Part 2: Authentication Gets Serious – Why PII Strategies Must Change
March 1, 2018
In the first of our three-part series, The Future of Personal Data and Online Verification, we looked at current methods for confirming who people are on the Internet and why this process is likely to break down as digital life expands.
In this second installment, we consider the rapid changes in the digital landscape making today’s verification strategies untenable and creating the need for a holistic new approach. Next up, Part Three will explore how scalable new solutions could free your business from the burden of handling personally identifiable information (PII).
These days, just about everyone is aware that major changes are coming our way. The whole world seems to be buzzing with new technologies that will dramatically transform our lives, work, and businesses. No matter what sector or industry you’re in, digital business is opening up vast new opportunities for growth, efficiency, and interaction. The explosive growth of connected devices is quickly making the Internet of Things our new reality. Rapid advances in artificial intelligence and machine learning are promising to revolutionize our daily lives. Digital platforms are bringing together ecosystems of suppliers, buyers, partners, and customers in efficient new relationships. Combined, these trends will change online interactions in ways that are difficult to imagine right now.
In the next five to ten years, the dramatically increased volume and complexity of identity verification and credential authentication tasks will make it impossible to keep up using current methods. Those who want to seize emerging digital business opportunities must find efficient new ways to quickly and easily create trust among strangers.
More Devices, Data, Layers, and Risk: How Will You Maintain Trust?
As digital business expands into new areas of our lives and incorporates new kinds of technologies, businesses and the data they collect are exposed to new threats and vulnerabilities. In recent years, the scope and frequency of data breaches has ballooned to epic proportions. Even venerable businesses and institutions with a long history of reliability are beginning to have trouble protecting their customers’ PII.
The costs associated with major breaches are also going up. While it’s difficult to say exactly what a data breach costs, it’s sure to involve, at minimum, some combination of legal fees, fines, settlements, new security costs, and a hit to business valuation. In 2017, Verizon shaved $350 million off the price it paid for Yahoo to cover costs associated with their breach. A significant breach also damages brand reputation, chipping away at a company’s ability to create and sustain customer relationships.
As the breaches get bigger and more serious, they’re having an impact on people’s attitude toward technology. According to academic research portal The Conversation, “Consumers are learning to be worried about the security of their personal information: News about a data breach involving 57 million Uber accounts follows on top of reports of a breach of the 145.5 million consumer data records on Equifax and every Yahoo account—three billion in all.” Breaches are beginning to jeopardize a critic asset in the digital economy: trust.
Trust is essential to digital business expansion. Without it, engagement wanes, digital platforms wither, partnerships falter, and innovation stalls. Companies that are able to inspire trust and confidence improve their ability to attract and retain customers and partners, increasing their competitive advantage. Tufts University’s report on the state of the digital planet summed it up: “Our willingness and ability to trust these digital innovations and act on the basis of said trust… is a crucial ingredient for the continued onward march of digitalization writ large. Trust is truly the keystone of the global digital economy.”
As Digital Ecosystems Expand, Authentication Gets Complicated
Digital business expansion into more sensitive, consequential areas of our lives such as healthcare, financial and legal services, and education will create new authentication challenges. The vetting process for participants on digital platforms where such professional services are being offered will necessarily be more nuanced and complex. While digital platforms for renting rooms or finding a ride might be able to rely on an initial round of identity verification and ongoing user reviews, platforms for surgeons, accountants, designers, and others where trust is paramount will require more. “Are you who you say you are?” becomes the more difficult question, “Can you do what you say you can do?” How will digital platforms confirm the complete and current status of college and medical degrees, employment history, board certifications, and an endless variety of other credentials? How will they know if something changes?
As our lives transition more fully online, companies will need access to more personal data and details. Advanced analytics and the drive to deliver a more personalized and efficient experience will mean collecting, holding, analyzing, protecting, and updating a massive, rapidly growing volume of personal data. It will become increasingly important to find ways to get answers out of that data without interacting with the data itself. HR departments, for example, will need the ability to answer important questions such as “Does this person have an engineering degree from MIT?” or “Does this applicant have any outstanding arrest warrants?” without seeing information that might open the door to bias.
The rise of IoT and AI will bring more challenges. By 2020, there will be 50 billion IoT connected devices, according to Deloitte. Gartner predicts 21 billion IoT endpoints by the same year, and expects IoT technology to be in 95% of electronics for new product designs. All of them will be collecting and sharing data, much of it sensitive personal data. As IoT and AI blend the real and virtual worlds in vast networks of connectivity, businesses will need to develop effective methods for verifying identity. When everything is digital, everything needs a verifiable digital identity. How can you be sure which FitBit, medical device, police body camera, or onboard navigation system your network—or personal digital assistant—is talking to?
All of those devices will create and share data that must be protected. The estimates of future data volumes are unfathomably large. By 2020, there will be 5,200 GB of data for every person on Earth. Every person online will create roughly 1.7 megabytes of new data every second of every day. The volume of IoT data will exceed 1.6 zettabytes.
With the explosion of new kinds of actors and interactions and the data they produce, expect an increasingly impressive volume of regulatory compliance obligations. Europe’s General Data Protection Regulation (GDPR) takes effect in 2018, and new PII regulations are being discussed and implemented by governments around the globe. According to Gartner, businesses should plan for a future of changing PII regulations. “Frequent PII compromises, such as a 2016 theft of PII for over 130,000 U.S. Navy sailors, will spur regulatory bodies to refine policies and produce ever-evolving guidance for constituents.”
To address these new challenges, businesses need new methods of handling PII, identity verification, and credential authentication. Incremental fixes will not be enough to keep up with the growing volume of players and interactions, or to deal with the increasingly nuanced questions digital platforms will need to ask. The solution needs to change the fundamental nature of how identity is handled.
In the third and final installment of our Future of Personal Data and Online Verification series, we’ll look at exciting new solutions changing the PII landscape. Find out how new approaches are radically streamlining authentication, giving individuals new freedom and control over their PII and allowing companies to seize digital business opportunities with greater speed and agility.
Read other blogs in this series: