An Identity Crisis: Organizations Grapple With Growing Consumer Expectation for Personalization and Security Challenges

Staff Report

Tuesday, December 10th, 2019

Growing consumer expectations, the breakdown of traditional "walls" and emerging technologies have given rise to a digital identity crisis. More than ever before, identity management is at the center of cybersecurity, regulatory compliance and consumer trust, and many organizations are struggling to define digital identity both internally for the enterprise and externally for consumers.

"In a digital economy, identity is a point of trust, perimeter of security and an index of customer satisfaction," said David Mapgaonkar, principal, Deloitte & Touche LLP, and cyber technology, media and telecom sector leader. "Organizations should think about challenges related to both consumer and enterprise identity management to understand what they can do to create better outcomes. But it's not easy — it requires managing relationships with many stakeholders and alignment on technology and funding."

Findings from a Deloitte poll are consistent with the recently released report, Rediscovering Your Identity, where Deloitte shares some top emerging trends and challenges shaping the evolution and management of digital identity and discusses some challenges for organizations to enable transformation.

Deloitte shares top emerging trends and challenges shaping the evolution and management of digital identity:

Rising global data privacy regulations pose compliance challenges: Identity, data privacy and regulatory compliance are increasingly overlapping. Cybersecurity leaders and executives are burdened with developing a more comprehensive view of their consumers to comply with legal and audit-related mandates such as the EU's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the recommendations of the National Institute of Standards and Technology Cybersecurity Framework. This means that technology, cybersecurity, legal and business leaders are all stakeholders in effective identity management, each with their own challenges and ambitions related to user experience, system availability, resilience, risk management and consumer engagement.

Digital identity lags on investment and priority: Cybersecurity teams must deal with legacy information technology (IT) environments and a resistance to migrate to cloud-first architectures. In the survey, 35.4% of poll respondents recognized upgrading legacy systems as a challenge to organizations employing identity programs. Nearly 18% of poll respondents selected lack of funding and sponsorship as a challenge. Either way, many organizations haven't built modern systems that are API-based, orchestrated and enable easy integration with apps. And, investment into new systems and structures can be significant. Without an organization wide understanding of the identity imperative, sponsorship at an executive level can be hard to attain. Deloitte & Touche LLP's 2019 Future of Cyber Survey found that 95% of C-suite level executives commit 20% or less of their security budgets to support identity solutions.

Companies are reluctant to outsource identity management: Many cybersecurity leaders are concerned about integration, flexibility and access to specialized support with outsourcing their identity management to third parties. But third-party managed services, either on-premise or in the cloud, can offer the latest skills and capabilities, increase automation and future-proof identity systems. For example, 14.4% of poll respondents selected lack of talent and a skills deficit as a challenge for identity. With a cyber talent gap only growing, identity-as-a-service (IDaaS) may be a viable option for many organizations to empower innovation efforts and drive digital transformation.

Responsibility and ownership are often distributed among multiple executives, teams (marketing, sales, cybersecurity, etc.) and IT systems, making coordination of large-scale projects challenging. The poll shows that 14.4% of respondents selected lack of executive prioritization and alignment as a challenge to impair identity from impacting digital transformation. Digital identity projects tend to take time and that can be a challenge for cyber organizations that may need to show immediate progress and broader return on investment. Many stakeholders increase complexity and timelines, and these critical programs are not getting implemented fast or well enough.

"An integrated digital identity program will provide organizations operational efficiencies and improve user experiences by powering digital transformation. In addition to the fact that regardless of what business you are in, we all need to know that what we share is protected, what we access is secure, and who we allow into our systems are supposed to be there," said Mike Wyatt, principal, Deloitte & Touche LLP and cyber identity solutions leader. "An integrated approach can help prevent a future digital identity crisis from surfacing by building consumer trust and enabling both privacy and security."

Digital identity is both a use case for blockchain and an enabler that allows each of the other assets for blockchain integration to exist. Other top use cases for digital identity, for example in government, include land and corporate registrations, voting, supply chain traceability and taxation.

The operating environment for digital identity will likely become increasingly complex — with greater business expectations to meet; new technologies to integrate; multiple data privacy regulations to adhere to; and increasing numbers of people and devices to manage. Every company will have a different set of digital identity challenges and a unique approach to identity management. Deloitte suggests that all digital identity programs should, at least, include the following qualities.

A digital identity program should be:

 

Safe

To ensure security, privacy and compliance.

Flexible

To work across multiple platforms (on-premise and cloud); work
with people, systems and devices.

Agile

To quickly adapt to end-user needs, IT requirements and new
applications.

Scalable

To address the shifting requirements of the business — such as
adding new users from an acquisition or managing an influx of
customers.

Open

To accommodate many types of users, including employees,
consumers, partners and contractors.

Private

To give users control over their information and an understanding
of how it is used and how they can access it.

Frictionless

To provide a seamless and convenient experience for both users
and cybersecurity administrators.

Resilient

To overcome potential service disruptions, technology failures, or
cyber threats — whether on-premise or in the cloud.

In a digital economy, every outcome depends on digital identity as a point of trust, a perimeter of security, an index of relationship management and a means of service personalization. Companies that harness digital identity should be better positioned to reap the benefits of security and long-term customer value.

Identity security professionals from Deloitte Risk & Financial Advisory's Cyber practice will be in Booth #130 at the Gartner Identity and Access Management Summit, Dec. 10-12, 2019 in Las Vegas, Nevada. Anthony Berg, principal, Deloitte & Touche LLP and Naresh Persaud, managing director, Deloitte & Touche LLP will present during the conference:

Identity as an outcome - the next evolution in modern IAM delivery
Thursday, Dec. 12, 2019, 9:15-9:45 a.m. PT.