Enable breadcrumbs token at /includes/pageheader.html.twig

Re-imagining Identity Management

The COVID-19 pandemic brings forth the need to expand digital identification.

The increase in the remote workforce due to the pandemic has highlighted calls for increased digital identity management. Credit: Shuterstock/Enzozo

Today’s identity management is fragmented and decentralized, relying on a lot of different systems to authenticate people and manage identities. Organizations use a variety of disjointed tools from passwords and smart cards to biometrics. Instead, organizations should pursue a more holistic approach. More and more, comprehensive identity management needs to have a digital component to it, especially during the COVID-19 pandemic, according to Deloitte Global Emerging Technology and Innovation Leader Combiz Abdolrahimi.

“I think right now on the top of everyone’s minds, obviously, is the COVID-19 response and recovery, and it has a direct correlation with identity management,” Abdolrahimi says. “On the government side, everything was premised on this very robust in-person identity system. With this policy, you always have in-person processes, and now with COVID-19, it is not as feasible. So, what are you supposed to do to make things more secure? The shift to telework is changing how agencies, and rightfully so, look at how to conduct identity nexus management.”

An attorney, Abdolrahimi is a senior executive with 14 years of public and private sector experience, including identity management, foreign policy and national security issues, with stints at the Treasury and State departments, the White House and U.S. Senate. At Treasury, he was responsible for digital identity and identity management innovation across the financial regulatory community. In Deloitte’s Government and Public Services practice within the Strategy and Analytics Division, Abdolrahimi works on identity management, financial management, payments, healthcare and telecommunications consulting advisory services with federal, state or local governments—as well as for international governments working to provide identity verification services.

“We need to be at a place where the government, and frankly the private sector as well, could seamlessly authenticate citizens and businesses the same way that most companies deal with their customers,” he said. “It is that need to improve end-to-end public service delivery.”

The use of a unique digital identity for citizens could enable greater service quality and efficiency gains, and offer that seamless authentication, Abdolrahimi says. “I think it is becoming more and more pertinent given the state we are in, working from home remotely, and everything is being done virtually,” he notes.

At Deloitte, the consultant has helped prepare a next-generation public health transformation platform, called GovConnect, with built-in ICAM capabilities to support state governments in addressing and responding to public health needs. The case management and contact-tracing solution allows the capture of COVID-19-related information for automated notification and follow-up.

“We’ve been working with multiple states on their response through this solution in combination with support for hiring surges, advanced network analysis and identity analytics, ramping up contact and call center capabilities, and public health communications and campaigns,” Abdolrahimi shares.

The company also has assisted a federal health care agency in managing patient identities across different data sources to improve patient identity matching and safeguard personal health information privacy and security. “[Proper identity matching makes sure] patients are accurately and seamlessly matched to their data as they receive care across disparate providers in the healthcare system,” he states.

For another federal agency, in the defense sector, Deloitte helped implement an improved and secure end-to-end identity management system to support employee telework in the current environment, especially across mobile devices. “We were able to help the agency enhance the customer experience by unifying disparate identity, credential and access management (ICAM) systems,” Abdolrahimi notes. “We strengthened the resiliency of the overall program by integrating mobile capabilities with multifactor authentication, remote identity proofing, biometrics and fraud detection with artificial intelligence-enabled capabilities to help the agency automatically detect anomalies and identify behavior that doesn’t fit a particular pattern. This has shown why artificial intelligence is a leading technology for risk assessment and threat identification.”

In addition, some efforts by Office of Management and Budget and the federal chief information officer are “pushing the envelope” as far as creating policies for government agencies to improve identity management and strengthening ICAM governance and oversight. “We’re seeing a lot more initiatives and support from the government in terms of championing digital identity initiatives,” the consultant offers.

Moreover, a confluence of emerging technologies can improve identity management, including robotic process authentication, or RPA; rapid DNA; artificial intelligence and machine learning; blockchain; and cognitive augmentation. “There are a lot of technologies out there now that weren’t even there in the past few years,” Abdolrahimi notes.

RPA uses robotic processes and software-based applications to automate a transactional rules-based task and can be applied to existing identity management tools and the related security control configurations.

And while DNA has been used by law enforcement for criminal justice purposes since the 1980s, the processing methods can be slow, with some labs backlogged by months and years, he says. The more recent development of rapid DNA and rapid DNA analysis has reduced processing time from months to minutes, increasing the expediency and accuracy of that biometric DNA identification. The identity management community could delve further into such capabilities.

