Managed service providers are responsible for helping their customers navigate the advancing threat landscape and identifying the best solutions to safeguard against cyberthreats and privacy concerns. However, traditional identity and access management (IAM) systems used to authenticate users often require providing significant personal information to access a service, weakening the user experience.
But with new advances in decentralized identity management, MSPs can enhance the customer experience by validating digital credentials quickly and effortlessly, putting control into the hands of the end user. These solutions provide identity verification (proofing) along with digital credential issuance and verification, so businesses can instantly ensure their users are who they claim to be.
Sometimes referred to as Self-Sovereign Identity (SSI), decentralized identity saves time by instantly ensuring the source, validity, and accuracy of credentials. It also reduces costs associated with issuing physical credentials, managing personal accounts and preferences, managing eligibility, and mitigating identity theft. Most important, the technology prevents fraudulent transactions, stops account takeovers, and delivers speed-to-trust by putting users in control of their verified information.
Decentralized Security in Action
Decentralized identity uses robust identity verification methods prior to issuing a cryptographically signed credential to ensure that personal information is secure and cannot be altered without the owner’s permission. Organizations issue users a verifiable digital credential that is typically stored in a digital wallet on their mobile devices.
The beauty of these digital credentials is they contain all the information a user needs, but present only the information needed at the time by the service provider. If the desired service only needs to verify the user’s age, only the age will be provided, unlike today where a user would present their driver’s license that contains their address, birth date, and more.
These digital credentials can represent a variety of claims that an issuer has validated including:
- Identification: biographic information, photo, PIN code, etc.
- Eligibility: entitlements, permissions, privileges, roles, etc.
- Affiliation: employment/contractor, membership, or customer/account status
- Other extended attributes: rules about how/when/where a credential is intended to be used, account or policy details/balances, credit score, etc.
The credentials can be used to, for example, purchase property, cars, or concert tickets. They can be used to confirm memberships, such as citizenship, employment, or a vacation club status. Or they can verify achievements, such as a diploma, professional certification, or title. The versatility of digital credentials enables MSPs to deploy decentralized identity solutions to customers regardless of their industry or marketplace.
Consider a real-world application in financial services. Decentralized identity credentials can be used to reduce check-to-cash fraud utilizing robust identity proofing mechanisms once and issuing a verifiable credential for the future. Banks can also enable business partners to leverage these same credentials for strong identification and to access affiliate services. Similarly, in retail, the credentials can verify the age of customers, such as for purchasing age-restricted products like alcohol and tobacco, as well as loyalty programs, including accessing services and benefits from business partners.
Final Thoughts
The increased mobility of users and their demand for personalized, unified access experiences has stretched traditional IAM beyond its limits. Organizations are spending significant time and money obtaining and verifying information from customers and employees. They then must attempt to determine access, entitlements, and authorizations to remain compliant.
Decentralized identity offers MSPs an opportunity to provide a solution that eliminates the manual resource burden for their customers while empowering users with control of their own data. And because it is decentralized, the technology does a better job at preventing fraudulent transactions, reducing the risk of account takeovers, and delivering speed-to-trust.
ALEX RYALS serves as the vice president of channel sales at Ping Identity, where he leads the global channel sales organization to drive the scale of identity security solutions through partners across the world. He previously held VP roles at TD SYNNEX and Tech Data, where he was responsible for accelerating sales through the global partner ecosystem. Ryals has more than 20 years of experience in the technology sector.