It is difficult to trust a company you can not see, the financial institute you never visit, or the online contact you have never met. It is even more difficult to protect, and leverage, your assets now that they have shifted from the physical world to the internet that is always on. The Internet of Things promise is predicated on the free flow of data/information across global networks and there is a growing awareness that these efforts could stall unless we can find a way to strike a balance between data protection, privacy and security, and address what some are calling the emerging ‘digital trust’. Trust is essential for successful digital transformation.
Digital technology is continuously integrated, improved and updated in the workplace—whether it’s integrating virtual reality headsets or something as simple as data storage or teleconferencing. That means changes throughout all levels of an organisation. Thus, digital transformation is never truly finished.
Risk-based access depends on the context
In the past, the context of a transaction between a computer and a user was been based on a set of implicit rules. But this no longer apply. In a world where the user can access services from multiple devices, from multiple locations anywhere around the world, the context is changing.
How can you ensure if the person you are communicating with over the Internet is really who they say they are? How can you verify the authenticity of the (mobile)device or system with which you are engaging? And of course, you have different levels of trust degrees. Without the right context, any decision to grant access to valuable or sensitive data is a high-risk decision. By adding context, the risk of permitting access can be reduced.
Context-based access improves security during authentication and authorization of business transactions. You may have experienced risk-based authentication if you’ve ever accessed your bank account from another country and were asked more than the usual number of security questions.
Digital identity is the foundation of digital trust
Digital trust is a complex relationship between transparency and privacy, security, collaboration and ethics. Digital trust is achieved by properly identifying, verifying and authenticating individuals, organisations, machines and (mobile) devices before granting access (authorization) to valuable assets: data, a network, system or building. With enough trust, transactions can be made with the minimum of inconvenience to both parties. Low-value transactions can happen from a registered device. For example, higher-value transactions, like transferring larger amounts of money and signing corporate contracts can be permitted if the user reduces the risk of impersonation by using a stronger method of authentication. In our vision, digital trust is an enabler for the digital transformation.
Role of PKI
Digital certificates are the backbone of the Public Key Infrastructure (PKI), which is the basis of digital trust. A digital certificate is an electronic signature from one or more trusted third parties that guarantees the validity and authenticity. This certificate is the digital identifying proof that confirms an entity is what it says it is, as passports are identity proofs for citizens. Digital certificates are more and more common integrated into the development of hardware and software.
AET’s solutions provide the next-generation of security software that enables trust and confidence. With SafeSign IC you can place both advanced as qualified digital signatures. ConsentID and BlueX can be used to issue and use certificates complying with the digital signature legislation.
Digital Identity by Phillip J. Windley (Published by O’Reilly Media, 2005)
Achieving Digital Trust: The New Rules for Business at the Speed of Light by Jeffrey Ritter (Published by Original Thought Press, 2015)