Trust no one. That has been the adage when it comes to digital security issues. In this day and age, we are all hyperconnected. From employer to employee, company to customer, the sharing and exchanging of information has created much chaos. That has in turn led to many risks and threats towards cyber security, as people with malicious intent find and exploit loopholes for their own selfish gain.
Whether it is Facebook, Twitter, Gmail or Instagram, almost every interaction and transaction online requires some form of digital identity. When it comes to remembering all the passwords and usernames used to log into the various online applications and services, how safe is that information protected? How much is revealed when users need to prove that they are who they say they are? In a world where you can trust no one but yourself, how do we ensure that we divulge only the right amount of information to external parties? How do we ensure that everything else remains encrypted and out of reach of hackers and thieves?
Blockchain technology offers a possible solution. What blockchain is, is a continuous list of records that are cryptographically linked together. These blocks all correspond to a distributed ledger which holds the records of every transaction. Stored and locked in every block is a timestamp and transaction data which cannot be modified. Whenever a user accesses a block, their history is logged and recorded.
People often discuss about blockchain security in the context of cryptocurrency. And for good reason. Its capabilities and applications can extend beyond the world of cryptocurrency to anything that involves online chunks of data and personal information. Besides the immutable nature offered by blockchain, its distributed ledger technology confers great promise and potential for identity and access management (IAM).
When data is stored in a distributed ledger, the databases of digital identities are thus decentralised. By doing so, external parties and vendors with the approved access credentials are able to retrieve the data and use it for authentication. The idea is that identities are protected from fraud or theft, given that users can choose who to hand their personal data over and exactly how much. Users are empowered with full control and transparency. As a result, it is way more secured compared to centralised, proprietary databases.
Most of current IAM solutions rely on third party software and external parties, which means that employees and employers alike have to trust someone else to store all their personal data. What that implies is a lack of influence and control over how such data is used, due to it not being accessible. Users are unable to see who has access to their private data and are placed in a position where they are subjected to data controllers who are, by and large, unaccountable.
Said third parties are also vulnerable to being hit by hackers and identity fraud. once they have been compromised, data that belongs to employees and employees, clients and business partners can easily fall into the wrong hands.