Digital identity central to business resilience
Who are you really? It’s a question that preoccupies philosophers but also experts in digital identity, the cornerstone of cybersecurity. Pierre Roberge, General Manager of the Digital Identity Laboratory of Canada, sheds light on the subject.
"On the Internet, nobody knows you’re a dog", says one canine to another in a now legendary 1993 New Yorker cartoon. If it may have been true back then, but the animal would have been proved wrong many times since. In today’s digital world, not only does every person, thing or bit of data need to display its identity, but that identity has an inherent value to it that needs to be protected.
Roberge used the cartoon in a recent webinar organized by the Quebec Technology Association, at the invitation of Stéphan Marois, Investment Manager at the Fonds de solidarité FTQ and financing arrangements specialist for the IT sector. The goal: sensitize business decision makers to an issue that’s becoming harder and harder for organizations to ignore.
Download the Fonds backgrounder on : Digital identity
"The capacity to create value depends on how seamlessly individuals, businesses, machines and data can interact. How do you really know if all the interactions in your organization are authorized? Are you sure none of your sensors are compromised? Could your data have been siphoned off to a third party? Without a solid foundation in digital identity, both for people and for connected things, you can’t answer these questions and you risk undermining the confidence of your clients, employees and partners," Roberge says.
Confidence is key. At a time when large-scale theft of personal information is commonplace, you absolutely need to know who you’re dealing with online. The digital identity Roberge advocates for encompasses a set of attributes and declarations for a person, which may include their legal identity (name, date of birth) but also things like their employment status or real estate assets, all verified by a number of organizations both public and private.
Protected by encryption, this data can be disclosed, with its owner’s consent, in a selective manner: for instance, authorizing a party to verify one’s age, but only the age, versus a traditional proof of identity like a driver’s licence, where there’s a lot more information revealed than is necessary.
A digital identity can in this sense replace these kind of official documents, providing instead proof upon demand, for which the issuer and the authenticity can be verified with certainty. That can strengthen the security of personal information enormously, but also of acts and contracts of all kinds.
For security, compliance and usability
For a business, the number one benefit is resilience, says Roberge. "We know that hackers always have a head start and that absolute cybersecurity is an impossibility. With this in mind, businesses need to ensure they can continue to operate through adverse cyber events."
"For instance, a digital identity lets you verify the identity of a supplier, a client’s credit score, or the academic credentials of a new recruit, all while minimizing the risks associated with the collection of personal and confidential information. What’s more, it allows better control over the connections to certain smart objects on which a business depends to operate efficiently," he says.
More and more it’s also a question of regulatory compliance. Our lawmakers are very conscious of how important confidence is to economic development, and Bill C11 (Ottawa) and Bill 64 (Quebec) are requiring companies to manage confidentiality in a more robust fashion, updating the way they seek consent, and letting people revise and update their personal information.
"Adopting strong digital identity measures lets companies ensure their cyber-resilience, meet the law’s requirements and offer a more user-friendly experience for users, board members and shareholders. In other words, it’s key to the successful completion of their digital transformation," Roberge says.
Users come first
In the absence of a one-size-fits-all solution on the market, the key to successfully adopting a digital identity is to place the user at the centre of all decision-making, Roberge advises.
"Give them a certain level of control over any personal information they share; make sure it can be collected in a user friendly, quick way, but also securely; and be completely transparent about the consequences of its use with all parties concerned", he says.
According to Roberge, the digital world has entered a new "evolutionary stage", where more and more machines are replacing humans, and a strong digital identity becomes essential to making sure things don’t go off the rails. Indeed, organizational systems will rely on machine learning and real-time decision-making in order to acquire and satisfy their users with speed and efficiency. In this brave new world, we won’t be able to rely on human instinct to spot any incongruous data.
"Only a strong digital identity can let you know which individuals, devices, processes and systems are real or fake, and which data is genuine or suspect. Your organization needs a reliable infrastructure to verify identity, authorize real connections, and reject anything that does not comply with security parameters," Roberge says.
To drive the point home, he’s embraced something Éric Caire, Minister for Government Digital Transformation and digital identity evangelist, said about a digital identity for all Quebecers:
"If data is truly the oil of the 21st century, then digital identity allows for the protection, control, sustainability and enhancement of our individual wealth."
Download the Fonds backgrounder on : Digital identity
