Demystifying Digital Identity in the Age of Cloud Authentication

Identity may be a difficult-to-define concept that has stumped philosophers for centuries. But when it comes to security offline or online, the topic boils down to evidence and proof. What determines that someone is who they claim to be? In the physical world, that question is generally answered by people providing various forms of identification—often, two forms of government-issued photo ID or other documents such as birth certificates and utility bills. Similarly, in the digital realm, identity is best proven when users present multiple “factors” to authenticate themselves. But it wasn't always this way.

Digital identity, prior to the cloud

The use of passwords to secure digital identity dates back at least to MIT’s Compatible Time-Sharing System, a project from the mid-1960s. The system had multiple terminals for multiple users, and each one needed access to their own private set of files. Administrators decided locking each individual account with a password was the most straightforward solution to the problem. Of course, it wasn't long before one enterprising user, researcher Allan Scherr, found the file listing all the passwords and printed it out to give himself more time on the system. This historical hack shows that the vulnerability of single-factor authentication has been with us for a very long time.

Okta 110916 49 0 However, single-factor authentication remained the most common method of authentication for many years. Why? Consider the state of the internet in the 1990s. There was no convenient way to, say, send a fingerprint scan over a telephone connection made by 2400 baud modems. In principle, it could have been done—but the low processing power of motherboards and the slow connection speeds would have made it highly inconvenient. It was already obvious that additional factors should be included for better security—but technology wasn’t there yet.

Enter cloud computing

The concept of cloud computing (in its current form) became more widely known in the mid-2000s as computers were getting a lot faster—and these breakthroughs were starting to affect digital identity. A single person might sign into 10 different Internet Relay Chat channels under several different pseudonyms while simultaneously logged in at work under his or her real name, all from the same computer. This was as opposed to the clunky operations of the previous era, when dialing into a sole BBS with one digital identity might be all the machine could handle.

The result was that digital identities per person started to proliferate. More and more people had AOL Instant Messenger screen names, IRC handles, work accounts, and other profiles. From an employer's perspective, it was challenging to control what employees were doing with all these digital identities. Any one of them could be leaking trade secrets, and using company equipment to do it. Or, more simply, each of the various identities was a vector for cyber attacks, or plain human error. Malicious users might want their accounts siloed to keep themselves cloaked, but the people paying them needed to be able to supervise what was happening on company time.

How digital identity can succeed in the cloud

With today's cloud computing, when smartphones are in everyone's pocket and people may have hundreds of different accounts they need to access, the need for convenient, secure digital identity is even more obvious. If an employee gets phished while browsing Twitter through a personal account on a company phone, and it leads to a hack of his or her company, the whole business might collapse. The answer is to provide multiple factors for authentication, and to adapt.

Ultimately, identity means the ability to verify that someone is who they say they are, and that entails checking multiple factors—such as which device the user is on, where the user is, or what password the user knows. Today, with higher processing power and a cloud-based environment, it can be done. Plus, with cloud-based identity provisioning such as Okta, user profiles can be linked across apps to prevent data siloes. The digital identity of the employee remains consistent but flexible to meet the mobile, changing needs of today.

In a changing online world, Okta’s got your back. Learn more about protecting the digital identity of your employees with world-class cloud security solutions >