Even in non-Covid times, digital transformation in any organization isn’t easy. We’ve all seen how the pandemic has drastically accelerated the willingness of, and the need for, organizations to embrace new technology, but it has also added complexity.
All of a sudden huge swathes of the workforce are working remotely, and businesses have had to react quickly to support a new, more remote and more flexible workforce. Aside from the various technical and logistical hurdles, many organizations are finding their biggest challenge is one of trust. With staff no longer physically present, how do you know your employees are who they say they are?
I recently spoke to Andrew Shikiar, Executive Director and CMO, at the FIDO Alliance, who believes the answer lies in how organizations authenticate employees and end-users. And by solving this issue of trust, they will not only be able to move to a more remote model, but gain the confidence they need to push ahead with digital transformation projects.
Andrew says: “You can’t have digital transformation without security. What if you can’t trust anyone you don’t know? It undermines the whole ability to have digital transformation at scale. And to have security at scale, it needs to be easy. Fundamentally, technology needs to be easy for people to use.”
FIDO’s approach to addressing this problem revolves around a major shift in the way people authenticate themselves. In practice, this would mean users logging-in to devices, cloud-based platforms or online services using a biometric signature, like a fingerprint or their face, without the need for a password.
Phasing out passwords may sound counter-intuitive, but that is precisely what the FIDO Alliance was created to do. Its members include many of the world’s leading companies like Apple, American Express, Google, Microsoft and Samsung, who all recognize the pitfalls of the formerly trusty password.
Andrew explains: “The traditional way of authenticating is password-based, but the odds are that [your password has] been stolen, it’s sitting on the dark web already, or if not, someone can phish you through a replay attack… over 80% of data breaches are caused by passwords, either because the password is stolen or something has been left open.”
FIDO claims to solve this problem by moving away from the current dependency on server-side credentials, to one that authenticates users locally from a device in their possession, such as their PC or smartphone. Public key cryptography then enables the device to mediate the authentication process with the server.
There will likely be many who are uncomfortable with the idea of providing biometrics to any private organization, let alone their employer. But due to the way the FIDO standards work, with data stored locally on the device as opposed to a server, it cannot be accessed by anybody other than the user. The bigger barrier to adoption may well be that large enterprises are unable to replace passwords in legacy systems that rely on them. But that does not prevent them from adding an extra layer of authentication, like that provided by FIDO or another form of second factor authentication, which could effectively remove the need to use a password for many employees in most circumstances.
As with any digital transformation project, you ultimately want to make life easier for employees, while increasing efficiency and productivity. Passwords were designed to be simple but, as we have all likely experienced, they have become incredibly cumbersome, leading many to take short-cuts. So any new authentication method, biometric or otherwise, needs to be simple and easy to adopt. When you’re in the midst of a major transformation project, the last thing you need is an added complication or a new process for people to learn on top of all of the critical changes the business is making.
The pandemic has forced organizations to adapt to new ways of working, and there are certainly opportunities for them to improve the way they operate. But the pandemic has also introduced complexity and raised issues around trust. As business leaders adapt to the current circumstances and plan for the future, more effective ways of establishing trust and authenticating employees could become increasingly common. But it’s vital that they find solutions in keeping with the overall aims of their digital transformation project – make it simple to use, make it more efficient, and make it more effective.
Originally posted here