Managing the Digital Identity of Devices and Applications

Every organisation has to deal with numerous digital identities that represent their many users and personas. How organisations manage those identities can be a strategic differentiator with clear business benefits. Therefore, it should be at the centre of the data-driven business model of an organisation. Part 3 of this series covers managing the digital identity of your devices and applications.

In our Executive Summary on the Future of Digital Identities, digital identities are becoming the foundation of our rapidly evolving technology-based and data-driven economy and society, where every organisation has to deal with not only their own digital identity, but also with those of their employees and co-workers, their customers and other stakeholders, as well as the digital identities of their devices and applications.

If an organisation approaches digital identity correctly, they can achieve better efficiency and control, more revenue, transformational benefits with an enhanced user experience for colleagues and an improved digital journey for customers or citizens, all whilst protecting stakeholder privacy.

In this article, we focus on the digital identity approach for devices and applications, and the associated business benefits and actionable insights. A ‘device’ refers to any piece of equipment connected to your organisational network, whilst an ‘application’ refers to any computer programme designed to perform a task in one of your organisational processes.

Please note, within this paper, we focus on private sector organisations, however, the underlying principles of device and application identity management also apply for government bodies.

Read the Executive Summary

Data revolution requires a modernised approach to digital identity

Chief Data Officers (CDOs), data scientists, and Chief Information Officers (CIOs) recognise that traditional ways of organising and accessing data will not be sufficient as we move towards artificial intelligence (AI)–based decision-making. This means machine learning (ML) will augment and in some cases replace human decision-making.

Most organisations still gather and structure their data from a human perspective, meaning humans must be able to access the data and use it for decision making. This approach does have limitations relating to scale, efficiency and control. AI will help organisations create and adopt automated processes across industries, thus replacing low-level or non-scalable human decision making with machine-made decisions. It is expected that costs to organisations in the future will be a fraction of what they are today, thanks to the capability, speed and scale of machine-based decision-making. To fully leverage such automated decision-making, organisations must analyse which operational processes require human access, which data is involved and where privileged access is needed.

Some companies have already automated decision making as part of larger AI initiatives. In Deloitte’s third annual State of AI in the Enterprise survey , most respondents selected ‘modernising our data infrastructure for AI’ as the top initiative for increasing competitive advantage from AI. Examples of modernising infrastructure include conditional access, which is defining policies and configurations that control which devices have access to various services and data sources. Integrating AI and machine-to-machine activity as part of your business model will bring increased benefits, including enhanced control, privacy and security.

How far along the digital identity transition journey are you?

Benefits of device and application identity management

Facilitating and protecting your data-driven business processes with device and application-based identities provides clear business benefits. These depend on your type of organisation and chosen strategy, but can include:

• Brand integrity protection. A responsible organisation wants to be known for protecting customer data and privacy. Incidents involving data leakage can damage brand reputation and potentially lose the trust of investors and customers. A modernised identity approach, with fewer human interactions can reduce the risk of incidents thus protecting brand integrity.
• Increased sales. Customers’ online buying behaviour is characterised by what is available and how easy it is to obtain. Ten years ago, Amazon estimated that every 100ms of latency costs the company 1% in sales1. Automating your device and application identities approach improves process efficiency, removes friction from digital customer journeys and therefore enables faster, undisrupted purchasing activity and increased sales.
• Increased operational and cost efficiencies. By creating centralised governance and automating processes, you can reduce manual activities and their associated costs. Examples include validating and registering new customers and automating sales promotions based on customer profiles. Some organisations have opted to move their identity stack to the cloud, consuming identity-as-a-service, or implementing advanced authentication methods to ensure they protect their users’ data whilst benefitting from associated operational and cost efficiencies.
• More control and better protection. Security risks are increased by the ever-expanding organisational ecosystem caused by moving to cloud and hybrid IT environments, increasing numbers of cloud-based systems and more remote workers and connected devices. To manage these risks, organisations should have an automated risk-driven approach to data access, including the principle of least privilege. This means a minimum set of users, applications and devices have access to data and applications, thus providing more control and better protection.

See how digital identity impacts your line of business with these real life examples

Practical considerations for next steps

In our previous report in this series , we emphasised the importance of incorporating digital identity into your data-driven business model. Strategy development and execution cannot be siloed. To generate effective results, organisations need foundational elements in place.

Firstly, organisations need an empowered strategy function. Whether it’s the Chief Executive Officer (CEO), Chief Security Officer (CSO), or any other executive, an empowered executive strategy leader is critical to effective strategy development and execution. In collaboration with the CIO, the strategy leader can help influence and educate executive leaders and board members. This should lead to tech-savvy senior leaders working alongside business-savvy leaders across operations and technology.

With this executive structure in place, senior leadership can ensure that strategy assumptions are properly challenged and that the organisation’s security risk appetite is defined. Once defined, this allows the organisation to communicate a consistent message about business priorities, including guidance on digital identity.