Charles Walton joined Avast as the Senior Vice President and General Manager of Identity in June 2021 to push the company forward in the digital identity space. He started off studying control theory in university and planned to work for an airplane manufacturer. But he switched tracks after becoming inspired by “an innovative company and charismatic leader in the security market,” which he knew very little about at the time.
So he jumped into the information security space right out of engineering university, starting on data and voice systems in the US Department of Defense community. After leading a digital identity startups in Canada and driving a new identity initiative at MasterCard, he joined Avast.
Charles Walton, Avast's Senior Vice President and General Manager of Identity
Now, his task is to bring a legacy antivirus company firmly into the 21st century by creating and implementing a full digital identity service and strategy. Keep reading for more insights from this industry expert on what the future of digital identity looks like.
And if you’re interested in being a part of that future, don’t miss the opportunity to apply to join Charles’ team via the job listings at the end.
AV: What are three of the most egregious ways identity is mishandled online today?
CSW: First, most organizations are insufficiently protecting user data that they hold. In example after example, governments, banks, travel providers, credit bureaus, entertainment services, and enterprises have had massive data breaches and have contributed to increased identity theft incidents.
Second is the password. A static data string remembered by people and used to access every significant account that I hold in my digital life – a 50 year old invention – is frontline to protecting my identity data.
Third, there is a community of organizations who consider “the user is the product” and have entered a false bargain with people with free services, no alternatives given their market power, and who are driving social power in an unfettered manner. Managing user identity within the world today is a raw deal for people.
AV: What do you think of the rise of biometrics being used in lieu of or in conjunction with passwords?
CSW: As with all power technologies, the application makes all the difference. A biometric is of course personal, defining – and as well static. Apple was incredibly careful and sensitive in bringing biometrics in the form of touch ID and face ID to iPhones – locally holding the match data and providing convenience to users. It’s an approach that is sensitive to data use and storage.
Biometrics can also be applied in surveillance systems – police, tracking, and others – which may in some cases be appropriate, but in the wrong hands not. In a digital identity system, the use of biometric liveness coupled with an identity document – and implemented on a user device – can provide a mechanism to confirm a user’s identity in a way that can be private for the user and becomes a real convenient benefit for people.
AV: Speaking of passwords, tell me how you feel about them. Go!
CSW:
#1 – Created for metering of time-sharing of main-frame computing at MIT in the 1960’s.
#2 – The subject of the 1993 cartoon, “On the internet, no one knows you are a dog”
#3 – A major pain in my xxx. In my personal life and work life I have hundreds of accounts and passwords for my digital relationships.
#4 – Painful, inconvenient, insecure, old, unfriendly…. What else can I say!
#5 – The subject of the upcoming novel by Avast: “The Death of the Password, RIP-2023”
AV: What are your top three tips for managing your digital identity?
CSW: In the world as it is today, this is about protecting account/password details and interacting at trusted sites. But, again, the tools for people to do this are slim. Whilst GDPR drives data minimization and an ability to “forget me”; I likely have forgotten where my digital breadcrumbs actually are. Further, I do not have a helper, a tool to make the process of managing my digital identity in a simple manner – the topic is fundamentally just too complex today and is what is driving us at Avast to create a better way of managing your digital identity.
AV: How do you envision the future of digital identity? What are you excited about? What makes you nervous?
CSW: Well, I think that it means that the password goes away and that I have a digital identity to use in my digital interactions. This digital identity is really the collage of data about me which is verified (or vouched for) by trustworthy sources. Instead of lots of passwords, lots of painful account enrollments, a digital identity provides for a simple way to go through the digital front door to confirm “Hi, it’s me.”
This can be done with 100% user control – with just the information disclosed to a digital business which is needed for a transaction. Thus to confirm "over a legal age" to buy the bottle of wine, means a simpler disclosure than by entire eID card or drivers license. This is exciting as finally in this field we have a major game changer.
I see this not unlike the emergence of the bank card 50 years ago that could be used at any merchant around the world with convenience, privacy, and security that consumers had engaging in a direct account relationship with the local shop. In short, I am very excited; I am not nervous.
AV: What do companies need to do more of to protect consumers’ digital identity and data?
CSW: Ultimately the answer is to hold less data. If a digital business were able to deliver services well without holding any data about a consumer, but instead the consumer was able to “bring-their-own-account” into the digital business and transaction, then we might have a real winner.
Since the business has access to the data needed for a transaction, the user is sharing this data when they intend to and for a specific purpose, and the digital business does not have a large and growing data lake that is vulnerable to cybersecurity attacks. Simply, when such data lakes grow they become a target – if there is no data lake or the data stored is minimized, then the bad guys lose and the digital business and consumer win.
AV: Have you seen concern in digital privacy increase over recent years? Any examples?
CSW: Yes. We have seen data breaches only grow within organizations such as banks, governments, and other trusted institutions; and with social media companies, the use of consumer data as-the-product. Whilst many parts of the world have had protective privacy regulations in place, we have seen growing concern in the US market even without this. Over the past several years, there’s also a growing concern that consumers (and their data) are just not being treated fairly or responsibly.
AV: What is your new unit here at Avast trying to do?
CSW: We will be changing the way that people interact digitally. This by providing a service to people that creates more convenient privacy and security digital interactions. We have not yet named the service, but are referring to this as a "digital concierge" (e.g. an agent, helper, Sherpa) for my digital life.
With this, passwords go away as they are abstracted away from the user; my biometric is my password to connect with my digital concierge; my identity data is verified by trustworthy sources and then presented for banking, government, health, and other digital applications.
We are striving to change the very paradigm for digital exchange in a manner that is user-centric, placing more control with people – and enabling higher assurance ways of engaging with digital services. Surely, the Covid-19 pandemic has demonstrated the great value of digital – and the importance of digital that is convenient, private, and secure.
AV: What kinds of people are you looking for?
CSW: People that enjoy life, that are curious, that are smart, that are team-oriented, that are driven, and that have a passion for creating an insanely great movement for people in their digital lives. That at a big picture level. This also means building the technology, the services, and the business – always with the best interests of users, always having their back in digital interactions.
AV: Where can people find out more information about open positions?
CSW: The specifics of the current open positions are at the Avast Careers site. Do check out these current open positions if you’re interested in joining my team (input any of the following IDs to view the job descriptions):
- Senior Security-Software Engineers: JR1295, JR1296, JR268, JR263
- Senior Software Engineers: JR1028
- Senior DevOps Engineers: JR283
- DevOps Engineers: JR1298
- Software Engineers: JR1301, JR1217, JR1194, JR1297, JR127
- Data Science Researchers: JR1302, JR1303
- QA Engineers: JR1229, JR1300
- Systems Administrators: JR205, JR283
The business will be growing in 2022 – we are on a very exciting journey with the Identity Business.