In an age where over 20 billion devices are expected to be connected to the internet by 2020, identity theft is a major concern. Data breach notifications in the U.S. jumped from 12 percent to 30 percent between 2016 and 2017, and fraudulent use of identity information affected 16.7 million people, resulting in the loss of $16.8 billion in 2017. These statistics indicate the need for a better way to control access and protect identities.
One promising possibility is the use of blockchain technology to put control and ownership of identifying information back into the hands of users and eliminate some of the major risks associated with current identity management systems.
Decentralized Identity in the Blockchain
Many of the ways businesses and organizations manage identities are far from efficient and include multiple points of vulnerability. User information is often stored in centralized databases or connected to third-party authentication services, creating pools of data hackers can easily mine and exploit. Companies storing the data maintain the lion’s share of control, leaving users to rely on privacy regulations to ensure proper handling of their information.
Blockchain technology could change this whole picture by taking the centralized element out of identity creation and management. The nature of data creation and storage in the blockchain makes decentralized and self-sovereign identities possible for individuals, organizations and devices. Instead of multiple identifiers spread across platforms, decentralized identity involves a single, user-controlled set of identifiers integrated into the blockchain, which theoretically could allow universal access to platforms and services.
Each “block” of data in the blockchain has its own unique “hash” setting it apart from all others. New blocks are stored in a linear, chronological fashion, and each block contains the hash information from the one before it. The result is a database of information in which blocks are both independent and interconnected, making it incredibly difficult for hackers to tamper with data. Editing information in any one block causes the hash to change and requires adjusting the hashes of all subsequent blocks, a monumental task even for the most enterprising identity thieves.
Streamlining Transactions with Smart Contracts
Whether a user is making a purchase, accessing a service or switching between applications as part of a daily workflow, the decentralization of identity has the potential to simplify each transaction requiring authorization through the use of smart contracts.
A smart contract is “a computer program that directly controls the transfer of digital currencies or assets between parties under certain conditions.” Such contracts are self-executing and require no mediation by a third party. With smart contracts, a business or organization can set forth the terms of a specific transaction, such as accessing sensitive information, and rely on identities stored in the blockchain to validate users. This becomes particularly useful in zero-trust security models, as it eliminates reliance on third-party authentication services and has the potential to speed up workflows in a variety of use cases.
Pros, Cons and Pitfalls
The biggest roadblock to universal implementation of decentralized identities is the current low adoption rate of blockchain technology. Only 1 percent of CFOs across the globe have already deployed blockchain in their organizations, and just 8 percent have short-term plans in the works. Thirty-four percent have no interest whatsoever, which could make global interoperability impossible if the outlook doesn’t change.
However, if decentralized identity does become a reality, it could benefit both organizations and individuals by:
• Putting control of identifying information back into users’ hands
• Minimizing the amount of data stored and transferred by organizations
• Simplifying compliance
• Allowing for the use of smart contracts to improve workflows
• Reducing or eliminating human error in transactions
Of course, every emerging technology also has its downsides. Identity verification using the blockchain is still too slow to be useful in instances where time is of the essence and lightning-fast authorization is required, and there’s always the risk of error during the initial coding of smart contracts. Hackers may still be able to undermine the security of decentralized identities if they’re able to infiltrate the blockchain at the moment a user authenticates identifying information. Once any type of error or malicious alteration becomes part of the blockchain, it’s almost impossible to correct the problem.
As more companies and organizations begin to look for better ways to address the problem of identity theft, there will be an increased demand for cybersecurity experts trained to recognize the warning signs indicative of compromised identities and create plans to mitigate risk. The Certified Red Flag Specialist certification prepares individuals to conduct risk assessments, understand the specific vulnerabilities of an organization and create a solid program for identity theft prevention. Blockchain technology and decentralized identity may prove to be an invaluable addition to such programs and could revolutionize the way businesses, organizations and individuals approach identity protection.