Rebecca Nielsen is a Senior Associate at Booz Allen Hamilton. She brings deep technical expertise across identity, access management, and public key infrastructure (PKI) to our clients within the Defense market.
- What is the intersection between trust, online environments and identity?
- In today’s online environment, identity is the basis for trust and the foundation on which decisions regarding access to information or other resources are made. Managing information about identity, along with issuing and verifying credentials asserting identity is critical to protect assets, deter potential threats, reduce identity fraud, and protect personal privacy.
- What are the most pressing considerations for organizations that aim to improve credentialing processes as part of their identity management solutions?
- Historically, individuals and organizations established trust through local interactions, references by known parties, and community reputation. The global nature of the internet removes these context cues from many transactions, requiring the use of strong, real time verifiable credentials. Organizations must be able to authenticate not only their own employees, but also customers, suppliers, government regulators, and other partners.
Organizations must also be able to manage the flow of information within their own networks and with their external partners. Government entities are under increasing pressure to appropriately share information to reduce costs and assist in identifying, and correlating data related to fraudulent, terrorist, or other illegal activity. Commercial organizations must provide proprietary information to their supply chain partners to reduce cycle times and costs. Data hosting in cloud or other shared use environments involves storing critical organizational data with an outsourced provider. At the same time, failure to properly manage data access can result in loss of intellectual capital, negative reputational impact, fines, or even criminal prosecution and prison time
Implementing effective identity data management and credentialing processes requires organizations to understand not only the technology, but also the business processes and governance dimensions. Developing policies and procedures with an understanding of the legal and regulatory environment and implementing business processes such as staff training, audit oversight, and role separation can be more critical to an organization’s success than selecting the right technology solutions. - How will the credentialing process develop and change in the next decade?
- Issuing and managing strong credentials is expensive. Many applications currently manage unique application specific credentials, although some organizations have implemented single sign on related technologies that allow a single credential to be used to access multiple applications within the organization. As a result, individuals have to keep track of multiple passwords or other tokens, which represent a significant cost.
In the next five to ten years, government and commercial organizations will move toward accepting strong multi-purpose credentials that can be issued by one organization and used across multiple applications and organizations. The credit card industry provides an example of how this will work. When credit cards were new, each vendor issued their own charge card. Now, people hold one or a few general purpose credit cards—Visa® or MasterCard® for example—and a technical and governance infrastructure is in place that ensures vendors get paid for transactions if they accept that credit card.
The technology needed to issue and validate these general purpose credentials exists, but a complete governance infrastructure with well understood roles and responsibilities is not yet in place. As governments and organizations work together to address barriers to adoption, we will all benefit from the ability to manage a reduced number of credentials, which will result in increased identity assurance, and a stronger basis for trust across the internet.
You must be logged in to leave comments.