Organizations Grapple With Growing Consumer Expectation for Personalization and Security Challenges
Deloitte reveals eight qualities of a good digital identity management program.
December 11, 2019
PRESS RELEASE
NEW YORK, Dec. 9, 2019 /PRNewswire/ -- Growing consumer expectations, the breakdown of traditional "walls" and emerging technologies have given rise to a digital identity crisis. More than ever before, identity management is at the center of cybersecurity, regulatory compliance and consumer trust, and many organizations are struggling to define digital identity both internally for the enterprise and externally for consumers.
"In a digital economy, identity is a point of trust, perimeter of security and an index of customer satisfaction," said David Mapgaonkar, principal, Deloitte & Touche LLP, and cyber technology, media and telecom sector leader. "Organizations should think about challenges related to both consumer and enterprise identity management to understand what they can do to create better outcomes. But it's not easy — it requires managing relationships with many stakeholders and alignment on technology and funding."
Findings from a Deloitte poll are consistent with the recently released report, Rediscovering Your Identity, where Deloitte shares some top emerging trends and challenges shaping the evolution and management of digital identity and discusses some challenges for organizations to enable transformation.
Deloitte shares top emerging trends and challenges shaping the evolution and management of digital identity:
Rising global data privacy regulations pose compliance challenges: Identity, data privacy and regulatory compliance are increasingly overlapping. Cybersecurity leaders and executives are burdened with developing a more comprehensive view of their consumers to comply with legal and audit-related mandates such as the EU's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the recommendations of the National Institute of Standards and Technology Cybersecurity Framework. This means that technology, cybersecurity, legal and business leaders are all stakeholders in effective identity management, each with their own challenges and ambitions related to user experience, system availability, resilience, risk management and consumer engagement.
Digital identity lags on investment and priority: Cybersecurity teams must deal with legacy information technology (IT) environments and a resistance to migrate to cloud-first architectures. In the survey, 35.4% of poll respondents recognized upgrading legacy systems as a challenge to organizations employing identity programs. Nearly 18% of poll respondents selected lack of funding and sponsorship as a challenge. Either way, many organizations haven't built modern systems that are API-based, orchestrated and enable easy integration with apps. And, investment into new systems and structures can be significant. Without an organization wide understanding of the identity imperative, sponsorship at an executive level can be hard to attain. Deloitte & Touche LLP's 2019 Future of Cyber Survey found that 95% of C-suite level executives commit 20% or less of their security budgets to support identity solutions.
Companies are reluctant to outsource identity management: Many cybersecurity leaders are concerned about integration, flexibility and access to specialized support with outsourcing their identity management to third parties. But third-party managed services, either on-premise or in the cloud, can offer the latest skills and capabilities, increase automation and future-proof identity systems. For example, 14.4% of poll respondents selected lack of talent and a skills deficit as a challenge for identity. With a cyber talent gap only growing, identity-as-a-service (IDaaS) may be a viable option for many organizations to empower innovation efforts and drive digital transformation.
Responsibility and ownership are often distributed among multiple executives, teams (marketing, sales, cybersecurity, etc.) and IT systems, making coordination of large-scale projects challenging. The poll shows that 14.4% of respondents selected lack of executive prioritization and alignment as a challenge to impair identity from impacting digital transformation. Digital identity projects tend to take time and that can be a challenge for cyber organizations that may need to show immediate progress and broader return on investment. Many stakeholders increase complexity and timelines, and these critical programs are not getting implemented fast or well enough.
"An integrated digital identity program will provide organizations operational efficiencies and improve user experiences by powering digital transformation. In addition to the fact that regardless of what business you are in, we all need to know that what we share is protected, what we access is secure, and who we allow into our systems are supposed to be there," said Mike Wyatt, principal, Deloitte & Touche LLP and cyber identity solutions leader. "An integrated approach can help prevent a future digital identity crisis from surfacing by building consumer trust and enabling both privacy and security."
Digital identity is both a use case for blockchain and an enabler that allows each of the other assets for blockchain integration to exist. Other top use cases for digital identity, for example in government, include land and corporate registrations, voting, supply chain traceability and taxation.
The operating environment for digital identity will likely become increasingly complex — with greater business expectations to meet; new technologies to integrate; multiple data privacy regulations to adhere to; and increasing numbers of people and devices to manage. Every company will have a different set of digital identity challenges and a unique approach to identity management. Deloitte suggests that all digital identity programs should, at least, include the following qualities.
A digital identity program should be:
Safe | To ensure security, privacy and compliance. |
Flexible | To work across multiple platforms (on-premise and cloud); workwith people, systems and devices. |
Agile | To quickly adapt to end-user needs, IT requirements and newapplications. |
Scalable | To address the shifting requirements of the business — such asadding new users from an acquisition or managing an influx ofcustomers. |
Open | To accommodate many types of users, including employees,consumers, partners and contractors. |
Private | To give users control over their information and an understandingof how it is used and how they can access it. |
Frictionless | To provide a seamless and convenient experience for both usersand cybersecurity administrators. |
Resilient | To overcome potential service disruptions, technology failures, orcyber threats — whether on-premise or in the cloud. |
In a digital economy, every outcome depends on digital identity as a point of trust, a perimeter of security, an index of relationship management and a means of service personalization. Companies that harness digital identity should be better positioned to reap the benefits of security and long-term customer value.
Identity security professionals from Deloitte Risk & Financial Advisory's Cyber practice will be in Booth #130 at the Gartner Identity and Access Management Summit, Dec. 10-12, 2019 in Las Vegas, Nevada. Anthony Berg, principal, Deloitte & Touche LLP and Naresh Persaud, managing director, Deloitte & Touche LLP will present during the conference:
Identity as an outcome - the next evolution in modern IAM delivery
Thursday, Dec. 12, 2019, 9:15-9:45 a.m. PT.
About the online poll
More than 2,500 professionals across industries and positions participated in and responded to poll questions during the Deloitte Dbriefs webcast, It takes two: pairing digital identity with digital transformation held Oct. 23, 2019. Answer rates differed by question.
About Deloitte
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 5,000 private and middle market companies. Our people work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthy society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Our network of member firms spans more than 150 countries and territories. Learn how Deloitte's more than 312,000 people worldwide make an impact that matters at www.deloitte.com.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.
SOURCE Deloitte
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024