User Identity. PHOTO: Cybercrime Magazine.

Identity Is The New Security Frontier

Collaborating with end user teams is critical

Alfred Bonilla, Mastercard

Washington, D.C. – Jul. 15, 2021

With more people than ever working remotely, the pace of cloud service adoption has rapidly increased. As this happens, it is important to balance the security controls we implement and the end user experience we want people to have. People are the first line of defense for securing our data and we need to consider their needs when implementing new security controls around Identity. 


It’s clear people value flexibility in how they work. They want to connect to their organization’s network and resources wherever, whenever and on whatever kind of device.  

As a result of COVID-19, organizations have adjusted to a primarily remote workforce — and some expect that this will continue. All of this presents an increasingly complex set of security challenges to organizations with employees accessing sensitive data from outside the office.

To keep pace with this rapidly evolving workforce, organizations are turning to cloud services, which disrupts normal security control paradigms. With the network edge expanding over time, there is now a larger focus on the Identity domain. Segregation of duties, least privileged principles, and multifactor authentication methods have risen in prominence. As a result, so must user adoption concerns.


We’ve all heard the saying, “Identity is the new perimeter.” If this is true, we must remember that it is our people guarding the gates. As more change comes to the user experience in the name of security, we need to consider how users will adopt and adjust to these controls. If we do not, we’ll open ourselves up to non-secure outcomes.

Take password complexity for example. We can ask people to use extremely secure passwords that are at least 20-characters long and consist of capital, numerical, and special characters. But it becomes nearly impossible for a user to memorize them; most will just write it down, ultimately defeating the point of such security.


As Identity professionals, we have two clear groups of customers. First and foremost, we must support our organizations and do everything in our power to make sure their data is protected. This is table stakes.

We can’t ignore our second customer: the user. Safeguarding data is ultimately in their hands. So, we must make sure that the human element of security is reflected whenever we develop and improve controls to protect that data.

To illustrate this, let’s look at phishing and credential theft. These are two of the most prominent security risks facing organizations of all kinds today. With a username and password, cybercriminals may be able to gain access to networks and sensitive information. We can take action to help combat this threat. By implementing password-less authentication methods we can increase an organization’s security posture, mitigate an ever-present risk to employees and make their working lives easier.

Our opportunity to improve user security experience doesn’t end with rolling out new authentication methods. We also need to take that next step and consider the Identity Governance and Administration processes that come with these enhancements. We can’t saddle users with access certification campaigns that are piecemeal, sporadic or involve heavy manual work. By partnering closely with the teams managing the Human Resource systems, we can find seamless integration points to join Identity security tooling and processes with already existing work. 

Underpinning all of this is userbase education. By collaborating with internal communication and employee experience teams to find the best way to communicate with and educate your end users, we can increase the impact of our work. We should meet users where they are, communicate through channels they rely on, in a way they will understand.

We have a responsibility to make security easy for the end user to adopt. As we move into our new security frontier, this is more important now than ever.

Mastercard Archives

Alfred Bonilla is Director, Cloud Access Management at Mastercard

Brought to you by Mastercard

Small businesses are the backbone of economic growth. The needs of small businesses have not changed during the pandemic, but they have grown more acute. With cyberattacks on the rise, small businesses are a huge target. 

Quite often cybersecurity is an afterthought for many small businesses. Many do not have the resources of larger organizations to defend themselves and act once breached. And it’s often difficult to recognize that improving the cybersecurity of one’s business is within one’s control.

Our goal is to change that. This is why we created the Mastercard Trust Center — to help small businesses defend their most important assets — their business and their reputation, through free online access to trusted cybersecurity research, education, resources and tools.

It’s our mission to bring the Mastercard Trust Center to every small business, everywhere, enabling owners to feel more secure and better equipped to thrive against uncertainties.