1) What are some of the greatest obstacles when attempting to increase cyber security measures? How can we aim to overcome these obstacles?
While Cyber Security is a foundational part of any Digital Identity program, it’s not uncommon for the business to see security and privacy as an impediment to a positive user experience. We think educating the business that security and privacy are in fact strong business enablers remains an obstacle. Without a digital delivery channel that incorporates key security and privacy principles, the trust and confidence of the user to do more with you online – and the resulting digital trust and reputation asset that that creates for the business is vulnerable to today’s increasingly complex landscape. The way to overcome this obstacle is increasing the education and awareness of the user and the business on the benefits of an appropriately secure user experience.
The work of the DIACC and the Canadian Public Sector is an excellent way to promote that Privacy by Design and Security by Design underpin the confidences we want Canadians to have in a connected and interdependent digital economy. Collaboratively developed open standards and specifications is a sustainable and Canadian way forward.
Lastly, another obstacle is that a connected and interdependent digital economy means that we should all be on watch for threats together. Participants in this new digital economy should share threat information with each other, because if we help each other out, we will all reap the benefits.
2) How can a business maintain an effective cyber security strategy, while threats continually evolve due to the rapid increase of technological capabilities?
Great question - and the answer in our experience is based upon an integrated approach to security policy, processes, operations and technologies. First and foremost, we would say that the Board and the C-Suite must understand that Cyber Security is a permanent part of their portfolio to ensure the risks are appropriately addressed.
I think it’s fair to assume that no one company can reasonably be expected, given the many complexities that inform security posture, to be abreast of all developments in real time. Taking advantage of proven experienced partners to augment and supplement your human and financial resources, which will protect your users and your company is a prudent and reasonable approach. This would also involve an interdependent, connected economy to appear frankly to mandate it. For example, receiving information about vulnerabilities from others before you are exploited, is an asset you should acquire for sure. Receiving the expertise developed by others at a cost lower than you can duplicate and maintain that expertise is also a reliable path forward. The simple idea is that you should partner with people and companies who are in a greater information and experience flow than just your company would have alone. It’s otherwise too expensive and difficult to educate and retain people to stay on top of an ever-expanding quantity of issues and threats and best practices.
3) How does online identity proofing ensure a secure digital experience?
We would say that a strong digital identity – the ability to confidently resolve to a unique user – is the cornerstone of digital security. Knowing who is getting access to what, for what purpose, allows you to establish normative data profiles and system usage, providing a profile or signature which, if deviated from, indicates the possibility of nefarious activity.
Further building your systems from inception using Security by Design, Privacy by Design, ITSG and ITIL based principles allows the organization to do two important things – further isolate normative from un-normative behavior, and incorporate ‘whitelisting’ versus ‘blacklisting’ in deciding whether certain behaviors are acceptable. This allows the organization to reduce the amount of noise it needs to understand and makes managing your environment easier.
Strong credential and identity coupled with an open standards flexible infrastructure is a very good path forward in our experience of 20 years.
Most organizations today have moved low value, low assurance e-services online. The C-Suite is now looking for strategic direction on how to move high value, high assurance applications online in order to reduce the human cost of doing business while at the same time improving customer usability and retention.
The progressive work in the DIACC Pan-Canadian Trust Framework in conjunction with the standards developed by the Government of Canada’s Identity Management Sub-Committee (IMSC) should form the basis of identity programs for all organizations in both the private and public sector.
Telus 25 York Street, 3rd Floor Toronto, Ontario
What Attendees are saying
“The only conference in Canada where one can meet the who’s who of knowledgeable people and champions of digital identity to discuss the real issues and opportunities in this space.” Dave Nikolejsin, Deputy Minister of Energy and Mines at Government of British Columbia
“A fantastic platform bringing together Canadian thought leaders and key industry experts to promote innovation in digital identity and authentication.” Mike Vanderkaden, VP Corporate Development, Equifax Canada