Digital identity is a concept that is often brought up in IT circles and it is a crucial component of modern cybersecurity architecture. The term “digital identity”, however, is enigmatic to many as it is so complex. In the article below, we will aim to define digital identity, identify the origin of where data pertaining to digital identity is stored, and address common threats to the security of our identities.
What is digital identity?
Digital identity can be defined as the digital representation of our physical selves. Characteristics, which a unique individual possesses in the real world, are created in the digital world as the building blocks of digital identity.
Your digital identity can contain a variety of data. Information such as demographics, location, birth data, usernames, passwords, and purchase history are elements that can be stored within a digital identity. A digital identity is not just limited to people but extends to physical devices including smartphones, laptops, networking equipment, or gaming devices. These digital representations are necessary to provide connections between the digital and the physical world.
How do companies establish digital identity?
Let us consider digital identity from an organizational perspective at the beginning of an employee’s lifecycle with a company. When an employee begins a job with a new company, there is an expectation that they will share critical information pertaining to themselves that is necessary for the company to legally employ and pay them. This information often includes data such as birth date, full legal name, phone number, location, and even a social security number. Each of these data points are entered into HR software and initiates the creation of a new employee’s digital identity within a company.
Now, suppose this new company approaches their digital security with modern tactics and strategies such passwordless authentication and Windows Hello. The new employee’s digital identity will then be taken on step further, as the employee will provide biometric information such as a facial scan and fingerprints to ensure they are compliant with the modern security practices of their company. These data points will be supplemented to a digital identity adding extra layers of security for authentication.
Where is your digital identity represented?
Your digital identity is represented within a “source of truth” that help define who an individual is in the physical world. The source of truth acts as the one place where integrated applications can go to pull information about an individual or an individual’s device.
For businesses that use legacy digital identity practices, an individual’s digital identity single source of truth is often represented in directory service software such as Active Directory, which is hosted on a server managed by an IT department. For organizations that have modernized digital identity, the source of truth has moved off-premises to the cloud. For hybrid modern workplaces, this means cloud-based services like Azure Active Directory (Azure AD) have become the front-runner. Using cloud technology helps to further secure digital identities and makes it easier for remote workers to authenticate and authorize beyond an on-prem network.
How is your digital identity created?
In most businesses there is a workflow that aids in establishing the digital identity of employees. The workflow begins during employee onboarding.
Typically, the human resources (HR) department begins gathering information about a hired individual prior to them joining the company or during their first day. The employee information includes full legal name, address, worksite location, and more often than not a social security number or unique identifier to establish payment methods to receive a paycheck. This data is then entered into the single source of truth, such as Active Directory or Azure AD, and lays the initial foundation for an employee’s digital identity within a company.
If your business has modernized, a digital identity provider such as Azure Active Directory will then assign the new employee to specific groups in order to grant them a unique set of permissions and rights within the company environment that are necessary for the employee to perform their job. From there, the employee receives permissions (authorization) to access specific apps (e.g., Microsoft Teams, Microsoft OneDrive, etc.) or resources within the environment.
Additional data points can be added to digital identity at any time. A mature digital identity provider such as Azure Active Directory will use machine learning to gather information about an individual or device to make their digital identity more secure. This machine learning helps the provider to understand the nuances of an individual.
For instance, machine learning may recognize and incorporate behavioral patterns and geographic locations from which resources are typically accessed. If a user’s behavior is inconsistent or out of the norm, a system like Azure AD may block access to sensitive resources or ask an individual to verify their identity through a secondary layer of authentication. This uses the principle of Zero Trust, which assumes every login attempt is a potential breach to safeguard an environment. Zero Trust Architecture (ZTA) is built on policy engines that are constantly running to discern if a user or device’s identity has become compromised. If a situation looks risky, a Zero Trust architecture will use machine learning to decide whether a user or device is able to proceed into an environment or not.
Conversely, on-premises identity providers tend to be basic, and updating or building on digital identity automation/security may require manual entry or integration with 3rd party software.
Why is digital identity so important?
Digital identity is important to any technology user as it is the digital representation of your physical identity. Your digital identity holds the power to grant users needed access to environments, often needed for work productivity. If it happens to be misconfigured- it may not give a user the specific access they need to be productive, causing a problematic scenario for employees and employers alike.
Furthermore, if a digital identity is compromised, it can have devastating impacts within the physical world such as loss of finances, harm of reputation, and potential for negative legal action.
How are digital identities compromised?
A leading culprit of attack on identities are passwords. In fact, even one of the preeminent password management tools, LastPass, was breached in August 2022. Where passwords were once a security asset, they have now become security vulnerabilities— especially when it comes to digital identity.
On a global scale, IT leaders who are embracing the circumstantial threats of the now and the future are making a conscious effort to move away from passwords and to embrace passwordless authentication. The reason not only being the volume of password attacks but also the ever-increasing sophistication of password attacks that lead to digital identity breaches.
Methods of attack
One of the more common attacks that leads to identity breach is password spraying, also known as brute force attacks. This breach occurs when a bad actor uses common passwords to compromise a single account. Once obtained, bad actors will obtain data to use in alternate forms of compromise such as phishing. Although this is not the most sophisticated method of attack – it has been massively successful in breaching digital identities via password vulnerability in the past.
Phishing is also a major attack vector on digital identity. The basic concept of the strategy of phishing involves a cybercriminal launching a phony webpage that appears to be real. When an unsuspecting user arrives at the phony webpage and enters their username and password, the attacker has everything they need to log in to an environment. And just like that, a digital identity is compromised.
Finally, a more elaborative attack strategy that is aimed at attacking businesses during a vulnerable time is known as whaling. Whaling is a form of phishing that occurs when a cybercriminal specifically targets a high-profile user such as a CEO, CFO, or VP.
Whaling attacks increasingly occur in times of major organizational shifts such as a merger or acquisition. During these circumstances, there is often a hybrid period where high-profile users have access to two environments. Attackers use this co-existence period to their advantage to run targeted phishing campaigns. If a high-profile user, such as a CFO’s digital identity is compromised, a cybercriminal stands to gain a tremendous amount of data, which can be exploited for financial gain.
Because our digital identities reflect so much of who we are in the physical world, it is crucial that we do everything in our power to ensure our digital identities are protected. If we can adequately secure and manage our identities, the data that makes up who we are as organizations and individuals will stay out of the wrong hands.
Contact us to learn more about Digital identity
Demetrius Cooper is Moblie Mentor’s Digital Identity lead. He has over 11 years of industry experience with a predominant focus on digital identity. A Chicago native, Demetrius lives and works in Atlanta, GA.