Let’s talk about digital identity with Simon Wood, CEO of Ubisecure.

In episode 2, Oscar interviews Simon Wood about his passion for digital identity and touches on some of the ways that Ubisecure is tackling challenges in the industry.

Also hear about Right to Represent [previously ‘Right to X’] – the brand new, pioneering Ubisecure service enabling advanced delegation between all combinations of individuals and organisations – and its value for organisations. Read more about Right to Represent here – www.ubisecure.com/right-to-represent/.

[Scroll down for transcript]

“Right to X is an evolution of where Ubisecure has come from and is going to over the last 10 years. At one level, it’s not new at all. At another level, it’s groundbreakingly new.”

Simon WoodAs Group CEO at Ubisecure, Simon is responsible for planning, communicating and delivering Ubisecure’s overall vision and corporate strategy to enable the true potential of digital business through modern identity management solutions. 

Simon is a dedicated and uncompromising technology business leader, grounded in sophisticated high performance solutions. Previously, at GlobalSign, Simon led the strategic and technical growth of the company and during his tenure has overseen, from inception, the transition to high volume operations, providing world record performance, both technically and commercially.

At QuantumWave Capital Simon led the Venture Building practice, engaging, signing and working with deep technology early stage companies, preparing them for exit to large acquirers. Responsible for top-line performance Simon transformed the engagement model delivering a stable pipeline with predictable recurring revenue.

Prior to this Simon held a number of development leadership roles for software companies specialising in high-performance, real-time communications capture, analysis, and distribution, including highly secure military radio, aircraft black box analysis, Formula 1 telemetry and ECU management systems.

Simon graduated with a Bachelor of Engineering in Electronic Engineering from Southampton University. He holds multiple patents in the field of mobile internet software systems design. 

Find Simon on LinkedIn.

Ubisecure provides feature rich customer identity management software and services. The company provides a powerful Identity Platform and Identity Cloud to connect customer and citizen digital identities with customer-facing applications. The platform consists of productised Customer Identity & Access (CIAM) middleware and API tooling to enable single digital identity benefits across multiple applications. Features include single sign-on (SSO), multifactor authentication (MFA), authorisation workflows, user identity management, and pre-established connections to dozens of third-party identity providers (social, mobile, and verified).

Find out more about Ubisecure at www.ubisecure.com.

We’ll be continuing this conversation on LinkedIn and Twitter using #LTADI – join us @ubisecure!

Go to our YouTube to watch the video transcript for this episode.

Let's Talk About Digital Identity
Let's Talk About Digital Identity

The podcast connecting identity and business. Each episode features an in-depth conversation with an identity management leader, focusing on industry hot topics and stories. Join Oscar Santolalla and his special guests as they discuss what’s current and what’s next for digital identity. Produced by Ubisecure.


[Podcast transcript]

Let’s talk about digital identity. The podcast connecting identity and business. I am your host, Oscar Santolalla.

Oscar Santolalla: Hello and thanks for listening. If you’re asking yourself what Ubisecure is doing nowadays, well, today we’ll know more about that, with some insights from Ubisecure in house. And for that we will have Ubisecure CEO, Simon Wood, to talk about what are the challenges that our customers have and how, with our innovations, are having solutions for these challenges. As Group CEO, Simon Wood is responsible for planning, communicating, and delivering Ubisecure’s overall vision and corporate strategy to enable the true potential of digital business through modern identity management solutions. Prior to joining Ubisecure, Simon was the CTO at GMO GlobalSign, a leading global certification authority, where he led the technical and strategic growth of the company.

Simon has also held executive positions at QuantumWave Capital, where he led the venture building practice, T@lecom, an enterprise mobile security/mobile software company, Artilium PLC, the mobile virtual network enabler, and flyingSPARK, a mobile applications company. Simon graduated with a Bachelor of Engineering in Electronic Engineering from Southampton University. He holds multiple patents in the field of mobile internet software systems design.

Hello, Simon.

