The future of controls and identity management

Controls and identity/access management are two areas that are vital to anyone concerned with security at any business level. Gone are the days where complex passwords and two-step authentication were enough to keep data and assets safe.

There is now greater demand for advancement in these areas than ever. Some of the trends that are set to shape these two fields are discussed briefly below.

Adapting to the General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) came into force in May 2018. It only applies to companies handling the data of EU citizens. However, it’s also changing the way that businesses worldwide handle identity management and similar laws may be introduced in the US and around the world at some stage.


The main rule of note here is that citizens now have the right to be “forgotten” when it comes to businesses deleting their personal records. This places a greater emphasis not only on this functionality, but also on compliance in general. Failing to comply could mean massive fines for the business involved.

Identity-based assurance

As a more effective alternative to older password systems, enhanced security solutions built around identity assurance are becoming more and more common. These essentially use context when something is being accessed to see if there is any kind of security risk.


Looking for such threat warnings makes it far easier to keep track of any suspicious activities, as well as deploying added layers of security as needed. In the wake of the Equifax breach, some of the other alternatives, like knowledge-based authentication, have been rendered outdated – making it that much more important to have a strong, modernised option.

AI’s larger role

AI is becoming increasingly prominent across businesses, and identity management/controls is one of its many potential applications. The key advantage of using AI is the speed with which it can respond suspicious behaviour.


A well-known use of AI relates to the driving of a car and the behaviour of the car from a safety perspective. With KPMG Sofy Suite we focus, amongst others, on identifying fraudulent and/or suspicious transactions. Where we apply Machine Learning in our solutions to implement analytical models, we leverage AI to make use of these models.


To elaborate on this distinction we use Machine Learning to identify the suspicious transactions and activities while reducing any false positives. AI in this example allows automated discovery of patterns in large data sets we can analyse.

SaaS (software as a service) platforms

These Saas options, along with cloud-based platforms, have reached a key level of maturity necessary to be credible enough to be adopted by many businesses. Part of the reason for the popularity of SaaS and cloud-based platforms is that it’s so much easier for many cloud-based platforms to be updated quickly in the event that a sudden fix is needed or a new security issue needs to be addressed.


There are a variety of outside trends and forces that will shape controls and identity management as we know it. The best recourse that businesses have is to invest in the tools and training to help keep their assets and data secure; this includes products like Sofy.


The KPMG Sofy Suite is an example of a SaaS solutions which is built on advanced data solutions to help companies make better business choices, increase their efficiency, and also mitigate risk in their decision-making.


Do you want to learn more? Or do you have any questions, let us know and contact us.

Start finding the value in your data

Request a free demo and one of our experts will take you on a little tour! During the demo, we will show you all the functionalities within the Sofy platform. Find out how Sofy can help you optimize your workflows and make better business choices!

© 2020 KPMG N.V., registered with the trade register in the Netherlands under number 34153857, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ('KPMG International'), a Swiss entity. All rights reserved. KPMG International Cooperative ('KPMG International') is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.