In five questions or less, an industry expert defines and explains a technology, term or trend – with this installment seeing Mark McClain, CEO and Founder at SailPoint, tackle digital identity.
CBR: What makes a digital identity?
MM: A digital identity is how a user is identified within an enterprise’s systems, and as a result, how users access those systems. The digital identity is the only thing that ties the user to his or her access within an enterprise across all systems and all entry points, both on-premises and in the cloud. In essence, the digital identity answers the question “who has access to what” and “what can be done with that access.
CBR: How has digital identity evolved?
MM: As technology evolves, the digital identity continues to evolve with it. Employees used to perform their tasks at the place of business, safely behind corporate firewalls and physical security measures. Today’s employees work both in-office and remotely, accessing mission critical data on-premises and in the cloud through a variety of devices. The traditional network perimeter is disappearing, making digital identities a key point of exposure for organisations. We’ve seen this play out in the increasing number of data breaches that focus on the insider threat through phishing and other social engineering methods.
CBR: What are the flaws or risks associated with your digital identity?
MM: As the hybrid IT landscape continues to evolve, hackers are advancing their strategies, focusing on the human attack vector through digital identities. Because these identities provide access to the enterprise’s systems, they are the “keys to the kingdom.” Even one identity being compromised can cost an organisation millions in damages. In order for organisations to be protected from insider threats tied to digital identities, they must secure these identities by adopting a user-centric approach to security.
CBR: Will the UK digital identity change post-Brexit?
MM: While the separation from the EU may impact how the UK views policy implementation from a PII and digital identity perspective, we don’t believe it will fundamentally change how UK laws will be designed to promote security and privacy of user data. In order to foster a close relationship with EU countries, the UK will have to model any new laws closely to those of the EU or face challenges in promoting digital commerce and trade.