The Customer Identity & Access Management (CIAM) Specialist
CIAM enables secure, seamless, & simplified digital experiences for your customers.
Avoid identity data breaches
Improve your security posture and better protect customer’s identity data
Deliver outstanding customer experiences
From initial registration to login, provide a frictionless digital experience
Reduce operational & support costs
Digitise even the most complex and expensive manual workflows
Keep dev team focused
Building CIAM in-house is complex, let your dev team focus on your core business
How Organisations use Ubisecure
Rapidly build innovative Customer IAM (CIAM) and B2B IAM capabilities into applications and services.
Give customers one digital identity to connect to all your services and applications.
Enhance security with MFA without the friction, and employ context-based step-up authentication as needed.
Protect resources with fine-grained user permissions and access rights.
Create, store, and manage users, and identity and privacy data, at scale.
Connect multiple service providers to different identity providers and authentication sources with a single integration.
Anchor users to their existing digital identities (social, enterprise, verified) to remove friction during registration & login.
Prove a user’s real identity at the start of your onboarding or KYC process.
Manage how organisation, family or individual users delegate their rights to others to act on their behalf.
Register your own G20 endorsed high assurance organisation identities, or utilise the global LEI database for KYC.
The fast, easy way to enforce the governance rights of individuals to represent their organisation.
CIAM deployed YOUR way
What the experts say about Ubisecure and CIAM
“The Ubisecure Identity Platform is a critical component of the eHealth service as its functionality provides Swedish citizens with very easy to use process for accessing their health records.”
“The Ubisecure Identity Platform is delivered as a single integrated IAM suite that provides both Web Access Management and Identity Federation capabilities with a fully integrated database and application server.”
“The Ubisecure Identity Platform has helped us realise a unified IAM solution for both consumers and corporate customers, creating an environment where you only need one identity.”
According to Gartner, “there is an increase in demand for CIAM technologies due to its importance to combining successful UX to attract and retain more customers with security and privacy capabilities. Commercial technologies are now more popular than “homegrown” solutions.” Further, “CIAM technology popularity has surpassed homegrown solutions, but integration with adjacent technologies is still key to address digital experience and risk management needs.”
Gartner “Technology Insight for Customer Identity and Access Management”
Henrique Teixeira, et al, 4 May 2020.
Ubisecure is proud to be named in this report by Gartner. Gartner subscribers can view the report here.
New Technology Alliance
The best of both the IGA and CIAM worlds in a solution that simplifies identity management for your workforce, B2B supply chain, and Customers/Consumers, and brings enterprise-class IGA for your external identities.
subtenants / orgs in single
customers on a single
Provider in Europe
organisations using Ubisecure
Legal Entity Identifiers
Citizens rely on Ubisecure
Customer Identity & Access Management
Provider in the Nordics
Identity Management is evolving. Keep up with the latest…
- Data minimisation: value, trust and obligation with Meeco’s Katryna Dow – Podcast Episode 30October 14, 2020https://media.blubrry.com/identitypodcast/p/content.blubrry.com/identitypodcast/Ubisecure_Podcast_Katryna_Dow.mp3Podcast: Play in new window | DownloadSubscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | MoreLet’s Talk About Digital Identity with Katryna Dow, founder and CEO of Meeco. Katryna talks to Oscar about her career (including inspiration from Minority Report), Meeco’s personal data & distributed ledger platform, the importance of data minimisation to inspire trust in organisations, and cultural differences in attitudes towards digital identity. “The greatest way to overcome this privacy paradox is transparency.” “Where regulators have moved to increase the data transparency and data rights of individuals, these need to actually be part of the solution architecture.” Katryna Dow is the founder and CEO of Meeco; a personal data & distributed ledger platform that enables people to securely exchange data via the API-of-Me with the people and organisations they trust. Katryna has been pioneering personal data rights since 2002, when she envisioned a time when personal sovereignty, identity and contextual privacy would be as important as being connected. Now within the context of GDPR and Open Banking, distributed ledger, cloud, AI and IoT have converged to make Meeco both possible and necessary. Find out more about Meeco at meeco.me. For the past three years, Katryna has been named as one of the Top 100 Identity Influencers. She is the co-author of the blockchain identity paper ‘Immutable Me’ and co-author/co-architect of Meeco’s distributed ledger solution and technical White Paper on Zero Knowledge Proofs for Access, Control, Delegation and Consent of Identity and Personal Data. Katryna speaks globally on digital rights, privacy and data innovation. Follow Katryna on her blog at katrynadow.me, on LinkedIn and on Twitter @katrynadow. We’ll be continuing this conversation on LinkedIn and Twitter using #LTADI – join us @ubisecure! ...
