Reply Logo
Menu
  • TOPICS
    TOPICS
    • Architecture
    • Artificial Intelligence & Machine Learning
    • AUGMENTED & VIRTUAL REALITY
    • Big Data & Analytics
    • Blockchain
    • Cloud Computing
    • CRM
    • Digital Experience
    • Digital Workplace
    • eCommerce
    • Game & Gamification
    • Industrie 4.0
    • Internet of Things
    • Mobile
    • Quantum Computing
    • Risk, Regulation & Reporting
    • Security
    • Social Networking & Crowdsourcing
    • Supply Chain Management
    • Video
  • INDUSTRIES
    INDUSTRIES
    • Automotive
    • Energy & Utilities
    • Financial Services
    • Logistics & Manufacturing
    • Public Sector & Healthcare
    • Retail & Consumer Products
    • Telco & Media
  • JOIN
    JOIN

    join reply work with us

    Reply is the place to meet an incredible variety of enthusiastic, passionate, ideas-driven people, who want to make a difference and an i​mpact.
    ​Would you like to know more?

    Go to careers​​​​
  • ABOUT
    ABOUT
    • ABOUT
    • REPLY AT A GLANCE
    • ALL REPLY WEBSITES
    • CAREERS
    • OFFICE LOCATIONS & CONTACTS
    • Reply Code For Kids
    • INVESTORS
    • FINANCIAL NEWS
    • REPLY SHARE INFORMATION
    • FINANCIAL HIGHLIGHTS
    • FINANCIAL CALENDAR AND EVENTS
    • FINANCIAL REPORTS
    • SHAREHOLDERS' MEETING
    • LOYALTY SHARES
    • CORPORATE GOVERNANCE
    • EXTRAORDINARY TRANSACTIONS
    • NEWSROOM
    • News
    • Events
    • Press
    • Webinars
  • Login
    Your ProfileLogout
Choose language:
Reply Logo

Search

Security

Best Practice

Staying ahead of the digital identity evolution

Cyberspace represents the total interconnectedness of human beings through computers and telecommunications, regardless of physical geography. It is a term used to describe the whole range of information resources available through computer networks. For our purposes, cyberspace is a realm in which communication and interaction between two individuals, or between an individual and a computer, is facilitated by digital data exchanged over computer networks. However, a critical problem in cyberspace is knowing who you are interacting with.

FOCUS ON: Security, Digital Identity,

Spike Reply​

Spike Reply is the Reply group company specialising in consultancy services and integrated solutions for business security & fraud management. Spike Reply supports businesses in processes to tackle all aspects of risk associated with an information system, from identifying threats and vulnerabilities to establishing, designing and implementing the relevant technological, legal, organisational, insurance and risk-retention countermeasures. Spike Reply assists enterprises wishing to enhance their security posture while continuing to operate in optimum conditions.

digital identity

The technological age ​and the digitisation of information make it difficult to determine the identity of a person in the digital realm. It is difficult to accurately determine the identity of the person on the other side of an e-mail message, or know with certainty the source of any information available in cyberspace. Although there are attributes associated with an individual’s digital identity, these attributes or even entire identities can be changed, masked or discarded and new ones created. Who is reading the information? Who is storing the information? What are they doing with it? What does our digital identity say about us?

For most of us, giving out personal information such​ as our home telephone number or the number of our driving licence is an everyday occurrence. However, providing extra information through digital communication channels introduces privacy issues and the possibility of identity theft. More than ever, the information explosion, facilitated by an era of easy credit, has led to an increase in the type of crime that feeds on the inability of consumers to control who has access to sensitive information and how this information is safeguarded.

Currently, there is no standardised system for identification in cyberspace. It is not possible to identify an entity with certainty or to accurately tell whether an object has a specific characteristic.

Despite the fact that there are many authentication systems and digital identifiers that attempt to address these problems, a concrete need still exists for a unified and verified identification system.

The evolution of IAM (Identity Access Management)

In order to tackle the challenging situation whereby more and more individuals, devices, and “things” are assigned identities across networks, companies need to implement a dynamic IAM solution that serves employees, customers, partners and devices regardless of their location, nature and context of use.

In fact, with the development and growth of the IoT (Internet of Things)1 and IDoT (Identity of Things)2, IAM leaders in the digital businesses world now need a way of defining and managing the identities of “entities” (people, services and things) within a single framework.

