By Travis Spencer, CEO of Curit
2023 will see digital identity take centre stage in the broader discussion around digitalisation. As we enter a new digital-first era, we will witness developments around digital identity that will transform how organisations manage consumers’ identities to provide them with other products or services, as well as change the way individuals manage their own identities online.
This year will also see significant shifts from big tech and other large multinationals as they seek to provide new and innovative digital identity solutions whilst addressing changing and ever demanding user expectations. As consumers will request greater control over their digital identities, security professionals and organisations must keep up with the coming technological developments to help facilitate this.
And with these exciting changes, decentralised identity solutions (a form of identity management that allows consumers to control their identity without relying on specific service providers) will provide consumers with secure online representations of themselves, allowing them to better manage their online data. Having said that, how will this in turn affect user privacy and identity management systems going forward?
An Evolving Consumer Landscape
The behaviour of the general public is crucial to the development of digital identity and looking back over the past several years, it is clear that the adoption of digital wallets is increasing. The rapid acceleration of contactless payments served as an important stepping stone to the use of digital wallets in various contexts. Apple, for instance, already supports mobile driving licences in the US and we can expect other such developments in the coming year. To continue this trend, it is important for organisations to prioritise frictionless and seamless user experiences (UX) such as moving away from usernames and passwords. This will help further facilitate the adoption of digital wallets and allow consumers to become more comfortable with future digital identity developments.
Additionally, research from McKinsey shows that 53% of consumers will only make online purchases or use digital services if the other party has a good reputation for protecting its users’ personal information. This research reflects how consumers are keen to protect their online data, having more of a say in how they manage their online privacy. This was also seen in the rise of cryptocurrencies, as consumers wanted more control over their online finances. Though the recent crypto downturn showed us that these newer technologies come with risk, their adoption reveals that a growing number of people still want control over their data, personal wealth and subsequently, their digital identity.
For the privacy and identity security industry, addressing these changing consumer demands can be a challenging task. However, today’s consumers are more willing to adapt to the changing digital landscape as long as concrete efforts are made to protect their online data and privacy along the way.
Minimising Security Threats
Whilst new technological developments give us added security protections, all too often the underlying identity infrastructure is neglected when organisations rush to innovate. Compromising user authentication is one of the most common objectives of a cyber criminal, therefore, a strong underlying identity infrastructure with new digital authentication solutions is crucial. And with more and more users storing valuable Personally Identifiable Information (PII) online, securing the future of identity is paramount.
The development of digital identity will require a patchwork of different solutions, posing cybersecurity challenges which organisations will need to overcome by accepting products from multiple vendors. If this is ignored, there is always the danger that the single vendor selected will not keep up with the required pace of innovation. While the EU is aiming to provide a single method for users to prove their digital identity, this is unlikely to be the only solution and any business with a global user base should be prepared to deal with multiple vendors. Communication between these systems using international security standards will be crucial in stitching together the patchwork of development we’re certain to see in this space.
Embracing the New Developments in Digital Identity
As we press full steam ahead into a new era of digital identity, we must be ready to embrace the new developments that will soon follow. The mass adoption of decentralised identity will completely transform our digital world, changing our very digital landscape. This paradigm shift is already taking place as the European Council makes progress towards an EU digital wallet and is currently revising regulation which aims to ensure universal access for people and businesses to secure electronic identification by mobile phone. This shift will leave an impact that will be felt in every facet of our society.
Identity professionals and security teams can look forward to enhanced management controls over online identities as decentralised identity (also known as Self-Sovereign Identity (SSI) or Web5) will entirely transform how they handle and secure data. It will also allow individuals to exercise greater control over the information they provide to verify themselves when accessing online services. Additionally, organisations should prepare for the coming changes by embracing new methods of identity management such as decentralised identifiers (DIDs) and verifiable credentials (VCs). These methods form a self-controlled identity that allow for secure authentication measures, empowering users to safely handle PII and not rely solely on external organisations.
The focus of our evolving digital world will be on digital identity. Organisations must be prepared to keep up pace with the changes we expect to see in the coming year, as they will have a profound impact on our security and identity management practices. We can look forward to the coming developments that have the potential to empower users and enhance their online security.
