Emerging Identity-as-a-Service and How ZorroSign Brings IDaaS to Blockchain

In today’s increasingly digital world, we all rely on digital identities to access and operate business systems, educational networks, financial services, government services, healthcare systems, social networks, and so much more. Using digital identities we can trust lies at the very heart of modern cybersecurity for hacking, phishing, and stealing identity credentials are the most common attack vectors for cyber criminals.

Atos, a French multinational IT service and consulting company, summarizes the global need as: “Digital identities are essential for continued digital growth… At the center of digital transformation, the international mobility and e-business issues are becoming more and more essential for today’s organizations to remain competitive.”

Addressing this need are an emerging band of technologies focused upon identity-as-a-service—aspiring to deliver digital identity management much in the same way software-as-a-service grew to become the dominant delivery model for software.

What is IDaaS?

“Identity-as-a-Service, or IDaaS, refers to a wide variety of cloud-hosted services for identity and access management (IAM),” explains Cloudflare . “Essentially, IDaaS is a category of technological functions that have to do with user identity and are hosted in the cloud. IDaaS providers help ensure that users are who they claim to be, ultimately blocking cyber criminals and other unauthorized users from accessing sensitive data.”

“IDaaS also means collecting intelligence (i.e., logging events and reporting on which users accessed what information and when) to better understand, monitor, and improve their behaviors,” adds Martin Gontovnikas for Auth0 . “Multi-factor authentication (MFA), including biometrics, are core components of IDaaS.”

At a basic level, all IDaaS platforms are created to enhance online user experiences, secure access to critical enterprise applications, and reduce IT resource-related expenses with efficient identity and access management (IAM ) and privileged access management (PAM ).

"There’s no way around it: sound identity management is essential," writes Mark Diodati at Gartner . "Without good IAM, you are at real risk for data breaches and denial of service attacks. And IAM is hard to get right."

The overarching goal of IDaaS solutions is to ensure users are who they claim to be—"to authenticate users and provide each user with the correct access to files, software, and other resources they’re permitted to use,” says authID . “IDaaS also offers organizations an array of additional benefits, including reduced fraud, enhanced marketing opportunities, and convenient customer service.”

Why Organizations Need IDaaS

Foremost, IDaaS solutions can improve data security and cybersecurity!

With an estimated 81% of hacking-related breaches leveraging either stolen and/or weak passwords , effective IDaaS solutions can eliminate one of the most glaring gaps in cybersecurity.

For government agencies and public-sector organizations, IDaaS is quickly becoming a critical security need. “Cyberattackers target government agencies to gain access to confidential government data,” explains MarketsandMarkets . “These applications are becoming the prime targets for the cybercriminals to access sensitive data. Identity frauds in the government/public sector vertical include misappropriation of assets, identity thefts, bribery and corruption, accounting frauds, data thefts, and money laundering. The incidents of identity thefts to access confidential government data are increased, which is resulting in the rise in the adoption of IDaaS solutions in government agencies.”

Another key advantage of IDaaS is operational cost savings. For example, provisioning IAM with onsite solutions can be expensive: ?IT teams have to manage servers and software—purchasing, installing, upgrading, and managing back up data. Plus, onsite teams must shoulder the burden of monitoring network security and endpoint device management. With IDaaS, however, costs can be minimized to subscription fees and the administration. In one ready example, secure single sign-on to applications can significantly reduce IT help desk costs related to password resets.

“Today, identity management is inextricably bound to security, user experience (UX), and scalability,” notes Thomas Jones in a Generation Digital article .

And the expanding value of IDaaS solutions surely includes improved user experiences—even if just saving time via faster logins and fewer password resets. “Whether a user is signing in from open WiFi at an airport or from a desk in the office, the process is seamless and secure,” notes Fabrice Berté , director at Weborama. “The improved security can keep companies from facing a hack or breach that might topple their business.”

Gartner defines key market drivers for IDaaS as access to SaaS applications, provisioning, managing, vertical communities, ensuring strong authentication, and gaining SaaS efficiency. And Gartner reports trends in IDaaS spanning information breach concerns, the broader use of consumer authentication, and reverse-proxy WAMs.

“Some of the pros associated with IDaaS offerings include the ability to consume rather than host IAM and offloading some of the management overhead associated with IAM to an external provider,” explains Chris Hughes for CSO . “Other benefits include feature-rich offerings that make your IAM implementations more robust and secure in many cases.”

“We’ve been talking about this for a very long time,” said Diodati in a CSO Magazine article . “But didn’t have the big data/analytics capabilities and the mobile platform architectures until recently.”

How ZorroSign Leverages IDaaS

At ZorroSign, our data security platform built on blockchain taps the biometric capabilities of hardware endpoints to verify user identities. For example, PC and mobile device fingerprint scans, iris scans, and face recognition to ensure users are who they claim to be.

While it used to be acceptable to grant access via username and password, the industry standard is rapidly evolving to MFA with passwordless logins. ZorroSign is proud to be the first to adopt passwordless login capabilities amongst our digital signature competitors.

And ZorroSign’s MFA provides strong security such that before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs:

• What you know (i.e., your ZorroSign login password),
• What you have (e.g., your laptop or mobile device), and
• Who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it).

Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of private information of the individual to prove that the person providing identity information is the actual person.

For governments, companies, and individuals that desire to securely transform paper-based workflows, ZorroSign’s data security platform can decrease costs, reduce errors, and increase productivity. Moving forward, ZorroSign will be adding further user verification capabilities, including integrations with U.S. driver licenses via state motor vehicle departments, verification via passports (with approximately 72 countries to start), other government-issued identities (with approximately 100 countries to start), and even tapping U.S. credit union data bases for identity verifications.

Together, this dynamic set of integrated technologies allows ZorroSign to provide unmatched privacy and security for our users. Our IDaaS capabilities augment our blockchain architecture to ensure users/signers are who they say they are and deliver digital chain-of-custody in a zero-trust environment.

I am always eager to discuss ZorroSign, blockchain, IDaaS, data security, and web3 technologies!?Please comment or DM me to start a discussion . . .?