The movement toward identity-centric security


This year, 5.5 million new devices will get connected online every day, according to Gartner. By the end of 2016, there will be more than 6.4 billion connected things, a 30 percent rise from last year. And Gartner predicts the trend is not going to slow down. By 2020, the Internet of Things market will include 20.8 billion things.

In tandem with the explosion of connected devices is the growth in breaches. In just the first three months of 2016, there were 139 reported data breaches, resulting in almost 4.3 million exposed user records, according to the Identity Theft Resource Center.

Data breaches are costly and can negatively impact customer trust and companies of all sizes are being compromised.

With so many devices going online, the surface for potential attacks keeps growing and calls for the redoubling of efforts to protect online device and user data. Against this backdrop, companies are focusing on scoped access to enhance data security and privacy.

>See also: 4 guiding principles of mobile login

Scoped access ensures that only those employees and contractors who need access to data to do their work have access and that their access is limited to the data required for their work.

In a recent security and privacy talk with Janrain, miaa Guard co-founder Carlo Schupp discussed the importance of managing access for devices and people to protect secure customer identities.

With a background in managed infrastructure security, Schupp co-founded miaa Guard six years ago. Based out of Belgium, the company provides managed access services.

Device control

Devices are starting to have their own identities, often associated with a human being that owns the device. There is a client-device relationship and devices need to be secure in order to maintain trust from the owner.

“From a security standpoint, we are now treating devices the same way we treat individuals,” said Schupp. “So devices will also have their identity and then we will concentrate modern identity-centric security around those devices. You want to have the device control itself, rather than relying on some third party and hope that they do a good job.”

With more data being gathered and becoming available, access and policy are important to consider. Doctor access to patient records is an issue that will need policies and constraints. Consumer brands accessing customer data has to be controlled so not everyone working at these large companies has access to the data.

Every industry is collecting identity data and without scoped access and relevant, targeted and enforced policy choices, information can get into the wrong hands.

“Access control relative to applications is often embedded in the application,” Schupp said. “Also, if the application is web-enabled, then it may be part of the web server. We see more and more trends to externalize the control of access out of the applications, so that you can have a harmonised way of controlling access to different types of websites and applications.”

>See also: What is customer identity access management?

By understanding the parameters that are important in its industry, a business can determine the best way to control access.

“Often times in the past, people were given permission to access certain data and then when people changed throughout the organisation, nobody dared to take away those permissions,” Schupp said. “They would add permissions to access even more data and more applications. And the longer a person is with the company, the more permission they have.”

It’s important to review security as identity-centric. Employees are given certain roles when joining a company but those roles change when they move throughout the organisation. In regard to access and authorisation management, businesses must think about the identity and make sure that you have a single identity for an individual.

“You don’t want to have 4,000 accounts of one person and a gazillion number of access rights and permission spread all over the company,” Schupp said.

Access control is a key component of customer identity and access management. And simple as it may be, the most important thing to remember is to make it a priority and establish protocols to ensure the privacy and security of customer data.


Sourced from Lewis Barr, VP of legal and privacy, Janrain. Janrain is a customer identity management platform on the cloud. It helps companies build a unified view of their customers across all devices by collecting accurate customer profile data to power personalised marketing.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data Breach