Digital Identity: The what, why and how

Are you really who you claim to be?

As the world becomes more digital, this is an increasingly important question for businesses and individuals alike. Without a way to verify identities, the digital world is vulnerable to becoming a place where criminals reign. Personal information and corporate secrets can be stolen, companies held hostage by ransomware and accounts emptied.

For businesses, digital identity protects and controls access to data, systems, services, buildings and computers. Aside from protecting people and information, the practical importance of getting digital identities right includes the ability to help reduce onboarding costs and the cost of breaches. These concerns are exemplified by an Accenture study showing that about 65% of organizations cited security and risk compliance as the top concern for cloud adoption. In addition, privacy regulations and laws can put organizations at risk for fines of up to 4% of global revenue.

For individuals, digital identity works via driver's licenses, national IDs, boarding passes and the use of mobile device cameras to recognize faces and authenticate into an application.

But it's not just about humans. Identity systems also enable machines to trust other machines.

Yet as badly as the world needs a simple way to verify identities, it also needs the process to be fast and easy. Without seamless verification, businesses would be crippled, especially considering the growing importance of the Internet of Things, mobile devices and biometrics. We should be able to quickly log on to our computers at work so we can get our jobs done, and machines should be able to talk to each other. This is particularly important as more businesses move to the cloud. Online banking, credit card and mortgage applications, access to materials at work, Teams meetings—all depend on rapid and accurate verification of our identities. It's a trusted bridge from physical to digital, and that bridge has to let traffic pass efficiently.

Digital identity's role in cybersecurity

In my experience, most security breaches occur because of problems with digital identity processes, tools and reach. When I look at recent breaches in the news, most victims lacked multi-factor authentication and strong authentication of administration accounts. Many also use custom-made identity processes that open the door for bad people to do bad things.

Many of these problems occur because companies try to stick with the old ways. The proliferation of data, systems, tools and procedures of today, coupled with digital transformation and the accelerated use of cloud services, are pushing often-manual legacy processes beyond their limits. Another problem is legacy digital identity software from the early 2000s. These old systems are as inefficient as they are insecure.

How it works when we get it right

We know digital identity is doing its job when:

• An employee or contractor joins an organization and on day one can dive right into work and onboarding because they have access to everything they need—and nothing more.
• Lines of business, application owners and supervisors/managers only have to manually approve access when it involves high-risk entitlements and roles.
• 'Friction' can be introduced and adjusted based on the current level of user risk. For example, if an employee's home remote access may have been compromised, a good identity access system automatically requires re-verification.
• It takes less time and money to prove compliance.
• There is true organizational transparency on who has access to what, with strong security controls.

How to get there

Identity leaders should:

• Understand their organization’s current capabilities and map those capabilities to organizational risk using artificial intelligence, machine learning and automation.
• Work closely with business stakeholders to align their digital identity capabilities to the business needs and vision.
• Leverage digital identity SaaS solutions to reduce the total cost of ownership, align to digital technologies and position the organization for a secure future. Almost all digital identity vendors offer SaaS a solution.
• Integrate fraud/risk decision-making processes and tools, in real-time, with digital identity processes and tool—while walking a careful line between useful and invasive.

My experience shows organization can reduce costs, time and errors in the above steps via AI, machine learning and analytics. With these advances, I've seen improved user experiences and decreased certification volumes by up to 60%, which also means reduced costs and greater productivity.

It's not just about security

The end goal isn't just risk reduction. A robust digital identity solution enables organizations and individuals to interact securely and easily, providing a good user experience while helping reduce time and costs.

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence.

Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this article is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.