Simon Wood: Hi, Oscar. Great to be here. Thank you.

Oscar: Great talking with you, Simon. And yeah, it’s a pleasure talking with the CEO of Ubisecure now that we are doing this podcast. So let’s get started Simon, let’s talk about digital identity. And it seems that you spent many years in a mobile business, which I know from your bio. So when did it happen and how did it happen that you came into this field of digital identity.

Simon: Sure. So, if we step right back, when you look in the broader sense, digital identity is everything that you do typically. If you’re interacting with software systems – doesn’t matter what they are – you have an identity to make that interaction work. What we look at now is identity and access management as a particular subset of that digital identity. But I would say that since I started my career, I originally started in battlefield communications after graduating from university- that was all about identity of units on a battlefield, through to the telco work, mobile applications work, you have to understand the identity of the users on the platform, the devices, it’s always been there. At GMO GlobalSign, it was all about crypto identity, so digital certificates, organisational verification there from an understanding point of view. And then through to Ubisecure, where we’re very much focused on identity and access management, specifically on users and organisations and understanding how those identities can enable frictionless business, give business savings and benefits.

Oscar: So true that. You mentioned battlefield mobile network, virtual network operators and mobile software. So it’s everywhere, digital identity.

Simon: Absolutely, you can’t escape from digital identity. And that’s been true for 30, 40, 50 years now, since we’ve had computing devices. Since we’ve had electronically enabled software, enabled transactions, we’ve had digital identity. Originally it wasn’t really considered, it wasn’t at the forefront of the design and of the thought processes. And we saw some of the security issues from that previously. We’re still seeing some of those today in IoT examples, you know, right now, where people are focusing on the feature functionality of what they’re delivering rather than the broader architecture, we’re still seeing some of those security issues.

Digital identity is a core part of stopping that – you can’t have security without identity. You can’t secure a battlefield communication, you can’t secure your bank transaction, you can’t log into a website securely without identity. And it doesn’t matter if it’s your identity, or Facebook’s identity – as an organisation one of those needs to be securely known to have a well-known and well understood- to have a secure transaction.

Oscar: Yes, identity has been everywhere since we’ve been connected, let’s say since the internet took off. So what are today, in your own opinion, the biggest challenges in digital identity?

Simon: Yes. So, taking a Ubisecure perspective on that, I mean there are many challenges and you can look at this from different angles in a different way. And thinking about this, there are two key ones that I’d bring forward right now.

So first of all, a very big challenge that we see right now from an IAM perspective, from a usable identity perspective, is regional fragmentation. So that doesn’t matter if we’re looking cross border, so differences between, let’s take a great example- We’re sitting here in Finland right now, Finland has a very advanced digital economy, bank ID is prevalent, you can access down to a social security number and have highly assured identities through that social security number. And it’s the norm, it’s standard, people here are used to logging on using their bank ID to do that, you get a great understanding of who you’re transacting with, which means you can take a lot of those transactions online very securely, and bring down the risk of doing that. Very straightforward.

I live in the UK. In the UK, we have very little digital identity. As a nation, we kind of don’t like the idea of a national identity, we’ve had several votes, several discussions, we’ve never got to a national identity. So I see that contrast first hand where in the UK, there is no consistent, prevalent digital identity that you can use to secure transactions. Everything is separate, is different. So there’s lots of pools of small identities there on a case by case basis. Compared to Finland, people are used to using one identity, their bank ID, maybe the national ID. National IDs always tend to be a bit clunky, a bit card based/hardware base. But bank IDs work really well. So those differences, that’s a big challenge when you look cross border. But also, in country having that separation. So again, UK is a great example, as I mentioned, there’s lots of small pools of different sets of identity.

And that then becomes a large identity management issue for the end user. So if I think about all of the sites that I visit, generally, how many sites have you got a different username and password for? Maybe the username is always your email address and maybe that’s consistent, but hopefully your password is always different.

Oscar: We should be.

