narrative into the transformation itself.

Locking down digital identity

article-4615-digital-identity-security-icon-in-article-imageThe digital world has reached a new stage in its evolution, and cybersecurity must evolve with it. The game is not just about people anymore – it’s about devices and processes, as well. Tomorrow’s users won’t make all their decisions themselves. Instead, they’ll increasingly delegate those interactions to smart machines, authorizing the pet AIs that live in their pockets to interact with your company and do the heavy lifting for them.

At the same time, your business will process the information it receives in radically different ways as well. As you transition to machine learning and real-time decision-making in order to delight your customers with increased speed and efficiency, you will no longer be able to rely on the human instincts of your employees to help spot the data that doesn’t pass the sniff test.

This makes your digital identity layer one of the most important tools in your cyber resilience toolbox, and the foundation on which tomorrow’s world will be built. As a business, you need to know beyond a shadow of a doubt which users, systems, processes and devices are real. Which data is genuine, and which is suspect. And you need reliable infrastructure in place to verify these identities, authorize real connections and automatically reject everything that falls outside predetermined safety parameters.

Blazing new trails in cybersecurity

Integrating digital identity solutions, security operations and business risk management into your digital transformation are a step in the right direction. The ability to verify who’s who and what’s what, spot anomalies and understand the cybersecurity risks inherent in new business propositions will certainly improve your security posture and help your transformation run more smoothly. But that’s only half the battle. To win the other half, you need to understand exactly what you’re up against – and respond accordingly.

Hackers are highly motivated to develop new threats and they have ample opportunity to do so. Where you see strengths, they see potential weaknesses. What seems ironclad today might well be tomorrow’s new security exploit. It’s a constant arms race, and the only way to win it is by embedding innovation in your digital transformation. Only by outthinking and outsmarting the adversary will you ever be able to have peace of mind.

To watch this video you need to accept marketing cookies

Collaboration is an extremely valuable tool in cybersecurity as well. After all, the bad guys are already using it to great effect. No matter the size of your business, your ability to invest in security will always be smaller than that of your entire industry. Banding together with other players in your sector to tackle new cybersecurity threats will allow you to focus more time, energy and insight on the problems at hand. The rewards can be substantial – from hiring outside security services cheaply through collective bargaining power to building a new digital identity platform that will serve your entire ecosystem.

If you make digital identity a priority and commit your organization to developing new security strategies, the possibilities are truly endless. Sure, the journey might take you off the beaten path. But when it comes to the digital revolution, we’re already in uncharted waters anyway – so you might as well make sure you can explore them safely.

Author: Michael Teichmann