Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

12/10/2019
01:00 PM
Dark Reading Staff
Dark Reading Staff
Products and Releases
100%
0%

Organizations Grapple With Growing Consumer Expectation for Personalization and Security Challenges

Deloitte reveals eight qualities of a good digital identity management program.

NEW YORK, Dec. 9, 2019 /PRNewswire/ -- Growing consumer expectations, the breakdown of traditional "walls" and emerging technologies have given rise to a digital identity crisis. More than ever before, identity management is at the center of cybersecurity, regulatory compliance and consumer trust, and many organizations are struggling to define digital identity both internally for the enterprise and externally for consumers.

"In a digital economy, identity is a point of trust, perimeter of security and an index of customer satisfaction," said David Mapgaonkar, principal, Deloitte & Touche LLP, and cyber technology, media and telecom sector leader. "Organizations should think about challenges related to both consumer and enterprise identity management to understand what they can do to create better outcomes. But it's not easy — it requires managing relationships with many stakeholders and alignment on technology and funding."

Findings from a Deloitte poll are consistent with the recently released report, Rediscovering Your Identity, where Deloitte shares some top emerging trends and challenges shaping the evolution and management of digital identity and discusses some challenges for organizations to enable transformation.

Deloitte shares top emerging trends and challenges shaping the evolution and management of digital identity:

  • Rising global data privacy regulations pose compliance challenges: Identity, data privacy and regulatory compliance are increasingly overlapping. Cybersecurity leaders and executives are burdened with developing a more comprehensive view of their consumers to comply with legal and audit-related mandates such as the EU's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the recommendations of the National Institute of Standards and Technology Cybersecurity Framework. This means that technology, cybersecurity, legal and business leaders are all stakeholders in effective identity management, each with their own challenges and ambitions related to user experience, system availability, resilience, risk management and consumer engagement.
     
  • Digital identity lags on investment and priority: Cybersecurity teams must deal with legacy information technology (IT) environments and a resistance to migrate to cloud-first architectures. In the survey, 35.4% of poll respondents recognized upgrading legacy systems as a challenge to organizations employing identity programs. Nearly 18% of poll respondents selected lack of funding and sponsorship as a challenge. Either way, many organizations haven't built modern systems that are API-based, orchestrated and enable easy integration with apps. And, investment into new systems and structures can be significant. Without an organization wide understanding of the identity imperative, sponsorship at an executive level can be hard to attain. Deloitte & Touche LLP's 2019 Future of Cyber Survey found that 95% of C-suite level executives commit 20% or less of their security budgets to support identity solutions.
     
  • Companies are reluctant to outsource identity management: Many cybersecurity leaders are concerned about integration, flexibility and access to specialized support with outsourcing their identity management to third parties. But third-party managed services, either on-premise or in the cloud, can offer the latest skills and capabilities, increase automation and future-proof identity systems. For example, 14.4% of poll respondents selected lack of talent and a skills deficit as a challenge for identity. With a cyber talent gap only growing, identity-as-a-service (IDaaS) may be a viable option for many organizations to empower innovation efforts and drive digital transformation.
     
  • Responsibility and ownership are often distributed among multiple executives, teams (marketing, sales, cybersecurity, etc.) and IT systems, making coordination of large-scale projects challenging. The poll shows that 14.4% of respondents selected lack of executive prioritization and alignment as a challenge to impair identity from impacting digital transformation. Digital identity projects tend to take time and that can be a challenge for cyber organizations that may need to show immediate progress and broader return on investment. Many stakeholders increase complexity and timelines, and these critical programs are not getting implemented fast or well enough.

"An integrated digital identity program will provide organizations operational efficiencies and improve user experiences by powering digital transformation. In addition to the fact that regardless of what business you are in, we all need to know that what we share is protected, what we access is secure, and who we allow into our systems are supposed to be there," said Mike Wyatt, principal, Deloitte & Touche LLP and cyber identity solutions leader. "An integrated approach can help prevent a future digital identity crisis from surfacing by building consumer trust and enabling both privacy and security."

Digital identity is both a use case for blockchain and an enabler that allows each of the other assets for blockchain integration to exist. Other top use cases for digital identity, for example in government, include land and corporate registrations, voting, supply chain traceability and taxation.

The operating environment for digital identity will likely become increasingly complex — with greater business expectations to meet; new technologies to integrate; multiple data privacy regulations to adhere to; and increasing numbers of people and devices to manage. Every company will have a different set of digital identity challenges and a unique approach to identity management. Deloitte suggests that all digital identity programs should, at least, include the following qualities.

A digital identity program should be:

Safe

To ensure security, privacy and compliance.

Flexible

To work across multiple platforms (on-premise and cloud); work
with people, systems and devices.

Agile

To quickly adapt to end-user needs, IT requirements and new
applications.

Scalable

To address the shifting requirements of the business — such as
adding new users from an acquisition or managing an influx of
customers.

Open

To accommodate many types of users, including employees,
consumers, partners and contractors.

Private

To give users control over their information and an understanding
of how it is used and how they can access it.

Frictionless

To provide a seamless and convenient experience for both users
and cybersecurity administrators.

Resilient

To overcome potential service disruptions, technology failures, or
cyber threats — whether on-premise or in the cloud.

In a digital economy, every outcome depends on digital identity as a point of trust, a perimeter of security, an index of relationship management and a means of service personalization. Companies that harness digital identity should be better positioned to reap the benefits of security and long-term customer value.

Identity security professionals from Deloitte Risk & Financial Advisory's Cyber practice will be in Booth #130 at the Gartner Identity and Access Management Summit, Dec. 10-12, 2019 in Las Vegas, Nevada. Anthony Berg, principal, Deloitte & Touche LLP and Naresh Persaud, managing director, Deloitte & Touche LLP will present during the conference:

  • Identity as an outcome - the next evolution in modern IAM delivery
    Thursday, Dec. 12, 2019, 9:15-9:45 a.m. PT.

About the online poll
More than 2,500 professionals across industries and positions participated in and responded to poll questions during the Deloitte Dbriefs webcast, It takes two: pairing digital identity with digital transformation held Oct. 23, 2019. Answer rates differed by question.

About Deloitte
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 5,000 private and middle market companies. Our people work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthy society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Our network of member firms spans more than 150 countries and territories. Learn how Deloitte's more than 312,000 people worldwide make an impact that matters at www.deloitte.com.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

SOURCE Deloitte

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
A Patriotic Solution to the Cybersecurity Skills Shortage
Adam Benson, Senior VP, Vrge Strategies,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12777
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2020-12778
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12779
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12780
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVE-2020-12781
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.