Taking data authentication personally in a digital age
The enormous market for technology is a testament to our desire for connectivity, a right-now attitude to services and a need for immediate responses from the people and institutions with which we interact.
Even if we want to use technology as (relatively) old as email, not getting an electronic response to a query or message in 24 hours is seen as odd. Not responding to text messages, or social platform messaging channels is often a cause for concern from the other party: if there’s no answer, is something wrong? Is there no data or voice reception? Have you lost your phone?
The immediacy of the internet and data movements measured in fractions of a second have massive advantages, of course, but sometimes the very speed of information’s availability is too fast.
Ascertaining the identity of individuals using what’s mostly an anodyne, impersonal medium is difficult to do correctly at speed. The rate at which one can create a new virtual identity on a variety of platforms is a testament to that, so in many areas of life, we have to resort to slower, manual and physical transactions: opening a new bank account, applying for government services, obtaining licenses, visas or a passport are times when the anonymity and speed of the internet is felt still to be inappropriate.
And as data gets more valuable and businesses conduct almost every transaction in the form of streams of zeroes and ones, proving one’s validity to access information in the workplace or leisure hours is becoming more challenging. Usernames and passwords get compromised, or shared, SMS authentication has been deprecated after several high-profile hacks, and even physical characteristics such as fingerprints or facial features can be spoofed.
For many organizations – and not just the world’s governments and financial sectors – proving identity in a way that’s both inviolable and yet congruent with the speed of people’s expectations is a tall order. Here at Tech Wire Asia, we spoke with Jeremy Ng, the Senior Marketing Manager for Entrust Datacard, the US-based leading identity management company that has global reach, including nine regional offices right across the APAC. With 50 years in the identity management sector, Entrust Datacard has, literally, seen it all, and has been in the field all along.
Who better to help us track both the past, and explore the possibilities open to any organization wishing to look to a more secure, digitally-powered future?
We first brought up this paradox of speed and convenience versus validity. For companies wishing to check that the individuals with whom they interact are genuinely who they say they are, but quickly, where is the balancing point?
Entrust Datacard starts at ground zero: “We believe in zero-trust and a zero-factor framework,” Ng said. “This means trust no one and incorporate a trusted identity assurance platform that helps you establish and maintain trust within your user base, transparently.”
That’s an interesting reversal of where notional ideas of where the trust lies. Jeremy means that customers or service users also need to trust the institution: hacks, breaches, and data leaks have destroyed a great deal of confidence in companies. He also listed the loss of patience from frictions caused by slower authentication methods (that’s a two-way street) plus, if companies can’t achieve the levels of validity required quickly, the danger is that customers will vote with their feet and move to a competitor. As a company, establishing and maintaining the trust (of the user and the organization) while ensuring a frictionless user experience is a critical differentiation.
At the very highest of identity verification requirements are probably national governments– in the case of the Singapore government, that’s part of an overall mass digitization program. The national digital identification system is “absolutely essential” for Singapore so that citizens can more safely and conveniently transact with the Government, as well as with the private sector, said the Minister-in-charge of the Smart Nation Programme Office (SNPO), Vivian Balakrishnan. The SingPass system is being expanded to include mobile software token authentication, and online interactions with government functions are getting much more straightforward.
Private businesses do not, of course, have the type of resources available to governments so it’s important that organizations can comply with legislation (like HIPAA, PCI-DSS, PSD2 mandates, and so on) and develop trust with users, but not at a ridiculous cost. Entrust Datacard’s offerings reflect a range of choices, or tiers of methods, the stringency of which is dependent on the use case. Ng quotes these as, for example:
- Low classifications – Authenticators using emails, SMS and or grid cards.
- Mid classifications – Response-only authenticators like mobile tokens, hardware tokens, e.g. Yubikey
- High classifications – Challenge-response authenticators such as FIPs certified tokens and smart cards.
The key, according to Entrust Datacard, is that as technology evolves and needs change (for instance, if an organization wants to offer a highly data-sensitive option). Moving from different authenticators, like from an SMS-based system to a mobile platform, will be simple and not incur the type of costs that would kill a new initiative dead in the water.
So far, the direction of this article has been focused on people verification. There are, of course, new needs surrounding exciting developments in IoT, smart cities, connected buildings, automobiles, smart utility grids, and system-to-system verification methods which a further article in a month will address. The underpinning technology is sophisticated, but companies like Entrust Datacard have the pedigree proven over many years to provide the right solution.
As Ng says, the company will continue to provide identity and verification services in the physical realm (passports, driver’s licenses, National ID cards, and the like) and the digital world (e-ID, e-Passports, ID proofing and advanced smart-cards and authentication tokens).
“We have been working on secure credentials for the past 50 years, providing personalization technologies to produce government-level credentials and have had strong background and expertise on identity management and access control since the 1990s. Entrust Datacard is focused on making security simple.”
To read more about the company’s offerings, and how it can help you establish trust in your customers, and vice versa, get in touch with a local APAC representative today. And watch these pages for the second part of this feature, where we will look at other forms that identity management is critical in a digital age.