- Spotlight on digital identity during Cybersecurity Month 2020 – checklist for organisationsOctober 2, 2020Cybersecurity Month takes place every October, promoting how to stay secure online to global organisations and individuals. While the initiative started in the US in 2004 as Cybersecurity Awareness Month, the EU launched its own Cybersecurity Month campaign in 2012. A key message of the campaigns over the years has been ‘cybersecurity is a shared responsibility’, reflecting the role we all have to play as customers, citizens, employees and service providers in upholding cybersecurity standards. At Ubisecure, part of the digital identity industry, we recognise a responsibility we have to educate individuals on protecting their identity and businesses on identity best practice as part of a holistic cybersecurity strategy. If you’re also part of the identity industry and interested in our role to play in this wider effort, check out: Why we should be educating consumers about digital identity. In this article, we cover what organisations providing online services need to do to get cybersecure with a spotlight on our area of expertise: digital identity. What must service providers do to strengthen security – a digital identity checklist Organisations that offer digital services to their customers (or citizens, partners etc.) have a responsibility to protect the identities they capture and manage. 1. Offer passwordless authentication Are you forcing your customers to create a new password to sign up to your service? You’re not doing yourselves any favours. 80% of data breaches are caused by stolen, weak or default passwords – which is a very real possibility given that only 35% of people use different passwords for all of their accounts. A more secure, customer-friendly and easier option for your organisation is to integrate a few identity providers, with options appropriate to your user base and level of data sensitivity. 2. Offer MFA (and encourage uptake) Multi-factor authentication (MFA) is a particularly secure method of logging into a service as more than one identifying factor is required. So even if a hacker were able to imitate one authentication factor, they would be very unlikely to be able to imitate two – making it very hard to gain unauthorised access where MFA is in use. Lots of services offer MFA today, though users are only likely to find out that a service offers it if they are looking for their privacy settings. So once you have this great security feature installed, make sure you tell users about it and why they should use it. Also ensure your MFA solution is multichannel. TikTok recently faced criticism after users realised its new MFA offering could be bypassed on a web browser. It’s important to remember that users want an easy journey through your services, but they also want security – and they are becoming increasingly aware of what that looks like. 3. Use SSO Once a user has signed up to your service with a secure set of credentials (identity provider(s) & MFA), make the most of it – allow customers to use these secure credentials across all of your services with single sign-on (SSO). Otherwise, if you make users create new credentials for each of your individual services, the motivation to keep creating and using such secure credentials will run out and they will start to use weak passwords etc. Further, the use of just one set of credentials makes it far easier for you to deprovision access to all of your systems in one go should the need arise (e.g. in the case of partner contract expiry). You can always use step-up authentication alongside SSO if a particular area of your services requires stronger assurance of the user’s identity (e.g. if it contains more sensitive data). 4. Allow delegation of authority When multiple people need to access the same account, plan or project within your service, are they forced to share the same credentials? A much more secure way to nominate access to trusted organisations and individuals is with Delegated Authority. This means that each individual involved, e.g. in a family subscription plan or B2B project, has their own access credentials with only the necessary level of access authorisation, greatly reducing the risk of unauthorised access. 5. Don’t try to build your own identity management systems Organisations will sometimes try to build identity management capabilities in house, running into trouble when they realise the complexity of making such a system both secure and user-friendly. It’s far better to buy solutions from vendors who have expertise in identity management technology and best practices, achieving the correct balance of security and customer experience for your individual organisation. Free resources to secure your online services Limited general cybersecurity resources for business users on the EU Cyber Security Month website More extensive general cybersecurity resources through the US’s CyberSecure My Business Specifically on digital identity, we have a whole library of popular resources on the Ubisecure website – including white papers, case studies etc. Free trial of Identity-as-a-Service (IDaaS) – SSO, MFA and identity providers delivered as SaaS. See how the checklist capabilities would work for your organisation....
