For traditional identity models, the biggest misconception is “strong passwords”

Cybernews interview with IdRamp CEO, Mike Vesey.

Password-based authentication has been used for so long, that it’s hard to imagine life without it. This method is preferred for its simplicity and practicality, but is it as safe as we think?

Digital protection can be improved with solutions like Virtual Private Network (VPN) services for enhanced privacy and strong passwords that are difficult to break but traditional authentication models are inherently vulnerable. In reality, any system based on password protection can easily be exploited to expose personal information and commit identity fraud. This is why identity theft remains a leading cause of data breaches.

One way to avoid password-related problems is to use decentralized identity management. This method is relatively new, so the best way to gain knowledge about it – contact the experts. For this reason, we are speaking with Mike Vesey, CEO of IdRamp.

How did IdRamp originate? What would you consider the biggest milestones throughout the decades? IdRamp was created based on years of experience delivering complex identity integration and service delivery solutions for multinational enterprise companies. We found that bespoke ID platform integrations were expensive to deploy, difficult to maintain, and slow to change. As cloud and SAAS adoption increased, data silos proliferated, increasing overall liability, risk, and cost of operating. Companies were being locked into vendor platforms with no easy way to add new features or provide consistent security policies.

As complexity increases, innovation slows and core business objectives suffer. IdRamp was created to solve these problems by providing an extensible integration fabric that simplifies deployment, migration, security, and service delivery across complex digital ecosystems. By automating these pain points, IdRamp provides a competitive edge that helps transform digital ID strategy into a business asset. The creation of the IdRamp platform is our biggest milestone because it combines decades of front-line experience into a simple tool that radically transforms agility, innovation, and security. It provides a simple management interface allowing our customers to focus on business solutions, not complex technology integrations. The age of one platform to solve all problems is ending. Modern businesses need a way to orchestrate the complexity and IdRamp is the answer.

Can you introduce us to your IdRamp platform? What is decentralized identity? The IdRamp decentralized ID orchestration platform solves complex operations, slow migrations, poor user experience, and the vulnerabilities of identity sprawl. Through IdRamp, businesses can quickly add and remove features, tailor the customer experience, and provide consistent trust policies across any range of heterogeneous systems. With IdRamp you can easily plug and play the latest innovative solutions in blockchain identity, biometrics, fraud detection, Web3.0 services, and much more. IdRamp excels at orchestrating existing identity infrastructure to support immediate needs while paving a simple path to next-generation solutions on the horizon.Instead of focusing on one centralized platform with extended customization, IdRamp orchestration focuses on no-code integration, and rapid deployment for flexible, secure experiences. IdRamp automates complex integration and policy management across service providers to reduce operational costs and increase business velocity, innovation, and security. It unifies your identity landscape into an agile fabric that allows you to quickly design tailored experiences that are more secure and friendly. And, critically, it provides a simple, elegant way to easily manage the continuous verification required by zero-trust security approaches.Decentralized identity is a new ID model that helps people, businesses, and things interact in a more private and secure way. In this model, users control their personal credential information instead of hosting it in central data silos. This reduces data risk, and fraud, and improves user experience. Best of all it eliminates the use of password-based authentication, a leading cause of data breaches. Idramp provides comprehensive zero code ID orchestration fully integrated with the latest decentralized ID tools. This powerful combination transforms digital ID from a technical burden into a strategic business asset.

You often mention that current Identity management (IAM) solutions are flawed. What risks do they pose? Traditional identity management platforms are often difficult to deploy and operate. They are too rigid to encompass the diversity of essential business applications and are underpowered to meet emerging security approaches like zero trust and rapid integration with new services. They are walled gardens that cause vendor lock-in and increase data risk by storing sensitive information in centralized directories.

Modern businesses need to plug and play new solutions and platforms on demand. They need to combine and secure multiple providers in one cohesive strategy. It is time to focus on technologies that simplify identity management, can be easily integrated, and provide a path to evolution at a pace and cost that meets business needs.

How do you think the recent global events affected your field of work? Were there any new challenges? With the increase in remote workers and demand for digital services, fraud and ID theft is growing rapidly. Traditional ID models are no longer effective enough to address the situation. This is why we need new solutions in decentralized zero trust verification, biometrics, FIDO MFA, and related fraud prevention services. Digital businesses are under constant attack. We see this in the news headlines on this every day.

What best practices can companies adopt to minimize the risk of identity-related attacks? Remove passwords as a leading vulnerability. Explore decentralized data models to reduce liability and risk exposure. Employ ID orchestration strategies to ensure consistent security across all systems and services.

Before adopting new ID services, prepare an exit plan to avoid being locked into outdated systems. Use stronger verification methods through biometrics, blockchain ID, FIDO MFA, fraud detection, and related services.

As for personal use, what actions can average individuals take to protect their identity online? Unfortunately, many businesses still use password-based authentication, which puts individuals at high risk. People need to understand how easy it is to commit fraud with just a bit of personal information and a stolen password. Obviously, individuals need to use complex passwords and frequently change them. Password vaults make it easy to recall passwords, but they also compound the risk by storing all passwords in one location.

Ultimately, individuals need to push businesses to provide better security and privacy through decentralization. They need stronger multi-factor authentication based on FIDO standards. Strong identity needs to be more than just obfuscating passwords. Passwords need to be removed entirely.

Since digital identity is a relatively new technology, people still tend to have some misconceptions and myths regarding it. Which ones do you notice most often? For traditional identity models, the biggest misconception is “strong passwords”. While passwords can be made more complex to avoid some threats, at the core, all password-based models are fragile and easy to attack. They provide inherently weak security, increase risk and operational complexity.

For decentralized identity, the biggest misconception is confusing it with cryptocurrency technology, which has suffered from vulnerabilities and performance issues. While cryptocurrency and decentralized ID can both use blockchain as a database, the security architecture is entirely different. Decentralized Identity has nothing to do with bitcoin and provides superior security versus traditional digital ID solutions.

What security issues do you think will arise in the near future as digital identity becomes a significant part of our lives? Hackers innovate faster than enterprise or public sector organizations. This will persist because the rewards are large. The most significant issue will be the need for agility. To meet the pace of change, businesses need a solution to quickly adapt to new security services and solutions that meet these threats head-on.

No solution can provide absolute protection forever. With deep fake technology, quantum computing and the drive to Web3.0 hackers will have a new portfolio of weapons to attack businesses. This is part of why we created IdRamp to provide rapid agility and dynamic security for any digital ecosystem.

Would you like to share what’s next for IdRamp? We will remain focused on increasing interoperability and automation for incremental adoption. We understand the complexity and investments businesses have made in existing identity management solutions. We know that businesses need to plug and play security innovation into their existing stacks without expensive migration projects.

We will automate that innovation to protect existing investments and provide a steady path to state-of-the-art security. We will remain focused on fusing new technologies like W3C verifiable credentials with advanced biometrics and fraud detection to help fortify and futureproof the digital ID landscape for generations to come.

Repost of Cybernews interview with IdRamp CEO, Mike Vesey.

 

Orchestrate your systems today

Contact us for a demo on the IdRamp suite of tools and services