What is Identity? Arguably, not just a photo on an ID card. It’s made up of so much more – from the way someone walks, to their voice and style of dress – not to mention individual characteristics such as fingerprints, irises and teeth. It is one of the most fundamental building blocks of communication, collaboration or commerce while at the same time, protecting individuals’ privacy is becoming increasingly prominent.
Identity theft is rife. We just need to look at the last five years to see its impact on companies like Yahoo, eBay and JP Morgan Chase, let alone the growth in prescription fraud in England which costs the NHS £256m a year.
While authentication looks at identifying who you are via a host of enablers such as passwords, PINS, digital certificates, one-time password tokens,etc, authorisation looks at providing access to you basis your entitlement and/or affiliation once the identity has been determined. Both are implemented across organisations but they aren’t failsafe.
In a world that is rapidly changing thanks to the sweeping waves of a digital transformation, a single ID solution is just not robust enough to handle the rigours of a foolproof identity and access management (IAM) system. Combining security layers or components to create a ‘true identity’ is the way forward.
Some of the options that have gained popularity include the usage of biometrics – fingerprints and retina scans, using a mobile phone or wearable device for easy and quick identification and even small RFID implants under the skin that grant immediate access to facilities.
Features like fingerprints are a surefire method of authenticating an individual’s identify because unlike PINS and Passwords, they cannot be stolen, lost or forgotten. In an emergency situation such as in a healthcare setup, fingerprint biometric authentication can be the difference between life and death. When the prints are stored on a smart ID card, it can limit treatment areas in the hospitals to only legitimate staff, thereby protecting patients. Patient biometric cards that are linked to crucial medical records such as blood type, drug sensitivities and allergies have huge potential in saving lives, especially when patients arrive unconscious and accurate authentication is crucial.
While the average cost of compliance with data protection regulations for organisations has risen to US $5.47 million, the cost of non-compliance is higher:
Whichever way you look at it, companies can ill afford to do nothing when it comes to securing identity data. You can’t think of securing something without knowing who is entering the system and what their rights are but you can’t establish identity if the system is insecure in the first place.
A step in the right direction today is the ability to capture information in a usable form. By that we mean personal information that’s not simply a 2D photo ID badge as that is only useful if the person reviewing the ID is known to the badge holder. Multifunction chips which can identify an individual in the context of location, biometrics and other physical attributes in conjunction with other technology such as mobile phones are the way ahead.
You can read the full article in our whitepaper, The Future of Identity.