Centralising secrets: How organizations can manage identity and credentials

Challenges and emerging solutions of centralized identity and credentials management in India

Ruchin Kumar | December 9, 2022


#Technology   #security   #e-governance   #Aadhaar   #NPCI  
(Image: Ashish Asthana)
(Image: Ashish Asthana)

For many organizations, maintaining consumer trust is paramount. The more users trust an organization, the more that organization can grow its services and revenue. Should a data breach occur, that trust can be compromised. This is especially true for organizations handling highly sensitive data, such as those within the financial and government sectors.

A common cause of data breaches relates to improper management of credentials, such as passwords and keys. Managing secret credentials is far from an easy task, especially for larger organizations. A global internet hosting service estimated [https://blog.gitguardian.com/the-state-of-secrets-sprawl-2022/] that the nearly 50 million developers using the service have seen a 50% increase insecrets accidentally leaked in public repositories over a yearly basis — an unfortunate phenomenon referred to as “secrets sprawl.” Situations like these, which involve a wide and sometimes decentralized scattering of credentials, demand a centralized solution that consolidates secrets into a single location. This article reviews some of the challenges — and emerging solutions — of centralized identity and credentials management in India.

Challenges
Distributing secrets can be burdensome and logistically challenging. This can prove true for both smaller organizations that may still be refining their security policies and larger organizations with a greater number of users and credentials to keep track of. The regrettable scenario of an employee with the password “12345” or “password” is all too familiar. Nevertheless, in the event of a data breach, lax credential management policies can lead to cybercriminals gaining access to an organization’s core systems, incurring staggering infrastructural costs and damaging customer trust.
 
Ideally, an organization would implement security policies designed to enforce best practices for managing its user access credentials, keys, databases, applications, etc. Having a data security infrastructure where credentials like user permissions, roles, and password requirements are carefully controlled and monitored is important.Organizations of any size would be well advised to store and monitor this information internally, in a centralized location. Doing so might require some organizations to adopt a new approach to secrets management.

Solutions
A common example of a centralized identity management solution is single sign-on (SSO). SSO allows employees to use the company tools they’re authorized for without having to manage multiple login credentials. This allows workers to simply enable SSO and begin using different third-party apps without having to sign in to each one individually, increasing productivity while maintaining a high level of security.Another example may involve an organizationthat offers services through external applications, such as a bank, technology company, or e-commerce platform. If a user updates their personal or billing information in one application, the change is reflected in the others, without the user having to create separate accounts. This is possible if the organizationuses a centralized identity management platform. The user experience is improved and their data remains secure.

Even though these solutions exist, there is a demand for even more definitive and centralized strategies. As the number of online services continues to grow, so do the secrets that individuals and organizations must manage. Fortunately, the Indian government is already leading the way in developing a centralized identity and credentials repository.

Government initiatives
Over a decade ago, the government established the Unique Identification Authority of India (UIDAI). This statutory body is responsible for issuing a unique identification (UID) or “Aadhaar”number to all citizens based on their demographic and biometric data. Aadhaar was initially intended to serve as proof of identity, and in the past several years it has been linked to a number of external services, such as banking and payments. For example, theNational Payments Corporation of India (NPCI) recently launched the Aadhaar Enabled Payment System (AePS) [https://www.npci.org.in/what-we-do/aeps/product-overview], which allows customers to carry out transactions with merchants using their biometric data, such as a fingerprint. The NPCI have also released the BHIM application, a payment app based on India’s Unified Payment Interface (UPI) that supports money transfers using Aadhaar. Of course, Aadhaar was not developed without taking cryptographic security into consideration. Services such as the National Informatics Centre (NIC)’s Aadhaar Data Vault Service allow organizations to store Aadhaar numbers in encrypted form, preserving the integrity of each identity.
 
Looking ahead
While Aadhaar is a recent and ongoing initiative, it represents a strong government-led effort to deploy a centralized identity and credentials repository to improve security and consolidate secrets. However, it is not the only example of such initiatives within India. The NIC is currently working on a pilot program to test new versions of a centralized identity and credentials repository. And on a different front, the BFSI sector and others are also considering adopting a centralized approach to enforce security while improving workforce efficiency. Meanwhile, to address the security concerns that singular identities present, the NCI has published research [https://dl.acm.org/doi/10.1145/3494193.3494200] about the potential of distributed ledger and blockchain technology to authenticate identities.

Conclusion
The problem of multiple identities and credentials will only increase in prominence as the number of online services, applications, and users continues to grow. To stay ahead of the curve, organizations must adopt effective strategies for managing these credentials, such as SSO or a centralized identity management platform. However, the Central Government is also pursuing centralized identity projects, one example being Aadhaar, with future initiatives on the way. The main point in common between these solutions is consolidation. When secrets are consolidated with a centralized solution, it reduces the burden of managing them and improves workforce productivity. More importantly, it mitigates the possibility of a data breach, keeping an organization’s sensitive data — and the trust of their customers —safe and sound.

Ruchin Kumar is VP South Asia, Futurex

Comments

 

Other News

The Boy Who Became the Mahatma

This year, as the nation commemorates the 75th death anniversary of Mahatma Gandhi on January 30, Rajesh Talwar, a prolific author who is also a legal advisor to the UN, is all set to release a play for children on non-violence chronicling the life of Mahatma Gandhi, ‘The Boy Who Became the Mahat

What makes Sundargarh the cradle of hockey in India

Neha Lakra, 20, doesn’t forget to practise hockey, at least for four hours, every day. Whether at home or at the Panposh sports hostel in Rourkela where she is training under the guidance of coaches, her routine doesn’t change. “I can’t sleep unless I have worked on the ground,&rdqu

Where the true sadhana of Vedanta is to be found

Somewhere Among the Stars: Reflections of a Mystic By Adi Varuni Kali/BluOne Ink, 282 pages, Rs 395 Decades ago, when an unknown N

India celebrates National Voters’ Day

The 13th National Voters’ Day was celebrated across the country Wednesday with president Droupadi Murmu gracing the national event held here. Kiren Rijiju, union minister for law & justice, was the guest of honour. The chief election commissioner, Rajiv Kumar, election commissioners Anup Chandra

INS Vagir to give fillip to Navy: Admiral Hari Kumar

The Indian Navy commissioned its fifth stealth Scorpene class Submarine INS Vagir on Monday at the Naval Dockyard, Mumbai in the presence of Admiral R Hari Kumar, Chief of the Naval Staff. Vagir was launched on November 12, 2020, under Project 75 (P75) and post completion of sea trials it w

Uddhav joins hands with Prakash Ambedkar ahead of BMC polls

Ahead of the Mumbai civic polls, former Maharashtra chief minister Uddhav Thackeray on Monday announced an alliance with Prakash Ambedkar`s Vanchit Bahujan Aghadi (VBA). Addressing a joint press conference, Thackeray said their grandfathers, Keshav Thackeray and Dr. B.R. Ambedkar, were conte

Visionary Talk: Amitabh Gupta, Pune Police Commissioner with Kailashnath Adhikari, MD, Governance Now



Archives

Current Issue

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter