By: Philippe Vallée
Digital transformation is a term that we’ve all heard a lot over the last 10 years, often in the context of a specific industry or process. But it’s undeniable now that the entire world is going through a digital transformation that is touching every aspect of our lives – how we live, how we work and how we discover the wider world around us.
An increasingly digital world means an ever-increasing number of pieces of data being exchanged every time we use an online service or a connected device. There are already billions of these exchanges taking place every day, and it’s estimated that by 2025, there will be 50 times more individual digital interactions than there were in 2010. This data defines our online lives, so being able to trust it is critical.
With expectations from enterprises and consumers growing, both in the amount of information we share and how it’s protected, the challenge is a significant one.
Traditional security is no longer enough
Breaches are growing every year, across all sectors, with British Airways and Air Canada among the most recent high profile victims. Our Breach Level Index has tracked the number of data records lost or stolen since 2013, and with an estimated 5 million more being added every day, the total should easily hit a staggering 10 billion before the end of this year.
Technology firms have borne the brunt of these breaches but everyone is a target, from entertainment to healthcare and even education.
In the majority of cases, the main cause of the attacks is identity theft. And once inside the network the real damage comes from unencrypted data – shockingly, 96% of breaches involved unencrypted data that the hacker could easily profit from (particularly in the case of credit card details).
The ever-growing list of high profile breaches shows that traditional security solutions are reaching their limits. Faced with a worldwide digital transformation that doesn’t look like it is set to slow down, we need to deploy a new generation of digital security solutions. This next generation security must help organizations verify users’ identities in a purely online context. It must also remove the need for people to remember hundreds of (weak) passwords and shouldn’t add intrusive security steps (which is why I see a growing role for biometrics and risk-based authentication). Finally, it needs to ensure that individuals’ digital privacy is respected and their data isn’t monetized – unless they’ve given their express permission. If not people will leave the service and regulators will come down on offenders with heavy fines.
The portfolio of security services that we have built up over the last decade has put us in a unique position to help Service Providers and Governments answer these challenges by providing trusted digital identities to combat ID theft, and protection for previously unencrypted data.
Next generation digital security
Our strategic goal is to help our customers protect their entire digital service cycle from sign-up to opt-out. This starts when a new user has to prove his or her identity to register for a service, after which they are delivered a strong digital ID in the form of a smartcard, a digital token or by using biometric data. When they log-in, we can authenticate them using multiple factors and modes – from risk-based analysis to facial recognition. When using the service, we can encrypt all data using key management techniques and hardware security modules. And when they leave, cryptographic account deletion means their data is unrecoverable.
We believe that there are four key pillars to next generation digital security:
- Open. We don’t believe in building walls around digital assets. To add value, people and data must be able to flow in an open, decentralized, federated yet secure, way.
- Proven. It’s not enough to just say you’re an expert in security – you have to prove it, time and time again. Companies need measurable fraud reduction and liability management, and our long-term blue-chip customers are the best evidence of our capability here.
- Hybrid. Security tools must be designed to work in the real world. That means data security must be flexible enough to deal with a mix of hybrid, on-premise and cloud IT environments.
- Convenient. If security stops people from doing what they need to do, it’s failed. We’re providing smooth user experiences by leveraging technology like biometrics to help make authentication frictionless and invisible.
We’re proud to play our part in protecting the world’s data, and enabling organizations across the globe to have successful digital transformations. As you may have seen from the announcement by Thales of the proposed acquisition of Gemalto, they have the same view of the growing needs for digital security as we do.
The plan is to keep Gemalto’s scope intact and coherent within a new global business unit at Thales; our activities would be combined with Thales assets and expertise in cybersecurity, data analytics and artificial intelligence, which would only increase our ability to fulfil this mission.