How can organizations prepare to maintain data privacy while using a multi-tenant cloud, managed service providers, and distributed data center environments? Anil Bhandari from Arcon will elaborate on this challenge in his Keynote Digital Identity and Privacy: Stories from the Frontline on Tuesday, May 10, at the European Identity and Cloud Conference 2022.

To give you a sneak preview of what to expect, we asked Anil some questions about his presentation.

What can we expect to learn from your session on Digital Identity and Privacy: Stories from the Frontline?

Well, I think digital identities have.... let's just take a step back and look at identities which were in the sense like we used to use a passport or we used to use a driving license in the past. And then we had several other ways to identify a person and it could be you and sometimes your credentials, which is a user ID and passwords and you know what to access your applications. I think currently and in the very near future, this is all going to take the shape of a digital identity and probably you may have even different authors when you kind of get yourself on the online platforms, for example, be it Facebook's or be it Google's or be it LinkedIn's. And you may even completely show a different emotion when you're online, considering the fact that you're doing something there. But you may be a completely different person when you're offline or whatever. So what I'm trying to say is that it's a very... I guess the world will have to look at identity very differently in the very near future. And I think just for the sake of calling them, let's call them digital identities, and these digital identities are, of course, connected to something that you're doing, something that you are writing, something that you exposing, something's an emotion, some things are news or you're creating something or you're logging on and you're doing something for your organization, right? So it could be privacy, it could be confidentiality and so many other things put together, right? So I think it's important for us to identify and understand the linkages between a digital author that a person has, whether they exist within an organization, outside an organization, to the content or the data that you create eventually, which would lead to the next question of, you know, what do you do in terms of privacy? Where do you put those controls if at all required? We don't even know if those controls are required in today's world. So what the session would essentially try and cover is some fundamentals and ideas around how do you link them and some stories around, what kind of digital identities and what kind of content could be created, and what has happened to this going forward or what you're seeing today in the market right? So it could be, well, fake news, for example, a very important element in today's time when you see the world being chaotic and especially in Europe, when so many things are happening around, you know, like what is happening around the world. So I think a very important conference. I think EIC continues to be one of the mainstays in Europe when we discuss identities. And I've had the pleasure of being there in the conference for several years now, three or four at least. So I think this topic would be very interesting in terms of some stories that we'll bring to the table and how do you connect and what do you do and so on and so forth.

 

How is the rapid digitization of businesses and utilization of cloud capabilities relevant to digital identities and privacy?

Well, so all that you did in this physical world before is now shifted to digital assets, which are digital identities, which do not have a home, unfortunately, right? You have got a nice window behind you and a nice house that you're in. Literally, we're all in the cloud today. In fact, almost all critical assets that you have even today is in the cloud. So, for example, I'm not sure if you hold any investments, but if you do, they all happen to be stored somewhere in the cloud or a provider is storing it somewhere, that you have no idea about. Equity shares are in demat form, so they are in digital format. Currencies are likely to be more and more in digital formats. Now, with every piece of technology that you use people are trying to understand and see whether they could use it in the cloud because nobody wants to own assets today. Access versus ownership is one of the most important models, which has come upon the world, right? So everybody wants to access something. They don't want to own it. And with that reality in mind, the cloud is kind of become all-pervasive and likely to see more and more, which means data is likely to be all across different locations, which sometimes you may not even know where it's located. So a connection between identity, privacy, and confidentiality of, I don't know, data is something like water, right? It just keeps flowing and it creates a new set of data. Right. And it takes a different shape and then it breaks itself into multiple pieces. And it's all across the world, which is in the cloud. How do you even reconstruct it, how do you make a sense of it? Forget about protecting it, right? So I think data and cloud become one very critical element for one to look at. And I have no idea how the world is going to look at it in the future. But I think these thoughts are really interesting to discuss and maybe some ideas around what can one do.

What is the interaction between digital identities and privacy issues and why is it important?

Well, like I was trying to establish the fact that digital identities are all-pervasive, our data kind of moves with your thoughts and what you construct and how you break them. These storages are all across the world. So the final question would be, and with the GDPR and the like and the compliance is coming up where the government wants to protect your data. At the same time, the government wants all your data, right? So there is this huge governance that somebody puts up where they kind of literally take every piece of data that you have at the same time that is this government wanting to protect. And every government in the world wants to protect the data and make sure that the data does not go out. And they put huge compliances and fines around organizations wanting to do that. And we have this huge set of people trying to innovate tools and technologies and solutions, are trying to protect your machines, trying to protect data on your machines. If one is not able to appropriately link what you have and what meaning does that data have to you. I don't know how to put this, but let's put it this way. I think data security is likely to be contextual in the near future. So for example, you have my telephone number, you have my email ID and you have my address because I happen to be your client, for example, right? Because you've reached out and you happen to be a client and we happen to have a business relationship. Or somebody else has my data, which is the same, which is an email address, telephone number, but the context in which he holds the data and the context in which you hold the data are completely different. Your organization or yourself or your need to protect the data, but some other organization or person may not need to protect the data, right? because he holds it in a different context. So what I'm saying is, while I don't know whether this example would be the best, what I'm saying is that security in the future is no longer to protect a person. It's no longer to protect a machine. It would all be trying to protect the data in the context that which you hold the data, right? So data security is likely to be contextual data security in the future. And I think as we progress further, I'm sure all tools and technologies would start to deep dive and try and reconstruct what you're doing, how you're doing, where to protect, how to protect. And also you're spending millions and billions of dollars trying to protect because you tried to put controls everywhere, identity controls, standard controls for everybody. Machine controls. You've got a standard antivirus, everybody. You've got malware, everybody. All right. But I don't think this is how it's likely to be in the near future, which means one would need to now start understanding the formats, the frameworks, and understand digital assets in the context in which excoriate and finally understand the data and the context in which it's created. So I think contextual data security would become one mainstay in the future.