The Evolution of Identity in the Connected World

You may think you know who you are. But the truth is, your identity is becoming richer and more complex.

You’ve likely used an employee badge to enter a building, a driver’s license to rent a car, a loyalty card to accumulate points and a username and password to access networks, apps and websites.

All of those forms of identity — ID badges, licenses, loyalty cards and even user names and passwords — were created for a world that evolved from direct personal contact. You physically hand your license to someone behind the counter or present your badge to a guard and get access to what you want. Even today, with the significant technical innovations that have evolved over the past 20 years, usernames and passwords are still the most common proxy for our identity.

Here’s the problem. These forms of ID — including usernames and passwords — simply weren’t created for today’s ubiquitous use of mobile phones, cloud connected applications and proliferation of devices being connected that touch our everyday lives in new ways. So, when we try to use those familiar forms of ID in new and evolving spaces, they tend to create vulnerabilities and complexities. It has become commonplace to hear about compromised credentials (especially usernames and passwords) leading to breaches that inflict great damage on companies and reputations.

Addressing these gaps for current and future environments is challenging, mostly because it requires change in deeply ingrained user behaviors around authentication — users have generally defined an acceptable level of inconvenience from a security standpoint and working within those parameters is essential. If security measures are implemented that cause even minor delays in accessing networks, applications, devices or other assets, widespread end-user backlash is almost certain to follow.

New capabilities in the industry that address the need for enhanced user experiences in the face of increased security is driving real change — not just for how we authenticate, but how we view our identity.

What’s emerging is a new perspective on identity — a true 360° view of who we are.

Our identities still consist of the usual elements. At a fundamental level, this includes our name, address, credit history, work history and a collection of numbers on our driver’s license, social security card, passport and employee or student ID.

These elements are core to our ability to prove who we are. But they are simply too easily faked, forged or replicated when used in digital contexts. Alone and in their traditional forms these create vulnerabilities in virtual spaces ranging from retail websites to corporate networks to online banking apps.

The identities we need to live, work and learn securely in increasingly cloud-based and mobile enabled environments requires deeper context. This context doesn’t consist of things “assigned” to us or things we need to remember or carry, like usernames and passwords. It consists of the things that are inherent in our lifestyles. This might be as simple as a profile that compiles our usual IP addresses, computers, mobile devices, browser plug-ins, operating systems and apps. Or it might evolve to include elements such as typical location (geo-location), assigned physical boundaries (geo-fencing) or typical work patterns (geo-velocity).

There is significant industry-wide investment in context- and behavior-based technologies that will create these 360° identities. They are being designed to make our lives more secure and more convenient. And they will make it easier for us to navigate the increasingly complex world of connected systems, devices and people.

So, no longer is it, “Nice to meet you, here’s my business card.” Now, the introduction sounds something more like, “Nice to meet you, here is my IP address, machine ID, GPS location, normalized computer session behavior analysis and my fingerprint.”