- Critical cybersecurity concerns during a pandemic with Lisa Forte – Podcast Episode 29September 30, 2020https://media.blubrry.com/identitypodcast/p/content.blubrry.com/identitypodcast/Ubisecure_Podcast_STE-145_V2.mp3Podcast: Play in new window | DownloadSubscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | MoreLet’s Talk About Digital Identity with Lisa Forte, Partner at Red Goat Cyber Security and Host of the Rebooting YouTube Channel. In episode 29, Oscar talks to Lisa about her fascinating journey to cybersecurity, the lucrative schemes that hackers and scammers have been employing since the start of the pandemic, the group of volunteers (CV19) she co-founded to help protect hospitals against cyber-attacks with the onset of COVID19 in Europe, and top tips for individuals and organisations on cybersecurity and identity. They also discuss a new Tomorrow Unlocked documentary that Lisa appears in – Ha(CK)c1ne: Healthcare on the Edge. It explores the shocking cyber-attacks that have hit vulnerable hospitals, healthcare supply chains and vaccine labs since the COVID-19 pandemic. Released on 25th September, watch Ha(CK)c1ne on YouTube now. “The pandemic is a crisis, but security has to continue. Even though we’re fighting a biological virus at the moment, security still has massive ramifications If you ignore it.” Lisa Forte is a social engineering and insider threat expert. She is a partner at Red Goat Cyber Security and Host of the Rebooting YouTube Channel. Lisa is a regular on TV shows, documentary films and news broadcasts. Her career started in a very unlikely place, working to stop pirates off the coast of Somalia! She worked in one of the UK Police Cyber Crime Units before starting Red Goat Cyber Security. Lisa is also one of the very proud co-founders of the Cyber Volunteers 19 (CV19) initiative providing free help and intelligence to healthcare providers in Europe during the pandemic, an organisation that has been recognised and praised by Governments around Europe. Find Lisa on Twitter @LisaForteUK and LinkedIn. Find out more about Red Goat Cyber Security at red-goat.com. Watch Ha(CK)c1ne here, embedded from YouTube: We’ll be continuing this conversation on LinkedIn and Twitter using #LTADI – join us @ubisecure!...
- Why should European businesses choose a European CIAM provider?September 25, 2020When it comes to choosing a CIAM (Customer IAM) solution, most vendors are US-based, developing their technology stacks and making business decisions in their home countries. There are only a small number of European-owned and operated CIAM providers, whose expertise, technology and experience can offer locality advantages to European businesses. Let’s look at the benefits of choosing a European CIAM provider for European businesses. Local European expertise European CIAM providers have local expertise, facilitating pre-sales and integration advice, and ongoing support. Commercial conversations and contract terms also adhere to local legal frameworks and customs, and customer-based cultural trends can be confidently considered and discussed. Further, shared time zones make it far easier to get in touch with your usual contacts, and in the local language. For example, to support customers throughout Europe, CIAM provider Ubisecure has language support in English, German, Spanish, Finnish, Swedish and Danish and our Sales Engineering & Customer Success teams are never more than a short journey away. Europe-focused technology Ubisecure’s technology is developed by our engineering team at our Finnish headquarters, which has been successfully serving European customers for many years. Ubisecure, and our deployment partners, provide European data residency, which can be a key requirement for internal data governance regulations and is the usual preference for Europe based businesses. Our team regularly contributes to several European identity standards, including eIDAS, putting us at the forefront of standards adoption and able to give the latest advice. We have wide support for existing digital identities from European Identity Providers and European digital identity schemes, including Verimi, Swedish Bank ID, and many more, resulting in seamless customer experiences for European service users. We’re also ISO certified and ready to meet your GDPR requirements, having a wealth of experience working on several projects enabling GDPR compliance and meeting other local regulatory responsibilities. Experience with European customers Ubisecure has proven success with many customers based in Europe across every vertical, including telecoms, utilities and government. For example, Ubisecure CIAM underpins a nationwide identity system for the Finnish Government. The system enables the strong identification of both individuals and organisations for online government services. In what is likely the largest subtenant deployment globally, Katso supports 400k+ organisations as subtenants. Read more about it here. As another example, Ubisecure CIAM is the core solution for several award-winning digital identity projects with European telecoms providers. German cybersecurity analyst firm, KuppingerCole, most recently awarded Telia Company and Ubisecure a European Identity & Cloud award for ‘Best Consumer Identity Project 2019’ for their work implementing a Nordic and Baltic, cross border, one-stop platform for customers’ strong digital authentication needs as a single service. Read more about the project here. Ubisecure prides itself on its strong relationships with many new and long-standing customers, with our local teams and customers growing together as true partners over the years. Get in touch As one of a very small number of European owned, operated and focused IAM providers, Ubisecure is very well placed to serve businesses throughout Europe. We are the number one CIAM provider in the Nordics, having been founded in Finland in 2002, and now quickly growing across the rest of Europe with presence in the UK, Germany, Sweden and Finland. We also have a network of local certified partners that cover practically all European countries and languages, ready to ensure that all your identity needs are met. Contact us here....
