Solutions Review’s time at Identiverse 2018 in Boston, MA—the largest identity conference in the world—was certainly well worth it! Not only did we get to meet some of the brightest minds in identity and identity and access management (IAM) from around the world—which you can read about in our live coverage reports—we even got to sit down and interview some of them for our Youtube channel.
Among these fascinating discussions on Identiverse, identity, and identity security, our Solutions Review Founder and CEO Doug Atkinson had the opportunity to sit down with Richard Bird, Client Director at strategic security integrator Optiv and one of the keynote speakers at Identiverse 2018.
The conversation between Doug Atkinson and Richard Bird touches on many subjects including the technological solution focus of identity security, the crumbling foundations of legacy solutions, and the compelling point that phishing attack actually renders “hard hacking” attacks unnecessary.
However, the most intriguing argument from Richard Bird concerns the end-user experience and the necessity of real-world analogs in digital identity. He mentions his experiences with innumerable enterprises that claimed to be invested in true identity while simultaneously asking that they don’t try to change their employees’ behaviors. They were so concerned with the user experience that they were willing to compromise their own security.
Richard Bird calls this kind of thinking unrealistic. The fact of the matter is that identity security best practices such as zero trust are restrictive for a reason, the same way the analog world enforces restrictions. Indeed, he points out if we went through verification procedures in the physical world similar to the ones we ideally do in the digital one, we would (and do) find it routine and sensible. Yet enterprises cannot make that connection and without that connection, enterprises will never progress in their identity security.
In the analog world, according to Richard Bird, we always insist on security—going through each step of the procedure and each checkpoint, regardless of whether we know the person or not. Yet because we favor the digital user experience so much, enterprises have embraced laziness and have been in effect sabotaging their own security.
What equally baffling to him is how we’ve lost sight of what digital identities mean and how we could, in fact, better monitor digital identities by making them closer to analog ones. Currently, identity in a digital understanding is defined by the accounts one holds—the digital equivalent of a keyring—rather than the context, content, and relationships that make up a real identity.
Making the cultural jump to that understanding could help foster a crowdsourced identity security platform. And this isn’t just theory. Richard Bird points out that social media platforms such as Facebook have already essentially deployed this kind of security without becoming obsessed with new technology.
Above all, Richard Bird claims we need to treat digital threats with the same visceral feeling we get from threats, even ambiguous threats, in the physical world. We need to embrace an emotional investment in our networks.
You can watch Solutions Review’s full interview with Richard Bird of Optiv at Identiverse 2018 here:
Latest posts by Ben Canner (see all)
- Identity Management Lessons from the Barnes and Noble Breach - October 15, 2020
- Findings: The Forrester Wave: Customer Identity And Access Management, Q4 2020 - October 12, 2020
- Credential Stuffing Attacks on the Rise. What Can You Do? - October 8, 2020