The global digital transformation is driven largely by data. Every time we use digital services, we produce and exchange billions of data points. And it’s not data volumes that are set to skyrocket in the coming years: individual digital interactions are also predicted to grow by a factor of 50 between 2010 and 2025. Against this backdrop, security will be the key challenge.
“Please enter your password”. How many times in our personal and professional lives do we have to obey this command – sometime expressed with a dark hint of what might happen if we don’t comply? Logging on is an essential part of using public services (tax, social security, etc.), making online purchases or accessing a company network.
It’s clear to anybody using such services on a daily basis that digitalisation has had a critical impact on identification and authentication. It’s also clear that the current system of login details and passwords is not the silver bullet we need to meet the security challenges that lie ahead.
Users with too many hard-to-remember passwords are prone to ignoring or bypassing the most basic safety rules, despite increasingly frequent warnings and awareness campaigns. For many years now, surveys have shown that the most widely used passwords are 01234567 and QWERTY. And anybody who thinks IT professionals are paragons of virtue should think again — IT system administrators are surprisingly likely to use “admin” as their password. So it's really no mystery that more and more individuals and companies are falling victim to data theft, identity theft and online fraud.
Users frequently bypass security features because they find that they simply get in the way. But the risks are considerable: more than 15 billion data records have been lost or stolen around the world since 2013, with identity theft accounting for more than 60% of cases.
Perhaps even more seriously, the digital economy is gradually being colonised by private operators with platforms that harvest and monetise these identities to such an extent that users no longer have any control over their personal information.
Fluidity and trust
The notions of fluidity and trust will be crucial to the success of the new security systems that are now required. What users need is a strong digital identity that can identify and authenticate them, on any device, for all their daily transactions with public services and private providers.
But these new identification and data security mechanisms will have to be simple to use to keep the user experience is as fluid as possible. User interfaces must be designed to cause minimal disruption, with a chance to accept or refuse tracking or advertising, for example, without interrupting the flow of information. Users must also be able to manage their personal data themselves and choose whether it is anonymised or “pseudonymised”.
This kind of strong digital identity obviously has to be compatible with national and international regulations like GDPR in the European Union. As a result, compliance audit tools will also have to be developed to ensure that all public and private stakeholders meet the requirements of the different regulatory regimes.
Protecting the entire digital services cycle
To meet these challenges and develop fluid, reliable digital protection and identification systems, a whole range of complex technologies will be needed, including biometrics (fingerprint, voice, iris or DNA recognition), smart cards, contactless cards, encryption, etc. Thales, in particular since its recent acquisition of digital security specialist Gemalto, is one of the few companies in the world to offer capabilities across such a brand range of technologies. In fact, Thales is probably the only player in the market capable of providing protection solutions that encompass the entire digital services cycle, from opening online accounts right through to deleting the personal data they contain.
Some 16,000 employees currently work within the Group on digital identity and security solutions. And more than 30,000 government and enterprise customers put their trust in Thales in critical areas including digital identity management, secure identity documents, identity verification, biometrics, physical and digital payment media, online banking security, connectivity and security of mobile devices and IoT, multimodal authentication, data encryption, Cloud security, and software licence protection.
This expertise reinforces the company’s security offering – which already covers the security of people, cities and critical sites and infrastructures, as well as cyberspace – and positions Thales as a key player in the technological disruption that lies ahead and the effort to build a connected world that stakeholders can trust.