Retail banks and similar ‘high touch’ businesses operating in the digital world must deliver uncompromised security without detracting from the overall customer experience, or risk alienating their generation X, Y and Z clients. Marius Agenbag, CEO of Ubusha Technologies, says that the speed with which digital businesses scale is just one of the factors that identity security specialists face. Others include the sheer number of systems, legacy or otherwise, that users require access to and the variety of user types with different credentials.

The information technology (IT) universe has changed drastically over the past two decades. “Security started out as securing the perimeter, putting ‘walls’ around a client’s IT systems – and IT firms sold thousands of firewalls so that companies could keep the bad guys out,” says Agenbag. The arrival of cloud computing and ‘software as a service’ meant that systems were no longer bound to physical locations. Security firms thus shifted focus from securing the perimeter to securing individual devices. “A further evolution saw the emergence of a single user accessing systems across multiple devices, forcing us to focus on the most significant common denominator – identifying and securing the person,” says Agenbag. By way of example a bank customer who accesses his or her bank accounts from a mobile smartphone, from a tablet, from a computer, or through systems at a bank branch must be identified and authenticated from each device. This process must take place seamlessly, no matter which device the customer chooses to use.

Identity and Access Management (IAM) involves playing the role of a digital doorman who screens thousands of employees and millions of customers each day, deciding in milliseconds whether to allow or deny access to the systems, and additionally point out which areas of the systems those who make it through the door may visit. “Our identity security solutions must verify the person behind every transaction,” says Agenbag. “We help the digital doorman by confirming that the employee or customer who arrives at the door is indeed who they say they are and allowed to go where they desire”. Ubusha is involved in various aspects of IAM, including identity governance, privileged account security, modern identity services and consumer identity management.

Changes in regulation – such as the introduction of Sarbanes Oxley (in the US), GDPR (UK) and POPI (South Africa) – pushed IT security solutions into the realm of risk management and led to a rush by banking, financial services, telecommunications and other highly regulated firms to deploy identity security products at scale. But banks aren’t the only companies struggling with user volumes; online start-ups in the digital age are reaching scale faster than ever before. It took 75 years for fixed line phones to reach 100 million users as compared to 10 months for Instagram and one month for Pokémon Go. “We have moved from the third industrial revolution, what we call the digital revolution, to the fourth, where people are being integrated into the digital world,” says Agenbag. Customers are more demanding than ever and now expect to be able to complete any transaction online, in real time with an overall exemplary customer experience.

Ubusha has built an impressive identity security business in the 15 years since its launch. And it counts Brett Dawson, the successful past CEO of Dimension Data, among its investors. “The firm opened its doors at the perfect time and has since ridden the bullish technology trend to become the leading provider of identity security solutions in South Africa,” says Dawson. “This is a great business with an excellent management team that has leveraged its identity security expertise and exemplary customer service to be the trusted service provider of many of SA’s leading financial services brands”.

“We have entered the age of cloud computing, software as a service and the world of a single identity among multiple devices – forever changing the way we view IAM,” concludes Agenbag. “As for personal identity security, the field continues to evolve”. These evolutions may one day include the use of smartphones as primary authentication tools for virtually every consumer interaction in the digital world or the advent of ‘sovereign identities’ managed by authorised identity registrars. Only time will tell.