3 reasons your security strategy must start and end with identity

The only way to ensure your security strategy is effective is by concentrating on robust identity establishment and management.


Peter Drucker once said you can’t manage what you don’t measure. But if Drucker worked in today’s world, where security issues are normal boardroom talk, he’d probably say you can’t protect your critical infrastructure, locations and data unless you really know who is accessing them. 

Nine in 10 IT security decision-makers say identity management is more important now than ever, with 100% agreeing that a “lack of strong IAM practices” creates risk and potential breaches. The average cost of a data breach worldwide is $5.52 million – and takes 281 days to manage in Australia. The list of stats is endless (check out our infographic for more), but the take out is always the same – identity establishment and management is critical to maintaining a strong security posture.

Although the security industry, for both physical and digital protection, focuses on important matters like detecting threats and blocking them, the best way to protect your critical assets is to ensure you know who is accessing them. And that means increasing your certainty about who is coming in through the door, logging into your systems and accessing your data.

Here are three key reasons why your security strategy needs to revolve around identity.

1. Do you really know who people are?

When we give someone access to our physical and digital environments, are we really sure they are who they say they are? Banks and other financial institutions have various deployed systems to establish workforce identity – whether it’s during the onboarding process or whenever there is a significant interaction that involves the exchange of sensitive data.

Businesses are generally good at establishing identity through screening and checks. But they rarely do more than accept a username and password – a relatively weak security measure – once the onboarding is complete and the staff member moves into their normal activities.

Your security strategy needs to ensure identity is proven every time someone engages with the business, particularly where there is a risk that incorrect access could cause some loss or harm to the business.

2. Physical access is critical

At home, you lock the front door and windows and only provide keys to people you trust. Those physical keys go to family members and friends whose identity you are certain of. Yet businesses give access to their front door to many people and rarely keep track of who’s really coming in. Access cards are often swapped between employees or lent to contractors for convenience.

Most experts agree that once physical access is compromised, many digital controls such as encryption can be broken. As University of Auckland researcher Peter Gutmann says, encryption is rarely broken as it’s much easier to simply bypass it. And physical access simplifies that process.

Your security strategy needs to ensure identities can’t be shared deliberately or stolen by malicious actors. Using biometric security, such as fingerprints, facial recognition or iris scans, to protect ingress ensures the doors are always locked and the keys will never be shared.

3. Passwords are broken

Historically, passwords have been the first line of defence in security. But with billions of credentials stolen, arcane rules making life hard for users and password sharing rife, the days of the username and password being a reliable identifier are behind us.

Once you’re sure that someone is who they say they are, providing them with a way to open doors, log into applications and access data that is unique and unshareable will bolster your security strategy.

Robust identity establishment and management is the key to a successful security strategy. Without a reliable and secure identity system, other measures such as encryption, locks and intrusion detection cease to be effective. They all rely on knowing that the people you think are logged in or inside are who you think they are. And that’s what hackers bank on. 

An identity system that starts with a robust identity establishment process significantly reduces the risk of identity misuse. Learn about Daltrey’s unique biometric credential onboarding process.