Simon: Okay, we should be in a time now, where we’re all using different passwords for different sites. But how many have you got? 10, 20, 30, 40, 50, 100? Many. Yeah, so for each site, and as disparate collections. If you look at where digital identity is available and possible, at a consistent national level, like bank ID, you don’t need that disparate set of identities, you can just use that one. And that simplifies things a lot. So, there’s a simplification there. But the challenge is that that variance, as we look across Europe, globally, there are different regional variants in what’s available as a consistent digital identity. So that’s one key challenge that we have, from a Ubisecure point of view, we embrace that challenge. We enable those small pools to be collated together, we can broker between them. And we can provide access in Finland or other countries to that strong bank ID/national ID. But that’s still a challenge for developers when they’re building their platforms – how do they solve that? How do they get access to that? How do they make that work efficiently? So that’s, a typical case of one of the one of the challenges that we have there.

The second one that I wanted to bring forward- And again, I touched on security issues, previously, when we’re talking about digital identity. When people are looking at implementing identity management, there’s always this ‘build versus buy’ decision to make. Do you build it or do you buy it? If you step that up a level and say, okay, we’re an organisation who specialised in X, it doesn’t matter if it’s insurance, selling cars, doing forestry work, it doesn’t matter. As that organisation, you are unlikely to go out and build the table for your software developers to work on, you’re unlikely to go and design the computer at the motherboard level that your software developers will use. But we still see many people designing identity control systems in their software. They don’t design the table, they don’t build the table they use, they don’t build the laptop that they used to code on. But they are still building things that are available as standard by experts in the field.

And one of the challenges we see right now is sure you may be able to invest some of your software resource in delivering a small section of identity management for your organisation. But it’s not your core business. It’s not where your IP lies. Why not outsource that focus on where your IP is? And the risk side – and that’s where the challenge comes on the risk side is – identity is complex, look at the broad array of standards that are out there, look at the depth of the standards that exists around that. They are complex standards to work with from an implementation level point of view. So don’t build that. Buy that in, take that in. At one level, take it from someone, doesn’t have to be Ubisecure, take it from somewhere. But pull that in, focus your effort on your unique- and pull that in and don’t take those risks. Don’t expose yourself to those challenges. And what’s there.

Oscar: It shows how underestimated the implementation of digital identity is.

Simon: Yeah, so it’s easy to underestimate not only the implementation, but the ongoing maintenance. That’s time that you could be spending on your core capability.

Oscar: So you have two main challenges.

Simon: Yeah. I mean, we could probably list many, but I thought those were kind of two material key ones to bring forward at this point.

Oscar: Fragmentation, that’s correct, across countries and inside countries as well. Build versus buy. Okay, I also recently noticed that you have been writing about a new concept, at least to me a new concept. It’s called Right to X. So I would like to hear from you more about that.

Simon: Absolutely. So taking a very simple view, from my point of view, Right to X is an evolution of where Ubisecure has come from and is going to over the last 10 years. At one level, it’s not new at all. At another level, it’s groundbreakingly new. So it depends on the perspective that you choose to look at it. Very simply expressed, it’s the online ability to assert your right to do something, at its highest, simplest abstraction, your ability to say, I’m this person, and I have these rights to do this. Now, on that simple definition that exists already. That could be the definition of a SAML assertion, that could be the definition of an authorization response. Where this gets more complex and starts to differentiate is around who that is being applied to.

So traditionally, when you look at identity solutions, they focused very much on the individual. So today, the majority of identities that we deal with are individual identities. So I’m here talking to you, you’re talking to me, we’re talking to each other as individuals. When we interact, when we look at systems that we can log into, we log into the systems as our sort of digital identity versions of us, however you want to phrase that. When you interact on the web, at scale, you’re interacting as you with some endpoint. Now, if you actually step back and look at any particular transaction, and you have identities in that transaction, what’s the value of those identities? The value of those identities is actually quite low for an individual. The proof point of that? Go and stand in the middle of a desert island where you’re the only person – you have the same identity, what’s the value? It’s zero, because there’s no one to interact with – the value only comes from the interaction that you have. So you need the interaction to frame the value. The value actually comes from the transaction between those two identities, that’s where the value comes from. The identity enables that transaction to happen, or enables it to happen securely, lowers risk, whichever viewpoint you want to take on that. So the identity enables the transaction to happen. And that’s where the value comes from.

