By Guus van Es, Jan Vanhaecht and Mike Wyatt
Whether it’s the information used by your computer systems to identify and establish trust that an organization, person, application or electronic device is what is claimed, digital identity should be at the core of any leading, data-driven organization.
Digital identities are becoming the foundation of our rapidly evolving technology-based and data-driven economy and society. It is a trend across organizations of all kinds; private companies, government bodies and civil society organizations, and the people and organizations they serve.
How do you, as a senior leader, achieve enhanced digital identity and help differentiate your organization?
See how digital identity impacts your line of business with these real life examples
If an organization gets their digital identity right it leads to more efficiency, revenue and transformational benefits with an enhanced user experience for colleagues, and a differentiating digital journey for customers or citizens. Data-driven organizations outperform their competitors, being 23 times more likely to gain new clients.1 Digital identity is also foundational for inclusive growth.2 Deloitte’s 2019 Future of cyber survey and Rediscovering your Identity support these statements.3
But there is a big obstacle to overcome. Too many organizations are failing to put digital identity at the center of their business model and operations and, by this omission, are likely to miss out on the full benefits of responsible digitalization.
Different sources of digital identity create unique personas. An organizational identity is, for example, that of a business or government, or one of its employees. A personal identity is that of a customer of a business, or a citizen of a country. An application or device identity is that of a mobile phone, computer or piece of industrial equipment.
A person’s digital identity, and his or her interactivity with the world, will be multi-faceted and unique to each experience. For example, when an online banking service requires a password and other information from a customer and receives the correct information, the bank knows it is dealing with that customer and no-one else. The customer, meanwhile, knows it can trust that the bank’s digital identity checks will prevent identity theft and the possible consequences associated with that.
All well and good. However, the customer’s digital identity may be unique to only that part of the bank, such as retail accounts, and may not work with other parts, such as the credit card or mortgage divisions. Even if the customer has a single identity covering the entire bank, it will probably only work with that bank. When communicating online with other banks, and indeed any other organization, the customer will need a separate identity. In addition, each organization will carry out additional verifications of the customer’s identity to manage access, protect personal data and reduce the risk of fraud. These extra checks are inefficient, influencing the customer experience negatively, and the lack of process alignment could lead to damaging audit findings.
What these inefficiencies illustrate is that, despite recent developments, the world of digital identities is far from perfect. Further work is needed to streamline the processes involved and reduce the number of identities each organization, person or device needs. As part of that streamlining it needs to be considered that personal data belongs to the person, and that person will increasingly control their ownership, supported by regulation. As such, data governance and privacy need to be part of an organization’s digital identity strategy.
This report examines what business leaders must do to ensure they have a digital identity system in place for their organization, the people it interacts with and its devices that is truly fit for purpose. The system should be designed so that it could, ultimately, be part of a wider ecosystem involving many other organizations, thus allowing the same digital identity to be used across all of them.
Large enterprises, most medium-sized enterprises and governments already have a digital identity system, so they have to ask themselves, how progressed is it? There are five stages to a digital identity journey for each of the above listed key factors
The creation of an effective digital identity system is the responsibility of senior management, the “C-suite”, and the equivalent leadership teams in government organizations.
The Chief Operating Officer, for example, has to ask, “How do we stay in control during our digital transformation and limit access to our network only to authorized employees?”, while the Chief Risk Officer will ask “What are the risks of unauthorized staff accessing parts of the network they should not?”
The Chief Marketing Officer will ask, “How do we help our customers navigate our digital channels and make their journey as easy as possible?” and the Chief Security Officer will ask, “How do we keep all our devices, information systems and operational technology safe from cyber attack?”
Governments have a major role to play in creating a supportive legal, regulatory and technical environment. The European Union, for example, has constructed a world-class digital identity and verification infrastructure for its public services and is encouraging the private sector to do the same.
The British government, in response to a “call for evidence” on digital identity, has said it will work with the private sector “to create trust in digital identities”. It has said it will “remove regulatory barriers which prevent the use of secure digital identities” and promote the development of international standards in this area.
More progress is needed on Identity and Access Management (IAM) if organizations are to achieve the full potential of our technology based, data-driven economy and society.
It is vital for all C-Suite executives, and their equivalents in government, to put digital identity at the center of their data-driven business models and operations and understand its impact. It is their decisions that will determine if their organization can differentiate itself from others and lead change, or be left behind.
So the question they need to ask themselves is this:
What role must I play to help our organization use digital identities to differentiate us from the rest?
Digital identity should be at the core of any data-driven organization.