SecurityBrief Asia logo
Story image

​​​​​​​The growing importance of digital identity in a COVID-19 world

02 Oct 2020

Article by Ping Identity country manager for A/NZ Ashley Diffey.

As businesses figure out how they will function in the months ahead, many are realising the vital role that will be played by digital identities.

With many staff still working from home and customer interactions occurring online, being able to reliably identify people is critical for maintaining the security of applications and data stores.

For many organisations, this requirement comes as no surprise. They’re the ones that have embraced a strategy of digital transformation and have in place the platforms needed to support day-to-day activity.

For others, however, the road ahead is much steeper. These organisations need to find a way to cope with employees working from home while also maintaining productivity and customer service. They’ll have to undertake digital transformation from a standing start.

Adopting a strategy of zero trust

The businesses that succeed and flourish in this new environment will be those that have taken an open approach to their IT infrastructures. Rather than using the traditional strategy of locking systems behind firewalls and allowing VPN-only access, they’re making things more straightforward for staff, clients and suppliers. They’re adopting a zero trust strategy.

Zero trust turns traditional security models on their head. In the past, organisations believed that if their IT infrastructure’s perimeter was protected, bad actors would not be able to gain access.

In 2020 - and particularly in a COVID-19 environment - such an approach no longer makes sense. High-performance, reliable access to systems is now needed by users more than ever before.

Also, rather than being an old-style walled garden, most organisation’s IT infrastructures are likely to comprise a mix of on-premises systems, cloud resources and SaaS applications. Building a wall around everything is not practical.

Core to the concept of zero trust is digital identity. Organisations must have a failsafe way to accurately identify everyone before allowing them to access the application or data store they have requested.

Effective security for APIs

Digital identity is also essential when it comes to maintaining control of Application Programming Interfaces (APIs). Used to link applications both within an infrastructure as well as externally, APIs have come to underpin many transactions in an increasingly digital world.

Just as knowing the identity of people wanting to gain access is important, it’s also needed for APIs. An organisation must be sure that any request for or delivery of data via an API is coming from an authorised source rather than a cybercriminal.

For this reason, the digital identity platform becomes the centrepiece of a practical security framework. It must be able to consistently and accurately establish credentials and prevent access if those credentials are not validated. If an ID platform is not in place, breaches will occur, and bad actors could gain access and cause damage or data loss.

Ongoing vigilance

As well as having an identity platform in place, many organisations are also deploying tools that monitor data traffic flows and look for abnormal behaviour. AI algorithms can learn what constitutes ‘normal’ behaviour and then trigger an alert if something unexpected occurs.

This might be an individual who suddenly starts spending more time with a different application or transferring large volumes of digital documents at an odd time of day. Alternatively, it could be API calls that request data from an unusual database or deliver some unexpected responses to outgoing requests. Having such monitoring capability in place further strengthens security in a zero trust environment.

By placing a digital identity platform at the centre of their IT infrastructure, organisations can deliver the anytime, anywhere, any place environment that their users require when working remotely. The organisation can also offer customers and suppliers digital access, confident in the knowledge that they are legitimate people and are acting transparently.

COVID-19 may have caused a lot of disruption to business, but it may also spur many to improve their IT security through effective use of digital identity – and that’s a good thing.

Story image
Cybercriminals influencing financial markets, report finds
The financial sector is being targeted by cybercrime cartels and nation-states, and the bank heist has evolved significantly — from a heist to a hostage situation.More
Story image
Five things ANZ businesses should know about storing customers’ data
Businesses need to correlate events intelligently across multiple threat surfaces, application layers, and time spans to connect event A, to event B, to event C — even if they are months apart.More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the cybersecurity lessons learned from the last 12 months
This is our seventh IT Jam with SonicWall, the cybersecurity company specialising in firewall, network security, cloud security and more.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
Remote work continues, and endpoint security cited as a must
Nearly half of workers will stay remote after the pandemic ends, and two out of three IT professionals are concerned with endpoint misuse, according to Prey Software's new study.More
Story image
Hybrid IAM solutions are the way of the future, study states
“As this first-of-its-kind research shows, while IT leaders are faced with unique criteria and conditions that shape their IT strategy, hybrid IAM has emerged as a necessity."More