August 2019 – Digital Leaders – Thought leaders gather to discuss new thinking in Identity Security

Leading South African identity security solution provider, Ubusha, teamed up with Ping Identity, a leader in Identity Defined Security, hosted a Digital Leaders’ Roundtable event in Johannesburg June 2019. They invited IT decision makers from leading banks, insurers, retailers and telecommunications firms to join them in rigorous debates about ‘identity as an enabler of digital transformation’ and the ‘unique requirements for identity and access management in the digital age’.

Andrew Whittaker, Practice Lead at Ubusha, singled out regulation and changing consumer behaviour as key trends in the identity security and risk management worlds. “Our customers want to implement modern digital platforms alongside their corporate systems infrastructure which means our focus is on designing identity services as a backbone for system-wide security,” he said, adding that the future of identity security lay in extending services to the end consumer. Future-proof identity security will thus become a two part solution; one focused on consumer identity management (securing the customers’ customers) and the other, providing a more modern set of security controls for the workforce.

Consumer behaviour is changing as the world moves from the digital age into the fourth industrial revolution (4IR). They want to transact for goods and services online and in real time, while also receiving exceptional customer experience. “Generation X, Y and Z consumers grew up on Instagram and Twitter – the experience they have in a social media context is what they expect when interacting with their bank and other product and service providers online,” said Jason Goode, Regional Director EMEA at Ping Identity. He agreed with Whittaker that the main challenge for identity security specialists is to deliver excellent customer experience without compromising on security, regardless of the systems environment.

“Identity security is about managing workforce identities, customer identities and partner identities to give each type of user access to any application [subject to permissions, of course] from any device, whilst navigating the challenges introduced by hybrid IT systems,” said Goode. This task is complicated by the different use cases for each category of user. The 4IR is forcing new approaches to customer identity and access management because customers want to share information, manage their own profiles and reset their passwords – giving rise to concepts such as open banking (in the UK), open healthcare (in Norway) and, eventually, open everything. “Having a solution that can meet all use cases is the ‘one ring to rule them all’,” said Goode. He added that Ping Identity thrives in complex, highly regulated enterprises: “These organisations choose us because of our security standards and because we implement solutions that can support all of their use cases.”

Ping Identity and Ubusha (a Ping partner in South Africa) observed that the identity security industry is moving towards purpose-built directories or repositories for dealing with consumer identities at scale. These solutions are coupled with federated single sign-on (SSO) and standards-based SSO with consumer-side multi-factor authentication. Goode recognized that identity security practitioners had an important role to play in securing financial services firms’ evolving consumer platforms. Banks are often singled out for being at an advanced point in delivering ‘mobile only’ user experiences – the equivalent of a virtual bank that is nothing more than a set of APIs with mobile applications that consumers use to access their accounts.

Much of the Digital Leaders’ debate centred on multi-channel access. “You know who the individuals in your workforce are; you have a process that allows you to identify them, you have contractual relationships with them and can gather whatever information about them that you need,” said Rob Otto, EMEA Field CTO at Ping Identity. “The challenge is how to manage that individual across an incredibly wide variety of applications and systems with a set of entitlements that will enforce privilege across all touchpoints”. The concept of single identity was briefly discussed as a way in which identity security practitioners could always recognise a user as ‘the same individual’ regardless of the authentication methods applied.

Strong customer authentication is a requirement of the latest EU Payment System Directive (PSD2). This directive requires that the consumer authentication experience through a third party system is as seamless as that achieved through his or her online bank, explained Otto. A substandard experience would be frowned upon by the regulator as equivalent to discouraging third parties from accessing the system. “ The PingFederate solution enables the kind of flows necessary for open banking, but a lot depends on how firms actually authenticate their users,” concluded Otto.

About Ping IdentityPing Identity envisions a digital world powered by intelligent identity. We help enterprises achieve Zero Trust identity-defined security and more personalized, streamlined user experiences. The Ping Intelligent Identity™ platform provides customers, employees and partners with access to cloud, mobile, SaaS and on-premises applications and APIs, while also managing identity and profile data at scale. Over half of the Fortune 100 choose us for our identity expertise, open standards leadership, and partnership with companies including Microsoft, Amazon and Google. We provide flexible options to extend hybrid IT environments and accelerate digital business initiatives with multi-factor authentication, single sign-on, access management, intelligent API security, directory and data governance capabilities. Visit www.pingidentity.com.