Identity Experts Weigh-in on First Ever Identity Management Day

Read our interview with IDSA Executive Director Julie Smith on Identity Management Day here.


The National Cybersecurity Alliance and the Identity Defined Security Alliance (IDSA), present the first 'Identity Management Day,' an annual awareness event that will take place on the second Tuesday in April each year.


We heard from numerous identity experts on identity management's importance, its challenges, and how it has become an integral piece of creating a fortified cybersecurity posture and frictionless customer experience.


Yossi Zekri, President and CEO, Acuant

“Identity Management Day represents an industry that consistently fights fraud across the physical and digital world every day. It is important that we use this opportunity to share the importance of managing and keeping PII (personally identifiable information) secure from the increasing threat landscape, especially in cybersecurity. Consumers should be depending on providers that adhere to privacy standards, define a DPO (Data Protection Officer), obtain consent and safeguard their information from the outset.


Acuant is excited to see a day dedicated to educating people on the importance of identity management and on the dangers of not properly securing identities and access credentials. Continued headlines of breaches and hackings exemplify the need for businesses and consumers to utilize trusted, privacy minded technology. Control over one’s identity should be in their hands and we will see more of a shift toward self-sovereign identity (SSI) solutions like verifiable credentials and digital IDs with the use of cryptography and PKI (public key infrastructure) to accomplish this for many use cases.”

Ebbonie Kirk – Account Executive, SecurID, an RSA Business


“Now that organizations have so many users working from home, they are facing new challenges in both access rights and authentication security.


SecurID’s advice: Take a step back now that the dust has settled a bit from 2020 and truly assess where your weaknesses lie both in granting work from home access and what data and systems your key users still need for their roles.“


Alex Pezold, CEO, TokenEx


“Identity Management Day is a great opportunity to talk about the privacy-protecting benefits of de-identification. De-identification, also known as pseudonymization, is the process of removing certain identifying elements from a set of sensitive data so that it no longer identifies the individual from whom it was collected. By removing these identifiers via tokenization or similar technologies, organizations can continue to use the data while reducing the likelihood that it could be re-identified to reveal the original data subject in the event of a breach or other exposure.”


Don Thibeau, OpenID Foundation, Open Identity Exchange, Global Open Finance Center of Excellence


“The biggest challenge related to identity management/identity security is, like plumbing, when installed correctly it is silent, secure and reliable, and when maintained well, vital to one’s health. The one piece of advice would I give; patience.”


Kristin Judge, President/CEO, Cybercrime Support Network

“Many consumers still think that multi layered authentication is a technical tool only designed for people who understand computers. With the advances in MFA over the past few years, that is no longer true. Strong authentication is for anyone!”

James E. Lee, COO, ITRC

“Without a doubt the biggest threat we see to identities is the dramatic shift to credential theft and away from traditional personally identifiable data acquired in mass attacks. Threat actors are far more interested in collecting personal and business logins and passwords that can be used in credential stuffing, BEC, and supply chain attacks. Why attack 1000 consumers to gain $300,000 when you can attack one business and walk away 3x that or more?


The advice we give consumers and businesses is simple: good password & cyber hygiene. Long, memorable passwords (12+ characters); a unique password for each account; no sharing passwords at work & home; multi-factor authentication with an app, not SMS when possible; and, never click on a link in an unsolicited email, text, or social media DM – check the sender to see if it’s a legit address and contact the sender directly if in doubt.”



###