The line between physical and digital security is getting increasingly blurry – and will soon disappear altogether, according to Daniel Hjort, business developer at identity and security company Nexus Group
Security is a form of protection by which a separation is created between the assets and the threat. And when you create a separation, you also have to create access for trusted people, things and software.
“In order to know who or what to trust, you have to create trusted identities and mechanisms for authenticating those identities – and it is here that the blurring of the line between physical and digital security has its roots,” says Daniel Hjort.
The same credentials can now be used to grant both physical and digital access, and some credentials are a mixture of physical and digital components.
“For example, look at a physical mobile device with virtual credentials, used to open doors and log into e-services. You cannot describe this scenario as strictly physical or digital security,” says Daniel Hjort.
Public key infrastructure (PKI) – a method used to create, manage, distribute, use, store, and revoke digital identities and manage public-key encryption – has previously only been used in the digital world.
“But PKI is now moving to the physical door. I have been in the identity and access business for 20 years, and a lot has happened. It is now time for us all to open our minds and see that the physical and digital worlds have merged to one.”
But the convergence between digital and physical security is of course not happening automatically – active decisions and efforts have to be made.
“Purely physical identities, for example identity cards without digital components, will continue to be used in many parts of the world for some time. But not moving forward into the future world of security is not a wise decision,” says Daniel Hjort.
The major drawbacks with purely physical identities are problems with verification, according to Daniel Hjort.
“It is always an option to try to call the number on the reverse side of the card and see if there is anyone on the line that could assist in trying to verify if the document is authentic and if it is black listed or not. But how many people will actually make that call? And if they do, will the person on the other side of the line be able to verify the physical identity?”
Purely digital identities can be instantly verified, and they can be made unusable the second that they are reported stolen or blocked. Digital identities can also be used to create strong electronic signatures.
“But a digital identity is not 100% secure. That is why the best solution is a mix of both physical and digital components, as in the example with the physical mobile device with virtual credentials. We all need to say goodbye to physical and digital security, and adopt a holistic approach to security. And we need to make decisions that take advantage of the possibilities afforded to us by this combined approach,” says Daniel Hjort.