- What is Bring Your Own Identity (BYOI) and how can services offer it?September 22, 2020We’re routinely advised not to reuse the same access credentials across different services due to the security risks of doing so. Despite this, only 35% of people use different passwords for all of their accounts. There has been a solution to allow safer reuse of passwords for quite some time already. It’s called Bring Your Own Identity – BYOI, or sometimes BYOID. Bring Your Own Identity: Overview BYOI is a form of federated identity where access to different service providers’ (SP) services is permitted using credentials provided by a third-party identity provider (IdP), not credentials created for the service itself. In practice, this means that users can access the service with identity credentials that they already have instead of creating new ones. Yes, it means that you are technically allowed to use the same password for several services. In most cases, the identity provider is either a social media company such as Facebook, Google, LinkedIn, Twitter or Amazon, or a business login such as Office 365 or G-Suite. Even a bank ID can be used as an option for BYOI in some countries but due to the ‘pay per authentication’ cost structure and multi-step procedure it is generally most popular where strong authentication is necessary. Bring Your Own Identity: Benefits Having to sign into each service with unique credentials poses several issues to both end-users and service providers. The most common complaint from the user’s side is the difficulty of remembering a unique password for every service. One option, that 24% of people rely on, is to use a password manager, but you have to make sure that it has been installed on all of your devices and is synchronised between them. And don’t forget to upgrade all of them every time there are new versions available, which is several times per year – not a simple task since we have so many internet-enabled devices in our hands nowadays. The more common way to solve the problem is to reuse the password, despite all the advice we have heard against this method. BYOI gives us the possibility to reuse the same passwords safely, since the IdP passes identity attributes but not the password information to the SP, so it is not compromised in case of security leaks. Since the identity is independent of the target application in the case of BYOI, the service provider does not necessarily have to maintain identity information at all. This means lower identity-related security breach risks for the SP. The Identity Provider is responsible for maintaining the identity information and sending the attributes to the service when needed. For service providers, BYOI is a fantastic opportunity to enhance the user experience. It allows visitors to quickly register using their existing credentials thus improving customer satisfaction, in turn increasing the conversion rate from visitor to registered customer and reducing abandonment rates. Note that 45% of users give up the registration process if it is too cumbersome. A note on social logins Cost-wise, BYOI is an affordable way for a service to provide authentication methods, especially with social logins. Social media Identity Providers don’t charge according to the number of authentication transactions. Service providers can offer several social media authentication options for the users – Facebook, Google, LinkedIn etc. depending on the type of service. It could be said that social login is not the most secure authentication method due to the unreliability of the given identity attributes – as anyone can set up a social account and the attributes are not verified. However, there are a huge amount of services where it is reliable enough for the purpose. Plus, there are ways of increasing the reliability factor, especially if you engage social media login with a proper CIAM (Customer Identity and Access Management) solution, as I’ll explain in the next section. Bring Your Own Identity and Customer IAM If you allow access via social login without a registration process in place, then everyone with a given social media account can access the service. If you want to filter registrants however, you will need to store some identity attributes in your system. A proper CIAM system is a safe place to store these attributes. To make the registration process user-friendly, users begin registering by doing the social login, and the Identity Provider sends the identity attributes directly to the registration form. Users can then verify the information and add the missing fields. The next time a user logs into the service, Directory User Mapping is used to fetch one or more known identity attributes from the IdP’s service (e.g. Facebook) and match them with the account of the local user. Service providers can use their CIAM system to set up the filtering process. One step further is to automate the registration process using Just in Time Provisioning (JIT), which automates user account creation. During the initial authentication, the service provider collects and stores the necessary information from the message sent by the IdP and creates an account. More attributes can be acquired from users if necessary. Once the account has been created, the CIAM software can provide SSO (Single Sign-On) to all of an SP’s services (where this has been authorised). There are also other benefits a CIAM system can provide for service providers with regard to BYOI: Easy provisioning of multiple authentication method options per service. Which social media logins should be provided to this specific service and should there be other options available, such as business logins? You can choose the authentication methods from a ready-made list. Filtering of the identity attributes. CIAM can easily control the attributes flow between the IdP and SP, choosing only the minimum required attributes needed by the end service to comply with regulations such as the EU’s GDPR (General Data Protection Regulation). Step-up authentication using e.g. social login as the first step. The basic idea is to allow users to access certain parts of the service by using e.g. the social login. But if the user wants to access more sensitive information or deal with money-related transactions, then a second-factor stronger authentication method could be required to verify the identity of the user at a higher assurance level. Manual linking of different authentication methods with UDF (User Driven Federation). SPs can let end-users link existing third-party system credentials, such as social logins, to their online service. After this, instead of using the username and password registered for the service, users can authenticate with their social logins. Verified social identity to increase the reliability of the social login. Service providers can ask users to verify their social identities by requesting stronger authentication during the first login. This is a one-time operation only after which the users can access the service using only social login. Conclusion Bring Your Own Identity (BYOI) is a brilliant way for apps and services to provide user-friendly journeys – increasing signups and reducing the security risks of re-used passwords. Which identity providers you connect to your app will depend on the kind of service you provide and how strongly assured you need to be of the user’s identity – there are many options available. BYOI is best implemented by CIAM software, which enables seamless and secure identity management. Find out more about CIAM....
