Strengthening an organization’s trust

The pandemic has compressed years’ worth of digital transformation into a matter of months. And with hybrid working now being the new normal — people can work from home (or anywhere) remotely using an array of mobile devices.

But amid the flurry of digital growth, businesses may be exposing themselves to a rising number of risks organization wide. From a technology and security mindset, digital-first approaches have reduced the number of physical security barriers and massively increased interconnectivity through the cloud and software-as-a-service.

This puts digital identity at the heart of a sound cyber security environment today — and getting digital identity right is critical to building digital trust. It can help an organization identify — seamlessly and unobtrusively — if someone is truly who they say they are. At present, people need to prove their identity repeatedly, often with more personal data than is required for the transaction they are conducting.

It’s important that organizations monitor who may be accessing their ecosystems and make better decisions regarding access to certain resources. Every time someone seeks such access, organizations need the capability to validate a few key factors: biometrics, the specific device and user behaviors, such as the location, time and frequency of access.

As a result, it’s critical to consider moving toward a ‘zero-trust model’ of digital identity. It’s an approach to security that’s fundamentally all about interrogating every transaction at every connection point. It’s also a journey — and no single technology, tool or platform has all the answers.

Bringing together a common set of capabilities

When it comes to security, the idea of convergence is about organizations treating their workforce, customers and partners similarly. For a long time now, all stakeholder groups — those that help run the business and those they’re trying to sell to — have remained separate. Many businesses use different controls, technology stacks and frameworks between those different user bases.

It’s time to meet in the middle using a common framework to manage digital identities. Moving forward, organizations should leverage a common set of capabilities across consumers, partners and employees. There have been a lot of lessons learned about how best to manage each community. Here are three actions to take to get digital identity management right:

Two women smiling and working together
  1. Bring the internal and external together
    It’s important to use a common approach when looking at threats, so make sure external fraud and internal threat programs are linked. Not only does this give full visibility to all potential threats, but an organization can pick up on patterns of crime which blend internal and external vectors.
  2. Focus on monitoring capability
    From a technology perspective, it’s critical to be able to detect and monitor who is doing what with their access. Organizations are often good at authentication, but monitoring can create shortcomings among security programs — and a lack of integration with processes such as the joiners, movers and leavers process can leave businesses vulnerable.
  3. Take a risk-based approach to protecting data
    Look to prioritize key assets, prevent malicious activity where possible, and be ready to detect and respond to threats quickly. Which assets really merit the highest level of protection? Zero-trust approaches can provide ‘fine grained’ access rights — but they depend on an understanding of which information is of most value to the organization.

Beyond what individual organizations can do, efforts are underway to develop self-sovereign identities — more portable representations of people’s digital identities that will be proofed by governments, financial institutions, utility providers and others. Widespread adoption of digital identity models would represent a great improvement from the status quo, since paper-based documents are vulnerable to theft and fraud.

With proofing, self-sovereign identities hold a higher level of assurance. With these forms of identity, consumers and citizens can choose which organizations to share them with. For example, in the US, it’s possible to link one’s digital travel identity (connected to airports) to one’s medical records, vaccine status, etc.

Governments would play a key role as the ultimate authority on the identity of a citizen, but only by public-private cooperation can organizations harness the innovation, agility and scale necessary to build the solution and secure a digital economy.

Putting a robust digital identity program in place helps organizations increase security and protection, improve risk management, manage access risk and prevent cyber attacks. Smart, forward looking organizations will waste no time improving the user experience and aligning their internal and external programs to deliver sustainable change and crucial advantages.

  

Contact us

Connect with us

Stay up to date with what matters to you

Gain access to personalized content based on your interests by signing up today

  

Stay informed

You’ve successfully logged in.

Please close this pop-up to return to the page.

Please provide the following information to register.

The email format is incorrect. This field is required Incorrect email format. Please enter corporate email address.
Email
This field is required
First name
This field is required
Last name
This field is required
This field is required
Company

Please tick the box if you consent to KPMGI sending you insights, event invitations and other benefits via email.

By checking this box you consent to KPMGI sharing your personal data with its member firms for marketing purposes, including direct outreach regarding KPMG services.

 

Note: You will receive an email after registration to verify and activate your account. Also you will have options to self-serve to set your preferences for content personalization, subscription to newsletter, opt-in and opt-out from email communication and delete your account any time after registration.