In this sense, for those that have worked in the traditional field of identity management, the traditional fundamental goal – of being able to determine at all times who should be allowed to access what, when, how and why – is no longer sufficient. In this context, our identity can no longer be defined as an entity in itself but must be considered within the scope of its relationships. This is why IAM is evolving into a new paradigm: IRM or Identity Relationship Management.Evolution of Identity

Within IRM, the concept of relationships carry more value than a “clearly proven identity”. The latter certainly has a highly valuable role where necessary, yet in everyday scenarios it is often the relationships that are the key to success – and not the identity. IRM requires services that are simple, flexible, scalable and designed to quickly verify identities and access privileges. It is therefore imperative that every business engages with its customers in a safe and efficient manner.​​

With the increased interconnectedness of people and things, the implementation and availability of Identity Management Model services inspired by the IRM model become fundamental. On the one hand, it is useful to be able to model relationships and to provide the added-value services that customers expect. On the other, it is vital to offer data owners the opportunity to control the information and personal data they own, and to define – for each “thing” and for each “relationship” – the specific types of access rights each entity can leverage in relation to their data.

The “SPID” – Italy’s public system for digital identity management

How can we guarantee individual users full control over their proprietary data in such a complicated context and, at the same time, ensure the accuracy of the data associated with digital identities? One solution could be to take back control over identities, transferring this control from the data brokers that own them today, to trusted channels.

In Italy, the SPID, ("Sistema Pubblico per la gestione dell'Identità Digitale" – or "Public system for digital identity management") is defined as a set of public and private entities that, after being accredited by the Agenzia per l'Italia Digitale (AgID), manage and provide registration, authentication and other identity data-related services to citizens and companies on behalf of other government agencies.

The relevant Decree of the President of the Council of Ministers (DPCM of 24 October 2014) specified:

  • the main features of the SPID project (e.g. architectural and organisational model, technological standard involved, etc.)
  • the requirements, timelines and SPID adoption procedures to be followed by citizens, companies and government.

SPID is a federated identity management system based on the SAML 2 standard where, under AgID control and coordination, citizens and companies can access services provided by “Service Providers” (SPs) using authentication and attribute distribution services offered by “Identity Providers” (IdPs) and “Qualified Attribute Providers” (AAs). In short, using only one identity provided by an Identity Provider, citizens and companies will be able to use the online services provided by all the Service Providers that have been accredited by the AgID.

This approach will ensure the correctness of identity-related data, avoiding the creation of a unique database and a unique point of vulnerability, and will circumvent the need to create multiple identities for accessing multiple online services.

The Reply approach to Digital Identity

​Reply has extensive experience in the realm of Identity and Access Management and Governance, with projects across different industries and countries. What’s more, the Company has developed a proprietary methodology able to support its clients on technical, functional and organisational needs related to the issue of identities and to the connected security aspects. This methodology is based on a flexible approach, capable of adapting to the Client’s specific requirements and verified using the best-of-breed technology solutions available on the market and of evolving side by side with the evolution of the digital identities domain both in terms of technologies and business needs.

Reply is able to help clients to develop the most efficient “shield” against identity theft and against other threats that present a danger to digital identities, even within the scope of advanced scenarios such as: Internet-scale customers identity management, context and risk-based access management, identity API, omni-channel authentication and user experience. Reply can also support Clients in the process of setting up all the organisational and technical solutions needed to obtain the SPID accreditation as an Identity Provider or Service Provider.

​​

1The Internet of Things (IoT, sometimes Internet of Everything) is the network of physical objects or "things" embedded within electronics, software, sensors, and connectivity for the purpose of enabling objects to exchange data with the manufacturer, operator and/or other connected devices based on the infrastructure of the Global Standards Initiative (supported by the International Telecommunication Union).​

2The Identity of Things (IDoT) is an area of endeavour that involves assigning unique identifiers (UID) with associated metadata to devices and objects (things), enabling them to connect and communicate effectively with other entities over the Internet.​

​​

RELATED CONTENTS

CyberSecurity Control

Best Practice

Stay on top of your Cybersecurity

Risk-Based Threat and Vulnerability Management is the combination of methods and tools to check your security control effectiveness and your risk posture. Discover new methods and tools to check your security control effectiveness.

Stay on top of your Cybersecurity
 0

28.01.2021

News & Communication

Spike Reply and Storm Reply Achieve AWS Security Competency Status

Reply announced today that its companies Storm Reply and Spike Reply achieved Amazon Web Services (AWS) Security Competency status. This designation recognizes that the two companies of the Reply Group have demonstrated deep expertise that helps customers achieve their cloud security goals.

IoT Security

Best Practice

IoT security test unit. Making security tangible.

Smart factories, smart grids, smart cities… a new world arises, where things communicate with each other. Reply’s IoT Security Test Unit helps to demonstrate and test possible attacks so organisations can react fast to security issues and reduce risks of production outages.

IoT security test unit. Making security tangible. 0
 
 
 
 
Reply ©​​ 2021​ - Company Information
  • About Reply​
  • Inves​tors​​
  • Newsroom
  • Follow us on
  • ​
​
  • ​Privacy Policy
  • Privacy Notice (Client)
  • Privacy Notice (Supplier)
  • Privacy Notice (Candidate)
  • Modern Slavery Act Tran​sparency Statement (UK & IR)​
​​Reply Enterprise Social Network​​