Think digital identity – and the threat of deepfakes and stolen identities come to mind. What lies ahead in the move towards digital identities for citizens in Asia Pacific?

Digital identities improve citizens’ lives by enabling seamless, secure interactions across services, but maintaining the balance between security and convenience is crucial, especially in the face of emerging threats such as deepfakes.

Global cooperation in data governance is essential for high cybersecurity and data protection standards. As we become more digitalized and as AI becomes more integrated into our daily lives, there is an urgent need for clearer regulatory standards and cyber awareness.

What can governments and businesses do to protect consumers’ digital identities? How will digital identity and security develop in the Asia Pacific region?

CybersecAsia sought out some insights from Philippe Vallée, Executive Vice President, Digital Identity & Security, Thales.

Organizations are constantly trying to balance convenience and security for customers and employees when it comes to identity authentication and data protection. What are some key considerations for organizations looking to simplify and secure digital interactions and transactions?

Philippe Vallée (PV): Organizations shouldn’t confuse friction for convenience. They should always strive to strike the right balance between minimizing friction and upholding security. As digital identities have a significant impact on the way we interact with the world around us, organizations are still held accountable to ensure customers and employees’ data remain safe.

To achieve the balance of convenience and security, organizations should look towards more secured authentication such as passwordless solutions. This creates a secure digital identity on a user’s device using a credential that is unlocked with biometric authentication, such as fingerprint or facial recognition. This reassures users that the data can only be securely assessed by the credential owner conveniently. However, as cyber threats become more sophisticated, organizations cannot rely on a single authentication method. Maintaining a multi-layered security approach that combines biometrics with other authentication factors, helps to foster a stronger and more unified defense against evolving cyberthreats.

Philippe Vallée, Executive Vice President, Digital Identity & Security, Thales

Adopting a zero-trust framework can also help ensure that identity and access privileges come with the right level of strong authentication depending on the type of transaction to be executed, its value, and its level of confidentiality. Consumers are demanding seamless experiences while also requiring organizations to secure their every interaction. Our Trust Index report highlights just how important security has become to the modern-day consumer. The global study revealed that increasingly security conscious consumers are also making their choices of products and services on this basis. A quarter of consumers do not want to use services that aren’t encrypted, while one in five said that they have stopped using a company that has suffered a data breach.

As we continue to navigate the world of digital identities, striking the balance between convenience and security is still an ongoing process that needs a holistic approach, and constant adaption given the rise of new threats and technologies.

Recently, ASEAN Economic Ministers initiated negotiations for the world’s first regionwide digital economy agreement, the ASEAN Digital Economy Framework Agreement (DEFA), with a collective commitment to foster a sustainable and inclusive digital ecosystem across ASEAN nations. How do you think Singapore and other nations in this region can align their digital identity and security governance for seamless interactions?

PV: The ASEAN Digital Economy Framework Agreement (DEFA) is a great first step for governments across ASEAN to align and commit to an inclusive digital ecosystem across different nations.

To harmonize these regulations and standards, Singapore and the rest of the ASEAN nations need to establish the best practices used for data access rights, security and encryption. The DEFA should promote interoperability of digital identity systems, enforce stringent cybersecurity measures and foster collaboration between governments and organizations for digital identity enrolment and management solutions.

It is important for governments to continue to educate businesses and citizens about responsible digital practices as ASEAN looks to accelerate trade growth and interoperability. Collectively, the nations need to continuously monitor and adapt to evolving threats and technologies as it works towards a future-proof DEFA. Through the sharing of information, ASEAN can work together to create a trusted and secure digital environment, one that enables trust in a digital economy.

One example of how this is done in another collective bloc, the European Union, is the European Digital Identity Wallet. It is essentially a tool that will enable every European citizen to store their identity documents on the secure platforms of trusted partners (for e.g., passports, banking details, driver’s license, ID cards, social security cards, diplomas). This will then be used across a wide spectrum of public and private services across the European Union (whether to open a bank account, file tax returns, check in at the hotel, prove education certification to employers, etc). In short, a citizen will be able to choose exactly what information he/she wants to share and with whom.

In your opinion, what does the future hold for digital identity? How can governments overcome the challenges set to come as new technologies (such as AI and the metaverse) find their way into our daily lives?

PV: The future of digital identity is marked by new technologies, evolving threats and changing user expectations. As new and emerging technologies continue to emerge and integrate into our lives, governments must continue to play a central role in setting standards and regulating practices to foster a secure and privacy-first environment.

More and more, the services that we rely on are provided in a completely digital form, making digital identities as crucial as physical ones. When trust in these digital forms is strong, it paves the way for new services and innovations. However, when trust is low, that’s when we’ll miss opportunities as individuals are hesitant to fully engage and share information, hindering progress and making it challenging to adapt and capitalize on new opportunities.

To deliver a service securely, it is important for consumers to know that their identities are protected. It is important to explain to individuals when and how their identities and personal data are used, along with ensuring their rights to check the information with a choice to opt out of sharing their personal data if preferred. When leaving a service provider, the right to remove all data must be exercised to ensure that the users’ personal data are cleared for good.

In my opinion, there is still a lot of work to be done around digital identities, keeping citizens and infrastructures secured as the adoption and applications increase across ASEAN. At Thales, we believe that trusted digital identity relies on three key pillars: convenience, security and privacy. Convenience is key to adoption, and it must be able to seamlessly integrate with our lives. By embracing secure digital identity solutions, we can safeguard sensitive information, protect individuals and businesses from cyber threats, and foster a safer and more digitally integrated society.

How can organizations help to manage and protect consumers’ digital identities, in a world continuously challenged by AI-powered cybercriminals?

PV: In a world where cybercriminals use AI-powered tactics, organizations must continuously evolve and adapt to protect their consumers’ digital identities. Implementing a strong security strategy which includes multi-factor authentication (MFA), biometrics and embracing going passwordless.

In our Data Threat Report, it was found that over a third of businesses across the globe have experienced a data breach in the last 12 months. More often than not, the weakest link in the security chain is the employee. This is often through small but harmful mistakes – such as an easy-to-guess password.

Furthermore with reference to the 2023 Verizon Data Breach Investigations Report, the three primary ways in which attackers access an organization are stolen credentials, phishing and exploitation of vulnerabilities. In fact, 49% of all breaches involved stolen credentials. With these threats top of mind for organizations moving to the cloud, many are grappling with low user adoption of MFA, which is often cited as cumbersome.

It is crucial for organizations and governments to continue to educate consumers and employees, as user education is essential for recognizing threats and ensuring responsible online behavior.  Organizations should adhere to data protection laws and work with governments to set industry regulations for a comprehensive approach to safeguarding digital identities in a rapidly changing landscape.