- How to demonstrate the ROI of Customer Identity and Access ManagementSeptember 18, 2020Investment in Customer Identity and Access Management (CIAM), as with any IT project, requires a degree of research into what the best solution is for your individual business. And when you’ve found it, you’re faced with the task of demonstrating the specific return on investment of CIAM to the budget holder in order to get approval for the project. You both want the same overall result – a successful, growing business – but a CFO is purely focused on the financials, whether that’s in the form of cost savings or increased revenue. Particularly in 2020 when the purse strings may be tighter for many organisations, reliably predicting the return on investment for any new project is essential. The good news is that CIAM is high priority for budget allocation right now, given that becoming digital-first is essential to adapting to the ‘new norm’. So what does the CFO need to see to be convinced that you need your CIAM investment? This article provides an introduction to the ROI of CIAM. More detail and financial statistics are available in our free white paper, written directly for the budget holders (download here – Customer Identity and Access Management: Investment and ROI). Cost savings enabled by CIAM Let’s start with a financial incentive that will immediately get your CFO’s attention – operational efficiency. CIAM is a fantastic way to remove clunky business processes by digitising workflows, thus reducing wasted employee time (and therefore money) carrying out manual tasks. For example, Delegated Authority – a CIAM capability that enables users to delegate the right to use digital services on their behalf. This reduces the need for internal admin-heavy workflows by enabling your external users to delegate authority themselves, within your defined parameters. Another avoidable cost on the CFO’s radar is the possibility of data breach and regulatory non-compliance fines, with the average cost of a data breach to an organisation now totalling $3.92 million. So the fact that CIAM helps to significantly mitigate against this risk will be a motivation for investment. For example, multi-factor authentication (MFA) – i.e. requiring more than one identifying form factor to log into a service. This is very important as 80% of data breaches are caused by stolen, weak or default passwords. While the use of passwords is still commonplace, a second factor (such as biometrics, mobile phone authenticator apps, time-based one time passwords, bank IDs etc.) significantly reduces successful breaches as hackers are far less likely to be able to reproduce both identifying factors and gain unauthorised access. (See more ways that CIAM enables cost savings in our free white paper – Customer Identity and Access Management: Investment and ROI) Revenue enabled by CIAM CIAM connects users to a business at a critical point in their customer journey – signing up and logging into a service. A key principle of your new CIAM solution will likely be to streamline these processes and make them more customer-centric, which has the potential to drastically increase registrations and loyalty – and therefore revenue. For example, CIAM offers support for third party identity providers, like Google, Facebook, bank IDs and other federated digital identities. This ability for customers to use their existing digital identity to sign into your service makes it very easy for new customers to simply click to register, reducing form filling fatigue and abandonment. It’s estimated that 45% of users give up if the registration process is too hard, so streamlining the registration process will significantly increase your customer conversion rate. CIAM also leads to more efficient Sales and Marketing processes by linking your service’s identity data with your CRM. This increases the accuracy of data across your systems, so better data-led sales and marketing decisions can be made based and greater personalisation of services is enabled. For these revenue-enabling reasons, CIAM should not just be an IT priority and expense, but should form part of the wider business strategy and share the budget with Sales and Marketing. (See more ways that CIAM enables increased revenue in our free white paper – Customer Identity and Access Management: Investment and ROI) Financial impact of selected CIAM capabilities Here are a few examples of cost-saving and revenue-generating implications of common Customer IAM capabilities. CIAM capability Cost saving Revenue enabling Self-service account management Drastically reduce Support Desk calls by empowering customers to make account changes (like password resets) themselves. According to Forrester, large organisations spend up to $1 million each year in staffing and infrastructure expenses just to handle password resets. User data is kept current by the user themselves, making it far more accurate than Sales/Marketing-led CRMs. Avoid identity silos and leverage the ongoing accuracy of CIAM data for progressive profiling. Single sign-on (SSO) Also reduces Support burden by requiring only one set of credentials per user across multiple services – leading to far fewer issues needing to be dealt with. Ease of customer journey through services results in greater engagement with your services and loyalty to your brand. Multi-factor authentication (MFA) Effective measure against costly data breaches and regulatory non-compliance