Companies often collect sensitive information about their users and store them alongside less-sensitive routine business data. This creates new business risks in relation to laws that protect the user’s data, like the POPI Act in South Africa. Only after receiving large fines or developing stronger IT capabilities will many enterprises pursue expensive and risky projects to achieve the right balance between data security and business needs.
For IoT devices
There are about seven billion Internet-connected devices. This number is expected to grow to 22 billion by 2025. In a still-nascent industry, most IoT technologies do not incorporate appropriate identity and access management capabilities, not unlike the early Internet, which consisted solely of trusted institutions. Leading IT vendors have begun to offer IoT management systems to address these service gaps. Mismatching standards across devices is a common ailment with such volume. Security frequently remains an afterthought to the already-taxing implementation of simple management capabilities at scale, evident with large-scale IoT hacking emerging as a vogue topic at top IT security conferences.
Identity is integral to a functioning society and economy. Having a proper way to identify ourselves and our possessions enables us to create thriving societies and global markets. At its most basic level, identity is a collection of claims about a person, place or thing. These data points are issued by centralised entities (governments) and are stored in centralised databases (central government servers).
For various reasons, physical forms of identification aren’t available to every human. About 1,1 billion people worldwide don’t have a way of claiming ownership over their identity. This leaves one-seventh of the world’s population in a vulnerable state – unable to vote in elections, own property, open a bank account, or find employment. The inability to attain identification documentation jeopardises people’s access to the financial system and, in turn, limits their freedom.
Why do we need blockchain for identity?
- Data insecurity − A recent study shows that personally identifiable information is the most targeted data for breaches, comprising 97% of all breaches. Despite regulatory legislation and enterprise efforts to increase cybersecurity, in 2018 alone, 2,8 billion consumer data records were exposed at an estimated cost of more than $654 billion.
- Fraudulent identities − The weak link between digital and offline identities makes it relatively easy to create fake identities. Fake identities create fertile ground for the phenomena of counterfeit interaction, which can help in the perpetration of fraud and lead to inflated numbers and lost revenue. Due to the increasing sophistication of smartphones, advances in cryptography and the advent of blockchain technology, we have the tools to build new identity management systems − digital identity frameworks based upon the concept of decentralised identifiers (DIDs), potentially including a new subset of decentralised identities known as self-sovereign identity (SSI).
The South African Blockchain National Association (SANBA), together with many interested parties driven by Bankserv, is working on a huge project to address these challenges in South Africa.
Identity in the financial system
About 45% of those without an identity are also among the poorest 20% on the planet.
Having an identity is crucial to gaining access to the existing financial system. Conversely, 60% of the 2,7 billion unbanked people already own mobile phones: this paves the way for blockchain-based mobile identity solutions, which better suit the needs of vulnerable citizens.
We now have blockchain technology to ensure that many problems in government and society are resolved at once, including proof of identity, passports, ownership of fixed assets, and proof of humanity for many financial transactions.