The movement toward identity-centric security

Customers now consider their identities as critical assets, and they trust companies to keep them secure The movement toward identity-centric security image

 

This year, 5.5 million new devices will get connected online every day, according to Gartner. By the end of 2016, there will be more than 6.4 billion connected things, a 30 percent rise from last year. And Gartner predicts the trend is not going to slow down. By 2020, the Internet of Things market will include 20.8 billion things.

In tandem with the explosion of connected devices is the growth in breaches. In just the first three months of 2016, there were 139 reported data breaches, resulting in almost 4.3 million exposed user records, according to the Identity Theft Resource Center.

Data breaches are costly and can negatively impact customer trust and companies of all sizes are being compromised.

With so many devices going online, the surface for potential attacks keeps growing and calls for the redoubling of efforts to protect online device and user data. Against this backdrop, companies are focusing on scoped access to enhance data security and privacy.

>See also: 4 guiding principles of mobile login

Scoped access ensures that only those employees and contractors who need access to data to do their work have access and that their access is limited to the data required for their work.

In a recent security and privacy talk with Janrain, miaa Guard co-founder Carlo Schupp discussed the importance of managing access for devices and people to protect secure customer identities.

With a background in managed infrastructure security, Schupp co-founded miaa Guard six years ago. Based out of Belgium, the company provides managed access services.

Device control

Devices are starting to have their own identities, often associated with a human being that owns the device. There is a client-device relationship and devices need to be secure in order to maintain trust from the owner.

“From a security standpoint, we are now treating devices the same way we treat individuals,” said Schupp. “So devices will also have their identity and then we will concentrate modern identity-centric security around those devices. You want to have the device control itself, rather than relying on some third party and hope that they do a good job.”

With more data being gathered and becoming available, access and policy are important to consider. Doctor access to patient records is an issue that will need policies and constraints. Consumer brands accessing customer data has to be controlled so not everyone working at these large companies has access to the data.

Every industry is collecting identity data and without scoped access and relevant, targeted and enforced policy choices, information can get into the wrong hands.

“Access control relative to applications is often embedded in the application,” Schupp said. “Also, if the application is web-enabled, then it may be part of the web server. We see more and more trends to externalize the control of access out of the applications, so that you can have a harmonised way of controlling access to different types of websites and applications.”

>See also: What is customer identity access management?

By understanding the parameters that are important in its industry, a business can determine the best way to control access.

“Often times in the past, people were given permission to access certain data and then when people changed throughout the organisation, nobody dared to take away those permissions,” Schupp said. “They would add permissions to access even more data and more applications. And the longer a person is with the company, the more permission they have.”

It’s important to review security as identity-centric. Employees are given certain roles when joining a company but those roles change when they move throughout the organisation. In regard to access and authorisation management, businesses must think about the identity and make sure that you have a single identity for an individual.

“You don’t want to have 4,000 accounts of one person and a gazillion number of access rights and permission spread all over the company,” Schupp said.

Access control is a key component of customer identity and access management. And simple as it may be, the most important thing to remember is to make it a priority and establish protocols to ensure the privacy and security of customer data.

 

Sourced from Lewis Barr, VP of legal and privacy, Janrain. Janrain is a customer identity management platform on the cloud. It helps companies build a unified view of their customers across all devices by collecting accurate customer profile data to power personalised marketing.

Latest news

divider
Data Protection & Privacy
Data protection and privacy – time to take it seriously

Data protection and privacy – time to take it seriously

20 July 2018 / Five ways to do it better No matter what industry you work in, the chances [...]

divider
AI & Machine Learning
Bringing AI in-house

Bringing AI in-house

20 July 2018 / Employees are increasingly expecting the delivery of internal services to be as slick as ordering [...]

divider
Cybersecurity
CTO vs. CISO: Who should have ultimate responsibility for cyber security?

CTO vs. CISO: Who should have ultimate responsibility for cyber security?

20 July 2018 / Cyber security is now rarely out of the spotlight with high-profile incidents reported on with [...]

divider
Legislation & Regulation
The week in tech

The week in tech

20 July 2018 / EU fines Google €4.34bn The tech giant was fined by the European Commission (EC), last [...]

divider
Diversity
The advantages of diversity for tech businesses

The advantages of diversity for tech businesses

19 July 2018 / We visited the London HQ of Puppet to shoot a series of films looking at [...]

divider
AI & Machine Learning
Top 7 tips when deploying a bot

Top 7 tips when deploying a bot

19 July 2018 / There’s no shortage of reasons why your business should consider deploying a bot. For large [...]

divider
EMEA
Poland’s Gliwice: The software development outsourcing hub

Poland’s Gliwice: The software development outsourcing hub

18 July 2018 / From machine learning and artificial intelligence to the internet of things, the pace of change [...]

divider
Data Protection & Privacy
How do you solve a problem like Facebook?

How do you solve a problem like Facebook?

18 July 2018 / In the immediate aftermath of the Cambridge Analytica scandal, it was possible to imagine a [...]

divider
M&A
Workday announce acquisition of Stories.bi to expand its analytics capabilities

Workday announce acquisition of Stories.bi to expand its analytics capabilities

18 July 2018 / Workday is attempting to expand the breadth and depth of its analytics capabilities, namely Prism Analytics, which [...]

Do NOT follow this link or you will be banned from the site!