Identity Week is back! This was my first in-person conference for 18 months, and it was great to be meeting people in person again.
Here’s a summary of the key themes explored during the event: Security, Design, Re-Use and Inclusion.
A security mindset
Cyberattacks have always and continue to be headline grabbers. 44% of organisations experienced a breach in the past 12 months, and we’ve seen a 400% increase in cyberattack frequency since April 2021.
During Identity Week, Google delivered the first keynote, talking about the concept of Zero Trust. Zero Trust provides many security benefits, without adversely affecting user experience. The message from Google was simple, build your architecture based on earned trust.
It’s a mindset, a way of thinking. It’s a framework that can be successfully applied to people, processes and systems. It’s how you think about security models, including a dependence on credentials, authentication, authorisation and contextual information (behavioural and other contexts). It applies to every interaction, whether inside or outside of the organisation, removing the sole dependency on perimeter firewalls.
The importance of Security was reiterated time and time again throughout the conference, often being described as the foundation from which all use cases should be established. Google were keen to stress that, built in the right way, such a security architecture can still deliver seamless user experiences, whereby applied knowledge can deliver a form of invisible security.
Starting with user-centred design
User centred design was reiterated time and time again. Irrespective of the use case being pursued, the importance of designing an experience around a user cannot be underestimated. However advanced the technology, if the design is not thoroughly considered from the outset, the initiative will fail.
As well as engaging citizens around the use of their identity to ensure transparency and gain trust, involving them in the design process is essential, ensuring that any solution is fit for purpose and addresses genuine user needs (not imagined ones…).
The tech and tools available to the industry are evolving, as are their uses. For example, iris scanning, thermal scanning and 3D imaging may be more successful in matching identity in a biometric corridor than alternative options. Whether that’s the case or not, we need to continue to engage the end user and ensure that there will be adoption, based on earned trust and user centred design.
Realising identity re-use
The DCMS digital identity and attributes trust framework is intended to provide the foundation from which identity schemes can proliferate, promoting the re-use of identity credentials both within and across markets, supporting the growth of the digital economy.
In order to realise such a vision, a holistic view of security is required – across government, industry and citizens. All stakeholder groups need to work together to ensure identity integrity, through a shared set of principles and standards that serve to underpin all transactions.
This will permit interoperability of governance. If underpinned by interoperability of technology, this development will position us for a very exciting future indeed.
There are many global initiatives that intend to promote re-use of identity information, driven both by government and private industry. For example, the European Commission recently proposed a trusted and secure Digital Identity for all Europeans which will see Member States offer citizens and businesses digital wallets. Those wallets will link national digital identities with proof of other personal attributes to enable access to services. At the Conference we also saw the Global Assured Identity Network (GAIN) presented. GAIN proposes a user-centric and high-trust identity paradigm that enables a user to ask a trusted and regulated provider to verify that they are the relevant person and/or have the credentials that they claim.
Achieving inclusion in identity
With all of the talk of digital identities at Identity Week 2021, it’s surprising how much conference content was covering the challenge of hard copy identity documents. There’s clearly an ongoing need for the careful and efficient management of such documentation, including the importance of supply chain integrity.
While many people are able to utilise a digital identity, there are many who are excluded from enjoying the benefits a digital ID can bring. For example, people may not have identity evidence or foundation documents, they might not have a credit history, or they might not have internet and suitable device access. Indeed, it’s estimated that 12% of the UK adult population are ID challenged.
The world is becoming ever more digital, owing to innovations in technology, regulation and policy, coupled with increasing consumer appetite. For now though, we’ll need to work with a hybrid approach to ensure inclusion, and as such, a collaborative approach is required with document authorities who have an important role to play in the inclusive access to services.
The design of a digital identity ecosystem and the foundations that underpin it, must ensure inclusion across all demographics. An inclusive design should start with a solid understanding of citizens, their demographics, needs and preferences. Robust testing and modelling should be used to make sure identities are available to all, and that all can reap the benefits from participation in the digital economy.
Of course, following two days of speeches, presentations and networking, there were many more insights to share but these were the key themes that I wanted to highlight.
Please do reach out for a chat if you had any comments or wanted to explore any additional themes – we love talking all things ID.