fines. Correct balance of user experience and security with MFA builds consumer trust. Identity providers (IdP) No need to store and protect credentials yourself for users that opt to ‘Sign up with X’ – reduces the burden and risk of data breach with you trying to mitigate these risks in house. Makes it very easy for new customers to simply click to register – reducing form filling fatigue and abandonment, resulting in higher customer conversion. Delegated Authority Reduces the need for internal admin-heavy workflows by enabling your external users to delegate authority themselves. Yet another customer experience win! Secure that CIAM funding! I hope that this brief overview has given you a few useful pointers when demonstrating the ROI of CIAM. I recommend downloading this free ultimate guide to the value of CIAM projects: Customer Identity and Access Management: Investment and ROI. It includes information on lots more ways that CIAM saves costs and enables revenue, and includes sections on whether to build or buy your CIAM solution and deployment options (IDaaS, cloud or on-premises). Get in touch if you have any questions, or for help with your own CIAM project financials....
- The Role of Identity in Digital Transformation with Jurgita Sarkovaite, NEO Consulting – Podcast Episode 28September 16, 2020https://media.blubrry.com/identitypodcast/p/content.blubrry.com/identitypodcast/Ubisecure_Podcast-Jurgita.mp3Podcast: Play in new window | DownloadSubscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | MoreLet’s talk about digital identity with Jurgita Sarkovaite, Innovation and Strategy Manager at NEO Consulting. In episode 28, Jurgita and Oscar discuss digital transformation, particularly in light of COVID19, and the critical role of identity in any digital transformation project. The conversation also explores the importance of digital identity in customer experience and how companies are approaching digital identity in light of that, including who has ultimate influence over digital identity projects within the organisation and the popularity of Identity-as-a-Service (IDaaS, SaaS-delivered IAM). “Digital identity is part of every digital transformation project because it would be impossible to do without it” Jurgita Sarkovaite is Innovation and Strategy Manager at NEO Consulting. She’s also Professor of Digital Marketing and Digital Transformation courses at Pacífico Business School, Peru. Jurgita has 8+ years of project management experience in digital strategy consulting, technology and software development. Her research covers digital culture, entrepreneurship and innovation. She has a passion for education. You can contact Jurgita on LinkedIn or email firstname.lastname@example.org. We’ll be continuing this conversation on LinkedIn and Twitter using #LTADI – join us @ubisecure! ...
- Digitising an individual’s right to represent their organisation solves the real-world representation governance problemSeptember 8, 2020The impact of the pandemic has made admin-based tasks and activities harder to do remotely, or when they are, more susceptible to abuse and risk. Many organisations are now prioritising digital transformation projects to address some of these inefficiencies and risks. One of the most significant factors prohibiting the full digitalisation of these processes is something we take for granted in the real world – managing the right of an individual to represent an organisation. Because few individuals inherently have a right to represent an organisation (i.e. initially only Directors and Board Members), to run a business, those individuals delegate their authority to others. In the real world these rights are managed inefficiently through paper-based mandates and recording of approvals stored by HR or in the CFO’s office. Enterprises need the ability to manage this ‘representation governance’ digitally. The individuals associated with an organisation should have defined representation rights, and be able to assert and verify these rights to relying parties. Representation governance should be highly automated and frictionless and use the same proven identity standards and concepts IGA (Identity Governance & Administration) and IAM (Identity & Access Management) solutions use for enterprise or customer identity management. For example, activities such as submission of corporate statements to the Government, the enforcement of corporate spending limits, the assertion of signature/submission rights, or even building or network access for both employees and external service providers could be well defined and digitally governed. Digital representation governance can then improve security, increase efficiency, and reduce administration costs for the enterprise. Introducing digital representation governance Ubisecure provides representation governance solutions throughout the Nordics, including Government and Telecoms. Such solutions are closed communities, applicable to particular business use cases for specific interactions. For example, when completing tax returns, the Finnish Government uses the Ubisecure Identity Platform to establish a digital identity for the company director. That digital identity can then delegate submission of the tax returns to other individuals within the organisation, or individuals at third party service providers like an accountancy firm. Digitising this closed community use-case has resulted in a 99% reduction in cost by moving to digital vs physical