Managing the Digital Identity of Devices and Applications
The Future of Digital Identity
Every organization has to deal with numerous digital identities that represent their many users and personas. How organizations manage those identities can be a strategic differentiator with clear business benefits. Therefore, it should be at the center of the data-driven business model of an organization. Part 3 of this series covers managing the digital identity of your devices and applications.
In our Executive Summary on the Future of Digital Identities, digital identities are becoming the foundation of our rapidly evolving technology-based and data-driven economy and society, where every organization has to deal with not only their own digital identity, but also with those of their employees and co-workers, their customers and other stakeholders, as well as the digital identities of their devices and applications.
If an organization approaches digital identity correctly, they can achieve better efficiency and control, more revenue, transformational benefits with an enhanced user experience for colleagues, and an improved digital journey for customers or citizens, all whilst protecting stakeholder privacy.
In this article, we focus on the digital identity approach for devices and applications, and the associated business benefits and actionable insights. A ‘device’ refers to any piece of equipment connected to your organizational network, whilst an ‘application’ refers to any computer program designed to perform a task in one of your organizational processes.
Please note, within this paper, we focus on private sector organizations, however, the underlying principles of device and application identity management also apply for government bodies.
Data revolution requires a modernized approach to digital identity
Chief Data Officers (CDOs), data scientists, and Chief Information Officers (CIOs) recognize that traditional ways of organizing and accessing data will not be sufficient as we move towards artificial intelligence (AI)–based decision-making. This means machine learning (ML) will augment and in some cases replace human decision-making.
Most organizations still gather and structure their data from a human perspective, meaning humans must be able to access the data and use it for decision making. This approach does have limitations relating to scale, efficiency, and control. AI will help organizations create and adopt automated processes across industries, thus replacing low-level or non-scalable human decision making with machine-made decisions. It is expected that costs to organizations in the future will be a fraction of what they are today, thanks to the capability, speed, and scale of machine-based decision-making. To fully leverage such automated decision-making, organizations must analyze which operational processes require human access, which data is involved, and where privileged access is needed.
Some companies have already automated decision making as part of larger AI initiatives. In Deloitte’s third annual State of AI in the Enterprise survey , most respondents selected ‘modernizing our data infrastructure for AI’ as the top initiative for increasing competitive advantage from AI. Examples of modernizing infrastructure include conditional access, which is defining policies and configurations that control which devices have access to various services and data sources. Integrating AI and machine-to-machine activity as part of your business model will bring increased benefits, including enhanced control, privacy, and security.
Benefits of device and application identity management
Facilitating and protecting your data-driven business processes with device and application-based identities provides clear business benefits. These depend on your type of organization and chosen strategy, but can include:
- Brand integrity protection. A responsible organization wants to be known for protecting customer data and privacy. Incidents involving data leakage can damage brand reputation and potentially lose the trust of investors and customers. A modernized identity approach, with fewer human interactions can reduce the risk of incidents thus protecting brand integrity.
- Increased sales. Customers’ online buying behavior is characterized by what is available and how easy it is to obtain. Ten years ago, Amazon estimated that every 100ms of latency costs the company 1% in sales1. Automating your device and application identities approach improves process efficiency, removes friction from digital customer journeys and therefore enables faster, undisrupted purchasing activity and increased sales.
- Increased operational and cost efficiencies. By creating centralized governance and automating processes, you can reduce manual activities and their associated costs. Examples include validating and registering new customers, and automating sales promotions based on customer profiles. Some organizations have opted to move their identity stack to the cloud, consuming identity-as-a-service, or implementing advanced authentication methods to ensure they protect their users’ data whilst benefitting from associated operational and cost efficiencies.
- More control and better protection. Security risks are increased by the ever-expanding organizational ecosystem caused by moving to cloud and hybrid IT environments, increasing numbers of cloud-based systems, and more remote workers and connected devices. To manage these risks, organizations should have an automated risk-driven approach to data access, including the principle of least privilege. This means a minimum set of users, applications, and devices have access to data and applications, thus providing more control and better protection.
Practical considerations for next steps
In our previous report in this series , we emphasized the importance of incorporating digital identity into your data-driven business model. Strategy development and execution cannot be siloed. To generate effective results, organizations need foundational elements in place.
Firstly, organizations need an empowered strategy function. Whether it’s the Chief Executive Officer (CEO), Chief Security Officer (CSO), or any other executive, an empowered executive strategy leader is critical to effective strategy development and execution. In collaboration with the CIO, the strategy leader can help influence and educate executive leaders and board members. This should lead to tech-savvy senior leaders working alongside business-savvy leaders across operations and technology.
With this executive structure in place, senior leadership can ensure that strategy assumptions are properly challenged and that the organization’s security risk appetite is defined. Once defined, this allows the organization to communicate a consistent message about business priorities, including guidance on digital identity.
The role of senior leadership
In Deloitte’s 2020 CSO Survey , 70% of respondents rated disruptive growth fueled by a data-driven business model as critical for their organization’s success. However, only 13% believed that their organization could deliver on this strategic priority.
This survey emphasizes the need for senior leadership team effort when adapting to digital age changes. As in our Executive Summary on the Future of Digital Identities, each member of the senior leadership team has a different role to play in developing and implementing the digital identity strategy. Our senior leadership roles work in many ways.
The Chief Executive Officer (CEO) is ultimately accountable for the integrity of the organization’s brand. The CEO should lead the strategy from the top to instill confidence in the organization’s ability to protect its customers’ personal data, and safeguard privacy through the execution of the digital identity strategy.
The Chief Information Officer (CIO) and Chief Risk Officer (CRO), together with the strategy leader (often the CEO) can help educate and influence executive leaders and board members on the strategic importance of digital identity in the context of their business model and associated risk appetite.
Collaboration between the CIO, Chief Technology Officer (CTO) and Chief Security Officer (CSO) is more important than ever. They need to collaborate to define and assess upcoming governance, processes, and technology changes, and ultimately define device and application identities. They also need to decide on a risk posture that facilitates growth whilst protecting the business in alignment with the Chief Marketing Officer (CMO) and the Chief Data Officer (CDO).
The Chief Privacy Officer (CPO) needs to prevent and contain privacy incidents, as they impact customer and investor trust and customer loyalty and can damage an organization’s reputation. To be effective, the privacy office should be involved in the early phase of each (digital) change process.
Digital identity for a more responsible and sustainable business
An effective digital identity approach is about defining business benefits and the ability of an organization to leverage digitalization in a responsible way. As such, digital identity is core to any organization’s data-driven business model and operations. If each executive board member properly manages their specific role, an organization can effectively leverage the endless possibilities of this digital era.
Start improving your digital identity management now.
In our upcoming article we will bring together the three published chapters, followed by deeper dives on business trends. Watch this space!
Senior management should place digital identity at the center of its data driven business model and operations.
The Future of Digital Identity