Blockchain and Identity Management

Naveen Joshi 24/03/2019 3

Due to blockchain’s ability to provide decentralized and secure storage of information, numerous blockchain identity management solutions are being theorized by experts. However, it is important to keep in mind that securing enterprise data goes beyond the scope for blockchain.

Just like the circulation of blood throughout the human body is vital for its functioning, the flow of information through the modern enterprise is critical for its effective operation. Regardless of the industry, scale, and the nature of products or services, the sharing of information—both internally and externally—is an important driver of organizational performance. Getting the right kind of information at the right time, consistently, can allow businesses to stay afloat even during times of turbulent changes. And the present business climate is characterized by just that—rapid change. However, the information that helps run companies, if exposed to the wrong entities, can lead to the potential ruin of those companies. You might have heard of the recent disclosure of a massive data breach in the Marriott International network that compromised the personal data of 500 million hotel guests. The expense incurred by the company as a result of the breach is estimated to be anywhere between $200 million to $1 billion, although any estimates at this early stage seem inaccurate and premature. With many other companies also staring at such expenses as a result of security breaches, the need for securing enterprise networks is paramount for businesses before fully digitizing their enterprise architecture. A potential new solution for fortifying data security and authorization is blockchain identity management.

Understanding the Need for Identity and Access Management

Since any action or process in an organization is initiated and driven by information, making it available on time to the concerned entities is vital for efficient operation. Effective identity and access management imply providing the right kind of information to the right people at the right time. This means giving employees and partners access to just enough information when required to perform specific activities, and nothing more. For instance, a customer care executive who has to interact with customers in response to complaints, feedback, and queries from different customers needs access to ID and contact information like name, email address, and phone number and the specific product information like product ID, order date, the location of purchase, etc. At the same time, a marketing executive who needs data for market research and analysis only needs demographic information such as age group, geographical region, gender, etc., without needing to know individual details like ID and contact details. Effective access management means giving both the customer care executive and the marketing executive exactly the amount of information they need and not a byte more. Such provisions prevent the possibility of people getting access to more information than is needed, which opens up the possibility of that information being used for unethical ends. 

With competition between businesses at an all-time high and only getting stiffer, corporate espionage is becoming a bigger threat than ever before. A failure to secure enterprise systems against access by external entities can turn a successful business strategy into an ineffective one, as competitors can plan countermeasures. Thus, it is paramount to restrict access to sensitive organizational information to the few pertinent members instead of allowing access based on just vertical seniority, disregarding functional relevance. Having lax and generalized security measures can often multiply the damage caused by cyber attacks targeted at specific verticals. For instance, if a senior official in marketing gets her personal accounts hacked, the attackers can not only gain information pertaining to other verticals, such as finance and research and development. This can lead to the loss of information on a much larger scale, most of which could be easily prevented. Thus, identity and access management need to be viewed and handled with great earnestness by organizations both big and those aiming to be big. To secure enterprise-wide identity and access management systems, businesses must follow certain best practices while planning their data and access security measures.

Implementing Effective Identity and Access Management

Business and security leaders should understand that to balance the ease of access to data when needed with the strength of user authentication mechanisms, a dynamic security system is necessary. To secure the identity and access management system, an organization should define access privileges for employees on a case-to-case basis instead of generalizing security protocols for everyone in the organization. Thus users should be given security roles based on their pertinence to specific sources of data and parts of the enterprise network. 

Accounts that have been granted access to highly sensitive parts of the enterprise storage system should be periodically re-evaluated and validated. Giving accounts access to data that are redundant to the owner’s current function can present potential loopholes for hackers to exploit. Thus, reviewing access privileges and modifying them based on changing situations is key to ensuring a fool-proof identity management strategy. 

Using secure ways of logging into enterprise networks such as biometric-based access and multi-factor log-in mechanisms can minimize unauthorized access and identity fraud. This can prevent data breaches even when account owners don’t take all the necessary measures while logging in to or out of the system. 

Creating a formal, well-documented set of procedures pertaining to security covering all members of the organization can help in reinforcing the weakest link in the identity and access management, or for that matter, any security system—the people. Enforcing a strict security protocol and training people to create, and manage strong passwords. After all, a cybersecurity system can only do so much if the people using it are not aligned and committed to security.

Exploring the Potential of Blockchain Identity Management

Blockchain is already being explored as a security solution by developers as well as businesses due to its features that are conducive to securing data. You might already be aware of how blockchain uses cryptographic hashing, i.e., encrypting data by translating it into an unrecognizable digital string. This makes is harder for hackers to discern actual information hidden by the cryptographic code. Using an internal blockchain network can potentially replace existing authentication systems which mainly rely on mere combinations of usernames and passwords. Numerous blockchain identity management platforms for enterprises are emerging with increasingly feasible operational models. 

Blockchain-based identity and access management systems can enable multi-factor authentication instead of the traditional username-password method of logging in. This ensures that the data on the enterprise network is safe even when users lose or accidentally leak their password. Hackers cannot access systems secured with multi-factor authentication using traditional brute-force attacks used to crack passwords. Among the multiple factors required to log-in can be biometric data which is non-replicable and possibly the most secure way of identifying individuals. The implementation of such mechanisms is not very far off as people are already sold on blockchain as the future of digital identity

Blockchain can also be used to record access details by members of an organization to specific data on an immutable, continuous ledger. This can enable the organization to demonstrate for audit and compliance purposes that the data is accessed only by pertinent users. This can bring some much-needed transparency in the data storage and governance process. This will also keep users from unnecessarily accessing sensitive corporate data. 

Having strong brakes doesn’t make a car slower, but in fact, powerful brakes allow cars to be made faster due to their ability to halt vehicles at higher speeds. Similarly, adding multiple layers to fortify identity access and management won’t slow down an organization’s ability to have access to important data. It will, in fact, expedite the process of getting the requisite information when the situation requires it. Needless to say, blockchain identity management will definitely form one of these layers of fortification in future enterprise networks and it’s only a matter of time when it does.

Share this article