The recent Identity Day event brought together experts and thought leaders from across Sweden, to address the evolving challenges in identity management. John Jellema, VP of Product Management at Ubisecure, evoked important themes with his presentation on the complex nature of identity and the need for more robust identity management practices in the ever-changing landscape of work and technology. Watch John’s presentation or read the session highlights below.
Navigating Identity Challenges in Virtual Working Environments:
The session kicked off with a focus on the identity challenges posed by virtual working environments. John posed questions about how these challenges can be audited and how to enable trusted business-to-business interactions. He highlighted the importance of ensuring secure and auditable identity management in our increasingly digital world. John posed the question: “Who am I right now, what am I doing, and what am I representing?” He demonstrated how easily one could impersonate others with similar credentials, emphasising that verifying identity becomes a significant challenge, especially in a virtual environment.
This emphasised the limitations of identity verification – particularly poignant in a room full of identity management professionals. He attested that identity is of low value in such settings, while trust remains high. For example, attendees in the session could see his face and match it to the presenter’s name but had no concrete proof of his true identity. And stressed that this ease of trust does not exist in most online transactions or meetings.
Identity in the Nordics:
Delving into the strong identity systems in the Nordic region, John discussed the Finnish Trust Network as an example, and its high level of security. However, he warned that even in regions with robust identity management, fraud and theft are on the rise globally, highlighting that there is still a challenge in securely identifying and protecting transactions.
Challenges in Identity Management:
Next, John raised critical questions about the trustworthiness of third-party systems and emphasised the need for trust in identity management. Crucially, he underlined the importance of understanding who you’re dealing with in business transactions and the necessity of reliable identity verification to enable this. While this is possible in direct transactions, supply chains and normal business venture often have many sub and sub-sub contractors who are not directly known; raising the question of overall security in B2B environments.
The Future of Identity:
The presentation then touched on the future of identity management, noting the potential of animated or dynamic QR codes and the use of passkeys, and stressing the importance of adopting more secure methods. John predicted that even with animated QR codes and Passkeys, that personal adoption of these new methods was low (even in the audience), therefore focus on NIST compliant passwords (longer is better) coupled with easy-to-use MFA was still essential. The value of B2B Identity Management:
A key takeaway from the presentation is how B2B ID management needs to be as secure and robust as individual ID management.
Whilst strong individual IDs are relatively well-known, such as BankID or the upcoming EU Digital Identity Wallet, organisation IDs are either insufficient or underutilised. Therein lies huge opportunity. As John points out, B2B markets significantly outsize B2C markets. John runs through the reasons why the Legal Entity Identifier (LEI) is the most appropriate choice to realise such opportunities, as a globally recognised, high assured organisational identity.
Off the back of reliable organisation identity, organisational and individual identities can be linked to enable truly trustworthy B2B interactions – as per Ubisecure’s vision for the future of digital identity.
The future of digital identity:
The ability to combine highly assured organisational identities with strongly authenticated individual identities to show who you are, who you represent, and the rights you have to represent them.
Identity Challenges in a Fluid Workplace:
With the shift towards virtual and remote work, the challenges of identifying individuals accurately in virtual meetings is becoming increasingly difficult. Especially with the increasing risk of impersonation through deepfake technology. This raises questions about verifying identity when relying solely on virtual interactions.
John’s presentation at Identity Day 2023 sheds some light on the evolving challenges in identity management, emphasising the need for secure, auditable identity practices in an ever-changing digital world. As technology continues to advance, organisations must address these challenges to maintain trust and security in their operations. The future of identity management will require innovative solutions and a collective effort to stay ahead of emerging threats.
To discuss how we can help with your identity management challenges, get in touch with Ubisecure.