Tag: CIAM

Blog EN

Digital identity is the key to successful digitalization

The digitalization of processes is a challenging task. The topic of security in the digital space is primarily an important criterion for the further development of one’s own digital transformation. The protection and management of digital identities is therefore a central key function.

At the heart of the new, mostly digital business models lies the customer or his digital identity and direct contact with him. A digital identity cannot just be a customer, a partner or an employee. In Industry 4.0, too, the direct involvement of the customer and his devices takes centre stage in the business process. As a result, a machine or service also has a digital identity.

Many companies, especially medium-sized ones, continue to focus on the protection of classic end-points. The protection of the digital identities of users (such as customers, partners and employees) or “things” (such as machines and applications) is still neglected. The secure digital identity for man and machine is a key prerequisite for a complete digital transformation and to tap new business areas.

Digital Identity as a central asset for a fully digitalized value chain

In Technical Report No. 114 of the Hasso Plattner Institute for Software Systems Engineering at the University of Potsdam, digital identities are described as follows: “Digital identity is a collection of electronic data to characterize an internet user with a physical identity. Data belonging to a digital identity are e.g. user name, e-mail address, home address, account number, password etc. and are referred to as attributes. A physical user can exist on the Internet with many different digital identities (different username, different e-mail, etc.)”.

Digital identities are required so that users or machines can access services. This requires that persons or objects uniquely identify themselves.While in the real world this can be done via an ID document for example, in the virtual world it is much more difficult to ensure that the digital identity belongs to the corresponding physical user.

Secure authentication of digital identities through Two-Factor-Authentication

So how can the misuse of digital identities be prevented?

Authentication can be performed based on knowledge, ownership or biometrics. The former represents the classic known username/password query. Since both, companies and consumers, are becoming more and more afraid of identity theft and too simple or identical passwords often favour this, the latter two methods are becoming more and more established. In biometric queries, fingerprint, face or iris in the eyes of real people are scanned and compared with the stored identity. Since these are unique to each person and very difficult to forge, this type of authentication is the safest.

For convenience purposes, it is recommended to use an adaptive 2FA. The additional factor is only queried if particularly sensitive data is accessed or if access appears unusual, for example outside normal times or from an unusual location.

Digital identities require end-to-end identity management

Digital identity is a key element of the new technology trends and is significantly involved in the digitalization of the value chain. By placing identities at the heart of your business, you can acquire new customer segments and make existing processes within a company more efficient.

As a result, Customer Identity and Access Management (CIAM) is becoming increasingly significant. With a modern CIAM solution, the aspects of data security, user comfort and knowledge of the customer and his behaviour can be combined on one platform.

A customer identity and access management system can form the basis for customer-oriented digitalization efforts. It enables end-to-end identity management, helping to manage millions of users.

These aspects can thus be controlled centrally:

  • Data security through secure authentication procedures (also passwordless)
  • Simple and convenient onboarding into all channels and services (e.g. through social login)
  • GDPR-compliant consent management
  • Personalized marketing communications in real time

In a nutshell: A good CIAM solution brings IT, marketing and sales together and contributes significantly to the success of the company. The future also presents new challenges for medium-sized businesses and the complexity of the data is increasing. Targeted identity management is therefore an essential requirement for any organization that has a digital presence in any form.

Press Articles EN

Industry 4.0: Protecting endpoints effectively with Customer Identity and Access Management

22.08.18 | Author / Editor: Yael Widmann / Melanie Krauss
Published in MM Maschinenmarkt

Each interface adds new risks to a network. However, one way to securely take advantage of the benefits of Industry 4.0, is through customer identity and access management systems that guarantee a clear authentication and authorization.

The fourth industrial revolution, Industry 4.0, includes both self-regulating systems, communicating machines and the automation of production, as well as the digitalization of customer contacts and services. In all areas, whether man to machine or machine to machine, data is increasingly being exchanged automatically. This intelligent networking of product development, production, logistics and customers offers companies – also in the SME sector – the chance of higher productivity.

At the same time, the multitude of emerging endpoints creates new risks that companies have to deal with. Each endpoint gives rise to new vulnerabilities. Last but not least, it is these risks that make many medium-sized companies cautious about Industry 4.0, especially in Germany. In order to benefit from the advantages of Industry 4.0, new control mechanisms and reliable protection of accesses are needed. Professional user management integrated in the processes is extremely important for data security, as well as for process automation and user-friendly administration.

“Everything is an API” in a networked world. Because as how networking puts it, machines and products send and receive data to communicate with each other. Via interfaces, also API, connections to other systems is established. Each interface represents a potential security risk – and hence more important is to secure the interfaces.

Customer Identity and Access Management (CIAM) software therefore manages, protects and monitors portals and Web APIs through security standards such as OAuth2 or OpenID Connect. In the process, defined authentication flows are implemented. In order to be able to authenticate devices, they must be known to each other because devices must be trustworthy, before and while they interact with each other. In a clever device management system, all machines can be centrally registered, and their permissions could be managed.

Authentication and authorization

In addition to the devices, people who operate, maintain and sort out the machines play an important role, as do the decision-makers who determine the further course of production. Their unique identification and authorization is therefore a critical protective shield. Biometric authentication over face or voice is modern and efficient. In combination with intelligent fraud and anomaly detection, the opportunities of the networked system can be used without second thoughts.

The detection is based on various information available, such as access histories, logon attempts, or device information. Once a suspicious activity is detected, the fraudster can be recognized by an additional factor of authentication and, any further fraudulent transaction could be averted. Each channel is already largely secured – through strong authentication.

The second side of the coin represents the authorization. Channels and their resources require individual protection. This will require dedicated permission management of each channel, as well as an individualized authorization profile. Hence the keyword is: A defined and automated role and group management. By means of efficient allocation and control over roles and permissions, companies can, for example, have different groups of people – including customers or suppliers access their system, because in a (partially) automated and self-controlling value-added chain, a successful supply chain management and a smoothly functioning collaboration are very important.

Digitalisation focuses on the identity of the persons involved. Computers, wearables or machines provide the content context-specific to the person using the device or standing in front of it.

A customer identity and access management system enables companies to take advantage of the multiple opportunities offered by digitization, streamline processes and drive innovation in a secure and reliable ecosystem. Cloud-based, scalable software that is hosted in Germany can also be used to introduce appropriate software step by step and at a manageable cost.

* Yael Widmann is responsible for the business development of Cidaas at Widasconcepts in 71299 Wimsheim.