By Keith Jansa
Executive director, CIO Strategy Council
The wealth creation potential of digitalization has no limits or boundaries. The economic activities related to the billions of online transactions that occur every day are a testament to Canada’s growing digital economy. Clearly, this trend indicates the existence of almost incomprehensible amounts of personal and private data online. Sadly though, citizens and businesses alike often display a false sense of security in a world where cyber threats are increasingly a risk and data breaches have become a constant.
Citizens fail to realize the breadth of risk if their private information falls into the hands of malicious cyber actors. While many are either unaware of or underestimate the potential personal and economic pitfalls if their data was compromised, very few seem to care to perform the basic cyber hygiene techniques that experts recommend in order to protect themselves when using the internet. For example, not many people even use the two-factor authentication (2FA) process.
Similarly, many businesses don’t pay enough attention when it comes to protecting their own data and that of their customers. Ironically enough, customers trust and expect businesses to keep their personal data safe without really understanding how their information is being used, stored, managed or protected.
While this scenario undoubtedly poses a serious problem to our personal and national security, the harsh reality is that, in Canada, there is no standardized process managing how our personal identity information is shared online. Period.
Many existing online systems are morphing into inter-connected, ad-hoc, and un-standardized identity systems, easily exploited by cyber hackers. Compromised username and password combinations used by the same user across multiple services are having devastating impacts, from credit card fraud, stolen passport numbers to online information erases.
We need national standards to safeguard our digital identities and build awareness of the real, inherent risks associated with cyber mischief, malicious and damaging behaviours of global actors looking to cause chaos, uncertainty and attacks on our economic security.
The good news is Canada’s leading CIOs and executive technology leaders from government and private sector organizations alike are taking the plunge to spearhead this necessary work that will see the creation of standards to regulate the use of our digital identities; establish a minimum set of requirements and controls for managing credentials, user authentication and trusted digital identities; enhance trust in our digital infrastructure networks, and improve product and service delivery and security. These CIOs are charting the course for a full scope digital identity management system that would apply to all organizations, including public and private companies, government entities, and not-for-profit organizations.
From Airbnb to Uber, service delivery across all channels and sectors of the economy relies heavily on identity management – essentially, confirming that you are who you say you are.
And with this reliance on identity management comes tremendous opportunity for Canada to create its own national digital identity ecosystem, supported and secured by effective standards.
Alex Benay, Co-Founder and past Co-Chair of the CIO Strategy Council caution Canada’s continued reliance on analogue identity mechanisms – at a time where countries like Estonia, Denmark and Portugal have had digital identities for nearly a decade – is a growing risk to our national economy.
He argues it’s time Canada essentially becomes a ‘digital identity nation’. One where standards allow consumers to control their data, supported by a formalized chain of assurance across digital jurisdictions and organizations so that one may rely upon the certainty provided by another. We live in an interconnected world. An interconnected solution to digital identity security is a must-have. Standards are necessary.
The next big identity theft scam is just around the corner. We can’t just click “accept” and hope it all goes away.