A few years ago, identity was all about me.
No, I’m not a narcissist – at least I don’t think I am. What I mean is that the technologies and processes used to establish and manage my identity in an organization were all about me as a user. Authentication credentials and permissions were assigned to me as an individual, and the focus of most organizations was on managing identity for their employees, customers, partners … their people.
That’s starting to change. More and more, the requirement is to not manage identity for people but rather for devices and applications. It’s not just what I can do; it’s what my device can do. In its study Why Digital Business Needs a New Approach to Information Security, IDG noted that organizations still focus most often on traditional user-centric use cases like remote access (67 percent of respondents), compliance (67 percent) and privileged access (64 percent); however, they are starting to pay attention to identity issues around mobile devices (50 percent), connected systems (60 percent) and application to application communications (45 percent).
What does the shift to “non-human” identities mean for organizations? One significant change is that the authentication and identity management technologies which many organizations have relied on no longer apply…and this may be for the better. IDG notes that “smart things can’t enter passwords.” Smart things also cannot choose weak passwords, forget their passwords or write their passwords on a sticky note next to their laptop. Enterprises will need a secure, scalable way to manage these new “non-human” identities and their interactions.
This is where PKI fits in. Fifteen years ago, most enterprise PKI customers were focused on users, providing certificates for their employees, contractors, vendors or customers. Nowadays, most of our customers come to us with far more complex use cases, often around machine-to-machine (or mobile-to-mobile or app-to-app) scenarios. PKI offers our customers a proven, standardized, scalable technology and process to create a trusted environment and manage the identities of everything in it, human and non-human alike. Those who have implemented a PKI have expressed confidence in their overall security strategy. Per IDG:
Overall, less than one-third (27 percent) of respondents are extremely or very confident that they have the right technologies in place to meet the security needs of a digital business. Among this group, 69 percent rely on PKI for identity management, compared with 33 percent of respondents who are not as confident in their security approach.
Over the next few years, expect machine-to-machine use cases to become as important to organizations as user-centric use ones. PKI provides an excellent option to manage this explosion of “non-human” identities. Identity is no longer all about me. Now it’s about my devices, my applications, and perhaps hundreds of systems that I barely even notice.
Download IDG’s “Why Digital Business Needs a New Approach to Information Security” here. Also, be sure to come back next week when we will discuss the correlation between PKI and the Internet of Things (IoT).