Look at that transaction in a bit more detail. When you do anything online, almost anything online, you will be finding that it’s you interacting with an organisation, so you will buy something from Amazon, you will take something to the post office, you’ll book a parcel with the post office to be collected. The transaction is almost always between an individual and an organisation. But what’s the organisation identity? How do you know who you’re interacting with? How does that- where does that come from? Today – and you know, this kind of ties in with the work at GMO GlobalSign. Today, that identity, at one level, that comes from the certificate that you maybe see, maybe notice, maybe understand what a green bar means. And I’m not sure my mum knows what a green bar means, however long it’s been there. So is that a valid identity? I don’t know. But you can see that it’s a secure site. So you say okay, I will trust British Airways to book a flight ticket. And I’m interacting with British Airways. But if you look more generally, in the identity world, look at all the platforms that are out there, it’s focused on the individual, not on the organisation.

Right to X becomes much richer, when you understand that the identities that Right to X deals with can be either individual or organisation seamlessly. So it can be either of those, that becomes even more important when you start looking at delegated rights. So this is not the rights that you inherently have. This is rights that you’ve been given. And then who’s the you? Is you, Oscar, or is you Ubisecure? And if it’s Ubisecure, and you don’t have an organisation identity, how can you possibly delegate rights to a company? But actually, that’s what you do all the time. I’ll come back to this example time and time again, because it’s very concrete, very firm. It’s something that we’ve been doing for the last 10 years but think about a tax return. Maybe you use an accountant to help you with your tax return. And you might work with Fred, whatever his name is at the accountants to do that tax return on your behalf. You’re actually empowering that company to submit your tax return. Fred’s doing the work, but whoever that accounting firm may be, pick anyone you like, it’s that company that’s submitting the return. And it’s that company that provides insurance against anything they do wrong. It’s not Fred that will be insured, it’s the company. So being able to delegate to a company is actually what happens. That’s actually what you’re doing. How do you do that online without you having to delegate to Fred? That’s what Right to X solves.

That’s the problem that it solves. It allows you to seamlessly work between individual and organisational identity. So that’s the starting point. There are many layers of complexity behind that. So where has this come from? Last year, almost exactly a year ago, Ubisecure was accredited as a local operating unit. A local operating unit is an entity that has been audited, vetted, checked, to enable them to work at a level where they are allowed to provide legal entity identifiers. A legal entity identifier is a global standard. It is a reference number that ties back to a set of information held by an organisation called the GLEIF, they look after what’s called the ‘golden copy’. And it allows you to uniquely identify any organisation who has an LEI. Any organisation can apply for an LEI, some organisations have to have LEIs. And it depends upon the domain you work in.

Oscar: Where’s adoption right now?

Simon: The adoption of LEIs is today, in terms of percentage of organisations, reasonably low. So there is something like 1.5 million LEIs issued today. We’re seeing incremental regulations driving more and more companies to have an LEI. But we’re also seeing more and more use cases where you get additional business benefit from having an LEI. So we’re seeing an exponential increase in the uptake. And certainly, from our perspective as an LOU issuing these LEIs, we’re very much seeing an exponential ramp up rate of the issuance of those. So at some point in the future, there may be you know, 50, 60, 70, 80, 90% coverage of organisations with LEIs. That’s low today but growing.

