Last week, QWERX's founder team attended Identity Week in Washington DC. We saw many remarkable technologies designed to authenticate the identity of human users by placing their biometric imprimaturs on sophisticated credentials and then verifying and validating those credentials. While these technologies were impressive, this approach to identity management only scratches the surface of the digital ecosystem. The reality is that human users are all analog and exist outside of the digital universe. The products and processes seen at this event underscored the interface between the human analog and digital ecosystems.
In the digital realm, time moves at lightning speed, with events measured in mere fractions of seconds. Human users, on the other hand, operate at a much slower pace, measuring time in days, hours, minutes, and seconds. While humans can comprehend and interact with events they can see and experience in their daily lives, the digital world operates on a completely different scale, measuring events in terms of megabits, gigabits, terabits, and beyond.
User security exists in physical space. Digital security lives in the space occupied by electrons.
After decades of attending similar events, we left with the sense that the gap between the human physical security space and the digital security space remains as wide today as ever. We can link human identities to their information in digital space, but we cannot secure it with human paradigms and technologies that magnify human limitations. Human identity should not have a significant role to play in network security. It can secure the interface between humans and the devices on the network, and the associations with information that traverses and is stored on the network. Depending on validating human identity is a vulnerability when it comes to securing the network itself.