“There are a lot of technologies out there that we really need to do more to see how they can be used to advance the government mission, expand services and promote public safety,” Abdolrahimi suggests. “And we as an identity community need to talk about all of these technologies and how they are being used and what we are deploying.”

Artificial intelligence-based identity management systems are in use, he continues. Algorithms can detect patterns and identify an individual is who they claim to be, based on a variety of factors, and combined with the biometric piece can complete the verification and identity the permissions users should have.

“We are deploying artificial intelligence with an identity management platform to reduce the risk that comes from the growing remote workforce,” the consultant shares. “And we are using artificial intelligence to approve access requests, perform certifications and credentialing, and predicting what access should be provisioned for the user.”

The application of artificial intelligence and machine learning with identity management is still nascent, Abdolrahimi acknowledges, with a fair amount of testing and piloting underway. However, those technologies, in particular, could assist health care workers who are working at remote COVID-19 testing or treatment facilities.

“The goal is to provide access to permitted users quickly because they need to do their job,” he states. “Let’s say they are in the field fighting COVID, and they shouldn’t have to memorize 100 different passwords, or maybe they left their key card at home. How are they going to access the system? How are they going to be able to respond in a crisis? Identity and credentialing access management is literally the key for that.”

He advises officials to prepare for artificial intelligence-enabled platforms, as more machine learning and related technologies will be integrated and embedded into identity management solutions, especially for fraud protection.

As for the role that blockchain—the digital ledger technology that offers an immutable record of a transaction based on a distributed consensus algorithm—can play in identity management, Abdolrahimi offers that it is “one of the perfect use cases of blockchain.”

For example, one application under blockchain is self-sovereign identity and identity management, where users own their individual data and can choose when to share it through blockchain. “In that case, organizations would no longer need to collect and store every identity data attributed to you, and no single party would have power over your identity,” the consultant emphasizes. “You decide as the individual or the organization what identity data you actually want to share. It’s just a more efficient and more secure way of providing access to your identity information.”

Abdolrahimi sits on a number of boards involved with blockchain management, including the Organization for Economic Cooperation and Development’s Expert Policy Advisory Board, which involves multiple countries and representatives from the U.S. State Department and the White House chief technology officer, and the Department of Commerce’s (DOC’s) Trade Finance Advisory Council. “At the council, they are very much interested in blockchain as a means for ensuring supply chain continuity and streamlining trade finance, and there is an identity component to it,” he states. “You basically want to ensure that those that are transacting in trade finance are verified and identified. And using blockchain to manage that information is a more trusted, transparent and more secure manner.”

Another way of improving identity management is to combine use of emerging biometric technologies as part of so-called cognitive augmentation, Abdolrahimi ventures.

“Cognitive augmentation [leverages] technologies like machine learning, neural networks, RPA bots and natural language processing,” he says. “Cognitive augmentation can help make sense of all that ever-increasing data. And it’s being able to handle both the volume and the complexity that we as humans and traditional techniques cannot understand or fathom. This cognitive augmentation will allow for machines to explore potential connections, discover patterns and relationships that traditional techniques would not have considered. They augment the human response, the human element to identity management, and combining these techniques will create authentication and access management that is truly more secure.”

In addition, machine-extracted knowledge—one possible ultramodern, almost sci-fi, technology—could be applied to identity management. “The possibilities of combining machine-extracted knowledge from the subconscious, which could become possible, and then facilitating access with something you know but you don’t have to actively remember, combined with a physical imprint, could allow for guarantee of a much higher level of security,” the consultant says. “You’d have to kind of replicate someone’s subconscious for the identity, and this is a little bit futuristic, but identity management is one of the areas that really has the potential to leverage the latest technologies to advance ICAM systems.”

He also encouraged interested parties to join the identity management career field as it grows in the expanding digital age.

Lastly, Abdolrahimi urged government officials and organizations to create digital identity systems that are holistic and inclusive of users, and for officials to work with the industry to help build an identity management ecosystem.

“We need to think smarter about identity and leverage all the tools that we have at our disposal to make a more secure, robust, accessible identity system,” Abdolrahimi concluded. “And we are going to need it even more with the pandemic, given the fact that you’re not going to see as much in-person services as much as you would see online, remote, virtually. We need to re-imagine identity in the aftermath of COVID-19.”