Do you know how many online accounts you have? How many services or websites know your credit card details, biometrics, ID numbers, addresses etc?
The average person has over 100 online accounts. That’s 100 passwords to remember, 100 places some form of your personal information is stored, as well as 100 chances for your data to be involved in a breach.
This risk landscape and rising privacy awareness is creating momentum towards a more private and more secure approach to identity and access management - a decentralized approach.
Decentralized identity in essence, gives the power back to the people. It means people manage their own identity information and authentication data is shared to establish a high level of trust with services (decreasing fraud risk for businesses).
This new approach is going to dramatically change how users interact with services, how transactions are authenticated and how data is managed.
The internet was never designed with an identity layer. Creating a high level of assurance for proving our identity and legitimate access has always been a challenge.
Right now, in a centralized or federated identity model, users create accounts to access systems and authenticate transactions with many different identity providers. Organizations collect and store personal and sensitive information on their users to enable services.
This results in our digital identities being spread all over the web, making ID theft, credential compromise and breaches a real possibility with potentially significant, long term impacts for both individuals and businesses. At the same time, more and more services are requiring verified authentication, relying on inefficient, onerous and inconvenient processes to establish trust.
In a decentralized approach, the user validates and stores verifiable credentials from issuing authorities in a digital identity wallet. When a service provider requires the user to authenticate, the user can initiate this via the digital wallet, sharing only the necessary information to complete the authentication step (such as a token that carries verification information, removing the need for the PII to be shared).
This allows for fast and safe authentication, high levels of trust, minimal sharing of personal information, enhanced user control and reduced risk for businesses.
With a digital identity wallet, PII data is shared only when the user agrees and can choose which information is shared. It means data will not be subject to mass breaches, exposing information that can lead to identity theft and further compromises.
It also means that businesses don’t have to manage and protect large databases of PII data within their own systems, decreasing their liability and risk.
Credentials, even with additional protections like MFA, are always vulnerable to theft and are often the weakest point in a security system. Using a digital identity wallet with biometric verification increases the level of assurance for legitimate access while also providing much greater protection against theft, misuse and data breaches. A decentralized approach can also allow for greater oversight of system access (or attempted access) and use AI and ML to enhance early threat detection.
From emerging to recommended model
With so many benefits for both user and service provider, many organizations around the world are positioning and preparing for the shift.
The European Commission now recommends the adoption of this model and has issued a specification for providing a secure digital wallet for Europeans - eIDAS.
Much like the concept of bring-your-own-device transformed the workplace over the last decade, the EU’s “bring-your-own-identity” requirements for service providers is transforming the way in which businesses, public services, consumers and citizens interact online.
‘Every time an app or website asks us to create a new digital identity or to easily log on via a big platform, we have no idea what happens to our data in reality.’
‘The new European Digital Identity Wallets will enable all Europeans to access services online without having to use private identification methods or unnecessarily sharing personal data. With this solution they will have full control of the data they share.’ - EU Commission.
For businesses, the approach can turn a liability into a core business asset, delivering real value. For users, it removes friction, while improving privacy and control of personal data.
For us at IndyKite, it doesn’t stop there. Decentralized identity can be approached in a number of different ways, but we believe the true value of such a model lies in the context and relationships between human identities and ‘things’. In just a few short years, more than 750 billion devices will also be connected and sharing data.
This IOT trend gives rise to the semantic web, with the original vision of extending the World Wide Web, with machine-readable metadata, so that machines can infer intent and meaning from the data itself.
With the identity graph’s unique ability to understand dynamic and complex relationships, it can infer meaning in this same way, managing data in a more natural, intuitive way.
When we approach identity from a decentralized and relationship perspective, we discover hidden insights that can help companies optimize personalization, recommend complementary products, provide early threat detection, and discover new business opportunities.
Want to learn more? Join us for our upcoming webinar where we talk about how artificial intelligence can be used to unlock value from identity data.