point of service, equating to millions of Euros of taxpayer savings. Expanding CIAM-based representation governance with Legal Entity Identifiers (LEI) As a leader in the European identity management space, we firmly believe that representation governance offers significant workflow improvements as well as cost savings for many organisations. However, we believe its full potential can only be met by expanding beyond closed communities and taking the business benefits to a global, open community. To accomplish this Ubisecure became an accredited Legal Entity Identifier (LEI) issuer in 2018. The LEI is a verifiable 20-digit code that identifies legal entities in the publicly accessible Global LEI Index. The LEI is globally unique, standardised, and G20 & FSB endorsed – making it the ideal highly assured organisation identifier to enable the representation governance solution. By adding LEI support the platform, our next-generation ‘right to represent’ solution uniquely ties the digital identity of an individual to the organisation’s open community LEI. ‘Sign in with RapidLEI’ to assert LEI-based representation rights Ubisecure issues LEIs through its RapidLEI service. During the LEI registration process, the service establishes who has the right to legally represent the organisation, i.e. a Director. It then establishes that this authoritative individual can define who else should have representation rights, and what those representation rights mean in real terms (i.e. attributes concerning financial transactions, legal authority, delegatory rights, and so on). Essentially any administrative process requiring representation governance can be mandated and digitised. The LEI then becomes the trust anchor, enforcing approved representation assertions and verifications permitted for the individual. As a result, Ubisecure has now become a universal ‘right to represent’ Identity Provider (IdP). Our role is to associate an individual with a legal entity, and then via the ‘Sign in with RapidLEI’ service authenticate and assert their identity and representation attributes to relying parties. The service can be used either via API or by adding a ‘Sign in with RapidLEI’ login button to the workflow. The ‘Sign in with RapidLEI’ is simple to add and is based on the same technology that enables social media logins like ‘Sign in with Apple’ or ‘Log in with Google’. Establishing representation governance using LEIs rather than single use-case identifiers found in closed communities can support an almost endless number of global, interoperable business applications. The use case potential has wide applicability and can stimulate viral adoption of LEI and trust services. The service will improve process efficiency dramatically, enable transactions, and reduce fraud for the enterprise, and provide a secure, privacy-enabled, and convenient solution to employees, contractors and other organisation representatives. Video Demo – enforcing and delegating corporate spending limits Watch the demo video. Get involved with Right to Represent We are actively engaging with application developers and software vendors that can integrate representation governance into their solutions. Ubisecure will preview the ‘Sign in with RapidLEI’ service later this year, to register early interest visit https://rapidlei.com/representation-governance/....
- Evolution of the password: from password to passphrase to Time-based One-Time Password (TOTP)September 4, 2020For a long time, we’ve been trained to use complex passwords, for example including capital letters, numbers and special characters. While this may have been the solution to account security in the past, I’m going to point out some faults in continuing this and a method to help move your service forward into a more secure future. Password policies To ensure good password management, companies are forcing users to renew their password every 3 months or so. This usually results in people reusing older iterations of their passwords or using the month/year in their passwords – i.e. password management practices that are not very secure! Another option is to use a password manager. This will make sure that your passwords are better secured and not that easily accessible. But it’s just another way to write the password down, a current way to game the system and make it easier to access your accounts. The password manager still needs a master password – remember, a hacker only needs to break the weakest link in the chain to get access to everything. A passphrase instead? A better option might be to use a password with many characters (be it letters, numbers or special characters). With longer passwords, even by stapling words after each other to create a sentence, you create a difficult password to decrypt but is easier to remember. This removes the need to write it down somewhere. In fact, this idea isn’t new. NIST suggested an easy to remember long passphrase rather than hard to remember complex password way back in 2017! Have a look at the XKCD comic strip below – it helps to remove all the math jargon and make it easy to understand why a longer passphrase is better. What about Time-based One-time Passwords (TOTP)? While it is better to use long passphrases than complex passwords, there are additional ways to enhance the security of accounts. One of the most common methods is by using a Time-based One-time Password (TOTP). TOTP solutions include physical tokens that rotate six-digit numbers, or as is more popular now, codes sent via SMS or to an authenticator app on your phone. Utilising TOTP will give your accounts a second factor authentication method (2FA). Anyone trying to get access your account not only needs to know your username and password, but also needs to input a time-limited code. The code is issued uniquely to your device which, in practice, means that the person that tries to get unauthorised access to the account either needs to be in possession of the device or get the account owner to give it to them. More and more services are providing TOTP with applications that support the generation of the time-based code. If you use your Google, Microsoft or Apple account to sign onto more and more other services (known as BYOI, bring your own identity), securing this identity will become significantly more important. One of the most downloaded/utilised TOTP authenticator applications is the Google Authenticator. The setup is usually done through a QR code which the user scans on their phone to connect the account ‘secret’ to the device. When this is set up, the application starts generating random 6-digit codes based on the secret and the current timestamp (time of day). The secret is saved on the device remembering the timestamp, which eliminates the need for the device to have internet access to be able to generate the time-based password. Microsoft’s Authenticator and Apple’s two factor authenticators are similar. In conclusion, an easy to remember longer passphrase is more secure than a shorter complex password. Combining 2FA in the form of TOTP will provide another much-needed layer of security. Ubisecure Customer IAM solutions support TOTP. Reach out to us to learn more about TOTP and how your organisation can improve its password security posture....
- Desafíos de la identidad digital en Latinoamérica con Josselyne Abarca, Seguridad América – Podcast Episode 27September 2, 2020https://media.blubrry.com/identitypodcast/p/content.blubrry.com/identitypodcast/LTADI_Josselyne_Abarca_Seguridad_America.mp3 Podcast: Play in new window | Download Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More Let’s talk about digital identity with Josselyne Abarca, Gerente General y socia fundadora de Seguridad América. A note for our English-speaking listeners: this week’s episode is in Spanish, talking about the challenges of digital identity in Latin America with Josselyne Abarca, CEO and founding partner of Seguridad América. “Las empresas y organizaciones están migrando todos sus servicios al ámbito digital y uno de los desafíos con los que se encuentran es certificar o ratificar la identidad de las personas que ingresan en sus sistemas y servicios.” Josselyne Abarca es Gerente General y socia fundadora de Seguridad América. Josselyne se encuentra ligada a la seguridad y autenticación digital desde los tiempos de VeriSign, donde comienza su carrera comercial. Para Josselyne, uno de los mayores retos en América Latina es la necesidad de proveer a los usuarios con una identidad global, robusta, flexible y verificada tanto en el ámbito público como privado para que puedan acceder con total seguridad y confianza a aquellos sistemas más susceptibles de sufrir ataques cibernéticos. Seguridad América es una organización con sede en América Latina con una cartera de soluciones destinadas a ayudar a las organizaciones con requisitos crecientes para la gestión de la seguridad cibernética y permitir a las empresas expandirse de manera eficiente y segura. Su compromiso es facilitar el acceso de la empresa privada y los organismos públicos a soluciones digitales robustas y seguras, así como entregar a sus clientes soluciones flexibles que permitan el fácil ingreso a los portales y manejo de las identidades para que el entorno sea productivo. Seguridad América es partner de Ubisecure y RapidLEI. Puedes leer más sobre asociación aquí. Challenges of digital identity in Latin America with Josselyne Abarca, Seguridad América – Podcast Episode 27 “Companies and organisations are migrating all their services to digital solutions and one of the challenges they face is to certify or verify the identity of the people who access their systems and services.” Josselyne Abarca is General Manager and founding partner of Seguridad América. Josselyne has been involved in digital authentication and security since the days of VeriSign, where she began her business career. For Josselyne, one of the greatest challenges in Latin America is the need to provide users with a global, robust, flexible and verified identity, both in the public and private sector, so that they can access the most susceptible systems with total security and confidence. Seguridad América is a Latin American-based organisation with a portfolio of solutions aimed at helping organisations with increasing requirements for cybersecurity management and enabling businesses to expand efficiently and securely. Its commitment is to facilitate the access of private companies and public organisations to robust and secure digital solutions, as well as to provide its clients with flexible solutions that allow easy access to portals and management of identities. Find Josselyne on LinkedIn. Find out more about Seguridad America at www.seguridadamerica.com. Seguridad America is a Ubisecure and RapidLEI partner. Read more about the partnership here. We’ll be continuing this conversation on LinkedIn and Twitter using #LTADI – join us @ubisecure! ...