What You Didn’t Know About Passwordless Authentication
Zürich, 10 December 2020 – The Corona crisis sent the demand for digital services skyrocketing – this was especially palpable in the booming online retail sector. IAM (Identity and Access Management) and CIAM (Customer Identity and Access Management) are helping users securely verify themselves and protecting data from unwarranted access. At the same time, digital identity management is a rapidly developing field – one which is constantly striking a balance between security considerations and user expectations for easy usability. Nevis, the Swiss market leader in Identity and Access Management, explains what digital trends will matter to us in 2021 when it comes to CIAM.
When it comes to identity management, the same applies: the solutions we used a few years ago might not work anymore or might have to be completely overhauled to keep up with legal requirements and new security architectures. Users have also gotten accustomed to a seamless digital customer experience. That means an online shop riddled with too many login and user authentication obstacles will have a hard time.
On top of that: today’s users expect companies to protect their personal data effectively – and in such a way that their service usage is not impaired. As such, simply authenticating customers with a username and password is no longer enough. Companies have to implement (C)IAM measures, which are as easy to use as they are safe and create an enjoyable user experience. In this context, there are a number of trends that will be important in 2021 and beyond.
CIAM as SaaS to become the market standard
Most SMEs possess neither the in-house know-how, the time, nor the willingness to implement their own CIAM solutions. Even if the construction of in-house CIAM solutions seems feasible, there is a significant risk of underestimating the effort, setting aside too little capital, and not having sufficient long-term internal resources and expert knowledge. Simply developing the product is not enough. The solution must then be supported, maintained, and further developed while keeping changing market demands and customer expectations in mind.
Commercial CIAM providers, by contrast, are better able to keep pace with the prescribed changes posed by technology, consumer behavior, markets, and regulatory authorities. They are basically forced to further develop their services in order to remain competitive and relevant.
Identity Management and IoT
In order to guarantee security in the age of Industrie 4.0 and fend against attacks, identity has to be secure and access controlled. Every machine and every device in a connected factory has its own identity and is separately secured. Since machines and devices transfer and receive data, they have to be identifiable to each other in order to be trustworthy before and while interacting with one another.
There are currently no generally recognized standards for the authentication and administration of IoT devices, which makes any IAM/CIAM project integrating IoT a one-off and irreplicable project. As soon as standards can be established for various device classes in the IoT sector, there will be a quick uptick in integration with IAM and CIAM systems.
Proof of identity with the help of official documents
Another technology will gain traction, though it could take longer than one year for it to gain mass application. The technology in question is proof of identity on the basis of national documents, either via video identification or through the simple and automated recognition of documents like personal IDs and passports. The use of these technologies is on the rise. In Germany, citizens can clearly identify themselves online or at terminals with the online identity function of their personal IDs. However, this technology is still impeded by a very fragmented market, which is aligned with both industry and national regulations. This is significantly stalling its introduction.
Data protection consent management
Data protection and consent management will remain an important issue in Europe in conjunction with GDPR. We will see GDPR solutions, which can easily be integrated into CIAM systems as well as more integrations in specialized consent and data protection management solutions for customers who require more sophisticated data protection tools across their entire IT infrastructure.
The development of a standardized, upstream CIAM solution in combination with a web application firewall is a logical step for managing and protecting all personal data. This facilitates the centralized control of data processing in advance so that identities are already protected upstream.
Industry standards for authentication
On the technical side, we’ll see a convergence of almost all solutions into three technical standards. FIDO, in its various forms for authentication needs (creation of a secure connection), OpenID Connect for the Federation, and OAuth 2.0 for authorization. Although it will still be necessary to support older protocols, such as SAML, for certain use cases, these three standards will constitute the backbone of modern CIAM systems.
“The Corona pandemic rapidly accelerated the digital transformation. Reliable identity management is crucial when it comes to winning over customers with a good user experience and high security standards and retaining them. Especially in online retail”, says Stephan Schweizer, CEO of Nevis. “But in sectors like healthcare and industry, securing sensitive data is also imperative. The key here is to improve the implementation of legal regulations in practice by relying more on vendor-independent standards instead of isolated solutions.”
###
About Nevis
Nevis develops security solutions for the digital world of tomorrow. Its portfolio encompasses passwordless logins, which are intuitive to use and offer optimal protection for user data. Nevis is the market leader for Identity and Access Management in Switzerland and secures over 80 percent of all online banking transactions. Public authorities, leading service providers, and industrial enterprises worldwide rely on Nevis solutions. The authentication specialist has locations in Switzerland, Germany, and Hungary.
Press Contact
LEWIS Communications GmbH
Ingo Geisler, nevis-security@teamlewis.com
