Safe handling of digital identities: 5 key questions

Safe handling of digital identities: 5 key questions
Photo by James Pond on Unsplash

During the coronavirus crisis, the subject of digital identities has come to the forefront. On one hand, increased homeworking has meant we need to communicate digitally on a whole new level while still maintaining security and privacy. On the other hand, track and trace systems aim to use digital identities to follow society’s movements in unprecedented ways.

But what are digital identities? And how do you manage them and keep them secure? Let’s look at the five most pressing questions.

1. What is a digital identity?

People are exchanging data through digital methods increasingly more – with other people and with companies, organisations and governments. It’s efficient, but it requires secure exchange of information between a personal device, such as a laptop or mobile phone, and the computer or server receiving the information.

This is where digital identities come in. A digital identity is information about someone, or something, within an internal or external digital network. A digital identity certificate works like a digital passport for a person, website or IT system. It proves that they’re who or what they claim to be and enables information and documents to be exchanged securely.

As digital certificates use a very secure infrastructure, they’re the gold standard for securing digital communication at the highest level..

2. How do digital identities affect businesses?

Dealing with digital identities and exchanging information securely is nothing new. Employees, partners and suppliers have expected secure access to business applications and networks for a long time. As a company, you also want to be sure of the identity of people logging into your systems. So there’s a need for digital passports that take care of all this.

On the flip side, however, the people logging in expect organisations to handle their data correctly, so their privacy remains protected. And the General Data Protection Regulation (GDPR) now enforces this.

“Usernames, passwords and other sensitive data are increasingly the target of an attack.”

It’s easier said than done because criminals also know the value of digital identities and private information. Usernames, passwords and other sensitive data are increasingly becoming the target of cyber theft. Which can have far-reaching consequences for your organisation, including loss of trust and damage to your reputation.

Another concern is that if digital identity certificates aren’t managed well and kept up to date, they can prevent your systems such as websites and applications from working properly. And so put your business continuity at stake.

3. What problems do companies face when managing digital identities?

Many organisations are unaware that digital identities need to be protected with certificates that provide a strong, secure digital record of them. Which means such certificates are often managed in a reactive way.

Expired certificates are often only discovered, for example, when an internal or external system such as a web server or application begins malfunctioning. If expiry dates for certificates aren’t registered, their expiration only comes to light when there’s some kind of failure.

This also means that when managing digital certificates it’s important to know who the owner and holder of each certificate is so it can be easily renewed. Knowing who’s allowed to access which part of your network, services and information at all times is crucial for the continuity of your primary processes.

Unknown and unmanaged certificates pose a security risk due to vulnerabilities in weak cryptographic standards, such as Secure Hash Algorithm 1 or misuse of key lengths. And free certificates that don’t meet trusted standards are used far too often and can lead to digital passports that are easy to steal.

The owners of these free certificates often aren’t properly registered either, which results in non-compliance for your public key infrastructure (also knowns as PKI and meaning a management system for digital certificates).

4. How can we stay in control of digital identities?

To secure a business digitally, it’s important that identities, privacy and security work together. As an organisation, you have to find the optimal balance between ease of use and protection.Develop a digital identity strategy

The first step is to develop a digital identity strategy that describes how your organisation will deal with identities in the digital and physical world. And how ease of use, privacy and security play a role.

Investigate existing vulnerabilities

Next, you need to do a risk analysis to identify any existing vulnerabilities in how communication and authentication are managed. In this risk analysis, the risks should be grouped into strategic, tactical and operational risks and labelled with categories such as confidential, integrity and availability.

Move from a reactive to a proactive approach

You can then move forward to design, in detail, the control measures needed to implement your strategy. As well as the security of data and systems, consider physical security and the security of equipment too as these can also affect the security of your digital identities. Using a PKI and Identity Access Management (IAM) is crucial for this.

Manage your certificates

To gain control over your digital identities, for hardware, software and people, you need a streamlined system for managing them effectively. You can create your own system – by using a spreadsheet, for example. But as you gain an increasing number of certificates, professional tools can help you do this in a more standardised way that’s easier to use.

These certificate management systems help you to register, validate, issue, revoke and manage your various certificates. They also help you to track down the certificates held in your organisation. As they’re often issued in different ways to people in several departments this can save a lot of time. Which can be crucial if you need to get an application, server or website up and running again quickly.

“Now is the time to be in control of your digital business.”

5. What are the benefits of a strategy that takes control of digital identities?

On a practical level, when you use digital identity certificates to enable employees and customers to log into systems and applications it increases security. And, as communications and transactions can be secured with digitally signed documents and emails, you know exactly who’s using your network. Keeping careful control of digital identity certificates for applications and services is also essential for practicality as it prevents them failing due to expired certificates.

A good digital identity strategy has benefits beyond the practical, though. Being in control of your digital business creates trust with customers and partners, which helps to strengthen your position. A 2017 study by Gartner shows that, by 2025, 20% of digital companies with a strong digital identity strategy will grow twice as fast as companies with a poor digital vision. Another Gartner study that year says companies that are currently digitally reliable will generate 20% more online sales than companies that aren’t. As even more business and retailing has moved online during the coronavirus crisis, we can reasonably expect those figures to be even higher now.

It’s clear, therefore, that an increase in digital trust ensures more positive commercial and organisational results. So, as homeworking looks set to stay and we take digital collaboration to new heights, now is the time to take charge of digital identities and their certificates. Now is the time to take full control of the digital side of your business.

Jordan van den Akker, Business Security Consultant

Published at Security Management– July 2020.

For more information or a DEMO of one of our solutions, feel free to contact us.