That LEI ties back to a highly assured definition of who that organisation is, so a vetted address, a vetted director or someone who is authorised to request for that company. And that is the basis for the Right to X proposition – that record. So we now have, through issuing an LEI, we have a very precise definition of who the organisation is. And we have a vetted person who is empowered to request for that organisation. Through additional vetting levels, we can understand that they are empowered to represent for that organisation. And at that point, that user can now delegate that representation power in any different form to anybody they choose, using the Right to X platform.

The Right to X platform, at one level, it’s something we’ve been doing for a long time. The Finnish tax authority have been running it for the last 10 years in a different guise, but doing the same thing, allowing organisations to delegate to organisations to people, people to delegate to organisations and people to delegate to people. So it’s a two by two matrix that’s built up from that, with individuals and organisations on the top and individuals and organisations down the side, you can do any of those four possibilities. That allows that business process to be taken online. Now, in that scenario, we don’t have the LEIs behind it because the LEI is a new addition to what we’re doing. And that builds out the value of Right to X as a generic platform. In that scenario, the organisational identity is defined by essentially the tax office here in Finland. So it’s a closed definition. It’s not a public open definition, and that limits the usability. But with the new Right to X platform, based on LEIs as the organisational identifier, and that’s what’s new. So what’s new? LEIs as the organisation identifier. Based on that, that gives us the benefit to take that online business process, the delegation from individual to organisation to organisation to individual in a seamless fashion, and truly enable those business processes.

Oscar: Yeah, the example of the Finnish tax administration is an excellent example. That it’s like regeneration of Right to X without the LEIs, as you mentioned. And what are the types of organisation that would benefit the most with Right to X today?

Simon: Yeah, so it really is a horizontal application in that sense. any organisation which has online processes, either for internal or external, ideally spanning those, will get benefit from the Right to X proposition. We’ve described the government example with tax and so on, but you can see that fitting into healthcare. So also Work and Pensions type of scenarios where a family member needs to claim disability allowance for another family member who can’t get to do the claim or to process that or is incapacitated somehow, so they can delegate those rights. And think of it kind of like an electronic power of attorney looking across individuals and organisations. Anyone who’s using that would benefit from that kind of capability, can benefit from this.

We have active use cases in energy right now. So sharing information to electricity bills or energy usage and consumptions for example, finance. So again, that could be the tax example. But also, for example, here in Finland, there are loan management applications for funding, and our platform is powering that, so that’s a great finance example there. And then mobile – the mobile example that we have active right now is really quite interesting. They’re using it to model families. So although we talk about organisations, at one level of these highly assured legal entities, an organisation actually spans a continuum of assurance and formality, if you like. So you can have a very informal organisation – it could be a collection of friends, it could be a group, it could even be a social group, that’s still an organisation. It could be a family unit, it could be a small co-operative, something like a set of tenants in a housing block, for example, or, you know, it could be a public company listed on the stock exchange. So all of those are organisations. The legal entities side of that, the limited companies/the publicly traded companies, that’s where the transactional value lies, the high value transaction. But there is a large amount of benefit for these smaller organisations. And the mobile use case is exactly one of these smaller organisations where we’re looking at family units, simply sharing minutes, texts, data allowances between family members, so you’re basically giving someone a right to use your mobile package.

So yeah it’s a very broad set of use cases. I guess the other significant use case there that we kind of have to touch on is KYC – Know Your Customer. So at the point that we have an assured organisation, through LEI, where we have an assured individual as well, in somewhere like Finland, that’s easy, we get them to log on with bank ID, we understand who you are straightaway. In somewhere like the UK that’s slightly more complex, and we need to go through vetting processes and so on to understand the individual. We can take that collection of information and that looks like a KYC record to some degree. And that can be used to simplify KYC processes. Now, your thoughts immediately turned to banking, banking has very strict requirements on KYC – more strict requirements on liability and the inability to outsource that liability. So there are some restrictions on the banking side of that. But on the next tier down, so SIM card subscription signing up for any kind of rental service, any of those sorts of areas, this works perfectly, and could offload a lot of that KYC processing straightaway.

