In my last blog post I talked about the fundamental shift from implied trust to verified identities at login. I could continue on this path and talk about how the security world revolves around identity. But, whether you agree that it does or does not, we need to get out of a parochial mindset about Identity and Access Management (IAM) and shift the conversation. Any discussion about IAM should focus on how it helps address the challenges facing CIOs and CISOs.
CIOs are shifting to new hybrid computing architectures, working to prevent data loss, and to support remote workers. They need to connect to everything from everywhere and in today’s virtual world, they also need to digitally transform worker onboarding. This becomes much easier if they embrace the new, convenient ways of virtual identity proofing new employees.
In the same way that banks perform remote Know Your Customer identity verification, new workers step through a self-service onboarding experience in which they scan government-issued documents and verify likeness to assert identity. No more faxing, emailing or texting identity documents in the clear.
In doing so, new employees get verified to NIST Identity Assurance Level 2 (IAL 2) while existing employees can easily activate a magic link sent to a secured account or device to get issued a high-trust biometric credential that not only meets regulatory requirements but, as the need arises, can then be identity proofed to a higher level through a similar process as for new hires.
This can jumpstart the use of real biometrics that defy spoofing and are used to validate identity at login to Authentication Assurance Level 2 (AAL), proving that a user is who they claim to be every time they authenticate. This is a critical element to a Zero Trust Architecture and one that can be highly effective at preventing data loss and securing network access.
For their part, CISOs need to guard both the business-to-employee and business-to-consumer engagements, and they need to secure both the physical and logical access. It serves them best to reduce IT complexity and select an integrated approach that continuously verifies trust in a way that is least intrusive to users and that can adjust to different and evolving business needs. The truth is, not all users and use cases need the very highest level of security. CISOs need variable levels of identity assurance at login.
All decisions about corporate IT infrastructure should also be made to avoid vendor lock-in, which gives vendors incredibly high leverage over IT decisions and overall cost structure. For IAM, one big symptom of vendor lock-in is having to go through one SSO provider to solve every access issue. So much for flexibility.
At a time when many organizations are looking to eliminate passwords and improve agility, IAM vendor lock-in can be avoided by leveraging an authentication platform that is certified to industry standards for interoperability and that connects via API / SDK the same way as should a properly configured abstraction layer facilitating biometric login. The result – no more vendor lock in, user convenience, proof of identity at login, and the ability to flexibly configure authentication levels across the enterprise, encompassing both workers and customers.
1Kosmos addresses these challenges while recasting MFA in a new mold powered by identity-proofed biometrics to eliminate the risk and inconvenience of one time codes. Our BlockID platform allows the biometric verification to be tailored and flexibly adjusted to different business needs. This allows low risk activities to be authenticated with device biometric, while a selfie or “live selfie” with anti-spoofing technology (such as depth of field detection) can be used to secure higher value work processes.
Applying blockchain technology enables organizations not only to secure logins and deliver an excellent user experience, but to also optimize for user privacy and security as it puts PII under user control and eliminates centralized administration – removing the honeypot of PII.
1Kosmos distributed digital identity solutions are specifically architected to address these challenges, and represent a breakthrough, a disruption long overdue in identity and access management.
If you look closely you’ll see that this is likely to culminate in a trend toward a “true global, portable, decentralized identity standard” by 2024. This is the strategic planning assumption surfaced in the Innovation Insight for Decentralized Identity and Verifiable Claims published by Gartner, and it echoes prior work published by Microsoft and 1Kosmos in our recent Identity-Based Authentication whitepaper.
Like the familiar iceberg analogy, the “upper 1/10th” of this shift appears in clear sight. It’s the rush to multi-factor authentication and to some extent the “identity-detached” biometric authentication emerging in response to escalating data breach and ransomware attacks.
You can see practical applications, for example South Korea’s B-Pass, Singapore’s Singpass and further in Finland, Germany and Mexico. You see it in 1Kosmos customers who now support over 50m identities and perform millions of authentications each day via private distributed ledgers in our BlockID platform.
It all seems to come back to the 1Kosmos vision – the name of the company itself stemming from the Greek word for Universe. One universe, one world, one identity. Today, if you take a closer look we are helping organizations of all shapes and sizes onboard users quickly, authenticate them with high accuracy and minimal friction, and maintain privacy with every interaction.
If you take a close look, distributed digital identity represents the future of IAM and of Web 3.0 architecture, whenever that comes to fruition. For IAM, that future is now!