To receive an excerpt of this report, please fill out the following:
Identity as the New Perimeter
Authors:
Doug Simmons – Principal Consulting Analyst
Nick Nikols – Principal Consulting Analyst
Gary Rowe – Principal Consulting Analyst
Gary Zimmerman – Principal Consulting Analyst
Abstract
Digital transformation, mobility and the proliferation of applications and networks have made traditional forms of information protection increasingly difficult to manage and enforce. Information is everywhere, access is widely distributed, but most security programs are still largely based on archaic, static security models that just don’t work anymore…and it is getting worse. The latest evidence of this is recent breach disclosed by Equifax that has exposed identity information for over 140 million individuals. Enterprises continue to take on enormous risk by aggregating unnecessary personal data while customers can’t manage the massive number of IDs, passwords and data required to interact with every on-line connection.
TechVision believes that the common denominator across most aspects of information protection is identity. An identity inextricably linked to a person, device, application, system or network is today the most dependable ‘perimeter’ we can rely upon to determine what and how to make information available properly and securely. Identity management will soon have to make the leap from our age-old approaches of multiple user IDs and passwords to a new, secure, privacy-centric means of identification.
The good news is that the bulk of the underpinnings for this more flexible, scalable and secure user-centric identity model can leverage existing technologies…but there are a few pieces such as blockchain and verifiable claims that can be added to accelerate the movement to self-sovereign identity and access management.
This new, user-centric identity model leverages personas related to verifiable claims that can both protect privacy (and reduced liability for the enterprise) and provide distributed access to authorized services. In such a way, we boil it down to identity as being the primary security perimeter that is applicable in enterprise, banking, commerce, social networks and other forms interaction. The lowest common denominator becomes identity and we recommend CIOs, CISOs and Line of Business (LOB) leaders carefully evaluate this new approach for distributed identity .
This report covers:
- The new definition of identity
- The concept of a persona
- Verifiable claims (digitally signed attributes) that can comprise various personas
- The rise of reputation as a deciding factor
- The way forward into the new world of identity-centric security and risk management.