Digital ID is a zero-trust battleground

Jason Stevens

Making Australia a top 10 digital economy and society by 2030 arguably rests on the government pioneering and perfecting a national digital identity strategy that places strong emphasis on zero-trust networksand modern-day identity access management.

The Optus data breach, in which 10 million customer records found their way into cyber adversary hands, increases awareness around data privacy. It also challenges the limitations of old security models built around firewall protection and username/password keys. 

The federal government through its Trusted Digital Identity Framework (TDIF) and participating private sector ecosystems, including the ConnectIDdigital identity exchange, aims to improve identity verification while protecting privacy, as increasing attack vectors open in the public and private realms, including in federated cloud contexts.

“Business and government are finally acknowledging that privacy and sensitive personal information must be viewed from a liability perspective as much as a business value perspective,” Ms Julie Gleeson, principal of Cyber & Identity at Deloitte Australia, said on the latest episode of the Identity Matters: Digital Identity and the Evolution of the Internet podcast series, hosted by in partnership with Ping Identity. 

Building trust 

Schemes like TDIF and public and private sector services, including myGovID and ConnectID, bring a new national focus on digital identity that prioritises the safe handling of customer data while allowing for user consent.  

This cross-sector collaboration creates a unified digital identity direction on improving trust that allows individuals to verify their identity consistently and securely across various sectors using credentials of their choice. 

New attack surfaces 

The cyber threat landscape is not static. New threats continually emerge, especially in the artificial intelligence age, around digital ID platforms as adversaries seek new, more creative ways to access sensitive data. 

“Certainly, things like deep fakes, particularly the ability to mimic voice, are progressing fast. I don’t think the industry has a good answer for that yet,” Steve Dillon, head of APAC Architecture at Ping Identity, said during the podcast.  

Both podcast speakers acknowledge the public concerns surrounding the upload of data into the cloud and third-party systems.  However, this needs to be balanced with the ever increasing need for individuals and organisations to access data across traditional boundaries.  

Ping Identity head of APAC Architecture Steve Dillon, Deloitte Australia principal of Cyber & Identity Julie Gleeson, and editorial director James Riley

Good digital ID infrastructures provide a means of determining who needs access to data and ensuring they have policy driven, correct permissions under maturing digital ID infrastructures.  

“Sharing data and crossing boundaries with user consent is a key focus, while making rich authorisation decisions in real-time is crucial,” said Mr Dillon. “It’s a shift from fragmented per-application authorisation to centralised control.” 

Caution and continual evolution  

The storage of personal identifiers like facial recognition in biometric databases continues to generate public caution. Additionally, real-time geolocation tracking and uncertain data from the Internet of Things raises concerns about privacy being compromised. 

However, the identity ecosystem continues to evolve, to better meet consumer privacy and security needs.

NSW is moving towards verifiable credentials, under which credential holders can confirm their identity, while choosing what information they share when they authenticate to digital services. Third parties can verify credentials without any dependence on the credential issuer.

ConnectID, similarly, promises a peer-to-peer model that creates a direct connection between the user and their service provider.      

Ultimately, frameworks and schemes including TDIF and ConnectID establish basic ground rules for the verification of identity, which is essential to safeguard sensitive information and establish user trust. 

“It provides a path forward in building trust and bridging the gap between the public and private sectors,” Ms Gleeson said. 

The Identity Matters: Digital Identity and the Evolution of the Internet podcast series and accompanying articles are produced by in partnership with Ping Identity.

Do you know more? Contact James Riley via Email.

1 Comment
  1. Louis 9 months ago

    These are sadly misguided and dangerous claims all the sold called “centralised control” is still built on 60 year old hopelessly out of date programming routines. The only things it is resulting in is magnifying the catastrophic risk of damage caused when breaches occur as they inevitably will because of a refusal of incumbents in positions of power to evaluate & implement new systems from independent developers.

Leave a Comment

Related stories