Collaboration and communication have always been the two keys to innovation, and in the war on cybercrime, interaction between experts and professionals on the ground level is key. SecureKey and BayPay hosted a Digital Identity and Authentication Breakfast Presentation recently that brought together a variety of leaders to discuss some of the challenges faced in modern identity and access management.
This meeting of the minds stuck closer to the payment processing and electronic transactions arena, which have been constantly evolving online and mobile banking preferences and capabilities. With banks, retailers and the payment processors themselves relying more on advanced technologies, it has become clear that novel approaches to access control is critical.
A group effort
Andre Boysen, EVP of Marketing at SecureKey, was the first to speak at the event, and asserted that there is no ‘magic company’ in the fight to secure identities and accounts, but rather that it must be a group effort. Focusing on the user experience, he pointed to some of the challenges faced today.
“If you want to understand what’s happening on the Internet you have to understand the journey that is happening in the user space,” Boysen affirmed. “In user space, the challenge is the entire Internet is reliant upon static passwords – static in the sense that they do not change very often. And, because of this, there’s all sorts of attacks that can happen. Static passwords are easy to copy … then there’s an issue with risk propagation.”
Tying back into the demand for a group effort, Boysen explained that is one website has a strong approach to credential management, another does not and one user shares the same password with both, that login information will make it to other areas of the Internet. He called on security providers and others to work together to develop new, more effective ways to control access.
Evolution at scale
Next, PayPal’s General Manager of Retail Services, Patrick Gauthier, took the podium to moderate a panel discussion federation of identity, noting that this is not necessarily anything new. Rather, companies have been trying to develop ways to establish and sustain secure identities for their Web-based services.
Patrick Salyer, Chief Executive Officer of GIGYA, affirmed that one of the biggest steps in the right direction was developing a model to measure the value of more advanced identity management tools. This has been a common thread in the IT arena, in that different tools or services that companies cannot clearly see value in will simply not be on the top of the priority list for provisioning.
Regulations and more
Gauthier later asked Francoise Gilbert, the IT Law Group’s General Manager, about the shifting regulatory climate.
“Not necessarily regulations, but there has been a push and input from governments not only in the United States but also worldwide, so there is increasing interest and more initiatives … to give you a number of documents that have been published in the past seven years, starting with the OECD’s in 2007, the recommendation on electronic authentication … this is something regulators are looking at as a need.”
Marc Brule of the Royal Canadian Mint added that the Government of Canada has been trying to develop cash-like options, noting that many regulators are still in the early stages and are trying to find ways to get a handle on all of these advances.
The panel, which also included SecureKey Chief Executive Officer Charles Walton, went on to converse about other major issues facing the security community, including the explosion of digital accounts and BYOD.