All about access control and identity

Access and identity control is becoming a priority for companies. To talk about this market, Byte TI organized a meeting with one of the most representative companies in this market: ForgeRock. The webinar was attended by Charles Scott, ForgeRock Digital Risk Consultant and Nelson Sanchez Vera, Director of Accenture Security.

Carlos Scott, Digital Risk Consultant at Forgerock explained that the origin of the company dates back to 2010 and as a spin-off from the former Sun Microsystems. “In that year, when it is acquired by Oracle, the founders of ForgeRock continue to develop and work on its access technology. Our mission is to enable people to access the connected world simply and securely. It seems very simple but due to various challenges this mission can be more complicated or simpler depending on where a business is. For this reason, we develop technologies for companies to digitize their business processes in such a way that employees and customers can interact with each other in an increasingly simple and secure way. These trends that have accelerated with the pandemic require the economy of reinvention, which is thinking about how we acted before and rethinking the interactions that are increasingly taking place through the digital world. In this way we will better understand the preferences of the clients and we will be able to give them improvements in their experience without giving up the security part”.

The importance that the protection of digital identity is acquiring is increasing. As pointed out by Nelson Sanchez Vera, Director of Accenture Security, “digital or access identity is experiencing a significant boom and has become a strategic point not only for organizations but also for states, mainly caused by the Covid that accelerated some processes that was already taking place, such as shared resources, teleworking, etc. This implies that the user has to access safely and with less access. In addition, we must add the boom that the zero-trust model is experiencing, where the user and access are fundamental. The contribution of identity management, which until now was secondary, is beginning to gain significant value. Today it is essential to have a Serie of identity management tools and is strategic for any company. Going further, we are seeing an important turning point with new regulations with which is intended for the user to have a unique digital identity that identifies him throughout Europe so that he can make use of the services provided by the Public Administrations and organizations”.

The evolution

The Accenture Security spokesperson noted which has it been the evolution of identity and access control processes: “We come from a weather in which efficiency tools were sought. Before, ROI was sought in order to convince management. Later, a role began to be established for comply with regulations that are beginning to require processes based on automation and profiles. Then it becomes a strategic point that is incorporated into business processes, which requires a commitment to state-of-the-art tools and that be developed by specialists in access management solutions who are only dedicated to this since provide more features for customer needs. In addition, at this time another important point must be highlighted, such as the symbiosis between data analysis tools and the cloud. It is no longer necessary to buy the solution and with analytics we can do a complete analysis. There are three factors that are influencing the rise of identity management tools: knowledge of the client, compliance with the European regulation that will allow the use of a single digital identity, and the third is the development of secure access control without the need for use a password.

The importance that the protection of digital identity is acquiring is increasing

For the ForgeRock spokesman, “currently most attacks are caused by unauthorized access. However, seeing the past and how technology and business processes have evolved tells us a lot about how the evolution has been. Before, access control was the responsibility of the IT department, but now it is driven by the business, which implies a series of challenges. Before, everything was done in the data center itself, and yet now the business seeks to open up new opportunities by taking advantage of technologies such as the cloud or new business processes based on APIs. This means that there is a higher degree of complexity, which requires the adoption of new paradigms for access control as well as the incorporation of new technologies. Trying to solve new problems with old tools brings many problems and the reality of our customers is that they have more and more demands met by customers and employees to have more satisfying experiences. Also, on the part of the regulators, there is a lot of pressure to put a higher security. Companies have a fundamental role in this regard. Therefore, efficient access management must be achieved, that is the objective”.

What do companies fail?

Despite the growing importance given to identity management, according to Nelson Sánchez “companies lack a strategy, it is no longer possible to try to solve access problems with the simple deployment of a solution., You have to see the needs, the requirements and establish a transformation process that will require a prioritization of needs. In addition, the support of senior management is essential. In this strategy, also you have to count on data quality, training and change management, in addition to having a partner that walks that path with the client. An access management and control tool depends on what the client needs because each company is different. The basics are governance functions and have control of who connects. From there you have to work with each client according to their needs”.

For his part, Carlos Scott believes that “it is important for businesses to think not only about needs but also about the future. The tool has to be futurible and extensible. They must allow the incorporation of new technologies that may appear in the future. For examplethe fingerprint, years ago, was not used, but if you have a future tool you can easily adapt it. On the other hand, it should be noted that access control It no longer affects users, but it is also necessary to control the devices that with the IoT we are talking about millions of connections”.

deprecated passwords

It is one of the trends that seems to be imposed. In the medium term, we will stop having to enter a password every time we want to access an electronic service. As the ForgeRock spokesman assured, “passwords are going to disappear because of the money that is pouring into the industry to end this problem. You don’t have to be an expert to recognize that passwords are a problem and a nuisance for users. If someone accesses a service infrequently, they have to be resetting the password and it is a problem that has not changed in the last 20 years. Until the risk of identity theft disappears, it will continue to occur, despite two-factor authentication solutions. It is not about eliminating passwords, but introducing a more secure method than normal, which is through biometrics in such a way that the user himself is the password. For next year there are already studies that say that 50% of companies are going to use the biometrics instead of the password. I believe that we must bet, as we do, on technologies based on standards to implement biometric solutions and do away with passwords.