SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
​​​​​​​The growing importance of digital identity in a COVID-19 world
Fri, 2nd Oct 2020
FYI, this story is more than a year old

As businesses figure out how they will function in the months ahead, many are realising the vital role that will be played by digital identities.

With many staff still working from home and customer interactions occurring online, being able to reliably identify people is critical for maintaining the security of applications and data stores.

For many organisations, this requirement comes as no surprise. They're the ones that have embraced a strategy of digital transformation and have in place the platforms needed to support day-to-day activity.

For others, however, the road ahead is much steeper. These organisations need to find a way to cope with employees working from home while also maintaining productivity and customer service. They'll have to undertake digital transformation from a standing start.

Adopting a strategy of zero trust

The businesses that succeed and flourish in this new environment will be those that have taken an open approach to their IT infrastructures. Rather than using the traditional strategy of locking systems behind firewalls and allowing VPN-only access, they're making things more straightforward for staff, clients and suppliers. They're adopting a zero trust strategy.

Zero trust turns traditional security models on their head. In the past, organisations believed that if their IT infrastructure's perimeter was protected, bad actors would not be able to gain access.

In 2020 - and particularly in a COVID-19 environment - such an approach no longer makes sense. High-performance, reliable access to systems is now needed by users more than ever before.

Also, rather than being an old-style walled garden, most organisation's IT infrastructures are likely to comprise a mix of on-premises systems, cloud resources and SaaS applications. Building a wall around everything is not practical.

Core to the concept of zero trust is digital identity. Organisations must have a failsafe way to accurately identify everyone before allowing them to access the application or data store they have requested.

Effective security for APIs

Digital identity is also essential when it comes to maintaining control of Application Programming Interfaces (APIs). Used to link applications both within an infrastructure as well as externally, APIs have come to underpin many transactions in an increasingly digital world.

Just as knowing the identity of people wanting to gain access is important, it's also needed for APIs. An organisation must be sure that any request for or delivery of data via an API is coming from an authorised source rather than a cybercriminal.

For this reason, the digital identity platform becomes the centrepiece of a practical security framework. It must be able to consistently and accurately establish credentials and prevent access if those credentials are not validated. If an ID platform is not in place, breaches will occur, and bad actors could gain access and cause damage or data loss.

Ongoing vigilance

As well as having an identity platform in place, many organisations are also deploying tools that monitor data traffic flows and look for abnormal behaviour. AI algorithms can learn what constitutes ‘normal' behaviour and then trigger an alert if something unexpected occurs.

This might be an individual who suddenly starts spending more time with a different application or transferring large volumes of digital documents at an odd time of day. Alternatively, it could be API calls that request data from an unusual database or deliver some unexpected responses to outgoing requests. Having such monitoring capability in place further strengthens security in a zero trust environment.

By placing a digital identity platform at the centre of their IT infrastructure, organisations can deliver the anytime, anywhere, any place environment that their users require when working remotely. The organisation can also offer customers and suppliers digital access, confident in the knowledge that they are legitimate people and are acting transparently.

COVID-19 may have caused a lot of disruption to business, but it may also spur many to improve their IT security through effective use of digital identity – and that's a good thing.