Digital Identity - Essential for the Modern Enterprise

Digital identity and access management (the process of working out who someone or something is and what they can do, typically referred to as IAM) is a key component of any enterprise cyber security arsenal.  This function was initially focused on making sure employees had the correct access to perform their jobs - whilst upholding things like signal sign on, password policies, multi-factor authentication and audit. 
 
IAM has now expanded and evolved to be a mission critical part of any modern organisation and their digital transformation mission - from handling employee “work from anywhere” and the zero trust design pattern (especially crucial now during Covid-19), securing supply chain integration, helping to deliver secure consumer services that are managed online, as well being a foundation for mobile applications. 
Enter Stage Left: The Edge 
 
Digital transformation, whilst bringing huge opportunities for end user empowerment through the likes of the GDPR and consent management initiatives, can also be a huge competitive advantage for those organisations looking to deliver great user experiences combined with security and privacy.  But these new services often need to be delivered across a range of different environments and devices.  
 
Edge computing brings us new concepts such as the Internet of Things, offline devices (that have no consistent access to a central cloud “mothership”), high performance microservices or systems which are globally distributed.  Think of the following use cases and how identity and access management needs to adapt to survive: 
 

  • How to pair a smart TV to a specific user identity in order to deliver personalised content - then how to do that for millions of end users?
  • How to authenticate and authorise calls from a mobile application that is powered by 200 distributed microservices, each generating 1000 transactions a second with one another?
  • How to securely allow an employee working from home in New York to gain immediate access to an application in a European data centre?
  • How to provide login and access control services to staff on a cruise ship that is unable to communicate with the port's home network for 3 weeks?

New Concepts New Designs 
 
All of the above use cases require the traditional functionality of authentication (working out who something or someone is) along with authorization (working out what they can then do). But how to do that, when the traditional centralised, on-premise, low scale identity and security infrastructure is no longer able to deliver these use cases? 
 
A modern identity platform requires DNA based on the following concepts: 
 

  • Based on standards - to allow integration with different device types and programming languages - Eg ​OAuth2​ (for authorization), ​WebAuthn​ (for passwordless login) and ​JWT (JSON Web Tokens for identity data distribution).
  • Be elastic - meaning that it can grow and shrink based on unknown spikes in demand (such as Covid-19, or prime time content demand).
  • Be distributed - with the ability to deploy nodes in cloud based data centres or within on-premise devops managed hubs across geographic locations. 
  •  

Another major concept for the edge, is that of being stateless.  This essentially supports the idea, where security decisions can be made away from a central “mothership”.  What does that mean?  In a highly distributed and high scale ecosystem, making a call back to a central hub is not feasible - the latency involved will be too high, the central service may not be able to cope under such load and the services requiring security decisions, may not even have access to a stable Internet connection. 
 
By issuing security tokens that essentially contain all the necessary information to allow remote or offline identity and access management decisions, can help with the scale, speed and distributed nature of edge computing. 
 
Edge computing provides a myriad of new opportunities to deliver personalised high scale user experiences, deliver IoT, Operational Technology driven smart industry, but must also adhere to modern identity, security and privacy standards. 
 

  • Laura Foster

    Laura Foster

    Programme Manager | Technology and Innovation

Share this

FROM SOCIAL MEDIA

Join us for an Introduction to techUK on Tuesday 24 November. Whether you are new to techUK, thinking of joining u… https://t.co/Xrp47iFBPP
Last chance to join us for Hong Kong Fintech Week 2020! If you're a techUK member, claim your discounted access to… https://t.co/4QToCzMNho
🚨 New #techUK report - Delivering diversity. techUK has catalogued how members are being proactive in tackling ine… https://t.co/ErzZx1C1Mi
Data adequacy is a hot trend right now. Read our experts letter for @LawSocBrussels delving into importance of data… https://t.co/ekCJOLf7Q5
@AwenCollective Welcome to techUK - we are delighted to have you on board!
The @techcharterUK have launched a new campaign called #DoingItAnyway to help more women get into #tech. Get inspi… https://t.co/WfftI5rKOD
Join our friends @bethebusiness and @Facebook next Wednesday for their latest regional event. If you’re a business… https://t.co/7xXtnWJeMJ
FINAL CALL: Nominations to the Health and Social Care Council close on the 2nd November. Step up and help to lead t… https://t.co/a5DIXuq64U
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...