Part of the future of identity series
By Alan Goode, founder and managing director, Goode Intelligence
Goode has 10 years of research and analysis experience with Juniper Research, Market Mettle and Goode Intelligence in addition to 17 years of technology management experience. Good has been head of Information Security at T-Mobile UK, security practice manager at Atos Origin, head of Digital Security at De La Rue Identity Systems and security analyst for Citibank.
In an article that aims to predict the future, one must not be tempted to paint an improbable picture. We may well be travelling around in autonomous hydrogen-powered flying cars someday but that looks unlikely for 2019; it is, after all, only five years away. As someone who earned a Bachelor’s in History, I always believe that we should look back in time to see what the future will give us.
If we cast our minds back five years to 2009 we can see what has changed in a five-year timeframe. The iPhone was two years old and its arrival heralded the start of the smart mobile device revolution where digital services are delivered to a wide range of always-connected devices from a mixture of tightly controlled enterprise or highly agile cloud-based services.
The use of mobile devices for authentication purposes is now commonplace, with smart phones and tablets being used as the prime authenticator for a wide range of services including banking, payment, cloud-based services and the enterprise.
In terms of digital identity for 2009, the consumer space was dominated by passwords and the enterprise was a mixture of passwords and two-factor authentication hardware options – one-time-password tokens or smart cards – where the higher cost of deployment was matched with the associated risk. In the enterprise, digital identity was largely managed internally with limited examples of federated identity.
As a result of the combination of smart mobile devices and cloud-based services, by 2009 we were starting to see evidence of change.
Authentication and identity solutions designed to work within a closed network were missing in this new world of agile IT. We started to see identity solutions leverage the capabilities of the smart phone to democratize stronger two- and multi-factor authentication.
The emergence of SMS-delivered OTPs and soft tokens, where OTPs are generated in a mobile app, was a notable trend in the years from 2009 onwards. This adaptation of existing authentication technology for mobile – both the phone as an authenticator for IT services and for mobile app authentication – may not be ideal but is a necessary compromise until we develop new methods of delivering strong authentication to new platforms.
Now, new authentication and digital identity technology is being developed and is starting to filter through into the mainstream; both for consumer and enterprise users. Today’s emerging authentication technology has a good chance of being widely deployed by 2019.
So what will digital identity look like in 2019?
I believe that there are currently a number of mini-trends in digital identity that are fusing together to form the future of authentication. In 2019, digital identity will have the following characteristics:
Fewer credentials – identity service providers to the rescue
We have too many credentials and credential management has become a major headache. I must have at least 40 unique credentials and that means 40 separate passwords to manage.
This problem is amplified when accessing accounts via a smart mobile device. Passwords and other strong authentication solutions are fine when I have a handful of accounts to manage but are poor in today’s world where I access multiple accounts from many different endpoints.
By 2019, we shall have fewer credentials to manage. Not as a result of fewer accounts, but with the adoption of password management and use of identity service providers offering us a service for credential management and federation.
Authentication standards to assist interoperability and a common experience
The emergence of identity and authentication technology standards including FIDO, SAML and OpenID will enable service providers to deploy interoperable solutions that share a common user experience.
It’s my identity and I choose to assert it here!
Then there’s Bring Your Own Identity (BYOID). This enables users to create identities that can be asserted by their owners with a variety of service providers. Frankly, I can’t really see the situation where we have a single digital identity by 2019.
Merging of consumer and enterprise
Consumer and enterprise IT is rapidly merging and by 2019 the silos that demark our personal and business digital lives will be eroded. To support this trend we need a digital identity architecture that can be trusted and shared across both personal and business sectors.
Mobile and wearable – the emergence of universal authenticators
The use of mobile devices for authentication purposes is now commonplace, with smart phones and tablets being used as the prime authenticator for a wide range of services including banking, payment, cloud-based services and the enterprise. OTP mobile apps and SMS delivery solutions are starting to be replaced by smarter identity solutions that include technology such as biometrics, contextual awareness and behavioural analysis, as well as functions from other security tools including threat intelligence and malware detection.
By 2019, smart mobile identity will be a reality and next generation wearable devices will emerge as universal authenticators.
Smart authenticator- even smarter authentication engine
The link between mobile devices and cloud services is a common attribute of modern IT and digital identity in 2019 will embrace this symbiosis. The mobile device will be used to collect behavioural and personal information to inform backend services that there is very good evidence that the device is in the hands of its authorised user. This information will be processed by risk-based authentication services using the latest machine-learning algorithms to ensure that service providers have a high level of assurance that the authorized user is attempting to perform a particular action.
The building blocks of 2019 digital identity are already here
We already have the building blocks that will create digital identity services for 2019. They are being designed and integrated into next-generation authentication solutions creating a more flexible and natural way of authenticating millions of users and ensuring that cyberspace is safe and easy to enter.