Oscar: Definitely, quite many examples as you said then. It goes beyond the organisation, when you first think about organisations like a tax administration office, big corporations., but then you have given an example that’s just families, now cooperatives, a house, people living in a house, so this definitely unleashes many possibilities. What would you say is the main business value of Right to X?

Simon: The business value actually comes from the transaction that this enables. So as I said earlier, identity itself, of course, you can assign a value to identity. But in and of itself, I personally think that identity has a very low value, that identity enables a transaction- that interaction. And that interaction is where the value comes from.

So if we take some real live use cases a moment to talk about the value of doing this. So let’s go back to that tax example. Right now, using public published data from the Finnish government, having that system in place is saving them between six and ten euros per transaction. Okay, so that is a large saving on each individual transaction that takes place. And if you think about the scale of what those transactions could be, Finland is about five and a half million people, let’s say three and a half million of those have to interact with the tax authority. These are approximate numbers. So let’s say three and a half million interact, and they’re saving six to 10 euros per transaction. Those people are going to interact probably once a year, and in an advanced digital economy many more times a year in that sense. So you’re immediately talking about, you know, on the scale of three and a half million people, savings of 50 million, 100 million euros a year, through those interactions, maybe even more. You take that to a much larger country, so the UK, which is 10 times the population, it should be about 10 times the saving on that same basis. Take it to the US where it’s getting on for 75 times the population, those numbers start to get very large, you start to talk about, logically, trillions of dollars of savings worldwide from simplifying those transactions, enabling those transactions. Of course, those aren’t real numbers. We need real concrete numbers and that six to 10 euros is a measured public figure that’s there. The mobile example, that’s been benchmarked at about a million euros a year to the business for having that capability.

Oscar: That’s a lot. A lot of savings and a lot of business value, of course. And why do you think this hasn’t been- nobody came up with this idea? Or is it because of the LEI is something recent or?

Simon: Yeah, as we touched on a few moments ago. At one level, this isn’t new, we’ve been delegating between individuals and organisations for the last 10 years. What’s changed is the ability to have a highly assured organisation. And when you have that high assurance, then insurance risk goes down. So it makes it more viable in more places. So it’s exactly bringing on the LEI, the availability of the LEI to give us a highly assured organisation identity and coupling that in alongside a either strongly authenticated individual – so we know it’s the same person again, but we don’t know anything about the individual – or a highly assured individual – we know it’s you, based on social security number, passport, driving licence, whatever techniques might be behind that, that’s kind of secondary to this – bringing in that high assurance of the organisation is why this is making a difference right now. So that is the change at this point in time.

Oscar: You’ve mentioned Finland as an example. So you can also project a bit how the numbers would grow if seen in the US. In which countries today, do you think this would work well today?

Simon: Sure. So countries that have a digital identity already, will get the best value from this immediately. So if you look at you know, Nordics, Baltics, where there’s a very strong digital identity framework in place, then it’s much easier for rapid adoption, for rapid return from those areas. If we look at- take UK as a, I don’t want to call it a counter example, but kind of a harder case, you don’t have highly assured individual identity as an easily accessible point within the UK. Highly assured individual identity can exist in fragmented pools and does exist in fragmented pools. There’s a lot of work going on right now, through various separate government projects we’ve had Verify – Verify is changing right now. We see HMRC, DWP, and various government organisations creating their own identity pools at the moment, we’ve got Government Gateway.

So there’s all these different bits and pieces, many of them are not accessible outside of government. So we’ve got these different pools that could be used that are inaccessible right now, but there are fragmented small pools. And those fragmented pools would work but, of course, when you’re trying to bring on a business process, it has to be consumable by anyone that that process might touch. So you can make it work inside your current context -so I might be able to assure your identity for the sake of transaction that we want, even though you can’t present me a digital credential, which is high assurance in its own right. A parallel example is the way that most organisations who do email signing with certificates do that. The organisation is vetted by the certificate authority and then the organisation is empowered to say this employee can have one, this employee can have one, this employee can have one, and it’s constrained by the domain name of the email, for example. So within that context, that’s not a globally strong, highly assured identity, but it’s highly assured within that use case. Because that organisation has said yes, that’s someone that I know, and I will kind of vouch for them on that basis. So you can make it work in the smaller pools. But the greater returns the immediate fit is where there is an existing highly assured individual, the LEI brings a highly assured organisation and the two couple together at that point.

Oscar: And is this concept we’re building in Ubisecure is based on standards?

Simon: Absolutely. So standards are critically important to what we do. Standards are critically important to any IAM player. So we all have to implement the basic standards, we have to interoperate. If you can’t interoperate, there can be no transaction, so value falls apart at that point. So standards are fundamentally important.

We have a number of guys within the team who while maybe not dedicated to working with standards and tracking standards, it’s certainly a key part of what they do. And within our platform, standards are a fundamental part of where we invest engineering resource and development time. A side example recently, we’ve launched the CIBA – Client Initiated Backchannel Authentication, add-on to the specifications. So we’re now live with that, we have that deployed at a large customer and we’re tracking real time evolution. That’s now an approved standard, essentially. So that’s out there. It is very important to us. The whole RtX platform sits on top of our standard identity server. So it leverages all those standards and it’s normal interaction with any external party.

Oscar: So the one who wants to implement this will be facing OpenID Connect, this kind of stuff.

Simon: Yeah, indeed.

Oscar: Now that we have talked about Right to X, it is a very interesting concept and sounds like it’s going to take off, not only in the countries that we mentioned, but beyond that, could you leave us with a tip that we can use, beyond organisations or businesses/companies, for the individual, something that we can use to improve, to protect our digital identity.

Simon: So, ironically, digital identities are there to make things easier. That should be the purpose of a digital identity – to make it easier, simpler, quicker, less friction, that makes it quick and simple and easy. That makes it very easy just to click the button, as your password manager auto fills in your credentials or whatever it might be.

The thing that I would say to anybody is ‘stop’. Think about where your credentials are being entered. Who are you giving them to? So it may be a whole bunch of stars appearing in the password box so it’s nice and protected. It’s over an SSL link, who’s at the other end of that? What are they doing with that? So just, yes, it makes it quick. Yes, it makes it easy. And it’s that quick and easy that causes some of the challenges that we see today with, you know, phishing attacks and security breaches and so on.

Technology is getting really good. Technology is never infallible, but it’s getting much harder to breach the technology. It’s getting much easier to breach the people right now. So targeting the individuals, phishing attacks, whatever it might be – much easier to get to the individual. So just when you’re going to use your digital ID, just take an extra second to think who you’re using it with. Are you using it with the right person? And does it really look like they’re the right person? Because it may look like a PayPal website – is it the PayPal website? Are you in the right place? So just take one extra second before you hit that log on button with your credential sitting there or before you present those credentials? Yeah,

Oscar: Or the pay button? Yes. Ok, that’s a very good, very good habit I would say. Take one extra second to check.

Simon: Just double think. Is that right? Okay. Yeah, it’s the right site, it’s the right place. This is good. Let’s go.

Oscar: Excellent take away from that. Thanks a lot Simon for this interview. I would like to hear how people can find you personally, Simon Wood, how can you be found on the net?

Simon: So yeah, so you can find me on LinkedIn on Twitter, all of the contact details, you should be able to get straight off the Ubisecure website. So I think we’re quite open on there about where everything is. So yeah, absolutely. I’d love to hear from any feedback from this or any questions people have got – very happy to take those and try and get some answers back to you.

Oscar: Okay, well, great talking with you, Simon.

Simon: Cheers. Thank you very much.

Thanks for listening. Let’s Talk About Digital Identity is produced by Ubisecure. Be sure to subscribe and visit ubisecure.com/podcast to join the conversation and access the show notes. You can also follow us on Twitter @ubisecure or find us on LinkedIn. Until next time.

[End of transcript]