Six themes drive identity management in 2016
For Nexus, the leading global provider of security solutions and services, identity management will be one of the central issues in the context of IT security in 2016. The trends such as continuous flexibilization in the working environment, new forms of customer communication and the growing number of cyber-attacks are responsible for this.
Digital transformation opens up new perspectives for companies as well as for authorities: it optimizes their processes and thus liberates internal capacity, lowers their costs, uses new channels for dialogue with customers and citizens and makes their production more flexible. However, to ensure the security of the underlying processes, consistent and reliable identity management is essential. This year, the following trends will be driving particularly strong demand for appropriate solutions in 2016:
- Cyber-attacks: The number of cyber-attacks is growing constantly, and they are becoming more sophisticated and complex. For the German economy alone, the financial loss is estimated at 50 billion euros per year. Data thefts of giant proportions around the globe continue to make headlines; in addition to this, progressive networking and digitalisation brings with it the considerable risk that a company’s entire knowledge could be stolen or destroyed in one fell swoop. As it is, many companies do not notice manipulation of their systems – or only when it is too late. Therefore, in addition to natural persons, all objects or resources that “communicate” as part of a network (for example, servers, applications, machines, mobile devices) also require an unambiguous identity in order to identify themselves as secure and trusted components and sources. In addition, it is necessary to protect the digital channel from outside attacks using encryption.
- Industry 4.0 / Internet of things: The fusion of traditional industries in the IT industry under the label 4.0 / IoT forces the number of identities to skyrocket (see above). If manufacturing companies want to safeguard their processes, they must all be unequivocally defined, able to prove their identity and managed efficiently. At the same time, companies must also regulate physical access to machines as well as to all production areas clearly and safely in order to eliminate manipulation risks.
- Flexibilization of the work environment: Our working environment has become increasingly flexible in recent years; cooperation with service providers and freelancers, project work, as well as flexible working hours for one’s own employees have long been part of everyday life. More and more employees also log into their employer’s systems via mobile devices. Clear rules for access to data and systems and establishing their technical requirements are essential in this context.
- New digital business models: For an increasing number of companies, Big Data is a coveted resource, and this no longer includes only the well-known Internet giants. Concepts such as “connected cars” change the relationship between provider and user and an increasing number of companies are developing new concepts for direct contact with clients via digital channels only. Without reliable management of identities and authorizations, such business models will die in the bud.
- Growing awareness of security risks in the public sector: The public sector in particular is affected by cyber-attacks. For quite some time now, the Internet has not only been the scene of economic crime, but also the battle arena for political and terrorist targets. According to the Cyber Security Council Germany, around 150 countries possess or are developing offensive or defensive digital weapons. Awareness of safety risks and the willingness to invest has risen in the public sector; solutions for comprehensive identity management are thereby increasingly viewed as an integral part of a broader IT security strategy.
- Critical infrastructure protection: Terrorist attacks and natural disasters as well as system failures such as Fukushima have strengthened awareness of the vulnerability of the so-called critical infrastructure. These include organizations and institutions that are of central importance to the functioning of the community, such as energy providers, DB Rail and the big banks. Legislature already prescribes a safety audit every two years for these systemically important organizations and obliges them to continuously optimize their security infrastructure. The growing interdependence of individual sectors and the use of IT technologies (keyword smart grids) requires even more comprehensive and modern safeguards for the future.
Companies from virtually all industries as well as authorities must therefore develop greater sensitivity toward security issues, if they do not want to compromise their business models and really want to take advantage of the potential of digitization – and they have to follow this awareness with both action and investment. “Companies and government institutions should consider IT security to be an asset that secures their own business models for the future and thus also creates reputation among the target groups,” comments Bernd Dieckmann, Managing Director of Nexus.
Published 15/2 2016