The case for digital identity: opening new fronts against cybercrime
By Daragh Morrissey, Digital Strategist, WW Financial Services on August 1, 2017
Filed under Financial Services - Banking & Capital Markets
Financial institutions understand the importance that identity management plays in their security models. But even the most onerous security protocols are rendered pointless when a case of mistaken, or forged, identity allows someone to walk in through the digital front door.
New technological breakthroughs, such as AI, predictive analytics, and blockchain are opening up many new possibilities for the concepts of identity and identity management. Field-tested solutions to an age-old problem have now reached an enterprise-ready state and will be on the frontlines in the continual battle over cybersecurity.
The current systems and identification techniques have been insecure for many decades. Physical cards can be counterfeited, and passwords can be cracked. Even biometric identifiers, like fingerprints, are not perfectly secure. But technological advances have not only helped empower institutions, but have also enabled those who seek to circumvent defenses or conceal their identities for elicit purposes. So how do banks control access to a trusted network when dealing with an outside party?
Identity and access control reconsidered
Traditionally, financial institutions have relied on two-factor authentication. Though not perfect, combining authentication factors is many orders of magnitude more secure than either alone. But why stop at two, or three? Each additional layer of authentication makes the system orders of magnitude more secure.
The main limitation is physical: identification and bank cards contain a finite amount of information, a constraint that is no longer applicable in our digital era. Consider how the following innovations—made possible with the scale and power of the cloud—potentially change the game:
- A system with memory. Imagine an authentication system that not only used the three primary identity components—knowledge factors (such as a password), possession factors (like a bank card), and inherence factors (biometrics)—but also maintains a historical record of each, generating additional context around every interaction.
- Combinatorial improvements. Leveraging technology, like biometrics, and AI, in combination with blockchain can provide an immutable and truly unique identifier. Adding a secure, cloud-based, component would also provide additional computing power for behavior analysis, resulting in a much more agile platform–reducing security risks while offering greater agility.
- A fourth identity component. The combination of cognitive computing, predictive analytics, and the context derived from an immutable record introduces a fourth identity component: what a person does. The fourth component, the attributes of an individual’s digital activity recorded in an immutable blockchain, can add even more unique possibilities and identifiers.
New models of identity management
As these concepts of identity management take hold in real-world applications, we will see significant improvements in the security of digital systems. In fact, we’re already seeing the outlines of this future today, with new models of identity management based on cloud solutions:
- Identity as the new perimeter. Many traditional security measures focus on securing devices or adding more firewalls. Microsoft provides solutions that enable financial institutions to secure corporate identities and use machine learning to detect and defend against cyberattacks. Microsoft processes 450 billion authentications per month and from our cloud telemetry we have acquired unique threat intelligence that financial institutions can leverage for their protection.
- Greater security through distribution. The repositories for corporate identities are compelling targets for cyberattacks. Part of the solution is to distribute and secure those identities separately. Microsoft is working with several organizations (Accenture, RSA, and others) to build an open source Distributed Identity Framework, in which the storage of identities is decentralized but secured by blockchain. This framework is being developed as part of the ID2020 initiative to enable refugees to register their identity with biometrics and own and manage their identity.
At Microsoft, our approach applies technology in unique ways—with a trusted cloud platform, tools, and services that empower business agility and enable a new vision of cybersecurity for the industry. As your trusted technology partner, we offer both industry know-how and enterprise-grade solutions. We can help no matter where you are on your digital transformation roadmap.
Follow us @msftfinserv