Demystifying Digital Identity in the Age of Cloud Authentication
Daniel Lu, July 25, 2017
Identity may be a difficult-to-define concept that has stumped philosophers for centuries. But when it comes to security offline or online, the topic boils down to evidence and proof. What determines that someone is who they claim to be? In the physical world, that question is generally answered by people providing various forms of identification—often, two forms of government-issued photo ID or other documents such as birth certificates and utility bills. Similarly, in the digital realm, identity is best proven when users present multiple “factors” to authenticate themselves. But it wasn't always this way.
Digital identity, prior to the cloud
The use of passwords to secure digital identity dates back at least to MIT’s Compatible Time-Sharing System, a project from the mid-1960s. The system had multiple terminals for multiple users, and each one needed access to their own private set of files. Administrators decided locking each individual account with a password was the most straightforward solution to the problem. Of course, it wasn't long before one enterprising user, researcher Allan Scherr, found the file listing all the passwords and printed it out to give himself more time on the system. This historical hack shows that the vulnerability of single-factor authentication has been with us for a very long time.
Enter cloud computing
The concept of cloud computing (in its current form) became more widely known in the mid-2000s as computers were getting a lot faster—and these breakthroughs were starting to affect digital identity. A single person might sign into 10 different Internet Relay Chat channels under several different pseudonyms while simultaneously logged in at work under his or her real name, all from the same computer. This was as opposed to the clunky operations of the previous era, when dialing into a sole BBS with one digital identity might be all the machine could handle.
The result was that digital identities per person started to proliferate. More and more people had AOL Instant Messenger screen names, IRC handles, work accounts, and other profiles. From an employer's perspective, it was challenging to control what employees were doing with all these digital identities. Any one of them could be leaking trade secrets, and using company equipment to do it. Or, more simply, each of the various identities was a vector for cyber attacks, or plain human error. Malicious users might want their accounts siloed to keep themselves cloaked, but the people paying them needed to be able to supervise what was happening on company time.
How digital identity can succeed in the cloud
With today's cloud computing, when smartphones are in everyone's pocket and people may have hundreds of different accounts they need to access, the need for convenient, secure digital identity is even more obvious. If an employee gets phished while browsing Twitter through a personal account on a company phone, and it leads to a hack of his or her company, the whole business might collapse. The answer is to provide multiple factors for authentication, and to adapt.
Ultimately, identity means the ability to verify that someone is who they say they are, and that entails checking multiple factors—such as which device the user is on, where the user is, or what password the user knows. Today, with higher processing power and a cloud-based environment, it can be done. Plus, with cloud-based identity provisioning such as Okta, user profiles can be linked across apps to prevent data siloes. The digital identity of the employee remains consistent but flexible to meet the mobile, changing needs of today.
In a changing online world, Okta’s got your back. Learn more about protecting the digital identity of your employees with world-class cloud security solutions >