Proof of vaccine status is not a new idea. Vaccination history has helped to enable international travel for years and in some countries, it is required for entry. In the US, vaccine passports were even introduced in the late 19th century to prove that passengers travelling abroad had been vaccinated from smallpox. More than 100 years later, the certification has gone digital, but the concept remains the same.
Ian Lowe is Head of Industry Solutions EMEA at Okta.
In the UK, the NHS Covid Pass app allowed double vaccinated adults to avoid quarantine when returning from amber-list countries during the summer, and it is possible that this could still play a part in everyday life. But there has been much debate on this issue. Despite scrapping the idea for now, the English Government has stated that vaccine passports will be “kept in reserve” should they be needed throughout autumn and winter, while both Scotland and Wales have confirmed they will be required for entry to large events, nightclubs and sports venues.
From a business perspective, discussions are also underway as to whether these certificates could be deployed to fully reopen workspaces to help employees feel safe. This validation method, however, requires a secure digital approach to be trusted, as vaccine passports could be easily forged or replicated. And once this technology is finetuned, it could be a trend we see continuing in the workplace to validate identity in the future.
Getting vaccine passports right
A number of organizations, including tech giants Google and Facebook, have begun to require their employees to prove their vaccine status as they return to offices. There has been some concern in the UK that this could cause potential issues surrounding existing employer policies and employment laws. But Okta’s recent research has found that 22% of office workers would feel safer returning to the workplace with compulsory vaccine passports in place, and 15% support voluntary options.
To avoid the risk of forgery, this validation method needs to be secure. Physical vaccine passports were successful in the US at the time of the smallpox outbreak, but now would be far easier to edit or falsify. The digital vaccine records of today must be simple and secure, incorporating optimal security features that properly protect personally identifiable information (PII). This is crucial to ensuring that people are happy with their medical data being stored, and trust that it is being kept safe.
Benefits of workplace validation
Once the technology behind vaccine passports is proven to work effectively, it could then be replicated and used for other forms of validation, such as to authenticate qualifications, skills and other accreditations. For example, an outsourced electrician could show proof of accreditation to work on high voltage lines, or contractors could present evidence that they are allowed to access or view secure information, offering an additional layer of privacy and security.
Currently, an increasing number of successful fraudulent attacks on businesses happen when the perpetrator is not who they say they are. In tandem, technology is getting increasingly sophisticated, with attacks like phishing and deepfakes on the rise, looking to exploit a single case of mistaken identity. A notable case in 2019 saw attackers use biometric-based deepfake technology to imitate the voice of a chief executive in order to carry out financial fraud, conning the business out of £200,000.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
By using validation technology to verify a person’s identity, a person would have to provide a digital record to prove they are who they claim to be. This could provide benefits when interacting with new acquaintances, both in person and online, and protect the workplace from the increasing threat landscape. To achieve this, organizations will need to adopt a strategic approach to managing access to PII and company data. The identity system used should be secure, neutral and independent of any other platform used by the business.
Ahead of this, organizations should also look to implement identity-centric Zero Trust frameworks, which analyze and control access to their systems. The core principle of Zero Trust architecture is that all network traffic should be considered untrusted until verified. With Zero Trust providing the first layer of protection, validation technology could then be used as the second, to ultimately either confirm identity or notify of a threat.
Ramping up security measures
While vaccine passports look set to be the first step in bringing workplace validation to the mainstream, the technology is still in its early phases of adoption. Cyber threats to businesses are more prevalent than ever, and employees remain the frontline when it comes to cybersecurity practices, meaning traditional measures are just as important.
However, with more cyberattacks and data breaches reported by the day, many companies still have work to do when it comes to security. Okta’s research found that nearly two-fifths (39%) of office workers have admitted to using just a single password as the only security measure to protect themselves from online threats. The UK is the biggest culprit for this in Europe, more so than the Netherlands (23%), Sweden (29%), Switzerland (32%) and France (32%).
But, a password alone is no longer an effective method of proving that someone is who they say they are, and businesses should not rely on this method of authentication to protect their workforces. More secure solutions, such as adaptive multi-factor authentication (MFA), need to be implemented. This will ensure sensitive information is protected, better preparing businesses for the workplace of the future. Using a system that adopts at least two-factor authentication to combine passwords with other factors, such as biometrics, contextual information or physical tokens, will make it much easier for organizations to identify malicious actors and anomalous activity, until validation technology hits the mainstream.
In sectors where disclosing vaccination status is appropriate for employers, businesses should ensure that they are adopting a secure digital approach that incorporates MFA as part of a vaccine passport. This will protect PII and enable a safe return to workspaces in the post-pandemic world. If successful, the introduction of vaccine passports could ultimately start the move towards a trend for workplace validation, and advance security measures for both employees and businesses.
Ian Lowe is Head of Industry Solutions EMEA at Okta.