post

What is IDaaS and why do we need it?

How we protect our private data became one of the most important questions. One could argue that this was the case for quite some time. The issue of privacy, freedom, and the degree of state interference with our everyday lives remains the primary topic of discussions, science-fiction novels, and TV shows. The global crisis we are facing is an unprecedented challenge for governments around the world. Challenging times are used to justify and bring about extraordinary government measures like mass surveillance and other forms of infringement on hard-won freedoms and rights. Whatever scenario occurs in the end, it seems nonetheless that many elements of our lives are moving to the digital and online sphere.

During this global pandemic, we saw how many aspects of our lives could be easily moved online. We have already been shopping online for some time now. It seems yet, that education, medicine, work, and even some types of entertainment we could never think of going online actually all can. It will be hard to argue against homeschooling or at least providing a choice and infrastructure for online primary and secondary education very soon. Skyrocketing college tuitions could be drastically lower if there is no need for the campus, dorm rooms, or physical books, etc. It’s nearly a sure bet that many universities will enable entire curriculums to be completed remotely. Telemedicine has been side-lined for some time now, but out of necessity, we could see a rapid expansion of this field of medicine in the near future. Although there certainly are jobs that cannot be done remotely, many people felt the strong appeal of remote work. It seems meetings could have really been an email. Lastly, older generations might find it odd but for the youngest generation, it was normal and immersive enough to attend the first fully digital musical concert by Travis Scott in the game Fortnite, drawing 12 million individuals.

Travis Scott’s performance during the live ‘Fortnite’ event by Epic Games

An essential part of our everyday life, interactions, and transactions that make up all of our activities, in fact, the basis for most, is our identity. Yet, until something bad happens we don’t really pay much attention to the way we identify ourselves. This makes sense since until very recently, the entire world relied on physical presence and documents. However, if we are to move segments of our life to the digital environment two aspects of this process seem essential. Data breaches and identity thefts must become something we hear less and less about, or in other words security and privacy of those massive amounts of data should be indisputable. On the other hand, future digital identification solutions and systems have to be simple and easy to use. Customers don’t want anything other than frictionless solutions. Perhaps our expectations have grown with the science-fiction movies portraying situations in which people don’t need to do anything for doors to magically unlock, cars to identify their owners and payments to be processed using non-invasive DNA scan. It does make sense to develop systems in the direction of fully personalized, non-invasive, seamless, and instant identification.

We have witnessed how in times of crisis, people around the world are clearly a lot more open to solutions that usually raise concerns like biometric and location tracking solutions. Until we get to that high-tech Westworld-like future there are numerous hurdles along the way and questions that need to be addressed.

Caleb and Dolores in ‘Westworld’ season three, episode four: ‘The Mother of Exiles.’

What makes a good ID solution?

Key questions are about data privacy, data ownership, and control, scalability, transition from the current state of affairs, and perhaps most importantly development of the most intuitive solution for the user. Everyone developing any product whatsoever knows that burdensome or difficult to use solutions tramp the noblest motives and achieve nothing. Yet in a survey by Gemalto, in which 41% of users said they declined using 2FA, 71% also stated how they would definitely part ways with a company that experienced a data breach. Talk about a dealbreaker.

In their report “Digital Identification: A key to inclusive growth” from 2019, McKinsey identified four attributes as essential for a “good” digital identity scheme.

  • Verified and authenticated to a high degree of assurance: designed to meet the needs of both the public and private sectors.
  • Unique: “an individual has only one identity within a system, and every system identity corresponds to only one individual”
  • Established with individual consent: customers and users knowingly opt-in to use the digital ID and always have the knowledge of which private data is used and for what purpose.
  • Protects user privacy and ensures control over personal data: security of private user data is of the utmost importance, but the other important aspect also is giving the ownership and control over who can access their data to users.

In their “Rediscovering Your Identity” report Deloitte also identifies attributes that would define successful digital identity schemes:

  • Safe — guarantees security, privacy, and compliance
  • Flexible — works across multiple platforms (on-premise and cloud), systems, and devices
  • Agile — can quickly adapt to changing end-user needs, new applications, and IT requirements
  • Scalable — can conform to different business needs and the possible surge of users during for example acquisitions
  • Open — built to accommodate different types of users and not only consumers but employees, contractors, etc.
  • Private — gives users control over their private information and knowledge of how it is used
  • Frictionless — provides a seamless and simple experience for both users and administrators
  • Resilient — built to overcome potential tech disruptions or cyber threats both on-premise and in the cloud.

Boston Consulting Group suggests five “pillars” of a robust identity solution. Their primary take is that any such solution should be built around actual customer behavior. This is what is meant when there’s an emphasis to develop a frictionless and seamless solution. As with every other digital solution, the essential element is its usability.

“Digital identity is a fast-moving space in which technologies, data, rules, and preferences are in constant flux. But one thing is certain: the most successful solutions will provide a user experience that’s tailored to how consumers are actually likely to behave. For providers, that means designing solutions with the consumer’s perspective — and preferences — always top of mind. It also means utilizing data, technological capabilities, and processes in a holistic way, investing in and applying the mix that simplifies yet enhances authentication. This kind of seamless, secure identity solution will be a boon for consumers and businesses — and a bane for fraud.”

What is IDaaS?

