Security

Digital citizenship the modern transformation conundrum for business


Johannesburg, 13 Mar 2019
Read time 5min 10sec

Removing friction and at the same time maintaining or improving security for stakeholders seeking to digitally transact with your business is but one of the issues challenging corporates. At the heart of digital citizenship is proper vetting of the true physical identity, before it is linked to the digital one via business processes.

Digital citizenship refers to those who have the knowledge, skills and permission to effectively use digital technologies to interact with business, participate in society and create and consume digital content and services. A digital citizen could be anyone, from a customer to a vendor or employee, who seeks to collaborate in a digital environment where all participants are represented by some form of digital identity.

Business owners, digital transformation officers, security heads and customer experience managers should take cognisance of the ten elements of digital citizenship. These are digital true identity, digital access, digital commerce, digital communication, digital literacy, digital etiquette, digital law, digital rights and responsibilities, digital health and digital security. It is then clear that sustainable transformation can only be achieved through the implementation of robust and secure digital business processes and where the digital citizen's identity can be established and verified in every transaction and interaction with the business.

The challenge with the growing digitalisation of organisations is that as more and more people choose to transact online, and more businesses are opening their systems for third-party integrations, so the complexity around effectively managing the security issues related to digital citizenship increase.

Modern businesses find themselves stuck between a rock and a hard place in this regard, as they need to be able to make digital transacting quick and frictionless for customers, suppliers and the like, but they also need to be certain that whoever is on the other side of the transaction, approval or process is who they claim to be.

This is the issue today: how do you identify, verify and attest to who these digital citizens are? As the concept of Open ID Connect (OIDC) prolificates, one sees enterprises allowing those users needing to conduct digital transactions to log in via their social media accounts. While this is certainly both fast and simple, there is no clear way of knowing if the person behind that digital identity is who they claim to be.

This, in turn, exposes the organisation to increased security risks, as the profile used to log in could quite easily have been hacked or captured in some way. The issue becomes much more dangerous when one considers that it is the nature of human beings to be repetitive and to make life easy for themselves, so many utilise the same username and password for multiple applications, from their Facebook account to their bank account to their company access details.

Because of this, it is more necessary than ever to ensure the identity of the person behind any electronic log-in is who they say they are. Companies therefore need to implement the right business processes, which should help to ensure whenever they are onboarding someone and offering them access to internal systems, the person is properly identified and tied to a specific identity.

However, this is easier said than done, as many companies do not have mature enough business processes or the necessary solutions to enable this. Without the requisite business processes in place, the organisation is likely to fail when it comes to issues like who is allowed access, what access they are allowed and how these individuals are vetted in the first place.

It is also for this reason that many businesses choose to use the social media log-in option, because they feel the social media giants' security processes will be effective. However, it doesn't take much research to determine that many of these big players are among those who have suffered devastating security breaches in recent times. Therefore, effectively outsourcing your organisation's security to these entities is particularly dangerous; it is instead vital that enterprises take ownership of their own identity management issues.

This means if you are going to use the social media login details for a customer, you still need to have your own systems in place to vet who this digital citizen actually is that is engaging with the business. It means ensuring identities are properly scrutinised via a range of options, including background checks, biometrics and photo recognition, to name a few.

It is a complicated process, but in an increasingly digital world, it has never been more vital to link a properly appraised physical identity to a specific electronic identity via a tightly controlled authentication operation that is closely linked to a clear and pronounced business process, which in turn provides a full and immutable audit trail. Only in this way can you be sure that the digital citizen seeking access to your business is exactly who they say they are.

iCrypto enables organisations to eliminate risks such as identity theft, access breaches, data breaches, ransom attacks and more, while enforcing compliance through a low-friction patented mobile-centric technology leveraging device/network biometrics and tokenised identity. Providing true biometrically tied identity of participants in any workflow and being able to hold them accountable is key to ensuring trust and creating certainty of those who are authorised to access or transact in an ever-evolving digital world.

iCrypto provides a scalable and customisable SaaS solution with capabilities including, among others, ID aggregation, strong mobile-centric (biometric) authentication, verifications, authorisations, and attestations (immutable audit trails) across the organisation. Thus, it enables all-around accountability, governance and audit compliance, non-repudiation, increased productivity and profitability.

Editorial contacts
iCrypto Tallies Taljaard (Blue Label Ventures) (+27) 11 523 3030 TalliesT@blts.co.za
Have your say
Facebook icon
Youtube play icon