We all know that Identity in the digital world is broken; and has been for some time. Passwords are well beyond their sell-by date, yet are still the only realistic game in town. Meanwhile Spam, Fraud, Phishing and Cyber Crime succeed by being able to steal identities and impersonate individuals. Credit Card fraud has hit an in excess of thirty billion US dollars per annum.
To date, all attempts of national or commercial solutions have started with grand intentions and then either failed (UK National Identity Card scheme), or has imploded into a method of “citizens” accessing a sub-set of government services.
If we are to have a more secure future, the key is to understand all the entities and attributes in a transaction chain (Cloud Security Alliance, “Guidance” Domain 12), and yet square the circle of trust, privacy, primacy, and usability.
Getting it right is critical as the industry grapples with the business issues around security surrounding de-perimeterization, BYOD, IoT and many more business problems. The solution lies in being able to make risk-based decisions based on the context of all the entities.
Starting with work from the Jericho Forum (part of the Open Group) and looking at why current identity solution fail. The Global Identity Foundation, a global not-for-profit organisation, has defined what we, the industry, need to come together to “do differently”. This is defined in what we call “Identity 3.0”. It will then look at the learning from that work and the principles of Identity 3.0 (see Wikipedia) that flow from that, together with some practical examples of what could be securely enabled using this new framework.Finally, it will detail how this all comes together, with up to the minute examples of what partner organisation are envisaging doing to enable their businesses, for the new challenges that lie ahead.
The world of identity management changed forever on June 10, 2013 with the introduction of the Zero Trust architecture approach. First proposed by Forrester Research, this new "best practice" has "never trust, always verify" as its guiding principle. It takes the old model—"trust but verify"—and inverts it. As recent breaches have proven that when an organization trusts, it doesn’t verify.
Something is fundamentally broken in the world of information security. Despite countermeasures and controls, attackers continually breach our defenses and steal our identities. Forrester’s research shows the threat vectors expanding in which organized crime and nation-states are creating more significant, targeted attacks. This presentation goes beyond the security context, are speaks to organizations large and small, public and private that are looking for ways to reduce identity management costs while simplifying identity verification processes.
This presentation highlights new approaches to practical barriers in identity management like liability, insurance and changing regulations. It reviews the innovations in standards development, self-certification, and registration that are driving increased global adoption of identity services.
Key Takeaways:
