Digital Identity - Essential for the Modern Enterprise

Digital identity and access management (the process of working out who someone or something is and what they can do, typically referred to as IAM) is a key component of any enterprise cyber security arsenal.  This function was initially focused on making sure employees had the correct access to perform their jobs - whilst upholding things like signal sign on, password policies, multi-factor authentication and audit. 
 
IAM has now expanded and evolved to be a mission critical part of any modern organisation and their digital transformation mission - from handling employee “work from anywhere” and the zero trust design pattern (especially crucial now during Covid-19), securing supply chain integration, helping to deliver secure consumer services that are managed online, as well being a foundation for mobile applications. 
Enter Stage Left: The Edge 
 
Digital transformation, whilst bringing huge opportunities for end user empowerment through the likes of the GDPR and consent management initiatives, can also be a huge competitive advantage for those organisations looking to deliver great user experiences combined with security and privacy.  But these new services often need to be delivered across a range of different environments and devices.  
 
Edge computing brings us new concepts such as the Internet of Things, offline devices (that have no consistent access to a central cloud “mothership”), high performance microservices or systems which are globally distributed.  Think of the following use cases and how identity and access management needs to adapt to survive: 
 

  • How to pair a smart TV to a specific user identity in order to deliver personalised content - then how to do that for millions of end users?
  • How to authenticate and authorise calls from a mobile application that is powered by 200 distributed microservices, each generating 1000 transactions a second with one another?
  • How to securely allow an employee working from home in New York to gain immediate access to an application in a European data centre?
  • How to provide login and access control services to staff on a cruise ship that is unable to communicate with the port's home network for 3 weeks?

New Concepts New Designs 
 
All of the above use cases require the traditional functionality of authentication (working out who something or someone is) along with authorization (working out what they can then do). But how to do that, when the traditional centralised, on-premise, low scale identity and security infrastructure is no longer able to deliver these use cases? 
 
A modern identity platform requires DNA based on the following concepts: 
 

  • Based on standards - to allow integration with different device types and programming languages - Eg ​OAuth2​ (for authorization), ​WebAuthn​ (for passwordless login) and ​JWT (JSON Web Tokens for identity data distribution).
  • Be elastic - meaning that it can grow and shrink based on unknown spikes in demand (such as Covid-19, or prime time content demand).
  • Be distributed - with the ability to deploy nodes in cloud based data centres or within on-premise devops managed hubs across geographic locations. 
  •  

Another major concept for the edge, is that of being stateless.  This essentially supports the idea, where security decisions can be made away from a central “mothership”.  What does that mean?  In a highly distributed and high scale ecosystem, making a call back to a central hub is not feasible - the latency involved will be too high, the central service may not be able to cope under such load and the services requiring security decisions, may not even have access to a stable Internet connection. 
 
By issuing security tokens that essentially contain all the necessary information to allow remote or offline identity and access management decisions, can help with the scale, speed and distributed nature of edge computing. 
 
Edge computing provides a myriad of new opportunities to deliver personalised high scale user experiences, deliver IoT, Operational Technology driven smart industry, but must also adhere to modern identity, security and privacy standards. 
 

  • Laura Foster

    Laura Foster

    Programme Manager | Technology and Innovation

Share this

FROM SOCIAL MEDIA

Guest Blog: Facing up to cyber threats during COVID-19 and beyond by David Viola, @QinetiQ explores how cyber threa… https://t.co/pdrVjW5jBx
techUK members are invited to join a Zoom webinar this Friday 5 June from 15:00 on 'An Introduction to BSA Buying G… https://t.co/1ZF6nptnTj
.@techUK Cloud Week is back 15-19 June. Cloud computing has played a pivotal role in helping during the Covid19 cri… https://t.co/Jcanfykkt2
On 16 June from 14:00-15:00, #techUK will be hosting a session with tech #SMEs to discuss what guidance and support… https://t.co/UaisZagzmX
#techUK, along with other leading international tech and business trade associations, have issued recommendations t… https://t.co/PDqTElNHIl
Last chance to register for today's webinar on responsible mineral sourcing - a massive issue for tech firms - toda… https://t.co/h9aSXM4bnH
Join us on Monday for a webinar looking at human rights due diligence. We've got a great panel of experts setting o… https://t.co/JBDZkkBds0
For our #ConnectandProtect campaign, @PDevComms explains that the experience of @TCS_UKI during #COVID19UK has acce… https://t.co/6sMsDV377D
International perspectives: Join us on 16 June from 12:30 - 13:30 to hear from Patrik Sundström, the architect behi… https://t.co/kTL39WWWMS
This afternoon #techUK will host its ninth post-COVID webinar, this time to discuss the topic of #Diversity &… https://t.co/8Ch8eLzj4U
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...