What are the qualities of a good digital identity management program?

Growing consumer expectations, the breakdown of traditional “walls” and emerging technologies are making it hard for organizations to devise a successful digital identity management program, according to Deloitte.

More than ever before, identity management is at the center of cybersecurity, regulatory compliance and consumer trust, and many organizations are struggling to define a digital identity management program both internally for the enterprise and externally for consumers.

Deloitte surveyed more than 2,500 professionals across industries and positions.

“In a digital economy, identity is a point of trust, perimeter of security and an index of customer satisfaction,” said David Mapgaonkar, principal, Deloitte & Touche LLP, and cyber technology, media and telecom sector leader.

“Organizations should think about challenges related to both consumer and enterprise identity management to understand what they can do to create better outcomes. But it’s not easy — it requires managing relationships with many stakeholders and alignment on technology and funding.”

Rising global data privacy regulations pose compliance challenges

Identity, data privacy and regulatory compliance are increasingly overlapping. Cybersecurity leaders and executives are burdened with developing a more comprehensive view of their consumers to comply with legal and audit-related mandates such as the GDPR, the CCPA and the recommendations of the NIST Cybersecurity Framework.

This means that technology, cybersecurity, legal and business leaders are all stakeholders in effective identity management, each with their own challenges and ambitions related to user experience, system availability, resilience, risk management and consumer engagement.

Digital identity lags on investment and priority

Cybersecurity teams must deal with legacy IT environments and a resistance to migrate to cloud-first architectures. In the survey, 35.4% of poll respondents recognized upgrading legacy systems as a challenge to organizations employing identity programs.

Nearly 18% of poll respondents selected lack of funding and sponsorship as a challenge. Either way, many organizations haven’t built modern systems that are API-based, orchestrated and enable easy integration with apps. And, investment into new systems and structures can be significant.

Without an organization wide understanding of the identity imperative, sponsorship at an executive level can be hard to attain.

The survey found that 95% of C-suite level executives commit 20% or less of their security budgets to support identity solutions.

Companies are reluctant to outsource identity management

Many cybersecurity leaders are concerned about integration, flexibility and access to specialized support with outsourcing their identity management to third parties. But third-party managed services, either on-premise or in the cloud, can offer the latest skills and capabilities, increase automation and future-proof identity systems.

For example, 14.4% of poll respondents selected lack of talent and a skills deficit as a challenge for identity. With a cyber talent gap only growing, identity-as-a-service (IDaaS) may be a viable option for many organizations to empower innovation efforts and drive digital transformation.

Responsibility and ownership often distributed

Responsibility and ownership are often distributed among multiple executives, teams (marketing, sales, cybersecurity, etc.) and IT systems, making coordination of large-scale projects challenging.

The poll shows that 14.4% of respondents selected lack of executive prioritization and alignment as a challenge to impair identity from impacting digital transformation.

A digital identity management program tends to take time and that can be a challenge for cyber organizations that may need to show immediate progress and broader return on investment. Many stakeholders increase complexity and timelines, and these critical programs are not getting implemented fast or well enough.

“An integrated digital identity program will provide organizations operational efficiencies and improve user experiences by powering digital transformation. In addition to the fact that regardless of what business you are in, we all need to know that what we share is protected, what we access is secure, and who we allow into our systems are supposed to be there,” said Mike Wyatt, principal, Deloitte & Touche LLP and cyber identity solutions leader.

“An integrated approach can help prevent a future digital identity crisis from surfacing by building consumer trust and enabling both privacy and security.”

Digital identity is both a use case for blockchain and an enabler that allows each of the other assets for blockchain integration to exist. Other top use cases for digital identity, for example in government, include land and corporate registrations, voting, supply chain traceability and taxation.

The operating environment for digital identity will likely become increasingly complex — with greater business expectations to meet; new technologies to integrate; multiple data privacy regulations to adhere to; and increasing numbers of people and devices to manage.

Every company will have a different set of digital identity challenges and a unique approach to identity management.

Digital identity management program

A digital identity program should be:

• Safe – To ensure security, privacy and compliance.
• Flexible – To work across multiple platforms (on-premise and cloud); work with people, systems and devices.
• Agile – To quickly adapt to end-user needs, IT requirements and new applications.
• Scalable – To address the shifting requirements of the business — such as adding new users from an acquisition or managing an influx of customers.
• Open – To accommodate many types of users, including employees, consumers, partners and contractors.
• Private – To give users control over their information and an understanding of how it is used and how they can access it.
• Frictionless – To provide a seamless and convenient experience for both users and cybersecurity administrators.
• Resilient – To overcome potential service disruptions, technology failures, or cyber threats — whether on-premise or in the cloud.

In a digital economy, every outcome depends on digital identity as a point of trust, a perimeter of security, an index of relationship management and a means of service personalization. Companies that harness digital identity should be better positioned to reap the benefits of security and long-term customer value.