Cloud computing has been around for some time now. Today the technology is used for everything from email, storage to entertainment. Google Drive, Facebook, and Netflix are all cloud solutions. Gaming is also moving to the cloud. The approach offers many advantages, like a higher degree of security, flexibility, cost savings, and mobility, to name a few. Why not move Identity and Access Management (IAM) services to the cloud as well and how come that isn’t already the case? If we continue shifting large parts of our lives online, the necessary prerequisite to securely establish the way we identify ourselves should be there on the firm ground. There is now a growing number of companies working on this goal, as providing digital solutions as a cloud service offers various advantages over traditional approaches.

IDaaS is an acronym for Identity-as-a-Service, and it refers to identity and access management services that are offered through the cloud or SaaS (software-as-a-service) on a subscription basis. Service and infrastructure for it are built, hosted, and managed by a third-party service provider. Before cloud services, the focus was primarily on perimeter security and keeping the bad players with the help of passwords, firewalls, and VPNs. Moving to a subscription and service-based economy built on cloud technologies the essential difference in approach was in mobility and accessibility. From that moment all of our favorite music, videos, tv shows, ebooks, and games could be accessed from anywhere and from any device with the right credentials.

The Cloud era brought about two things. Data storage and processing infrastructure had to become decentralized raising new concerns regarding data security and in turn regulation of data privacy. IDaaS addresses these very concerns. Instead of dealing with data security and regulatory compliance, it relieves organizations of these concerns to focus and work on their key business competencies and products. IDaaS providers in turn deal primarily with these very issues, relying on expertise, skills, and experience developed in a niche area of security and identity.

IDaaS brings several key new functionalities to organizations that opt for third-party solutions:

  • Multi-factor authentication (MFA): Username and password turned out to be inadequate in securing ever-increasing amounts of data with breaches happening every now and then. It also occurred that it’s becoming a daunting task for users to maintain hundreds of credentials. Instead, stronger protection which provides users with a choice of combination criteria is necessary to protect sensitive information while restoring users’ trust. In order to verify the identity of users MFA relies on different combinations of:
  • Something that the user knows — a password or a pin
  • Something that the user has — a smart device
  • Something that the user is — a unique representation of a person’s identity such as a fingerprint, facial, or retina scan.

For securing data and providing users with more seamless access, biometrics are the necessary element. Alongside creating another layer of security, biometric authentication is definitely far more simple and intuitive to use for the end-user.

  • Single-Sign-On (SSO): It allows users to sign only once to a number of products or services offered by an organization without repeating the login process. In addition, in the case of a network of businesses in some federated identity management scheme or a consortium, customers can rely on any of the offered services.
  • Access management and control: Enables assigning access privileges to digital identities depending on attributes, roles, and responsibilities. It also provides users with a consent mechanism to decide on assigning or revoking access to their digital identity or particular information.
  • Identity management: Keeping track of users and access privileges as well as private information associated with a particular user. It provides organizations with information on customers and collected private data.
  • Monitoring, Auditing, and Reporting: Provides organizations with knowledge of how resources are being used, whether there were unauthorized attempts to access, report on patterns, and create intelligence reports about their user base.

IDaaS also provides organizations with business benefits:

  • Responsibility outsourcing — businesses can rely on expert IDaaS providers to deal with private data storage and security in turn providing businesses with more time to focus on their products and services.
  • Creation and deployment of new services — instead of dealing with numerous questions and issues regarding customer’s accounts and data upon the launch of some new service, the businesses can connect them as well to the IDaaS platform. This can drastically speed up time to market new services while reducing risk.
  • Regulatory compliance — in the same way, they outsource responsibility for storage and security, they can leave their regulatory compliance worries to experts focusing on these matters as part of their product.
  • Creating partnership services or loyalty programs — it’s not only easier but actually possible to bundle different services together or extend SSO capability to partner services which would be nearly impossible with legacy systems.
  • Faster implementation — since IDaaS is a cloud-provided service, infrastructure, and software updating concerns are left to the provider. In the same manner, the service is available as soon as the initial setup is done and implementation requires creating a new instance and configuring particular business rules.
  • Increase security — most of the IDaaS solutions rely on end-to-end encryption while also providing MFA or SSO functionalities. Data security is in turn improved on both the business and user interface.
  • Lower costs with various subscription models — instead of a licensing deal, pay-per-user schemes can provide businesses with greater control over their costs. It can eliminate any upfront costs which can be very high in the case of legacy IAM software.

At Blinking, we’ve been focusing on developing identity and access management solutions by relying on the benefits of blockchain technology. This approach enabled us to create a platform that can facilitate the creation of various identity management schemes depending on the business needs ranging from internal, federated, private, and public ones. Our product architecture built on privacy-by-design and security-by-design principles address all of the attributes of the aforementioned expert consultancy companies. We go step further in enabling a new generation of IDaaS solutions that rely on a unique way that digital identity is handled, combining multi-factor authentication with a secured portfolio of certified personal documents issued by trusted parties (e.g. government, bank, insurance, hospital,…). The system fully protects the privacy of users. Implementation of biometric authentication is realized in a unique way since users control their biometric data while services or businesses do not have access to it, but raise a challenge to check and access the users’ identity. The primary benefit of the fact that the system relies on blockchain technology is that biometric algorithms are run on the blockchain network, using smart contracts and executed by multiple network members, which increases the degree of trust, transparency, and outcome of the authentication. Additionally, since each authentication represents a transaction on the network, it is permanently stored on the blockchain and immutable. Our MFA, SSO, KYC, and Digital onboarding solutions all utilize our unique approach to digital identity and the way sensitive, private information is handled.

Businesses can tailor their user experience according to specific needs. There is no more a single way of verifying user identity while organizations can open new services on the go, instantly with just a few clicks.

Podeli: