Ubisecure offers a full stack platform, API and toolkits to build secure, seamless experiences for customers. We simplify the most complex customer identity, delegation and security challenges faced when building applications.
Ubisecure offers highly innovative services built on the Identity Platform for specific identity related challenges. The Identity Platform can also be deployed to the Cloud for Customer IDaaS projects.
The Industry’s most powerful Delegation solutions
What Industry experts say about Ubisecure
The Ubisecure Identity Platform is delivered as a single integrated IAM suite that provides both Web Access Management and Identity Federation capabilities with a fully integrated database and application server.
The Ubisecure Identity Platform is a critical component of the eHealth service as its functionality provides Swedish citizens with very easy to use process for accessing their health records.
CTO and Head of Cloud Services Capgemini
The Ubisecure Identity Platform has helped us realise a unified IAM solution for both consumers and corporate customers, creating an environment where you only need one identity.
Director of IT-production DNA
Latest from the Blog
- What the hype around FaceApp and Netflix’s The Great Hack documentary means for businesses storing consumer dataJuly 19, 2019This week, #dataprivacy has been all over my social feeds – and yes, I’m aware of the irony of using social media whilst reading about an issue that the likes of Facebook and Twitter are notorious for. With this week’s FaceApp drama and The Great Hack being released on Netflix next Friday, 24th July (read on for details), I expect that interest in the topic will only grow in the coming weeks. Whilst most people are viewing this issue as a personal concern – ‘how is my data being used and is what I’m getting in return worth it?’ – in this article I’m looking at how growing awareness of the value of personal data will affect organisations. #DataPrivacy First, let’s look at why this important issue is suddenly front and centre for the general public. This week, you may have noticed a lot of older-looking faces on Instagram, with people uploading photos of themselves to FaceApp and the app using AI to apply an ‘old’ filter (among other options). But amidst the fun/horror of seeing oneself wrinkled and white-haired, a data usage debate (sparked by concerns over how the images were uploaded and stored) got just as much airtime. FaceApp aren’t alone in their lack of transparency about how they process user data. A recent study found that thousands of apps in the U.S. Google Play Store still bypass permissions to collect user data, with many more shocking discoveries revealed in this publication. Another big talking point is the imminent Netflix documentary entitled ‘The Great Hack’. Whilst most of us have heard of the Cambridge Analytica scandal, this highly-anticipated show is renewing interest in the case. The first line of the documentary description reads: Data has surpassed oil as the world’s most valuable asset. The creators of The Great Hack also recently gave a popular Ted Talk on Facebook’s role in Brexit – with Cambridge Analytica leveraging Facebook ads, identifying and manipulating ‘persuadable’ people by illicitly harvesting their data. Yet another story that broke this week highlighted the data of ‘nearly all adults’ in Bulgaria being stolen from the country’s tax agency, reigniting a long-running debate about how governments handle and invest in cybersecurity. The Bulgarian tax agency now faces a fine of up to €20m under GDPR, for failing to protect the data. I could list several other instances of #dataprivacy currently in the news and in popular culture, but I think you get the gist. Consumers are waking up to the realities of the threat that data misuse or lack of security can pose, and that the issue can only grow if we don’t do something about it. What #DataPrivacy means for businesses Whilst the most sinister claims against FaceApp have been denied, their data usage and privacy has come under intense scrutiny this week. Could your organisation’s data practices withstand that level of inspection? They must be airtight. With growing awareness, and often suspicion, about data security and exploitation, consumers are much less likely to sign up for a service they do not trust with their privacy. On the plus side, 41% of consumers are more comfortable and confident that brands are handling their data correctly thanks to the introduction of the GDPR. However, is that confidence misplaced? In the same report, four fifths of companies admit to not being 100% GDPR compliant. What organisations can do about it Trust is a competitive advantage. How can you achieve it with your customers? Regulation To start with, you must make sure you are compliant with relevant data regulations, like GDPR. Not doing so could have a severe impact on your business, as we saw with British Airways in September last year. BA suffered a data breach of around 380,000 card payments. The announcement was followed by the fall of their parent company’s shares by 4% ; customer ‘impression score’ plummeting; and the ICO’s recent announcement of their intention to fine BA £183.39m. Transparency… …and not just in the small print of the T&Cs – I think most of us are guilty of accepting without reading every detail first. Tell your customers regularly why you need to collect certain data and how you will keep it safe. Make it fun, like this video example from the UK’s Channel 4. Give users options If you offer an online service or app, the sign up process is crucial to converting and retaining your customers, and needs to provide convenience and security. Two-factor authentication, 2FA, is expected. Better yet, give users options for authentication – e.g. via their smart phone or Bank ID. The options you provide should reflect regional preferences and level of data sensitivity. Customers are more likely to trust your business if they are in control of how they access your systems, and feel confident that hackers cannot impersonate them. Invest in data privacy, like you would any other asset to your business, and your customers will thank you for it....
- Simon Wood, Ubisecure CEO, “You can’t have security without identity” – Podcast Episode 2June 24, 2019https://media.blubrry.com/identitypodcast/p/content.blubrry.com/identitypodcast/Ubisecure_Podcast_Edit.mp3Podcast: Play in new window | DownloadSubscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | Spotify | RSS | MoreLet’s talk about digital identity with Simon Wood, CEO of Ubisecure. In episode 2, Oscar interviews Simon Wood about his passion for digital identity and touches on some of the ways that Ubisecure is tackling challenges in the industry. Also hear about Right to Represent – the brand new, pioneering Ubisecure service enabling advanced delegation between all combinations of individuals and organisations – and its value for organisations. Read more about Right to Represent here – www.ubisecure.com/right-to-represent/ Links mentioned in the podcast: www.ubisecure.com www.linkedin.com/in/simonwood www.linkedin.com/company/ubisecure twitter.com/ubisecure About Simon Wood As Group CEO at Ubisecure, Simon is responsible for planning, communicating and delivering Ubisecure’s overall vision and corporate strategy to enable the true potential of digital business through modern identity management solutions. Simon is a dedicated and uncompromising technology business leader, grounded in sophisticated high performance solutions. Previously, at GlobalSign, Simon led the strategic and technical growth of the company and during his tenure has overseen, from inception, the transition to high volume operations, providing world record performance, both technically and commercially. At QuantumWave Capital Simon led the Venture Building practice, engaging, signing and working with deep technology early stage companies, preparing them for exit to large acquirers. Responsible for top-line performance Simon transformed the engagement model delivering a stable pipeline with predictable recurring revenue. Prior to this Simon held a number of development leadership roles for software companies specialising in high-performance, real-time communications capture, analysis, and distribution, including highly secure military radio, aircraft black box analysis, Formula 1 telemetry and ECU management systems. Simon graduated with a Bachelor of Engineering in Electronic Engineering from Southampton University. He holds multiple patents in the field of mobile internet software systems design. About Ubisecure Ubisecure provides feature rich customer identity management software and services. The company provides a powerful Identity Platform and Identity Cloud to connect customer and citizen digital identities with customer-facing applications. The platform consists of productised Customer Identity & Access (CIAM) middleware and API tooling to enable single digital identity benefits across multiple applications. Features include single sign-on (SSO), multifactor authentication (MFA), authorisation workflows, user identity management, and pre-established connections to dozens of third-party identity providers (social, mobile, and verified). Find out more: www.ubisecure.com/about...
- ‘Sign in with Apple’ – should Apple really ‘think different’ on identity standards?June 18, 2019At Apple’s recent Worldwide Developer Conference (WWDC), Apple software chief Craig Federighi announced to the world a new way for end-users to sign in to applications – Sign in with Apple. The Good Familiar to existing buttons “Sign in with Google” and “Sign in with Facebook”, and numerous other regional specific sign-in methods, Apple finally will start to capitalise on the amazing asset that they have – the identity and login information for every registered Apple user. Apple was able to put a great spin on their service around privacy – a way to differentiate it from other existing services. The value of privacy and security is slowly being better understood by wider audiences. It will certainly offer a smooth user-experience for Apple users. It will be very interesting to see how quickly and widely the service is adopted – beta testing is starting this summer. The Bad Not following standards. Period. Apple’s keynote was light on details, however their developer portal opened up more information about how the service works. Rather than following industry standards, Apple again has decided to make their own unique implementation decisions. Hans Zandbelt has initiated a collection of deviations from the standard. How Sign in with Apple differs from OpenID Connecthttps://t.co/lIjJL5GROV please provide input by adding comments. — Hans Zandbelt (@hanszandbelt) June 16, 2019 Many of the choices made seem very hard to justify – what advantage is there to not just following the specification? The OpenID specification are, as the name suggest, open, and do not require licensing fees or licensing agreements. This is unfortunate, as it makes integration to thousands of existing products and services more than just a configuration matter – it requires service-specific exceptions and behaviour tailored for Apple’s flavour. Implementations against Apple’s service will require additional testing as existing internal and standard test frameworks will not represent the behaviour of their service. Apple was thinking differently again. The Ugly Privacy concerns One celebrated innovation in the Sign in with Apple service is the fact that the email address of the end user can be hidden from the connected service, and instead a persistent pseudonymous mail forwarding address will be used. This received a long round of applause. They forgot to mention on stage that neither Facebook login nor Google login actually require that the user shares an email address with services that request it. When a service requests an email address, the user is presented with a dialog to “Share my Email” – sending your actual email address or “Hide my email” – to create a service specific forwarding address, such as email@example.com. Of course, this function requires that all email sent to the relay address are going through Apple’s servers, even if your original AppleID is using a non iCloud email address . Is that really privacy-protecting? Forced adoption As a condition of publishing an app in the Apple App Store, applications that offer other third-party sign in methods will be required to also offer “Sign in with Apple” as an option. For many apps, this will require developers to rethink how to present additional sign-in methods, how to remember what has been used before and careful evaluation and testing of the new method. For apps that have never used third-party sign-in, expect your users to more vocal about requesting the addition of the “Sign in with Apple” service and consider adding also alternative login methods at the same time. Easing the change Through IdP Connect, Ubisecure offers solutions that can help companies offering online services to offer third-party login services and allow their users to connect one or more to their online accounts. We shield applications from a lot of the related complexity and protect user privacy by keeping the data close to the application and under the control of the service provider. We also help large enterprises with existing users and accounts to offer login services to their users – that is the ability offer their own branded “Sign in with” button, based on open standards. Talk to us today about IdP Connect, our services that connect the identities from identity providers to service providers....